liquid_feedback_core
changeset 268:739ed2d3d372
API client name not unique; Use OAuth2 client identifier as redirection endpoint
author | jbe |
---|---|
date | Wed Aug 08 16:28:24 2012 +0200 (2012-08-08) |
parents | 5bf2c973ec3c |
children | cbe1d7bb1d40 |
files | core.sql |
line diff
1.1 --- a/core.sql Wed Aug 08 15:20:34 2012 +0200 1.2 +++ b/core.sql Wed Aug 08 16:28:24 2012 +0200 1.3 @@ -176,36 +176,32 @@ 1.4 1.5 CREATE TABLE "api_client" ( 1.6 "id" SERIAL8 PRIMARY KEY, 1.7 - UNIQUE ("member_id", "name"), 1.8 + "name" TEXT NOT NULL, 1.9 UNIQUE ("member_id", "client_identifier"), 1.10 "member_id" INT4 REFERENCES "member" ("id") 1.11 ON DELETE CASCADE ON UPDATE CASCADE, 1.12 - "name" TEXT NOT NULL, 1.13 "client_identifier" TEXT NOT NULL, 1.14 "client_secret" TEXT, 1.15 - "redirection_endpoint" TEXT, 1.16 + "member_authorization" BOOLEAN NOT NULL, 1.17 "public_access_level" "api_access_level", 1.18 "access_level" "api_access_level" NOT NULL, 1.19 "validity_period" INTERVAL NOT NULL, 1.20 "last_usage" TIMESTAMPTZ NOT NULL, 1.21 CONSTRAINT "public_access_level_set_if_and_only_if_system_client" 1.22 - CHECK ("member_id" ISNULL OR "client_secret" NOTNULL OR "access_level"='none'), 1.23 - CONSTRAINT "system_client_with_public_access_requires_secret" 1.24 - CHECK ("member_id" ISNULL OR "client_secret" NOTNULL OR "public_access_level"='none'), 1.25 - CONSTRAINT "member_client_requires_redirection_endpoint" 1.26 - CHECK ("member_id" ISNULL OR "redirection_endpoint" NOTNULL) ); 1.27 -CREATE UNIQUE INDEX "api_client_non_member_name_idx" ON "api_client" ("name") WHERE "member_id" ISNULL; 1.28 -CREATE UNIQUE INDEX "api_client_non_member_client_identifier_idx" ON "api_client" ("client_identifier") WHERE "member_id" ISNULL; 1.29 + CHECK ("member_id" ISNULL = "public_access_level" NOTNULL) ); 1.30 +CREATE UNIQUE INDEX "api_client_non_member_client_identifier_idx" 1.31 + ON "api_client" ("client_identifier") WHERE "member_id" ISNULL; 1.32 1.33 COMMENT ON TABLE "api_client" IS 'Registered OAuth2 client for a member'; 1.34 1.35 COMMENT ON COLUMN "api_client"."member_id" IS 'Member, who registered the client for him/herself, or NULL for clients registered by administrator'; 1.36 COMMENT ON COLUMN "api_client"."name" IS 'Name of the client as chosen by member or administrator'; 1.37 -COMMENT ON COLUMN "api_client"."client_identifier" IS 'OAuth2 client id'; 1.38 +COMMENT ON COLUMN "api_client"."client_identifier" IS 'OAuth2 client id, also used as redirection endpoint if "member_authorization" is set to TRUE'; 1.39 COMMENT ON COLUMN "api_client"."client_secret" IS 'Secret for client authentication, enables OAuth2 Client Credentials Grant when set'; 1.40 -COMMENT ON COLUMN "api_client"."redirection_endpoint" IS 'OAuth2 redirection endpoint, must be set for clients registered by members'; 1.41 -COMMENT ON COLUMN "api_client"."access_level" IS 'For clients registered by administrator: access level for OAuth2 Client Credentials Grant; For clients registered by member: access level for OAuth '; 1.42 -COMMENT ON COLUMN "api_client"."validity_period" IS 'Life time of an OAuth2 access token'; 1.43 +COMMENT ON COLUMN "api_client"."member_authorization" IS 'Allow OAuth2 Authorization Code Grant and Implicit Grant, in which case the "client_identifier" is used as the redirection endpoint'; 1.44 +COMMENT ON COLUMN "api_client"."public_access_level" IS 'Access level for OAuth2 Client Credentials Grant'; 1.45 +COMMENT ON COLUMN "api_client"."access_level" IS 'Access level for OAuth2 Authorization Code Grant and Implicit Grant'; 1.46 +COMMENT ON COLUMN "api_client"."validity_period" IS 'Life time of an OAuth2 refresh token'; 1.47 1.48 1.49 CREATE TABLE "api_access" (