Mercurial > gemma
annotate schema/manage_users.sql @ 5560:f2204f91d286
Join the log lines of imports to the log exports to recover data from them.
Used in SR export to extract information that where in the meta json
but now are only found in the log.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Wed, 09 Feb 2022 18:34:40 +0100 |
parents | 5e3e3d9e2c23 |
children |
rev | line source |
---|---|
1298
6590208e3ee1
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
478
diff
changeset
|
1 -- This is Free Software under GNU Affero General Public License v >= 3.0 |
6590208e3ee1
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
478
diff
changeset
|
2 -- without warranty, see README.md and license for details. |
6590208e3ee1
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
478
diff
changeset
|
3 |
6590208e3ee1
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
478
diff
changeset
|
4 -- SPDX-License-Identifier: AGPL-3.0-or-later |
6590208e3ee1
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
478
diff
changeset
|
5 -- License-Filename: LICENSES/AGPL-3.0.txt |
6590208e3ee1
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
478
diff
changeset
|
6 |
2912
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
7 -- Copyright (C) 2018, 2019 by via donau |
1298
6590208e3ee1
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
478
diff
changeset
|
8 -- – Österreichische Wasserstraßen-Gesellschaft mbH |
6590208e3ee1
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
478
diff
changeset
|
9 -- Software engineering by Intevation GmbH |
6590208e3ee1
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
478
diff
changeset
|
10 |
6590208e3ee1
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
478
diff
changeset
|
11 -- Author(s): |
1301
2304778c4432
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
1298
diff
changeset
|
12 -- * Tom Gottfried <tom@intevation.de> |
1336
f65d1767452c
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
1301
diff
changeset
|
13 -- * Sacha Teichmann <sascha.teichmann@intevation.de> |
1298
6590208e3ee1
add headers for licensing to some schema files
Fadi Abbud <fadi.abbud@intevation.de>
parents:
478
diff
changeset
|
14 |
185
a9d9c2b1d08c
Add database function to create role and user profile
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
15 -- |
a9d9c2b1d08c
Add database function to create role and user profile
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
16 -- Functions encapsulating user management functionality and |
262
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
17 -- exposing it to appropriately privileged users |
185
a9d9c2b1d08c
Add database function to create role and user profile
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
18 -- |
a9d9c2b1d08c
Add database function to create role and user profile
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
19 |
312
0745b4d336c4
Place functions in more matching schemas
Tom Gottfried <tom@intevation.de>
parents:
307
diff
changeset
|
20 CREATE OR REPLACE FUNCTION internal.check_password( |
262
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
21 pw varchar |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
22 ) |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
23 RETURNS varchar |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
24 AS $$ |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
25 DECLARE |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
26 min_len CONSTANT int = 8; |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
27 BEGIN |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
28 IF char_length(pw) < min_len |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
29 OR pw NOT SIMILAR TO '%[^[:alnum:]]%' |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
30 OR pw NOT SIMILAR TO '%[[:digit:]]%' |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
31 THEN |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
32 RAISE invalid_password USING MESSAGE = 'Invalid password'; |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
33 ELSE |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
34 RETURN pw; |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
35 END IF; |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
36 END; |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
37 $$ |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
38 LANGUAGE plpgsql; |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
39 |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
40 |
2912
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
41 CREATE OR REPLACE FUNCTION users.current_user_area_utm() |
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
42 RETURNS geometry |
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
43 AS $$ |
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
44 DECLARE utm_area geometry; |
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
45 BEGIN |
4389
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
46 SELECT ST_Union(ST_Transform(area::geometry, z)) |
2912
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
47 INTO STRICT utm_area |
4389
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
48 FROM (SELECT area, |
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
49 best_utm(ST_Collect(area::geometry) OVER ()) AS z |
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
50 FROM users.stretches st |
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
51 JOIN users.stretch_countries stc |
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
52 ON stc.stretch_id = st.id |
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
53 WHERE country = (SELECT country |
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
54 FROM users.list_users |
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
55 WHERE username = current_user)) AS st; |
4158
5466562cca60
Remove utility function with possibly bad performance impact
Tom Gottfried <tom@intevation.de>
parents:
2915
diff
changeset
|
56 RETURN utm_area; |
2912
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
57 END; |
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
58 $$ |
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
59 LANGUAGE plpgsql |
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
60 STABLE PARALLEL SAFE; |
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
61 |
93fa55bce126
Add utility function to get users area of responsibility
Tom Gottfried <tom@intevation.de>
parents:
1338
diff
changeset
|
62 |
343
5b03f420957d
Use INSTEAD OF trigger for user creation
Tom Gottfried <tom@intevation.de>
parents:
342
diff
changeset
|
63 CREATE OR REPLACE FUNCTION internal.create_user() RETURNS trigger |
185
a9d9c2b1d08c
Add database function to create role and user profile
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
64 AS $$ |
a9d9c2b1d08c
Add database function to create role and user profile
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
65 BEGIN |
343
5b03f420957d
Use INSTEAD OF trigger for user creation
Tom Gottfried <tom@intevation.de>
parents:
342
diff
changeset
|
66 IF NEW.map_extent IS NULL |
212
229f385448fa
Make map extent mandatory
Tom Gottfried <tom@intevation.de>
parents:
207
diff
changeset
|
67 THEN |
370
fe87457a05d7
Store spatial data as geography
Tom Gottfried <tom@intevation.de>
parents:
343
diff
changeset
|
68 NEW.map_extent = ST_Extent(CAST(area AS geometry)) |
4389
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
69 FROM users.stretches st |
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
70 JOIN users.stretch_countries stc ON stc.stretch_id = st.id |
5e38667f740c
Use stretches as areas of responsibility.
