PostgREST: Batch uploading of older data

[freol35241]

How to deal with the following constraints:

• A user may only INSERT data for her allowed set of vessel_ids (defaulting to no permission to insert)
• The inserted data must conform to the allowed tag names

[freol35241]

This should all be possible by combining:

• A CHECK constraint on the tag parameter_id column to ensure nothing but the acceptable tag names gets inserted
• A new role with INSERT permissions on the vessel_data view
• Introduce row level security on vessel_data.master
• Apply a permissive policy on SELECT for the
• Apply a specific policy for INSERTing data that makes use of current_setting (see here) that checks a JWT claim of choice.
• Make sure that RLS is performed using the invoking user by enabling security_invoker on the view (see here)

This way it should be configurable from a specific claim in the JWT which vessel_ids the token bearer may insert data to.