feat(friendship)!: redesign table friendship

In the table `friendship` the columns `a_account_id` and  `b_account_id`were renamed to `account_id`and `friend_account_id, a new column `is_close_friend` was added, the policies were updated. Several friendship related functions were added. Test scripts were updated accordingly.

Author: sthelemann

src/deploy/function_friendship.sql

@@ -0,0 +1,151 @@
+BEGIN;
+
+-- accept friendship request
+
+CREATE OR REPLACE FUNCTION vibetype.friendship_accept(
+  requestor_account_id UUID
+) RETURNS VOID AS $$
+DECLARE
+  _friend_account_id UUID;
+  _count INTEGER;
+BEGIN
+
+  _friend_account_id := vibetype.invoker_account_id();
+
+  UPDATE vibetype.friendship SET
+    status = 'accepted'::vibetype.friendship_status
+    -- updated_by filled by trigger
+  WHERE account_id = requestor_account_id AND friend_account_id = _friend_account_id
+    AND status = 'requested'::vibetype.friendship_status;
+
+  GET DIAGNOSTICS _count = ROW_COUNT;
+  IF _count = 0 THEN
+    RAISE EXCEPTION 'Friendship request does not exist' USING ERRCODE = 'VTFAC';
+  END IF;
+
+  INSERT INTO vibetype.friendship(account_id, friend_account_id, status, created_by)
+  VALUES (_friend_account_id, requestor_account_id, 'accepted'::vibetype.friendship_status, _friend_account_id);
+
+END; $$ LANGUAGE plpgsql SECURITY INVOKER;
+
+COMMENT ON FUNCTION vibetype.friendship_accept(UUID) IS 'Accepts a friendship request.';
+
+GRANT EXECUTE ON FUNCTION vibetype.friendship_accept(UUID) TO vibetype_account;
+
+-- reject or cancel friendship
+
+CREATE OR REPLACE FUNCTION vibetype.friendship_cancel(
+  friend_account_id UUID
+) RETURNS VOID AS $$
+DECLARE
+  _account_id UUID;
+BEGIN
+
+  _account_id := vibetype.invoker_account_id();
+
+  DELETE FROM vibetype.friendship f
+  WHERE (account_id = _account_id AND f.friend_account_id = friendship_cancel.friend_account_id)
+    OR (account_id = friendship_cancel.friend_account_id AND f.friend_account_id = _account_id);
+
+END; $$ LANGUAGE plpgsql SECURITY INVOKER;
+
+COMMENT ON FUNCTION vibetype.friendship_cancel(UUID) IS 'Rejects or cancels a friendship (in both directions).';
+
+GRANT EXECUTE ON FUNCTION vibetype.friendship_cancel(UUID) TO vibetype_account;
+
+-- create notification for a request
+
+CREATE OR REPLACE FUNCTION vibetype.friendship_notify_request(
+  friend_account_id UUID,
+  language TEXT
+) RETURNS VOID AS $$
+BEGIN
+
+  INSERT INTO vibetype_private.notification (channel, payload)
+  VALUES (
+    'friendship_request',
+    jsonb_pretty(jsonb_build_object(
+      'data', jsonb_build_object(
+        'requestor_account_id', vibetype.invoker_account_id(),
+        'requestee_account_id', friendship_notify_request.friend_account_id
+      ),
+      'template', jsonb_build_object('language', friendship_notify_request.language)
+    ))
+  );
+
+END; $$ LANGUAGE plpgsql SECURITY DEFINER;
+
+COMMENT ON FUNCTION vibetype.friendship_notify_request(UUID, TEXT) IS 'Creates a notification for a friendship_request';
+
+GRANT EXECUTE ON FUNCTION vibetype.friendship_notify_request(UUID, TEXT) TO vibetype_account;
+
+-- request friendship
+
+CREATE OR REPLACE FUNCTION vibetype.friendship_request(
+  friend_account_id UUID,
+  language TEXT
+) RETURNS VOID AS $$
+DECLARE
+  _account_id UUID;
+BEGIN
+
+  _account_id := vibetype.invoker_account_id();
+
+  IF EXISTS(
+    SELECT 1
+    FROM vibetype.friendship f
+    WHERE (f.account_id = _account_id AND f.friend_account_id = friendship_request.friend_account_id)
+	    OR (f.account_id = friendship_request.friend_account_id AND f.friend_account_id = _account_id)
+  )
+  THEN
+    RAISE EXCEPTION 'Friendship already exists or has already been requested.' USING ERRCODE = 'VTREQ';
+  END IF;
+
+  INSERT INTO vibetype.friendship(account_id, friend_account_id, status, created_by)
+  VALUES (_account_id, friendship_request.friend_account_id, 'requested'::vibetype.friendship_status, _account_id);
+
+  PERFORM vibetype.friendship_notify_request(friendship_request.friend_account_id, friendship_request.language);
+
+END; $$ LANGUAGE plpgsql SECURITY INVOKER;
+
+COMMENT ON FUNCTION vibetype.friendship_request(UUID, TEXT) IS 'Starts a new friendship request.';
+
+GRANT EXECUTE ON FUNCTION vibetype.friendship_request(UUID, TEXT) TO vibetype_account;
+
+
+-- toggle closeness of friendship
+
+CREATE OR REPLACE FUNCTION vibetype.friendship_toggle_closeness(
+  friend_account_id UUID
+) RETURNS BOOLEAN AS $$
+DECLARE
+  _account_id UUID;
+  _is_close_friend BOOLEAN;
+  current_status vibetype.friendship_status;
+BEGIN
+
+  _account_id := vibetype.invoker_account_id();
+
+  SELECT status INTO current_status
+  FROM vibetype.friendship f
+  WHERE f.account_id = _account_id AND f.friend_account_id = friendship_toggle_closeness.friend_account_id;
+
+  IF current_status IS NULL OR current_status != 'accepted'::vibetype.friendship_status THEN
+    RAISE EXCEPTION 'Friendship request does not exist' USING ERRCODE = 'VTFTC';
+  END IF;
+
+  UPDATE vibetype.friendship f
+  SET is_close_friend = NOT is_close_friend
+  WHERE account_id = vibetype.invoker_account_id()
+    AND f.friend_account_id = friendship_toggle_closeness.friend_account_id
+  RETURNING is_close_friend INTO _is_close_friend;
+
+  RETURN _is_close_friend;
+
+END; $$ LANGUAGE plpgsql SECURITY INVOKER;
+
+COMMENT ON FUNCTION vibetype.friendship_toggle_closeness(UUID) IS 'Toggles a frien1dship relation between ''not a close friend'' and ''close friend''.';
+
+GRANT EXECUTE ON FUNCTION vibetype.friendship_toggle_closeness(UUID) TO vibetype_account;
+
+COMMIT;

