75 lines
2.6 KiB
PL/PgSQL
75 lines
2.6 KiB
PL/PgSQL
-- migrate:up
|
|
|
|
create or replace function extensions.grant_pg_graphql_access()
|
|
returns event_trigger
|
|
language plpgsql
|
|
AS $func$
|
|
DECLARE
|
|
func_is_graphql_resolve bool;
|
|
BEGIN
|
|
func_is_graphql_resolve = (
|
|
SELECT n.proname = 'resolve'
|
|
FROM pg_event_trigger_ddl_commands() AS ev
|
|
LEFT JOIN pg_catalog.pg_proc AS n
|
|
ON ev.objid = n.oid
|
|
);
|
|
|
|
IF func_is_graphql_resolve
|
|
THEN
|
|
-- Update public wrapper to pass all arguments through to the pg_graphql resolve func
|
|
DROP FUNCTION IF EXISTS graphql_public.graphql;
|
|
create or replace function graphql_public.graphql(
|
|
"operationName" text default null,
|
|
query text default null,
|
|
variables jsonb default null,
|
|
extensions jsonb default null
|
|
)
|
|
returns jsonb
|
|
language sql
|
|
as $$
|
|
select graphql.resolve(
|
|
query := query,
|
|
variables := coalesce(variables, '{}'),
|
|
"operationName" := "operationName",
|
|
extensions := extensions
|
|
);
|
|
$$;
|
|
|
|
-- This hook executes when `graphql.resolve` is created. That is not necessarily the last
|
|
-- function in the extension so we need to grant permissions on existing entities AND
|
|
-- update default permissions to any others that are created after `graphql.resolve`
|
|
grant usage on schema graphql to postgres, anon, authenticated, service_role;
|
|
grant select on all tables in schema graphql to postgres, anon, authenticated, service_role;
|
|
grant execute on all functions in schema graphql to postgres, anon, authenticated, service_role;
|
|
grant all on all sequences in schema graphql to postgres, anon, authenticated, service_role;
|
|
alter default privileges in schema graphql grant all on tables to postgres, anon, authenticated, service_role;
|
|
alter default privileges in schema graphql grant all on functions to postgres, anon, authenticated, service_role;
|
|
alter default privileges in schema graphql grant all on sequences to postgres, anon, authenticated, service_role;
|
|
END IF;
|
|
|
|
END;
|
|
$func$;
|
|
|
|
-- Cycle the extension off and back on to apply the permissions update.
|
|
|
|
drop extension if exists pg_graphql;
|
|
-- Avoids limitation of only being able to load the extension via dashboard
|
|
-- Only install as well if the extension is actually installed
|
|
DO $$
|
|
DECLARE
|
|
graphql_exists boolean;
|
|
BEGIN
|
|
graphql_exists = (
|
|
select count(*) = 1
|
|
from pg_available_extensions
|
|
where name = 'pg_graphql'
|
|
);
|
|
|
|
IF graphql_exists
|
|
THEN
|
|
create extension if not exists pg_graphql;
|
|
END IF;
|
|
END $$;
|
|
|
|
-- migrate:down
|