Sascha Wilde <wilde@intevation.de>
parents:
4158
diff
changeset
|
71 WHERE stc.country = NEW.country; |
212
229f385448fa
Make map extent mandatory
Tom Gottfried <tom@intevation.de>
parents:
207
diff
changeset
|
72 END IF; |
4723
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
73 |
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
74 IF NEW.username IS NOT NULL |
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
75 -- otherwise let the constraint on user_profiles speak |
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
76 THEN |
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
77 EXECUTE format( |
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
78 'CREATE ROLE %I IN ROLE %I LOGIN PASSWORD %L', |
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
79 NEW.username, |
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
80 NEW.rolname, |
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
81 internal.check_password(NEW.pw)); |
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
82 END IF; |
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
83 |
268
72062ca52746
Make user_profiles table invisible for users
Tom Gottfried <tom@intevation.de>
parents:
263
diff
changeset
|
84 INSERT INTO internal.user_profiles ( |
5500
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
85 username, country, map_extent, email_address, |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
86 report_reciever, active) |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
87 VALUES (NEW.username, NEW.country, NEW.map_extent, NEW.email_address, |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
88 NEW.report_reciever, NEW.active); |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
89 |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
90 IF NEW.active THEN |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
91 EXECUTE format( |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
92 'ALTER ROLE %I LOGIN', NEW.username); |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
93 ELSE |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
94 EXECUTE format( |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
95 'ALTER ROLE %I NOLOGIN', NEW.username); |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
96 END IF; |
343
5b03f420957d
Use INSTEAD OF trigger for user creation
Tom Gottfried <tom@intevation.de>
parents:
342
diff
changeset
|
97 |
5b03f420957d
Use INSTEAD OF trigger for user creation
Tom Gottfried <tom@intevation.de>
parents:
342
diff
changeset
|
98 -- Do not leak new password |
5b03f420957d
Use INSTEAD OF trigger for user creation
Tom Gottfried <tom@intevation.de>
parents:
342
diff
changeset
|
99 NEW.pw = ''; |
5b03f420957d
Use INSTEAD OF trigger for user creation
Tom Gottfried <tom@intevation.de>
parents:
342
diff
changeset
|
100 RETURN NEW; |
185
a9d9c2b1d08c
Add database function to create role and user profile
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
101 END; |
a9d9c2b1d08c
Add database function to create role and user profile
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
102 $$ |
207
88d21c29cf04
Care for the fact that role attributes are not inherited
Tom Gottfried <tom@intevation.de>
parents:
195
diff
changeset
|
103 LANGUAGE plpgsql |
88d21c29cf04
Care for the fact that role attributes are not inherited
Tom Gottfried <tom@intevation.de>
parents:
195
diff
changeset
|
104 SECURITY DEFINER; |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
105 |
343
5b03f420957d
Use INSTEAD OF trigger for user creation
Tom Gottfried <tom@intevation.de>
parents:
342
diff
changeset
|
106 CREATE TRIGGER create_user INSTEAD OF INSERT ON users.list_users FOR EACH ROW |
5b03f420957d
Use INSTEAD OF trigger for user creation
Tom Gottfried <tom@intevation.de>
parents:
342
diff
changeset
|
107 EXECUTE PROCEDURE internal.create_user(); |
5b03f420957d
Use INSTEAD OF trigger for user creation
Tom Gottfried <tom@intevation.de>
parents:
342
diff
changeset
|
108 |
463
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
109 CREATE OR REPLACE FUNCTION internal.update_metamorph() RETURNS trigger |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
110 AS $$ |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
111 BEGIN |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
112 EXECUTE format('GRANT %I TO metamorph', NEW.username); |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
113 RETURN NEW; |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
114 END; |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
115 $$ |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
116 LANGUAGE plpgsql |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
117 SECURITY DEFINER; |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
118 |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
119 -- Note that PostgreSQL fires triggers for the same event in alphabetical |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
120 -- order! Make sure that the new role is created before this trigger is fired. |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
121 CREATE TRIGGER update_metamorph INSTEAD OF INSERT ON users.list_users |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
122 FOR EACH ROW |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
123 EXECUTE PROCEDURE internal.update_metamorph(); |
5611cf72cc92
Add metamorphic database role and user e.g. for GeoServer
Tom Gottfried <tom@intevation.de>
parents:
410
diff
changeset
|
124 |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
125 |
478
3af7ca761f6a
Purge password reset role
Tom Gottfried <tom@intevation.de>
parents:
468
diff
changeset
|
126 -- Prevent roles other than sys_admin to update any user but |
410
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
127 -- themselves (affects waterway_admin) |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
128 CREATE OR REPLACE FUNCTION internal.authorize_update_user() RETURNS trigger |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
129 AS $$ |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
130 BEGIN |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
131 IF OLD.username <> current_user |
478
3af7ca761f6a
Purge password reset role
Tom Gottfried <tom@intevation.de>
parents:
468
diff
changeset
|
132 AND NOT pg_has_role('sys_admin', 'MEMBER') |
