Remove unused jwt_public.current_group_ids() function

- Remove deploy/revert/verify SQL files for current_group_ids
- Update pgpm.plan to remove the change entry
- Update bundled SQL file to remove the function
- Update tests to remove group_ids references
- Update README to remove group_ids documentation

Co-Authored-By: Dan Lynch <pyramation@gmail.com>

Author: pyramation

packages/jwt-claims/README.md

@@ -21,7 +21,6 @@ JWT claim handling and validation functions.
 ## Features
 
 - **User Context Functions**: Extract user ID from JWT claims
-- **Group Membership**: Access user's group IDs
 - **Request Metadata**: Get IP address and user agent from requests
 - **Database Context**: Access database ID from JWT claims
 - **Type-Safe Extraction**: Proper error handling for invalid claim values
@@ -93,18 +92,6 @@ SELECT jwt_public.current_user_id();
 
 **JWT Claim:** `jwt.claims.user_id`
 
-### jwt_public.current_group_ids()
-Extracts the user's group IDs from JWT claims.
-
-**Returns:** `uuid[]` - Array of group IDs, or empty array if not set
-
-**Usage:**
-```sql
-SELECT jwt_public.current_group_ids();
-```
-
-**JWT Claim:** `jwt.claims.group_ids`
-
 ### jwt_public.current_ip_address()
 Extracts the client's IP address from JWT claims.
 
@@ -151,9 +138,6 @@ JWT claims are set as PostgreSQL session variables, typically by your authentica
 -- Set user ID claim
 SELECT set_config('jwt.claims.user_id', 'user-uuid-here', false);
 
--- Set group IDs claim
-SELECT set_config('jwt.claims.group_ids', '{uuid1,uuid2,uuid3}', false);
-
 -- Set IP address claim
 SELECT set_config('jwt.claims.ip_address', '192.168.1.1', false);
 
@@ -176,11 +160,6 @@ CREATE POLICY user_posts ON posts
   TO authenticated
   USING (user_id = jwt_public.current_user_id());
 
--- Users can see posts from their groups
-CREATE POLICY group_posts ON posts
-  FOR SELECT
-  TO authenticated
-  USING (group_id = ANY(jwt_public.current_group_ids()));
 ```
 
 ### Using Claims in Functions
@@ -200,13 +179,6 @@ BEGIN
 END;
 $$ LANGUAGE plpgsql;
 
--- Function that checks group membership
-CREATE FUNCTION user_in_group(group_id uuid)
-RETURNS boolean AS $$
-BEGIN
-  RETURN group_id = ANY(jwt_public.current_group_ids());
-END;
-$$ LANGUAGE plpgsql;
 ```
 