src/deploy/table_friendship.sql

@@ -1,31 +1,30 @@
-BEGIN;
-
 CREATE TABLE vibetype.friendship (
   id                  UUID PRIMARY KEY DEFAULT gen_random_uuid(),
 
-  a_account_id        UUID NOT NULL REFERENCES vibetype.account(id) ON DELETE CASCADE,
-  b_account_id        UUID NOT NULL REFERENCES vibetype.account(id) ON DELETE CASCADE,
+  account_id          UUID NOT NULL REFERENCES vibetype.account(id) ON DELETE CASCADE,
+  friend_account_id   UUID NOT NULL REFERENCES vibetype.account(id) ON DELETE CASCADE,
+
+  is_close_friend     BOOLEAN NOT NULL DEFAULT false,
   status              vibetype.friendship_status NOT NULL DEFAULT 'requested'::vibetype.friendship_status,
 
   created_at          TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
   created_by          UUID NOT NULL REFERENCES vibetype.account(id) ON DELETE CASCADE,
   updated_at          TIMESTAMP WITH TIME ZONE,
   updated_by          UUID REFERENCES vibetype.account(id) ON DELETE SET NULL,
 
-  UNIQUE (a_account_id, b_account_id),
-  CONSTRAINT friendship_creator_participant CHECK (created_by = a_account_id or created_by = b_account_id),
-  CONSTRAINT friendship_creator_updater_difference CHECK (created_by <> updated_by),
-  CONSTRAINT friendship_ordering CHECK (a_account_id < b_account_id),
-  CONSTRAINT friendship_updater_participant CHECK (updated_by IS NULL or updated_by = a_account_id or updated_by = b_account_id)
+  UNIQUE (account_id, friend_account_id),
+  CONSTRAINT friendship_creator_friend CHECK (account_id <> friend_account_id),
+  CONSTRAINT friendship_creator_participant CHECK (created_by = account_id)
 );
 
