UNPKG

firebase-tools

Version:
113 lines (112 loc) 4.87 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.defaultPermissions = exports.readerRolePermissions = exports.writerRolePermissions = exports.ownerRolePermissions = exports.firebasewriter = exports.firebasereader = exports.firebaseowner = exports.CLOUDSQL_SUPER_USER = exports.FIREBASE_SUPER_USER = exports.DEFAULT_SCHEMA = void 0; exports.DEFAULT_SCHEMA = "public"; exports.FIREBASE_SUPER_USER = "firebasesuperuser"; exports.CLOUDSQL_SUPER_USER = "cloudsqlsuperuser"; function firebaseowner(databaseId, schema = exports.DEFAULT_SCHEMA) { return `firebaseowner_${databaseId}_${schema}`; } exports.firebaseowner = firebaseowner; function firebasereader(databaseId, schema = exports.DEFAULT_SCHEMA) { return `firebasereader_${databaseId}_${schema}`; } exports.firebasereader = firebasereader; function firebasewriter(databaseId, schema = exports.DEFAULT_SCHEMA) { return `firebasewriter_${databaseId}_${schema}`; } exports.firebasewriter = firebasewriter; function ownerRolePermissions(databaseId, superuser, schema) { const firebaseOwnerRole = firebaseowner(databaseId, schema); return [ `do $$ begin if not exists (select FROM pg_catalog.pg_roles WHERE rolname = '${firebaseOwnerRole}') then CREATE ROLE "${firebaseOwnerRole}" WITH ADMIN "${superuser}"; end if; end $$ ;`, `GRANT "${firebaseOwnerRole}" TO "cloudsqlsuperuser"`, `ALTER SCHEMA "${schema}" OWNER TO "${firebaseOwnerRole}"`, `GRANT USAGE ON SCHEMA "${schema}" TO "${firebaseOwnerRole}"`, `GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA "${schema}" TO "${firebaseOwnerRole}"`, `GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA "${schema}" TO "${firebaseOwnerRole}"`, ]; } exports.ownerRolePermissions = ownerRolePermissions; function writerRolePermissions(databaseId, superuser, schema) { const firebaseWriterRole = firebasewriter(databaseId, schema); return [ `do $$ begin if not exists (select FROM pg_catalog.pg_roles WHERE rolname = '${firebaseWriterRole}') then CREATE ROLE "${firebaseWriterRole}" WITH ADMIN "${superuser}"; end if; end $$ ;`, `GRANT "${firebaseWriterRole}" TO "cloudsqlsuperuser"`, `GRANT USAGE ON SCHEMA "${schema}" TO "${firebaseWriterRole}"`, `GRANT SELECT, INSERT, UPDATE, DELETE, TRUNCATE ON ALL TABLES IN SCHEMA "${schema}" TO "${firebaseWriterRole}"`, `GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA "${schema}" TO "${firebaseWriterRole}"`, `GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA "${schema}" TO "${firebaseWriterRole}"`, ]; } exports.writerRolePermissions = writerRolePermissions; function readerRolePermissions(databaseId, superuser, schema) { const firebaseReaderRole = firebasereader(databaseId, schema); return [ `do $$ begin if not exists (select FROM pg_catalog.pg_roles WHERE rolname = '${firebaseReaderRole}') then CREATE ROLE "${firebaseReaderRole}" WITH ADMIN "${superuser}"; end if; end $$ ;`, `GRANT "${firebaseReaderRole}" TO "cloudsqlsuperuser"`, `GRANT USAGE ON SCHEMA "${schema}" TO "${firebaseReaderRole}"`, `GRANT SELECT ON ALL TABLES IN SCHEMA "${schema}" TO "${firebaseReaderRole}"`, `GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA "${schema}" TO "${firebaseReaderRole}"`, `GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA "${schema}" TO "${firebaseReaderRole}"`, ]; } exports.readerRolePermissions = readerRolePermissions; function defaultPermissions(databaseId, schema, ownerRole) { const firebaseWriterRole = firebasewriter(databaseId, schema); const firebaseReaderRole = firebasereader(databaseId, schema); return [ `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT SELECT, INSERT, UPDATE, DELETE, TRUNCATE ON TABLES TO "${firebaseWriterRole}";`, `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT USAGE ON SEQUENCES TO "${firebaseWriterRole}";`, `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT EXECUTE ON FUNCTIONS TO "${firebaseWriterRole}";`, `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT SELECT ON TABLES TO "${firebaseReaderRole}";`, `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT USAGE ON SEQUENCES TO "${firebaseReaderRole}";`, `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT EXECUTE ON FUNCTIONS TO "${firebaseReaderRole}";`, ]; } exports.defaultPermissions = defaultPermissions;