 ### Audit Logging with JWT Claims
@@ -311,10 +283,6 @@ All functions include error handling for invalid claim values:
 -- If jwt.claims.user_id is not a valid UUID
 SELECT jwt_public.current_user_id();
 -- Returns NULL and raises NOTICE: 'Invalid UUID value'
-
--- If jwt.claims.group_ids is not a valid UUID array
-SELECT jwt_public.current_group_ids();
--- Returns empty array [] and raises NOTICE: 'Invalid UUID value'
 ```
 
 ## Security Considerations

packages/jwt-claims/__tests__/__snapshots__/jwt.test.ts.snap

@@ -19,16 +19,6 @@ exports[`get values 3`] = `
 `;
 
 exports[`get values 4`] = `
-{
-  "group_ids": [
-    "f12c75c2-47d5-43fd-9223-d42d08f51942",
-    "d96d32b4-e819-4cb1-8a27-e27e763e0d7f",
-    "c8a27b31-1d40-4f40-9cb0-e96a44e68072",
-  ],
-}
-`;
-
-exports[`get values 5`] = `
 {
   "user_id": "b9d22af1-62c7-43a5-b8c4-50630bbd4962",
 }

packages/jwt-claims/__tests__/jwt.test.ts

@@ -5,12 +5,7 @@ let teardown: () => Promise<void>;
 
 const jwt = {
   user_id: 'b9d22af1-62c7-43a5-b8c4-50630bbd4962',
-  database_id: '44744c94-93cf-425a-b524-ce6f1466e327',
-  group_ids: [
-    'f12c75c2-47d5-43fd-9223-d42d08f51942',
-    'd96d32b4-e819-4cb1-8a27-e27e763e0d7f',
-    'c8a27b31-1d40-4f40-9cb0-e96a44e68072'
-  ]
+  database_id: '44744c94-93cf-425a-b524-ce6f1466e327'
 };
 
 beforeAll(async () => {
@@ -28,15 +23,13 @@ it('get values', async () => {
       set_config('jwt.claims.user_agent', $1, true),
       set_config('jwt.claims.ip_address', $2, true),
       set_config('jwt.claims.database_id', $3, true),
-      set_config('jwt.claims.user_id', $4, true),
-      set_config('jwt.claims.group_ids', $5, true)
+      set_config('jwt.claims.user_id', $4, true)
     `,
     [
       'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36',
       '127.0.0.1',
       jwt.database_id,
-      jwt.user_id,
-      `{${jwt.group_ids.join(',')}}`
+      jwt.user_id
     ]
   );
 
@@ -49,9 +42,6 @@ it('get values', async () => {
   const { database_id } = await pg.one(
     `select jwt_private.current_database_id() as database_id`
   );
-  const { group_ids } = await pg.one(
-    `select jwt_public.current_group_ids() as group_ids`
-  );
   const { user_id } = await pg.one(
     `select jwt_public.current_user_id() as user_id`
   );
@@ -60,6 +50,5 @@ it('get values', async () => {
   expect({ user_agent }).toMatchSnapshot();
   expect({ ip_address }).toMatchSnapshot();
   expect({ database_id }).toMatchSnapshot();
-  expect({ group_ids }).toMatchSnapshot();
   expect({ user_id }).toMatchSnapshot();
 });

packages/jwt-claims/deploy/schemas/jwt_public/procedures/current_group_ids.sql

@@ -13,7 +13,6 @@ schemas/jwt_public/procedures/current_user_id [schemas/jwt_public/schema] 2020-1
 schemas/jwt_public/procedures/current_ip_address [schemas/jwt_public/schema] 2020-12-17T23:19:17Z Dan Lynch <dlynch@Dans-MBP-3> # add schemas/jwt_public/procedures/current_ip_address
 schemas/jwt_public/procedures/current_user_agent [schemas/jwt_public/schema] 2020-12-17T23:20:04Z Dan Lynch <dlynch@Dans-MBP-3> # add schemas/jwt_public/procedures/current_user_agent
 schemas/jwt_public/procedures/current_origin [schemas/jwt_public/schema] 2017-08-11T08:11:51Z skitch <skitch@5b0c196eeb62> # add schemas/jwt_public/procedures/current_origin
-schemas/jwt_public/procedures/current_group_ids [schemas/jwt_public/schema] 2020-12-17T23:30:50Z Dan Lynch <dlynch@Dans-MBP-3> # add schemas/jwt_public/procedures/current_group_ids
 schemas/jwt_private/schema 2020-12-17T06:47:34Z Dan Lynch <dlynch@Dans-MBP-3> # add schemas/jwt_private/schema
 schemas/jwt_private/procedures/current_database_id [schemas/jwt_private/schema] 2020-12-17T23:22:28Z Dan Lynch <dlynch@Dans-MBP-3> # add schemas/jwt_private/procedures/current_database_id
 schemas/jwt_private/procedures/current_token_id [schemas/jwt_private/schema] 2017-08-11T08:11:51Z skitch <skitch@5b0c196eeb62> # add schemas/jwt_private/procedures/current_token_id

packages/jwt-claims/pgpm.plan

@@ -115,26 +115,6 @@ CREATE FUNCTION jwt_public.current_origin() RETURNS origin AS $EOFCODE$
   SELECT nullif(current_setting('jwt.claims.origin', true), '')::origin;
 $EOFCODE$ LANGUAGE sql STABLE;
 
-CREATE FUNCTION jwt_public.current_group_ids() RETURNS uuid[] AS $EOFCODE$
-DECLARE
-  v_identifier_ids uuid[];
-BEGIN
-  IF current_setting('jwt.claims.group_ids', TRUE)
-    IS NOT NULL THEN
-    BEGIN
-      v_identifier_ids = current_setting('jwt.claims.group_ids', TRUE)::uuid[];
-    EXCEPTION
-      WHEN OTHERS THEN
-      RAISE NOTICE 'Invalid UUID value';
-    RETURN ARRAY[]::uuid[];
-    END;
-    RETURN v_identifier_ids;
-  ELSE
-    RETURN ARRAY[]::uuid[];
-  END IF;
-END;
-$EOFCODE$ LANGUAGE plpgsql STABLE;
-
 CREATE SCHEMA jwt_private;
 
 GRANT USAGE ON SCHEMA jwt_private TO authenticated, anonymous;