From e6f378f8feed162e9ec19cac8ce85819c45e2079 Mon Sep 17 00:00:00 2001
From: Hongbo Wu <hongbo@omnivore.app>
Date: Wed, 25 Oct 2023 14:36:15 +0800
Subject: [PATCH] create omnivore_admin role and allow omnivore_admin to delete
 all users

---
 packages/api/test/routers/user.test.ts        |  6 +++++-
 .../0142.do.create_omnivore_admin_role.sql    | 19 +++++++++++++++++++
 .../0142.undo.create_omnivore_admin_role.sql  | 16 ++++++++++++++++
 3 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100755 packages/db/migrations/0142.do.create_omnivore_admin_role.sql
 create mode 100755 packages/db/migrations/0142.undo.create_omnivore_admin_role.sql

diff --git a/packages/api/test/routers/user.test.ts b/packages/api/test/routers/user.test.ts
index 2c4009a8d..a5c61c2aa 100644
--- a/packages/api/test/routers/user.test.ts
+++ b/packages/api/test/routers/user.test.ts
@@ -23,12 +23,16 @@ describe('User Service Router', () => {
           email: 'user_1@omnivore.app',
           status: StatusType.Deleted,
           updatedAt: new Date(Date.now() - 1000 * 60 * 60 * 24 * 2), // 2 days ago
+          source: 'GOOGLE',
+          sourceUserId: '123',
         },
         {
           name: 'user_2',
           email: 'user_2@omnivore.app',
           status: StatusType.Deleted,
           updatedAt: new Date(Date.now() - 1000 * 60 * 60 * 24 * 2), // 2 days ago
+          source: 'GOOGLE',
+          sourceUserId: '456',
         },
       ])
       toDeleteUserIds = users.map((u) => u.id)
@@ -50,7 +54,7 @@ describe('User Service Router', () => {
       }
 
       await request
-        .post('/api/user/cleanup?token=' + token)
+        .post('/svc/pubsub/user/cleanup?token=' + token)
         .send(data)
         .expect(200)
 
diff --git a/packages/db/migrations/0142.do.create_omnivore_admin_role.sql b/packages/db/migrations/0142.do.create_omnivore_admin_role.sql
new file mode 100755
index 000000000..22de188c7
--- /dev/null
+++ b/packages/db/migrations/0142.do.create_omnivore_admin_role.sql
@@ -0,0 +1,19 @@
+-- Type: DO
+-- Name: create_omnivore_admin_role
+-- Description: Create omnivore_admin role with admin permissions
+
+BEGIN;
+
+CREATE ROLE omnivore_admin;
+
+GRANT omnivore_admin TO app_user;
+
+GRANT ALL PRIVILEGES ON SCHEMA omnivore TO omnivore_admin;
+GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA omnivore TO omnivore_admin;
+
+CREATE POLICY user_admin_policy on omnivore.user
+    FOR ALL
+    TO omnivore_admin
+    USING (true);
+
+COMMIT;
diff --git a/packages/db/migrations/0142.undo.create_omnivore_admin_role.sql b/packages/db/migrations/0142.undo.create_omnivore_admin_role.sql
new file mode 100755
index 000000000..67f6c3390
--- /dev/null
+++ b/packages/db/migrations/0142.undo.create_omnivore_admin_role.sql
@@ -0,0 +1,16 @@
+-- Type: UNDO
+-- Name: create_omnivore_admin_role
+-- Description: Create omnivore_admin role with admin permissions
+
+BEGIN;
+
+DROP POLICY user_admin_policy ON omnivore.user;
+
+REVOKE ALL PRIVILEGES on omnivore.user from omnivore_admin;
+REVOKE ALL PRIVILEGES on SCHEMA omnivore from omnivore_admin;
+
+DROP OWNED BY omnivore_admin;
+
+DROP ROLE IF EXISTS omnivore_admin;
+
+COMMIT;