From e6a0717c8454aef47bac2c93cc36b8f069b768d9 Mon Sep 17 00:00:00 2001
From: lukinovec <lukinovec@gmail.com>
Date: Mon, 13 Feb 2023 15:30:16 +0100
Subject: [PATCH] Add jobs for creating/deleting Postgres roles

---
 src/Jobs/CreatePostgresRoleForTenant.php | 45 +++++++++++++++++++++++
 src/Jobs/DeleteTenantsPostgresRole.php   | 46 ++++++++++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 src/Jobs/CreatePostgresRoleForTenant.php
 create mode 100644 src/Jobs/DeleteTenantsPostgresRole.php

diff --git a/src/Jobs/CreatePostgresRoleForTenant.php b/src/Jobs/CreatePostgresRoleForTenant.php
new file mode 100644
index 00000000..0f3e9dcb
--- /dev/null
+++ b/src/Jobs/CreatePostgresRoleForTenant.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace Stancl\Tenancy\Jobs;
+
+use Illuminate\Bus\Queueable;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Database\QueryException;
+use Stancl\Tenancy\Database\Contracts\TenantWithDatabase;
+
+class CreatePostgresRoleForTenant implements ShouldQueue
+{
+    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
+
+    /**
+     * Create a new job instance.
+     *
+     * @return void
+     */
+    public function __construct(
+        protected TenantWithDatabase&Model $tenant,
+    ) {
+    }
+
+    /**
+     * Execute the job.
+     *
+     * @return void
+     */
+    public function handle()
+    {
+        $name = $this->tenant->getTenantKey();
+        $password = $this->tenant->database()->getPassword() ?? 'password';
+
+        try {
+            DB::statement("CREATE ROLE \"$name\" LOGIN PASSWORD '$password';");
+        } catch (QueryException $exception) {
+            // Skip creating Postgres role if it already exists
+        }
+    }
+}
diff --git a/src/Jobs/DeleteTenantsPostgresRole.php b/src/Jobs/DeleteTenantsPostgresRole.php
new file mode 100644
index 00000000..15151c9a
--- /dev/null
+++ b/src/Jobs/DeleteTenantsPostgresRole.php
@@ -0,0 +1,46 @@
+<?php
+
+namespace Stancl\Tenancy\Jobs;
+
+use Illuminate\Bus\Queueable;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Database\QueryException;
+use Stancl\Tenancy\Database\Contracts\TenantWithDatabase;
+
+class DeleteTenantsPostgresRole implements ShouldQueue
+{
+    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
+
+    /**
+     * Create a new job instance.
+     *
+     * @return void
+     */
+    public function __construct(
+        protected TenantWithDatabase&Model $tenant,
+    ) {
+    }
+
+    /**
+     * Execute the job.
+     *
+     * @return void
+     */
+    public function handle()
+    {
+        $tenantKey = $this->tenant->getTenantKey();
+
+        // Revoke all permissions of a role before dropping it
+        try {
+            DB::statement("DROP OWNED BY \"{$tenantKey}\";");
+            DB::statement("DROP ROLE \"{$tenantKey}\";");
+        } catch (QueryException $exception) {
+            // Skip dropping permissions if the role doesn't exist
+        }
+    }
+}