ENG-1426 Bug in public.upsert_account_in_space, my_permissions_in_space

* eng-1426 bug in public.upsert_account_in_space, still using editor

* Do not change value when null update params

* typing

* use greatest, not aggregate max

* least, not greatest!

* add group logic to my_permissions_in_space

* sqruff

* use default rather than escalating permissions

Author: maparent

apps/roam/src/utils/syncDgNodesToSupabase.ts

@@ -349,6 +349,7 @@ const getAllUsers = async (): Promise<AccountLocalInput[]> => {
     email: null,
     email_trusted: null,
     space_editor: null,
+    permissions: null,
   }));
 };
 

packages/database/src/dbTypes.ts

@@ -1542,10 +1542,10 @@ export type Database = {
       create_account_in_space: {
         Args: {
           account_local_id_: string
-          editor_?: boolean
           email_?: string
           email_trusted?: boolean
           name_: string
+          permissions_?: Database["public"]["Enums"]["SpaceAccessPermissions"]
           space_id_: number
         }
         Returns: number
@@ -1660,6 +1660,10 @@ export type Database = {
           text_content: string
         }[]
       }
+      my_permissions_in_space: {
+        Args: { space_id_: number }
+        Returns: Database["public"]["Enums"]["SpaceAccessPermissions"]
+      }
       my_space_ids: {
         Args: {
           access_level?: Database["public"]["Enums"]["SpaceAccessPermissions"]
@@ -1798,6 +1802,9 @@ export type Database = {
         email: string | null
         email_trusted: boolean | null
         space_editor: boolean | null
+        permissions:
+          | Database["public"]["Enums"]["SpaceAccessPermissions"]
+          | null
       }
       concept_local_input: {
         epistemic_status: Database["public"]["Enums"]["EpistemicStatus"] | null

packages/database/supabase/migrations/20260213155959_upsert_user_permissions.sql

@@ -0,0 +1,88 @@
+ALTER TYPE public.account_local_input ADD ATTRIBUTE permissions public."SpaceAccessPermissions";
+
+CREATE OR REPLACE FUNCTION public.my_permissions_in_space(
+    space_id_ BIGINT
+) RETURNS public."SpaceAccessPermissions"
+SET search_path = ''
+LANGUAGE sql
+AS $$
+    SELECT permissions FROM public."SpaceAccess" WHERE space_id=space_id_ AND account_uid = auth.uid();
+$$;
+
+CREATE OR REPLACE FUNCTION public.upsert_account_in_space(
+    space_id_ BIGINT,
+    local_account public.account_local_input
+) RETURNS BIGINT
+SECURITY DEFINER
+SET search_path = ''
+LANGUAGE plpgsql
+AS $$
+DECLARE
+    platform_ public."Platform";
+    account_id_ BIGINT;
+    user_uid UUID;
+    permissions_ public."SpaceAccessPermissions";
+BEGIN
+    SELECT platform INTO STRICT platform_ FROM public."Space" WHERE id = space_id_;
