refactor: split monolithic migration into 7 goose files

001_init_schemas — extensions, schemas, uuid_v7 functions 002_core_tables — core.users, mime_types, object_types 003_data_tables — data.categories, tags, tag_rules, files, file_tag, pools, file_pool 004_acl_tables — acl.permissions 005_activity_tables — activity.action_types, sessions, file_views, pool_views, tag_uses, audit_log 006_indexes — all indexes across all schemas 007_seed_data — object_types and action_types reference rows Each file has -- +goose Up / Down annotations; downs drop in reverse dependency order. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-03 18:40:36 +03:00
parent 830e411d92
commit b692fabed5
8 changed files with 437 additions and 425 deletions
@@ -0,0 +1,22 @@
+-- +goose Up
+
+-- If is_public=true on the object, it is accessible to everyone (ACL ignored).
+-- If is_public=false, only creator and users with can_view=true see it.
+-- Admins bypass all ACL checks.
+CREATE TABLE acl.permissions (
+    user_id        smallint NOT NULL REFERENCES core.users(id)
+                            ON UPDATE CASCADE ON DELETE CASCADE,
+    object_type_id smallint NOT NULL REFERENCES core.object_types(id)
+                            ON UPDATE CASCADE ON DELETE RESTRICT,
+    object_id      uuid     NOT NULL,
+    can_view       boolean  NOT NULL DEFAULT true,
+    can_edit       boolean  NOT NULL DEFAULT false,
+
+    PRIMARY KEY (user_id, object_type_id, object_id)
+);
+
+COMMENT ON TABLE acl.permissions IS 'Per-object permissions (used when is_public=false)';
+
+-- +goose Down
+
+DROP TABLE IF EXISTS acl.permissions;