liquid_feedback_core

changeset 268:739ed2d3d372

API client name not unique; Use OAuth2 client identifier as redirection endpoint
author jbe
date Wed Aug 08 16:28:24 2012 +0200 (2012-08-08)
parents 5bf2c973ec3c
children cbe1d7bb1d40
files core.sql
line diff
     1.1 --- a/core.sql	Wed Aug 08 15:20:34 2012 +0200
     1.2 +++ b/core.sql	Wed Aug 08 16:28:24 2012 +0200
     1.3 @@ -176,36 +176,32 @@
     1.4  
     1.5  CREATE TABLE "api_client" (
     1.6          "id"                    SERIAL8         PRIMARY KEY,
     1.7 -        UNIQUE ("member_id", "name"),
     1.8 +        "name"                  TEXT            NOT NULL,
     1.9          UNIQUE ("member_id", "client_identifier"),
    1.10          "member_id"             INT4            REFERENCES "member" ("id")
    1.11                                                  ON DELETE CASCADE ON UPDATE CASCADE,
    1.12 -        "name"                  TEXT            NOT NULL,
    1.13          "client_identifier"     TEXT            NOT NULL,
    1.14          "client_secret"         TEXT,
    1.15 -        "redirection_endpoint"  TEXT,
    1.16 +        "member_authorization"  BOOLEAN         NOT NULL,
    1.17          "public_access_level"   "api_access_level",
    1.18          "access_level"          "api_access_level" NOT NULL,
    1.19          "validity_period"       INTERVAL        NOT NULL,
    1.20          "last_usage"            TIMESTAMPTZ     NOT NULL,
    1.21          CONSTRAINT "public_access_level_set_if_and_only_if_system_client"
    1.22 -          CHECK ("member_id" ISNULL OR "client_secret" NOTNULL OR "access_level"='none'),
    1.23 -        CONSTRAINT "system_client_with_public_access_requires_secret"
    1.24 -          CHECK ("member_id" ISNULL OR "client_secret" NOTNULL OR "public_access_level"='none'),
    1.25 -        CONSTRAINT "member_client_requires_redirection_endpoint"
    1.26 -          CHECK ("member_id" ISNULL OR "redirection_endpoint" NOTNULL) );
    1.27 -CREATE UNIQUE INDEX "api_client_non_member_name_idx" ON "api_client" ("name") WHERE "member_id" ISNULL;
    1.28 -CREATE UNIQUE INDEX "api_client_non_member_client_identifier_idx" ON "api_client" ("client_identifier") WHERE "member_id" ISNULL;
    1.29 +          CHECK ("member_id" ISNULL = "public_access_level" NOTNULL) );
    1.30 +CREATE UNIQUE INDEX "api_client_non_member_client_identifier_idx"
    1.31 +  ON "api_client" ("client_identifier") WHERE "member_id" ISNULL;
    1.32  
    1.33  COMMENT ON TABLE "api_client" IS 'Registered OAuth2 client for a member';
    1.34  
    1.35  COMMENT ON COLUMN "api_client"."member_id"            IS 'Member, who registered the client for him/herself, or NULL for clients registered by administrator';
    1.36  COMMENT ON COLUMN "api_client"."name"                 IS 'Name of the client as chosen by member or administrator';
    1.37 -COMMENT ON COLUMN "api_client"."client_identifier"    IS 'OAuth2 client id';
    1.38 +COMMENT ON COLUMN "api_client"."client_identifier"    IS 'OAuth2 client id, also used as redirection endpoint if "member_authorization" is set to TRUE';
    1.39  COMMENT ON COLUMN "api_client"."client_secret"        IS 'Secret for client authentication, enables OAuth2 Client Credentials Grant when set';
    1.40 -COMMENT ON COLUMN "api_client"."redirection_endpoint" IS 'OAuth2 redirection endpoint, must be set for clients registered by members';
    1.41 -COMMENT ON COLUMN "api_client"."access_level"         IS 'For clients registered by administrator: access level for OAuth2 Client Credentials Grant; For clients registered by member: access level for OAuth ';
    1.42 -COMMENT ON COLUMN "api_client"."validity_period"      IS 'Life time of an OAuth2 access token';
    1.43 +COMMENT ON COLUMN "api_client"."member_authorization" IS 'Allow OAuth2 Authorization Code Grant and Implicit Grant, in which case the "client_identifier" is used as the redirection endpoint';
    1.44 +COMMENT ON COLUMN "api_client"."public_access_level"  IS 'Access level for OAuth2 Client Credentials Grant';
    1.45 +COMMENT ON COLUMN "api_client"."access_level"         IS 'Access level for OAuth2 Authorization Code Grant and Implicit Grant';
    1.46 +COMMENT ON COLUMN "api_client"."validity_period"      IS 'Life time of an OAuth2 refresh token';
    1.47  
    1.48  
    1.49  CREATE TABLE "api_access" (

Impressum / About Us