Comments (1)
The big decision here is "What is a user"? The two options are:
- use PostgreSQL's
role
system so that there is one role per user no matter whether they're a customer or a superuser or what have you. These roles inherit from "abstract" roles using role inheritance. - Use pg role just for abstract roles that can't login, and then have a secondary table which contains additional metadata like username, email, address, what have you, say a "user" table. A user in this frame is an entry in the customer table, not a role. If the customer table had a single role field, they would only be able to be a member of one role at a time, so this doesn't work. If we had a join table between meta.role and user, this wouldn't work either because we would still need to create a role that inherited the permissions of all the roles they were a member of, per-unique-role-combination.
So, we have to have users be real roles which support login and have passwords. The question then is where does the metadata go? For this, I think it's reasonable to still have a user table with traditional things like username, email, etc. that just foreign_keys to a unique PostgreSQL role, one per user.
Last question: What is the username of a concrete user role? Clear choices include email address or uuid. If we choose email address, then changing your account's email address gets a little hairy, but otherwise it's nice. We can start with email address and then if it becomes a problem, switch to uuid.
So:
CREATE TABLE user (
id uuid primary key ...,
role_id meta.role_id,
name text not null default '',
active boolean not null default false,
activation_code uuid not null default gen-uuid()
);
CREATE ROLE user NOLOGIN;
CREATE FUNCTION register (email text, password text) as $$
/*
1. check for existing role, throw exception if found
2. insert into meta.role (name, login) values ({email}, false);
3. insert into meta.role_inheritance (role_id, inherits_role_id) values (meta.role_id('user'), meta.role_id({email})
4. send email to {email}
*/
$$ language plpgsql;
CREATE FUNCTION register confirm (email text, confirmation_code) as $$
/*
1. check for existing user. throw exceptions for
a. non-matching code
b. already active user
c.
2. update role set login=true
3. update user set active=true;
4. send email?
*/
$$ language plpgsql
Good things about this approach:
- we can build a "multifaceted" role manager where users can be a member of multiple abstract roles simultaneously
- it's not web specific at all, it's really just nicely/tightly integrated with postgres's role system, so it has general utility outside web stuff
So this is blocked by #9
from aquameta.
Related Issues (20)
- devops: Figure out how to use submodules in releases HOT 1
- Move third-party extensions from `public` schema to `extensions`
- Audit usage of pg_extensions_config_dump() HOT 1
- bundle: Make circular foreign keys in bundle.commit DEFERRABLE HOT 1
- Resurrect pgfs HOT 1
- bundle: git push on commit
- Resource functions should return custom headers HOT 1
- Resource function format may be too custom HOT 1
- flat: bug with related_rows over meta identifiers HOT 1
- config for local mode vs registered user mode
- Web semantics HOT 1
- Convert extensions to bundles HOT 2
- bundle: Function to make sure bundle exports are current/synced
- bundle: Dependency management of schema and data
- Comparing composite types is sometimes crazy slow
- bundle: add write blocking triggers on bundle.rowset* HOT 1
- bundle: per-bundle ignore rules HOT 2
- bundle: Version control for schema
- bundle: Define a placeholder hash for the sha256 of NULL
- endpoint: Transaction control
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aquameta.