feat: dropping signature_md5 trigger function

bcgov · Mar 23, 2021 · b0dddf2 · b0dddf2
1 parent d3a74fc
commit b0dddf2
Show file tree

Hide file tree

Showing 7 changed files with 120 additions and 50 deletions.
diff --git a/schema/deploy/trigger_functions/signature_md5.sql b/schema/deploy/trigger_functions/signature_md5.sql
@@ -2,53 +2,7 @@
 -- requires: schema_ggircs_portal_private
 
 begin;
-  create or replace function ggircs_portal_private.signature_md5()
-    returns trigger as $$
 
-  declare
-    form_result_hash bytea;
-    temp_row record;
-    user_sub uuid;
-    ciip_user_id int;
-    app_revision ggircs_portal.application_revision;
-
-  begin
-    -- Get current user
-    user_sub := (select sub from ggircs_portal.session());
-    ciip_user_id := (select id from ggircs_portal.ciip_user as cu where cu.uuid = user_sub);
-
-    -- Get current hash of form_results
-    form_result_hash := (select ggircs_portal_private.current_form_results_md5(new.application_id, new.version_number));
-
-    -- Update of application_revision_status (submitting an application)
-    if (tg_argv[0] = 'submission') then
-      if (new.application_revision_status='submitted') then
-        app_revision = (select row(application_revision.*) from ggircs_portal.application_revision where application_id=new.application_id and version_number=new.version_number);
-        if ((select form_results_md5 from ggircs_portal.application_revision_certification_url(app_revision)) != form_result_hash and new.version_number > 0) then
-          raise exception 'current hash of form results for application % version % does not match the hash in the certification_url table', new.application_id, new.version_number;
-        elsif ((select certification_signature from ggircs_portal.application_revision_certification_url(app_revision)) is null and new.version_number > 0) then
-          raise exception 'application % version % has not been signed by a certifier', new.application_id, new.version_number;
-        end if;
-      end if;
-
-    -- Creating a row in certification_url
-    elsif (tg_op = 'INSERT' and tg_argv[0] is null) then
-      new.form_results_md5 = form_result_hash;
-
-    -- Updating the certification_signature in certification_url
-    elsif (tg_op = 'UPDATE' and tg_argv[0] is null) then
-      if (new.form_results_md5 != form_result_hash) then
-        raise notice 'CURRENT HASH: %, CERTIFICATION_URL HASH: %', form_result_hash, new.form_results_md5;
-        raise exception 'current hash of form results for application % version % does not match the hash in the certification_url table', new.application_id, new.version_number;
-      end if;
-      new.certified_at = now();
-      new.certified_by = ciip_user_id;
-    end if;
-
-    return new;
-  end;
-  $$ language plpgsql volatile;
-
-comment on function ggircs_portal_private.signature_md5 is 'Trigger function sets and checks the hash of form results & the state of the certification signature';
+  drop function ggircs_portal_private.signature_md5;
 
 commit;
diff --git a/schema/deploy/trigger_functions/signature_md5@v1.16.0.sql b/schema/deploy/trigger_functions/signature_md5@v1.16.0.sql
@@ -0,0 +1,54 @@
+-- Deploy ggircs-portal:trigger_functions/signature_md5 to pg
+-- requires: schema_ggircs_portal_private
+
+begin;
+  create or replace function ggircs_portal_private.signature_md5()
+    returns trigger as $$
+
+  declare
+    form_result_hash bytea;
+    temp_row record;
+    user_sub uuid;
+    ciip_user_id int;
+    app_revision ggircs_portal.application_revision;
+
+  begin
+    -- Get current user
+    user_sub := (select sub from ggircs_portal.session());
+    ciip_user_id := (select id from ggircs_portal.ciip_user as cu where cu.uuid = user_sub);
+
+    -- Get current hash of form_results
+    form_result_hash := (select ggircs_portal_private.current_form_results_md5(new.application_id, new.version_number));
+
+    -- Update of application_revision_status (submitting an application)
+    if (tg_argv[0] = 'submission') then
+      if (new.application_revision_status='submitted') then
+        app_revision = (select row(application_revision.*) from ggircs_portal.application_revision where application_id=new.application_id and version_number=new.version_number);
+        if ((select form_results_md5 from ggircs_portal.application_revision_certification_url(app_revision)) != form_result_hash and new.version_number > 0) then
+          raise exception 'current hash of form results for application % version % does not match the hash in the certification_url table', new.application_id, new.version_number;
+        elsif ((select certification_signature from ggircs_portal.application_revision_certification_url(app_revision)) is null and new.version_number > 0) then
+          raise exception 'application % version % has not been signed by a certifier', new.application_id, new.version_number;
+        end if;
+      end if;
+
+    -- Creating a row in certification_url
+    elsif (tg_op = 'INSERT' and tg_argv[0] is null) then
+      new.form_results_md5 = form_result_hash;
+
+    -- Updating the certification_signature in certification_url
+    elsif (tg_op = 'UPDATE' and tg_argv[0] is null) then
+      if (new.form_results_md5 != form_result_hash) then
+        raise notice 'CURRENT HASH: %, CERTIFICATION_URL HASH: %', form_result_hash, new.form_results_md5;
+        raise exception 'current hash of form results for application % version % does not match the hash in the certification_url table', new.application_id, new.version_number;
+      end if;
+      new.certified_at = now();
+      new.certified_by = ciip_user_id;
+    end if;
+
+    return new;
+  end;
+  $$ language plpgsql volatile;
+
+comment on function ggircs_portal_private.signature_md5 is 'Trigger function sets and checks the hash of form results & the state of the certification signature';
+
+commit;
diff --git a/schema/revert/trigger_functions/signature_md5.sql b/schema/revert/trigger_functions/signature_md5.sql
@@ -1,7 +1,54 @@
--- Revert ggircs-portal:trigger_functions/signature_md5 from pg
+-- Deploy ggircs-portal:trigger_functions/signature_md5 to pg
+-- requires: schema_ggircs_portal_private
 
 begin;
+  create or replace function ggircs_portal_private.signature_md5()
+    returns trigger as $$
 
