Add Security to Citizen

src/main/resources/sql/fixtures/01-user.sql

@@ -5,12 +5,13 @@ declare
     multiple int = coalesce(current_setting('fixture.quantity.multiple', true), '50')::int;
 begin
     delete from "user";
-    insert into "user" (id, username, password, blocked_at)
+    insert into "user" (id, username, password, blocked_at, roles)
     select
         uuid_in(md5('user'||rn::text)::cstring),
         'username' || rn,
         _password,
-        case when rn % 10 = 0 then now() else null end
+        case when rn % 10 = 0 then now() else null end,
+        case when rn % 2 = 0 then '{ROLE_USER}'::text[] else '{ROLE_ADMIN}'::text[] end
     from generate_series(1, multiple) rn;
 
     raise notice 'user fixtures done';

src/main/resources/sql/functions/user/insert_user.sql

@@ -3,12 +3,13 @@ $$
 declare
     new_id uuid;
 begin
-    insert into "user" (id, username, password, blocked_at)
+    insert into "user" (id, username, password, blocked_at, roles)
     select
         coalesce(t.id, uuid_generate_v4()),
         t.username,
         crypt(resource->>'plain_password', gen_salt('bf', 8)),
-        case when t.blocked_at is not null then now() else null end
+        case when t.blocked_at is not null then now() else null end,
+        t.roles
     from json_populate_record(null::"user", resource) t
     returning id into new_id;
 

src/main/resources/sql/migrations/0000-init_schema.up.sql

@@ -6,7 +6,8 @@ create table "user"
     updated_at timestamptz default now()              not null check ( updated_at >= created_at ),
     blocked_at timestamptz default null               null,
     username   varchar(64)                            not null check ( username != '' and lower(username) = username) unique,
-    password   text                                   not null check ( password != '' )
+    password   text                                   not null check ( password != '' ),
+    roles      text[]      default '{}'               not null
 );
 
 create table citizen