+    INSERT INTO public."PlatformAccount" AS pa (
+            account_local_id, name, platform
+        ) VALUES (
+            local_account.account_local_id, local_account.name, platform_
+        ) ON CONFLICT (account_local_id, platform) DO UPDATE SET
+            name = COALESCE(NULLIF(TRIM(EXCLUDED.name), ''), pa.name)
+        RETURNING id, dg_account INTO STRICT account_id_, user_uid;
+    IF user_uid IS NOT NULL THEN
+        -- is any permission specified in the input?
+        permissions_ := COALESCE(
+            local_account.permissions,
+            CASE WHEN local_account.space_editor IS true THEN 'editor'  -- legacy
+                 WHEN local_account.space_editor IS false THEN 'reader' END);
+        INSERT INTO public."SpaceAccess" as sa (space_id, account_uid, permissions)
+            VALUES (space_id_, user_uid, least(my_permissions_in_space(space_id_), COALESCE(permissions_, 'editor')))
+            ON CONFLICT (space_id, account_uid)
+            DO UPDATE SET permissions = CASE
+                WHEN permissions_ IS NULL THEN permissions
+                ELSE least(my_permissions_in_space(space_id_), permissions_)
+                END;
+    END IF;
+    INSERT INTO public."LocalAccess" (space_id, account_id) values (space_id_, account_id_)
+        ON CONFLICT (space_id, account_id)
+        DO NOTHING;
+    IF local_account.email IS NOT NULL THEN
+        -- TODO: how to distinguish basic untrusted from platform placeholder email?
+        INSERT INTO public."AgentIdentifier" as ai (account_id, value, identifier_type, trusted) VALUES (account_id_, local_account.email, 'email', COALESCE(local_account.email_trusted, false))
+        ON CONFLICT (value, identifier_type, account_id)
+        DO UPDATE SET trusted = COALESCE(local_account.email_trusted, ai.trusted, false);
+    END IF;
+    RETURN account_id_;
+END;
+$$;
+
+
+DROP FUNCTION create_account_in_space;
+
+CREATE OR REPLACE FUNCTION create_account_in_space(
+    space_id_ BIGINT,
+    account_local_id_ varchar,
+    name_ varchar,
+    email_ varchar = null,
+    email_trusted boolean = true,
+    permissions_ public."SpaceAccessPermissions" = 'editor'
+) RETURNS BIGINT
+SECURITY DEFINER
+SET search_path = ''
+LANGUAGE sql
+AS $$
+    SELECT public.upsert_account_in_space(space_id_, ROW(name_, account_local_id_ ,email_, email_trusted, null, permissions_)::public.account_local_input);
+$$;
+
+CREATE OR REPLACE FUNCTION public.my_permissions_in_space(
+    space_id_ BIGINT
+) RETURNS public."SpaceAccessPermissions"
+SET search_path = ''
+LANGUAGE sql
+AS $$
+    SELECT max(permissions) FROM public."SpaceAccess"
+    JOIN public.my_user_accounts() ON (account_uid = my_user_accounts)
+    WHERE space_id=space_id_;
+$$;