 CREATE INDEX idx_friendship_created_by ON vibetype.friendship USING btree (created_by);
 CREATE INDEX idx_friendship_updated_by ON vibetype.friendship USING btree (updated_by);
 
 COMMENT ON TABLE vibetype.friendship IS 'A friend relation together with its status.';
 COMMENT ON COLUMN vibetype.friendship.id IS E'@omit create,update\nThe friend relation''s internal id.';
-COMMENT ON COLUMN vibetype.friendship.a_account_id IS E'@omit update\nThe ''left'' side of the friend relation. It must be lexically less than the ''right'' side.';
-COMMENT ON COLUMN vibetype.friendship.b_account_id IS E'@omit update\nThe ''right'' side of the friend relation. It must be lexically greater than the ''left'' side.';
+COMMENT ON COLUMN vibetype.friendship.account_id IS E'@omit update\nThe one side of the friend relation. If the status is ''requested'' then it is the requestor account.';
+COMMENT ON COLUMN vibetype.friendship.friend_account_id IS E'@omit update\nThe other side of the friend relation. If the status is ''requested'' then it is the requestee account.';
+COMMENT ON COLUMN vibetype.friendship.is_close_friend IS E'@omit create\nThe flag indicating whether account_id considers friend_account_id as a close friend or not.';
 COMMENT ON COLUMN vibetype.friendship.status IS E'@omit create\nThe status of the friend relation.';
 COMMENT ON COLUMN vibetype.friendship.created_at IS E'@omit create,update\nThe timestamp when the friend relation was created.';
 COMMENT ON COLUMN vibetype.friendship.created_by IS E'@omit update\nThe account that created the friend relation was created.';
@@ -45,35 +44,51 @@ GRANT INSERT, SELECT, UPDATE, DELETE ON TABLE vibetype.friendship TO vibetype_ac
 
 ALTER TABLE vibetype.friendship ENABLE ROW LEVEL SECURITY;
 
+CREATE POLICY friendship_not_blocked ON vibetype.friendship FOR ALL
+USING (
+  account_id NOT IN (SELECT id FROM vibetype_private.account_block_ids())
+  AND friend_account_id NOT IN (SELECT id FROM vibetype_private.account_block_ids())
+);
+
 -- Only allow interactions with friendships in which the current user is involved.
-CREATE POLICY friendship_existing ON vibetype.friendship FOR ALL
+CREATE POLICY friendship_select ON vibetype.friendship FOR SELECT
 USING (
-  (
-    vibetype.invoker_account_id() = a_account_id
-    AND b_account_id NOT IN (SELECT id FROM vibetype_private.account_block_ids())
-  )
+  account_id = vibetype.invoker_account_id()
   OR
-  (
-    vibetype.invoker_account_id() = b_account_id
-    AND a_account_id NOT IN (SELECT id FROM vibetype_private.account_block_ids())
-  )
-)
-WITH CHECK (FALSE);
+  friend_account_id = vibetype.invoker_account_id()
+);
 
 -- Only allow creation by the current user.
 CREATE POLICY friendship_insert ON vibetype.friendship FOR INSERT
 WITH CHECK (
   created_by = vibetype.invoker_account_id()
 );
 
--- Only allow update by the current user and only the state transition requested -> accepted.
-CREATE POLICY friendship_update ON vibetype.friendship FOR UPDATE
+-- Only allow update by the current user if it is about accepting a friendship request.
+CREATE POLICY friendship_update_accept ON vibetype.friendship FOR UPDATE
 USING (
+  friend_account_id = vibetype.invoker_account_id()
+  AND
   status = 'requested'::vibetype.friendship_status
 ) WITH CHECK (
   status = 'accepted'::vibetype.friendship_status
   AND
   updated_by = vibetype.invoker_account_id()
 );
 
