UNPKG

firebase-tools

Version:

Command-Line Interface for Firebase

github.com/firebase/firebase-tools

firebase/firebase-tools

113 lines (112 loc) 4.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.CLOUDSQL_SUPER_USER = exports.FIREBASE_SUPER_USER = exports.DEFAULT_SCHEMA = void 0; exports.firebaseowner = firebaseowner; exports.firebasereader = firebasereader; exports.firebasewriter = firebasewriter; exports.ownerRolePermissions = ownerRolePermissions; exports.writerRolePermissions = writerRolePermissions; exports.readerRolePermissions = readerRolePermissions; exports.defaultPermissions = defaultPermissions; exports.DEFAULT_SCHEMA = "public"; exports.FIREBASE_SUPER_USER = "firebasesuperuser"; exports.CLOUDSQL_SUPER_USER = "cloudsqlsuperuser"; function firebaseowner(databaseId, schema = exports.DEFAULT_SCHEMA) { return `firebaseowner_${databaseId}_${schema}`; } function firebasereader(databaseId, schema = exports.DEFAULT_SCHEMA) { return `firebasereader_${databaseId}_${schema}`; } function firebasewriter(databaseId, schema = exports.DEFAULT_SCHEMA) { return `firebasewriter_${databaseId}_${schema}`; } function ownerRolePermissions(databaseId, superuser, schema) { const firebaseOwnerRole = firebaseowner(databaseId, schema); return [ `do $$ begin if not exists (select FROM pg_catalog.pg_roles WHERE rolname = '${firebaseOwnerRole}') then CREATE ROLE "${firebaseOwnerRole}" WITH ADMIN "${superuser}"; end if; end $$ ;`, `GRANT "${firebaseOwnerRole}" TO "cloudsqlsuperuser"`, `ALTER SCHEMA "${schema}" OWNER TO "${firebaseOwnerRole}"`, `GRANT USAGE ON SCHEMA "${schema}" TO "${firebaseOwnerRole}"`, `GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA "${schema}" TO "${firebaseOwnerRole}"`, `GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA "${schema}" TO "${firebaseOwnerRole}"`, ]; } function writerRolePermissions(databaseId, superuser, schema) { const firebaseWriterRole = firebasewriter(databaseId, schema); return [ `do $$ begin if not exists (select FROM pg_catalog.pg_roles WHERE rolname = '${firebaseWriterRole}') then CREATE ROLE "${firebaseWriterRole}" WITH ADMIN "${superuser}"; end if; end $$ ;`, `GRANT "${firebaseWriterRole}" TO "cloudsqlsuperuser"`, `GRANT USAGE ON SCHEMA "${schema}" TO "${firebaseWriterRole}"`, `GRANT SELECT, INSERT, UPDATE, DELETE, TRUNCATE ON ALL TABLES IN SCHEMA "${schema}" TO "${firebaseWriterRole}"`, `GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA "${schema}" TO "${firebaseWriterRole}"`, `GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA "${schema}" TO "${firebaseWriterRole}"`, ]; } function readerRolePermissions(databaseId, superuser, schema) { const firebaseReaderRole = firebasereader(databaseId, schema); return [ `do $$ begin if not exists (select FROM pg_catalog.pg_roles WHERE rolname = '${firebaseReaderRole}') then CREATE ROLE "${firebaseReaderRole}" WITH ADMIN "${superuser}"; end if; end $$ ;`, `GRANT "${firebaseReaderRole}" TO "cloudsqlsuperuser"`, `GRANT USAGE ON SCHEMA "${schema}" TO "${firebaseReaderRole}"`, `GRANT SELECT ON ALL TABLES IN SCHEMA "${schema}" TO "${firebaseReaderRole}"`, `GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA "${schema}" TO "${firebaseReaderRole}"`, `GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA "${schema}" TO "${firebaseReaderRole}"`, ]; } function defaultPermissions(databaseId, schema, ownerRole) { const firebaseWriterRole = firebasewriter(databaseId, schema); const firebaseReaderRole = firebasereader(databaseId, schema); return [ `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT SELECT, INSERT, UPDATE, DELETE, TRUNCATE ON TABLES TO "${firebaseWriterRole}";`, `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT USAGE ON SEQUENCES TO "${firebaseWriterRole}";`, `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT EXECUTE ON FUNCTIONS TO "${firebaseWriterRole}";`, `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT SELECT ON TABLES TO "${firebaseReaderRole}";`, `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT USAGE ON SEQUENCES TO "${firebaseReaderRole}";`, `ALTER DEFAULT PRIVILEGES FOR ROLE "${ownerRole}" IN SCHEMA "${schema}" GRANT EXECUTE ON FUNCTIONS TO "${firebaseReaderRole}";`, ]; }