packages/database/supabase/schemas/account.sql

@@ -169,9 +169,9 @@ GRANT ALL ON TABLE public.group_membership TO authenticated;
 GRANT ALL ON TABLE public.group_membership TO service_role;
 
 CREATE OR REPLACE VIEW public.my_groups AS
-SELECT id, split_part(email,'@',1) AS name FROM auth.users
-    JOIN public.group_membership ON (group_id=id)
-    WHERE member_id = auth.uid();
+SELECT id, split_part(email, '@', 1) AS name FROM auth.users
+    JOIN public.group_membership ON (group_id = id)
+WHERE member_id = auth.uid();
 
 CREATE TYPE public.account_local_input AS (
     -- PlatformAccount columns
@@ -180,92 +180,10 @@ CREATE TYPE public.account_local_input AS (
     -- local values
     email VARCHAR,
     email_trusted BOOLEAN,
-    space_editor BOOLEAN
+    space_editor BOOLEAN,
+    permissions public."SpaceAccessPermissions"
 );
 
-CREATE OR REPLACE FUNCTION public.upsert_account_in_space(
-    space_id_ BIGINT,
-    local_account public.account_local_input
-) RETURNS BIGINT
-SECURITY DEFINER
-SET search_path = ''
-LANGUAGE plpgsql
-AS $$
-DECLARE
-    platform_ public."Platform";
-    account_id_ BIGINT;
-    user_uid UUID;
-BEGIN
-    SELECT platform INTO STRICT platform_ FROM public."Space" WHERE id = space_id_;
-    INSERT INTO public."PlatformAccount" AS pa (
-            account_local_id, name, platform
-        ) VALUES (
-            local_account.account_local_id, local_account.name, platform_
-        ) ON CONFLICT (account_local_id, platform) DO UPDATE SET
-            name = COALESCE(NULLIF(TRIM(EXCLUDED.name), ''), pa.name)
-        RETURNING id, dg_account INTO STRICT account_id_, user_uid;
-    IF user_uid IS NOT NULL THEN
-        INSERT INTO public."SpaceAccess" as sa (space_id, account_uid, permissions)
-            VALUES (space_id_, user_uid,
-                CASE WHEN COALESCE(local_account.space_editor, true) THEN 'editor'
-                ELSE 'reader' END)
-            ON CONFLICT (space_id, account_uid)
-            DO UPDATE SET permissions = CASE
-                WHEN COALESCE(local_account.space_editor, sa.editor, true) THEN 'editor'
-                ELSE 'reader' END;
-    END IF;
-    INSERT INTO public."LocalAccess" (space_id, account_id) values (space_id_, account_id_)
-        ON CONFLICT (space_id, account_id)
-        DO NOTHING;
-    IF local_account.email IS NOT NULL THEN
-        -- TODO: how to distinguish basic untrusted from platform placeholder email?
-        INSERT INTO public."AgentIdentifier" as ai (account_id, value, identifier_type, trusted) VALUES (account_id_, local_account.email, 'email', COALESCE(local_account.email_trusted, false))
-        ON CONFLICT (value, identifier_type, account_id)
-        DO UPDATE SET trusted = COALESCE(local_account.email_trusted, ai.trusted, false);
-    END IF;
-    RETURN account_id_;
-END;
-$$;
-
-CREATE OR REPLACE FUNCTION public.upsert_accounts_in_space(
-    space_id_ BIGINT,
-    accounts JSONB
-) RETURNS SETOF BIGINT
-SECURITY DEFINER
-SET search_path = ''
-LANGUAGE plpgsql
-AS $$
-DECLARE
-    platform_ public."Platform";
-    account_id_ BIGINT;
-    account_row JSONB;
-    local_account public.account_local_input;
-BEGIN
-    SELECT platform INTO STRICT platform_ FROM public."Space" WHERE id = space_id_;
-    FOR account_row IN SELECT * FROM jsonb_array_elements(accounts)
-    LOOP
-        local_account := jsonb_populate_record(NULL::public.account_local_input, account_row);
-        RETURN NEXT public.upsert_account_in_space(space_id_, local_account);
-    END LOOP;
-END;
-$$;
-
--- legacy
-CREATE OR REPLACE FUNCTION public.create_account_in_space(
-    space_id_ BIGINT,
-    account_local_id_ varchar,
-    name_ varchar,
-    email_ varchar = null,
-    email_trusted boolean = true,
-    editor_ boolean = true
-) RETURNS BIGINT
-SECURITY DEFINER
-SET search_path = ''
-LANGUAGE sql
-AS $$
-    SELECT public.upsert_account_in_space(space_id_, ROW(name_, account_local_id_ ,email_, email_trusted, editor_)::public.account_local_input);
-$$;
-
 
 CREATE OR REPLACE FUNCTION public.is_my_account(account_id BIGINT) RETURNS boolean
 STABLE SECURITY DEFINER
@@ -307,6 +225,17 @@ $$;
 
 COMMENT ON FUNCTION public.my_user_accounts IS 'security utility: The uids which give me access, either as myself or as a group member.';
 
+CREATE OR REPLACE FUNCTION public.my_permissions_in_space(
+    space_id_ BIGINT
+) RETURNS public."SpaceAccessPermissions"
+SET search_path = ''
+LANGUAGE sql
+AS $$
+    SELECT max(permissions) FROM public."SpaceAccess"
+    JOIN public.my_user_accounts() ON (account_uid = my_user_accounts)
+    WHERE space_id=space_id_;
+$$;
+
 CREATE OR REPLACE FUNCTION public.in_group(group_id_ UUID) RETURNS BOOLEAN
 STABLE SECURITY DEFINER
 SET search_path = ''
@@ -391,6 +320,95 @@ $$;
 
 COMMENT ON FUNCTION public.unowned_account_in_shared_space IS 'security utility: does current user share a space with this unowned account?';
 
