Updates docs for vote ranking and RLS

Author: dthyresson

README.md

@@ -34,6 +34,9 @@ A basic HackerNews-like clone where posts can be submitted with url links and th
 - Create Comment
 - Delete Comment
 - Upvote/Downvote Post
+- View Profile (Account)
+- View Profile (Public)
+- Pagination (Posts, Comments)
 
 ## QuickStart
 
@@ -104,7 +107,7 @@ dbmate dump
 - Post `url` is unique
 - Vote is unique per Profile, Post (ie, you cannot vote more than once -- up or down)
 
-See: `./data/db/schema.sql`
+See: [`./data/db/schema.sql`](./data/db/schema.sql)
 
 > Note: The schema includes the entire Supabase schema with auth, storage, functions, etc.
 
@@ -116,10 +119,12 @@ Note: Assumes a known `profileId` currently.
 
 ## GraphQL Schema
 
-See: `./graphql/schema/schema.graphql`
+See: [`./graphql/schema/schema.graphql`](./graphql/schema/schema.graphql)
 
 ## Example Query
 
+See: [`./graphql/queries/`](./graphql/queries/)
+
 Use: `https://mvrfvzcivgabojxddwtk.supabase.co/rest/v1/rpc/graphql`
 
 Note: Needs headers
@@ -173,6 +178,10 @@ query {
 }
 ```
 
+# Row Level Security Matrix (RLS)
+
+See: [Row Level Security Matrix (RLS)](./data/supabase/rls-policies.md)
+
 ## Read More
 
 - [pg_graphql](https://supabase.github.io/pg_graphql)

data/supabase/06-update-post-vote-counts.sql

@@ -4,7 +4,7 @@ BEGIN
 
 WITH r AS (
 SELECT
-	"postId",
+	coalesce("Vote"."postId", "Post".id) AS "postId",
 	count(1) "voteTotal",
 	count(1) FILTER (WHERE direction = 'UP') "upVoteTotal",
 	count(1) FILTER (WHERE direction = 'DOWN') "downVoteTotal",
@@ -16,25 +16,30 @@ SELECT
 			ELSE
 				0
 			END), 0) "voteDelta",
-	abs(sum(
+	sum(
 		CASE WHEN direction = 'UP' THEN
 			1
 		WHEN direction = 'DOWN' THEN
 			- 1
 		ELSE
 			0
-		END) - 1 / (DATE_PART('hour', now() - max("createdAt")) + 2) ^ 1.8) AS "score",
-	dense_rank() OVER (ORDER BY sum( CASE WHEN direction = 'UP' THEN
+		END) - 1 / (DATE_PART('hour', now() - max("Vote"."createdAt")) + 2) ^ 1.8 AS "score",
+	rank() OVER (ORDER BY coalesce(sum( CASE WHEN direction = 'UP' THEN
 			1
 		WHEN direction = 'DOWN' THEN
 			- 1
 		ELSE
 			0
-		END) - 1 / (DATE_PART('hour', now() - max("createdAt")) + 2) ^ 1.8 DESC) "voteRank"
+		END) - 1 / (DATE_PART('hour', now() - max("Vote"."createdAt")) + 2) ^ 1.8, '-infinity')
+		DESC,
+		"Post"."createdAt" DESC,
+		"Post".title ASC) "voteRank"
 FROM
 	"Vote"
+	RIGHT JOIN "Post" ON "Vote"."postId" = "Post".id
 GROUP BY
-	"postId"
+	"Post".id,
+	"Vote"."postId"
 )
 
 UPDATE

data/supabase/08-update-post-cascahe-delete-constraints.sql

@@ -0,0 +1,12 @@
+ALTER TABLE ONLY public."Comment"
+    DROP CONSTRAINT "Comment_postId_fkey";
+
+ALTER TABLE ONLY public."Comment"
+    ADD CONSTRAINT "Comment_postId_fkey" FOREIGN KEY ("postId") REFERENCES public."Post"(id) ON DELETE CASCADE;
+
+ALTER TABLE ONLY public."Vote"
+    DROP CONSTRAINT "DownVote_postId_fkey";
+
+ALTER TABLE ONLY public."Vote"
+    ADD CONSTRAINT "Vote_postId_fkey" FOREIGN KEY ("postId") REFERENCES public."Post"(id) ON DELETE CASCADE;
+

data/supabase/rls-policies.md

@@ -0,0 +1,33 @@
+# Row Level Security Matrix (RLS)
+
+## Profile
+
+- All users can `SELECT` all `PROFILE`s
+- Only authenticated users can CREATE `PROFILE`
+- Only `PROFILE`s where auth user is `id` can `UPDATE`
+- No `PROFILE` `DELETE`. This might be an Admin role eventually.
+
+## Posts
+
+- All users can `SELECT` all `POST`s
+- Only authenticated users can `CREATE POST`
+- Only `POST`s where auth user is `profileId` can `UPDATE`
+- Only `POST`s where auth user is `profileId` can `DELETE`
+
+FYI: `DELETE POST` cascade to `COMMENT`s and V`OTE`s
+
+## Comment
+
+- All users can `SELECT` all `COMMENT`s
+- Only authenticated users can `CREATE COMMENT`
+- Only `COMMENT`s where auth user is `profileId` can `UPDATE`
+- Only `COMMENT`s where auth user is `profileId` can `DELETE`
+
+## Vote
+
+- All users can `SELECT` all `VOTE`s
+- Only authenticated users can `CREATE VOTE`
+- Only `VOTE`s where auth user is `profileId` can `UPDATE`
+- Only `VOTE`s where auth user is `profileId` can `DELETE`
+
+Note: Does this mean I can see how people voted?

graphql/queries/hasProfileVotes.graphql

@@ -0,0 +1,26 @@
+query {
+  post: postCollection(filter: { id: { eq: 22 } }, first: 1) {
+    edges {
+      post: node {
+        id
+        title
+        upVoteCount: voteCollection(
+          filter: {
+            profileId: { eq: "3e223118-04b2-4faa-8ed9-d3995fc50975" }
+            direction: { eq: "UP" }
+          }
+        ) {
+          totalCount
+        }
+        downVoteCount: voteCollection(
+          filter: {
+            profileId: { eq: "3e223118-04b2-4faa-8ed9-d3995fc50975" }
+            direction: { eq: "DOWN" }
+          }
+        ) {
+          totalCount
+        }
+      }
+    }
+  }
+}