-- ============================================================================= -- AgenciaPsi — Functions — infraestrutura -- extensions.grant_pg_*, pgbouncer.get_auth, etc. -- ============================================================================= CREATE FUNCTION extensions.grant_pg_cron_access() RETURNS event_trigger LANGUAGE plpgsql AS $$ BEGIN IF EXISTS ( SELECT FROM pg_event_trigger_ddl_commands() AS ev JOIN pg_extension AS ext ON ev.objid = ext.oid WHERE ext.extname = 'pg_cron' ) THEN grant usage on schema cron to postgres with grant option; alter default privileges in schema cron grant all on tables to postgres with grant option; alter default privileges in schema cron grant all on functions to postgres with grant option; alter default privileges in schema cron grant all on sequences to postgres with grant option; alter default privileges for user supabase_admin in schema cron grant all on sequences to postgres with grant option; alter default privileges for user supabase_admin in schema cron grant all on tables to postgres with grant option; alter default privileges for user supabase_admin in schema cron grant all on functions to postgres with grant option; grant all privileges on all tables in schema cron to postgres with grant option; revoke all on table cron.job from postgres; grant select on table cron.job to postgres with grant option; END IF; END; $$; ALTER FUNCTION extensions.grant_pg_cron_access() OWNER TO supabase_admin; -- -- Name: FUNCTION grant_pg_cron_access(); Type: COMMENT; Schema: extensions; Owner: supabase_admin -- COMMENT ON FUNCTION extensions.grant_pg_cron_access() IS 'Grants access to pg_cron'; -- -- Name: grant_pg_graphql_access(); Type: FUNCTION; Schema: extensions; Owner: supabase_admin -- CREATE FUNCTION extensions.grant_pg_graphql_access() RETURNS event_trigger LANGUAGE plpgsql AS $_$ DECLARE func_is_graphql_resolve bool; BEGIN func_is_graphql_resolve = ( SELECT n.proname = 'resolve' FROM pg_event_trigger_ddl_commands() AS ev LEFT JOIN pg_catalog.pg_proc AS n ON ev.objid = n.oid ); IF func_is_graphql_resolve THEN -- Update public wrapper to pass all arguments through to the pg_graphql resolve func DROP FUNCTION IF EXISTS graphql_public.graphql; create or replace function graphql_public.graphql( "operationName" text default null, query text default null, variables jsonb default null, extensions jsonb default null ) returns jsonb language sql as $$ select graphql.resolve( query := query, variables := coalesce(variables, '{}'), "operationName" := "operationName", extensions := extensions ); $$; -- This hook executes when `graphql.resolve` is created. That is not necessarily the last -- function in the extension so we need to grant permissions on existing entities AND -- update default permissions to any others that are created after `graphql.resolve` grant usage on schema graphql to postgres, anon, authenticated, service_role; grant select on all tables in schema graphql to postgres, anon, authenticated, service_role; grant execute on all functions in schema graphql to postgres, anon, authenticated, service_role; grant all on all sequences in schema graphql to postgres, anon, authenticated, service_role; alter default privileges in schema graphql grant all on tables to postgres, anon, authenticated, service_role; alter default privileges in schema graphql grant all on functions to postgres, anon, authenticated, service_role; alter default privileges in schema graphql grant all on sequences to postgres, anon, authenticated, service_role; -- Allow postgres role to allow granting usage on graphql and graphql_public schemas to custom roles grant usage on schema graphql_public to postgres with grant option; grant usage on schema graphql to postgres with grant option; END IF; END; $_$; ALTER FUNCTION extensions.grant_pg_graphql_access() OWNER TO supabase_admin; -- -- Name: FUNCTION grant_pg_graphql_access(); Type: COMMENT; Schema: extensions; Owner: supabase_admin -- COMMENT ON FUNCTION extensions.grant_pg_graphql_access() IS 'Grants access to pg_graphql'; -- -- Name: grant_pg_net_access(); Type: FUNCTION; Schema: extensions; Owner: supabase_admin -- CREATE FUNCTION extensions.grant_pg_net_access() RETURNS event_trigger LANGUAGE plpgsql AS $$ BEGIN IF EXISTS ( SELECT 1 FROM pg_event_trigger_ddl_commands() AS ev JOIN