+
+CREATE OR REPLACE FUNCTION public.upsert_account_in_space(
+    space_id_ BIGINT,
+    local_account public.account_local_input
+) RETURNS BIGINT
+SECURITY DEFINER
+SET search_path = ''
+LANGUAGE plpgsql
+AS $$
+DECLARE
+    platform_ public."Platform";
+    account_id_ BIGINT;
+    user_uid UUID;
+    permissions_ public."SpaceAccessPermissions";
+BEGIN
+    SELECT platform INTO STRICT platform_ FROM public."Space" WHERE id = space_id_;
+    INSERT INTO public."PlatformAccount" AS pa (
+            account_local_id, name, platform
+        ) VALUES (
+            local_account.account_local_id, local_account.name, platform_
+        ) ON CONFLICT (account_local_id, platform) DO UPDATE SET
+            name = COALESCE(NULLIF(TRIM(EXCLUDED.name), ''), pa.name)
+        RETURNING id, dg_account INTO STRICT account_id_, user_uid;
+    IF user_uid IS NOT NULL THEN
+        -- is any permission specified in the input?
+        permissions_ := COALESCE(
+            local_account.permissions,
+            CASE WHEN local_account.space_editor IS true THEN 'editor'  -- legacy
+                 WHEN local_account.space_editor IS false THEN 'reader' END);
+        INSERT INTO public."SpaceAccess" as sa (space_id, account_uid, permissions)
+            VALUES (space_id_, user_uid, least(my_permissions_in_space(space_id_), COALESCE(permissions_, 'editor')))
+            ON CONFLICT (space_id, account_uid)
+            DO UPDATE SET permissions = CASE
+                WHEN permissions_ IS NULL THEN permissions
+                ELSE least(my_permissions_in_space(space_id_), permissions_)
+                END;
+    END IF;
+    INSERT INTO public."LocalAccess" (space_id, account_id) values (space_id_, account_id_)
+        ON CONFLICT (space_id, account_id)
+        DO NOTHING;
+    IF local_account.email IS NOT NULL THEN
+        -- TODO: how to distinguish basic untrusted from platform placeholder email?
+        INSERT INTO public."AgentIdentifier" as ai (account_id, value, identifier_type, trusted) VALUES (account_id_, local_account.email, 'email', COALESCE(local_account.email_trusted, false))
+        ON CONFLICT (value, identifier_type, account_id)
+        DO UPDATE SET trusted = COALESCE(local_account.email_trusted, ai.trusted, false);
+    END IF;
+    RETURN account_id_;
+END;
+$$;
+
+CREATE OR REPLACE FUNCTION public.upsert_accounts_in_space(
+    space_id_ BIGINT,
+    accounts JSONB
+) RETURNS SETOF BIGINT
+SECURITY DEFINER
+SET search_path = ''
+LANGUAGE plpgsql
+AS $$
+DECLARE
+    platform_ public."Platform";
+    account_id_ BIGINT;
+    account_row JSONB;
+    local_account public.account_local_input;
+BEGIN
+    SELECT platform INTO STRICT platform_ FROM public."Space" WHERE id = space_id_;
+    FOR account_row IN SELECT * FROM jsonb_array_elements(accounts)
+    LOOP
+        local_account := jsonb_populate_record(NULL::public.account_local_input, account_row);
+        RETURN NEXT public.upsert_account_in_space(space_id_, local_account);
+    END LOOP;
+END;
+$$;
+
+-- legacy
+CREATE OR REPLACE FUNCTION public.create_account_in_space(
+    space_id_ BIGINT,
+    account_local_id_ varchar,
+    name_ varchar,
+    email_ varchar = null,
+    email_trusted boolean = true,
+    permissions_ public."SpaceAccessPermissions" = 'editor'
+) RETURNS BIGINT
+SECURITY DEFINER
+SET search_path = ''
+LANGUAGE sql
+AS $$
+    SELECT public.upsert_account_in_space(space_id_, ROW(name_, account_local_id_ ,email_, email_trusted, null, permissions_)::public.account_local_input);
+$$;
+
 -- Space: Allow anyone to insert, but only users who are members of the space can update or select
 
 ALTER TABLE public."Space" ENABLE ROW LEVEL SECURITY;