-COMMIT;
+-- Only allow update by the current user if it is already an accepted relation.
+CREATE POLICY friendship_update_toggle_closeness ON vibetype.friendship FOR UPDATE
+USING (
+  status = 'accepted'::vibetype.friendship_status
+  AND
+  account_id = vibetype.invoker_account_id()
+) WITH CHECK (
+  status = 'accepted'::vibetype.friendship_status
+  AND
+  updated_by = vibetype.invoker_account_id()
+);
+
+CREATE POLICY friendship_delete ON vibetype.friendship FOR DELETE
+USING (
+  TRUE
+);

src/revert/function_friendship.sql

@@ -0,0 +1,9 @@
+BEGIN;
+
+DROP FUNCTION vibetype.friendship_accept(UUID);
+DROP FUNCTION vibetype.friendship_cancel(UUID);
+DROP FUNCTION vibetype.friendship_notify_request(UUID, TEXT);
+DROP FUNCTION vibetype.friendship_request(UUID, TEXT);
+DROP FUNCTION vibetype.friendship_toggle_closeness(UUID);
+
+COMMIT;

src/revert/table_friendship.sql

@@ -1,8 +1,11 @@
 BEGIN;
 
-DROP POLICY friendship_update ON vibetype.friendship;
+DROP POLICY friendship_not_blocked ON vibetype.friendship;
+DROP POLICY friendship_select ON vibetype.friendship;
 DROP POLICY friendship_insert ON vibetype.friendship;
-DROP POLICY friendship_existing ON vibetype.friendship;
+DROP POLICY friendship_update_accept ON vibetype.friendship;
+DROP POLICY friendship_update_toggle_closeness ON vibetype.friendship;
+DROP POLICY friendship_delete ON vibetype.friendship;
 
 DROP TRIGGER vibetype_trigger_friendship_update ON vibetype.friendship;
 

src/sqitch.plan

@@ -95,3 +95,4 @@ table_preference_event_location [schema_public table_account_public role_account
 role_zammad 1970-01-01T00:00:00Z Sven Thelemann <sven.thelemann@t-online.de> # Add role zammad.
 database_zammad [role_zammad] 1970-01-01T00:00:00Z Sven Thelemann <sven.thelemann@t-online.de> # Add the database for zammad.
 function_account_search [schema_public table_account_public role_account] 1970-01-01T00:00:00Z Svens Thelemann <sven.thelemann@t-online.de> # Add a function for searching accounts based on a substring query.
+function_friendship [schema_public table_friendship role_account] 1970-01-01T00:00:00Z Svens Thelemann <sven.thelemann@t-online.de> # Add functions for handling friendships.

src/verify/function_friendship.sql

@@ -0,0 +1,28 @@
+BEGIN;
+
+DO $$
+BEGIN
+
+  IF NOT (SELECT pg_catalog.has_function_privilege('vibetype_account', 'vibetype.friendship_accept(UUID)', 'EXECUTE')) THEN
+    RAISE EXCEPTION 'Test failed: vibetype_account does not have EXECUTE privilege for vibetype.friendship_accept(UUID).';
+  END IF;
+
+  IF NOT (SELECT pg_catalog.has_function_privilege('vibetype_account', 'vibetype.friendship_cancel(UUID)', 'EXECUTE')) THEN
+    RAISE EXCEPTION 'Test failed: vibetype_account does not have EXECUTE privilege for vibetype.friendship_cancel(UUID).';
+  END IF;
+
+  IF NOT (SELECT pg_catalog.has_function_privilege('vibetype_account', 'vibetype.friendship_notify_request(UUID, TEXT)', 'EXECUTE')) THEN
+    RAISE EXCEPTION 'Test failed: vibetype_account does not have EXECUTE privilege for vibetype.friendship_notify_request(UUID, TEXT).';
+  END IF;
+
+  IF NOT (SELECT pg_catalog.has_function_privilege('vibetype_account', 'vibetype.friendship_request(UUID, TEXT)', 'EXECUTE')) THEN
+    RAISE EXCEPTION 'Test failed: vibetype_account does not have EXECUTE privilege for vibetype.friendship_request(UUID, TEXT).';
+  END IF;
+
+  IF NOT (SELECT pg_catalog.has_function_privilege('vibetype_account', 'vibetype.friendship_toggle_closeness(UUID)', 'EXECUTE')) THEN
+    RAISE EXCEPTION 'Test failed: vibetype_account does not have EXECUTE privilege for vibetype.friendship_toggle_closeness(UUID).';
+  END IF;
+
+END $$;
+
+ROLLBACK;

src/verify/table_friendship.sql

@@ -2,8 +2,9 @@ BEGIN;
 
 SELECT
   id,
-  a_account_id,
-  b_account_id,
+  account_id,
+  friend_account_id,
+  is_close_friend,
   status,
   created_at,
   created_by,