-drop function ggircs_portal_private.signature_md5;
+  declare
+    form_result_hash bytea;
+    temp_row record;
+    user_sub uuid;
+    ciip_user_id int;
+    app_revision ggircs_portal.application_revision;
+
+  begin
+    -- Get current user
+    user_sub := (select sub from ggircs_portal.session());
+    ciip_user_id := (select id from ggircs_portal.ciip_user as cu where cu.uuid = user_sub);
+
+    -- Get current hash of form_results
+    form_result_hash := (select ggircs_portal_private.current_form_results_md5(new.application_id, new.version_number));
+
+    -- Update of application_revision_status (submitting an application)
+    if (tg_argv[0] = 'submission') then
+      if (new.application_revision_status='submitted') then
+        app_revision = (select row(application_revision.*) from ggircs_portal.application_revision where application_id=new.application_id and version_number=new.version_number);
+        if ((select form_results_md5 from ggircs_portal.application_revision_certification_url(app_revision)) != form_result_hash and new.version_number > 0) then
+          raise exception 'current hash of form results for application % version % does not match the hash in the certification_url table', new.application_id, new.version_number;
+        elsif ((select certification_signature from ggircs_portal.application_revision_certification_url(app_revision)) is null and new.version_number > 0) then
+          raise exception 'application % version % has not been signed by a certifier', new.application_id, new.version_number;
+        end if;
+      end if;
+
+    -- Creating a row in certification_url
+    elsif (tg_op = 'INSERT' and tg_argv[0] is null) then
+      new.form_results_md5 = form_result_hash;
+
+    -- Updating the certification_signature in certification_url
+    elsif (tg_op = 'UPDATE' and tg_argv[0] is null) then
+      if (new.form_results_md5 != form_result_hash) then
+        raise notice 'CURRENT HASH: %, CERTIFICATION_URL HASH: %', form_result_hash, new.form_results_md5;
+        raise exception 'current hash of form results for application % version % does not match the hash in the certification_url table', new.application_id, new.version_number;
+      end if;
+      new.certified_at = now();
+      new.certified_by = ciip_user_id;
+    end if;
+
+    return new;
+  end;
+  $$ language plpgsql volatile;
+
+comment on function ggircs_portal_private.signature_md5 is 'Trigger function sets and checks the hash of form results & the state of the certification signature';
 
 commit;
diff --git a/schema/revert/trigger_functions/signature_md5@v1.16.0.sql b/schema/revert/trigger_functions/signature_md5@v1.16.0.sql
@@ -0,0 +1,7 @@
+-- Revert ggircs-portal:trigger_functions/signature_md5 from pg
+
+begin;
+
+drop function ggircs_portal_private.signature_md5;
+
+commit;
diff --git a/schema/sqitch.plan b/schema/sqitch.plan
@@ -286,3 +286,4 @@ policies/form_result_policies_001 [policies/form_result_policies] 2021-03-15T18:
 database_functions/get_valid_applications_for_certifier [database_functions/get_valid_applications_for_certifier@v1.16.0] 2021-03-15T20:29:13Z Pierre Bastianelli <pierre.bastianelli@gov.bc.ca> # removing function as a part of certifier role deprecation
 trigger_functions/run_graphile_worker_job [trigger_functions/run_graphile_worker_job@v1.16.0] 2021-03-15T20:44:38Z Pierre Bastianelli <pierre.bastianelli@gov.bc.ca> # removing jobs related to certification
 tables/certification_url_001 [tables/certification_url] 2021-03-15T21:50:02Z Pierre Bastianelli <pierre.bastianelli@gov.bc.ca> # dropping triggers for removed functions
+trigger_functions/signature_md5 [trigger_functions/signature_md5@v1.16.0] 2021-03-15T22:58:28Z Pierre Bastianelli <pierre.bastianelli@gov.bc.ca> # removing since we don't certify applications anymore
diff --git a/schema/verify/trigger_functions/signature_md5.sql b/schema/verify/trigger_functions/signature_md5.sql
@@ -2,6 +2,6 @@
 
 begin;
 
-select pg_get_functiondef('ggircs_portal_private.signature_md5()'::regprocedure);
+select ggircs_portal_private.verify_function_not_present('ggircs_portal_private.signature_md5');
 
 rollback;
diff --git a/schema/verify/trigger_functions/signature_md5@v1.16.0.sql b/schema/verify/trigger_functions/signature_md5@v1.16.0.sql
@@ -0,0 +1,7 @@
+-- Verify ggircs-portal:trigger_functions/signature_md5 on pg
+
+begin;
+
+select pg_get_functiondef('ggircs_portal_private.signature_md5()'::regprocedure);
+
+rollback;