pg_extension AS ext ON ev.objid = ext.oid WHERE ext.extname = 'pg_net' ) THEN GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role; ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER; ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER; ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net; ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net; REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC; REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC; GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role; GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role; END IF; END; $$; ALTER FUNCTION extensions.grant_pg_net_access() OWNER TO supabase_admin; -- -- Name: FUNCTION grant_pg_net_access(); Type: COMMENT; Schema: extensions; Owner: supabase_admin -- COMMENT ON FUNCTION extensions.grant_pg_net_access() IS 'Grants access to pg_net'; -- -- Name: pgrst_ddl_watch(); Type: FUNCTION; Schema: extensions; Owner: supabase_admin -- CREATE FUNCTION extensions.pgrst_ddl_watch() RETURNS event_trigger LANGUAGE plpgsql AS $$ DECLARE cmd record; BEGIN FOR cmd IN SELECT * FROM pg_event_trigger_ddl_commands() LOOP IF cmd.command_tag IN ( 'CREATE SCHEMA', 'ALTER SCHEMA' , 'CREATE TABLE', 'CREATE TABLE AS', 'SELECT INTO', 'ALTER TABLE' , 'CREATE FOREIGN TABLE', 'ALTER FOREIGN TABLE' , 'CREATE VIEW', 'ALTER VIEW' , 'CREATE MATERIALIZED VIEW', 'ALTER MATERIALIZED VIEW' , 'CREATE FUNCTION', 'ALTER FUNCTION' , 'CREATE TRIGGER' , 'CREATE TYPE', 'ALTER TYPE' , 'CREATE RULE' , 'COMMENT' ) -- don't notify in case of CREATE TEMP table or other objects created on pg_temp AND cmd.schema_name is distinct from 'pg_temp' THEN NOTIFY pgrst, 'reload schema'; END IF; END LOOP; END; $$; ALTER FUNCTION extensions.pgrst_ddl_watch() OWNER TO supabase_admin; -- -- Name: pgrst_drop_watch(); Type: FUNCTION; Schema: extensions; Owner: supabase_admin -- CREATE FUNCTION extensions.pgrst_drop_watch() RETURNS event_trigger LANGUAGE plpgsql AS $$ DECLARE obj record; BEGIN FOR obj IN SELECT * FROM pg_event_trigger_dropped_objects() LOOP IF obj.object_type IN ( 'schema' , 'table' , 'foreign table' , 'view' , 'materialized view' , 'function' , 'trigger' , 'type' , 'rule' ) AND obj.is_temporary IS false -- no pg_temp objects THEN NOTIFY pgrst, 'reload schema'; END IF; END LOOP; END; $$; ALTER FUNCTION extensions.pgrst_drop_watch() OWNER TO supabase_admin; -- -- Name: set_graphql_placeholder(); Type: FUNCTION; Schema: extensions; Owner: supabase_admin -- CREATE FUNCTION extensions.set_graphql_placeholder() RETURNS event_trigger LANGUAGE plpgsql AS $_$ DECLARE graphql_is_dropped bool; BEGIN graphql_is_dropped = ( SELECT ev.schema_name = 'graphql_public' FROM pg_event_trigger_dropped_objects() AS ev WHERE ev.schema_name = 'graphql_public' ); IF graphql_is_dropped THEN create or replace function graphql_public.graphql( "operationName" text default null, query text default null, variables jsonb default null, extensions jsonb default null ) returns jsonb language plpgsql as $$ DECLARE server_version float; BEGIN server_version = (SELECT (SPLIT_PART((select version()), ' ', 2))::float); IF server_version >= 14 THEN RETURN jsonb_build_object( 'errors', jsonb_build_array( jsonb_build_object( 'message', 'pg_graphql extension is not enabled.' ) ) ); ELSE RETURN jsonb_build_object( 'errors', jsonb_build_array( jsonb_build_object( 'message', 'pg_graphql is only available on projects running Postgres 14 onwards.' ) ) ); END IF; END; $$; END IF; END; $_$; ALTER FUNCTION extensions.set_graphql_placeholder() OWNER TO supabase_admin; -- -- Name: FUNCTION set_graphql_placeholder(); Type: COMMENT; Schema: extensions; Owner: supabase_admin -- COMMENT ON FUNCTION extensions.set_graphql_placeholder() IS 'Reintroduces placeholder function for graphql_public.graphql'; -- -- Name: get_auth(text); Type: FUNCTION; Schema: pgbouncer; Owner: supabase_admin -- CREATE FUNCTION pgbouncer.get_auth(p_usename text) RETURNS TABLE(username text, password text) LANGUAGE plpgsql SECURITY DEFINER SET search_path TO '' AS $_$ begin raise debug 'PgBouncer auth request: %', p_usename; return query select rolname::text, case when rolvaliduntil < now() then null else rolpassword::text end from pg_authid where rolname=$1 and rolcanlogin; end; $_$; ALTER FUNCTION pgbouncer.get_auth(p_usename text) OWNER TO supabase_admin;