Mercurial > gemma
view schema/updates/1465/01.delete_user.sql @ 5499:a30b6c6541e0 deactivate-users
Moved logic to delete deactivate users into plpgsql function.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Tue, 21 Sep 2021 22:06:43 +0200 |
parents | |
children | 2ce85b6fcb76 |
line wrap: on
line source
CREATE OR REPLACE FUNCTION delete_user(rolename text) RETURNS int AS $$ DECLARE user_exists bool; is_admin bool; has_imports bool; BEGIN SELECT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = rolename) INTO user_exists; IF NOT user_exists THEN RETURN 0; END IF; SELECT EXISTS (SELECT 1 FROM pg_roles WHERE pg_has_role(rolename, oid, 'member') AND rolname IN ('waterway_admin', 'sys_admin')) INTO is_admin; -- None admins can be deleted. IF NOT is_admin THEN DELETE FROM users.list_users WHERE username = rolename; RETURN 1; END IF; SELECT EXISTS (SELECT 1 FROM import.imports WHERE username = rolename) INTO has_imports; -- Admins w/o imports can be deleted. IF NOT has_imports THEN DELETE FROM users.list_users WHERE username = rolename; RETURN 1; END IF; -- Admins w/ imports have to be deactivated. UPDATE users.list_users SET (email_address, report_reciever, active) = ('nomail@example.com', false, false) WHERE username = rolename; -- Do not allow to login any more. EXECUTE format( 'ALTER ROLE %I NOLOGIN', rolename); RETURN 2; END; $$ LANGUAGE plpgsql SECURITY DEFINER; GRANT EXECUTE ON FUNCTION delete_user to sys_admin;