410
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
133 THEN |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
134 RETURN NULL; |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
135 ELSE |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
136 RETURN NEW; |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
137 END IF; |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
138 END; |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
139 $$ |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
140 LANGUAGE plpgsql; |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
141 |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
142 -- Note that PostgreSQL fires triggers for the same event in alphabetical |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
143 -- order! Make sure that authorization takes place before any other trigger |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
144 -- is fired that might execute otherwise unauthorized statements! |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
145 CREATE TRIGGER authorize_update_user INSTEAD OF UPDATE ON users.list_users |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
146 FOR EACH ROW |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
147 EXECUTE PROCEDURE internal.authorize_update_user(); |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
148 |
3f803d64a6ee
Do not rely on session_user for authorization
Tom Gottfried <tom@intevation.de>
parents:
370
diff
changeset
|
149 |
307
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
150 CREATE OR REPLACE FUNCTION internal.update_user() RETURNS trigger |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
151 AS $$ |
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
152 DECLARE |
307
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
153 cur_username varchar; |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
154 BEGIN |
307
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
155 cur_username = OLD.username; |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
156 |
307
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
157 IF NEW.username <> cur_username |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
158 THEN |
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
159 EXECUTE format( |
307
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
160 'ALTER ROLE %I RENAME TO %I', cur_username, NEW.username); |
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
161 cur_username = NEW.username; |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
162 END IF; |
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
163 |
4723
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
164 UPDATE internal.user_profiles p |
5500
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
165 SET (username, country, map_extent, email_address, |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
166 report_reciever, active) |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
167 = (NEW.username, NEW.country, NEW.map_extent, NEW.email_address, |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
168 NEW.report_reciever, NEW.active) |
4723
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
169 WHERE p.username = cur_username; |
baabc2b2f094
Avoid creating user profiles without matching role
Tom Gottfried <tom@intevation.de>
parents:
4389
diff
changeset
|
170 |
307
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
171 IF NEW.rolname <> OLD.rolname |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
172 THEN |
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
173 EXECUTE format( |
307
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
174 'REVOKE %I FROM %I', OLD.rolname, cur_username); |
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
175 EXECUTE format( |
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
176 'GRANT %I TO %I', NEW.rolname, cur_username); |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
177 END IF; |
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
178 |
307
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
179 IF NEW.pw IS NOT NULL AND NEW.pw <> '' |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
180 THEN |
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
181 EXECUTE format( |
262
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
182 'ALTER ROLE %I PASSWORD %L', |
92470caf81fd
Add database function to check password against policy
Tom Gottfried <tom@intevation.de>
parents:
247
diff
changeset
|
183 cur_username, |
312
0745b4d336c4
Place functions in more matching schemas
Tom Gottfried <tom@intevation.de>
parents:
307
diff
changeset
|
184 internal.check_password(NEW.pw)); |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
185 END IF; |
307
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
186 |
5500
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
187 IF NEW.active <> OLD.active THEN |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
188 IF NEW.active THEN |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
189 EXECUTE format( |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
190 'ALTER ROLE %I LOGIN', cur_username); |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
191 ELSE |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
192 EXECUTE format( |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
193 'ALTER ROLE %I NOLOGIN', cur_username); |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
194 END IF; |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
195 END IF; |
f0c668bc4082
Moved active login/nologin to triggers. Allow /user PATCH endpoint to modify the field.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
5499
diff
changeset
|
196 |
307
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
197 -- Do not leak new password |
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
198 NEW.pw = ''; |
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
199 RETURN NEW; |
225
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
200 END; |
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
201 $$ |
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
202 LANGUAGE plpgsql |
8b9cae6d3a21
Add database function to update role and user profile
Tom Gottfried <tom@intevation.de>
parents:
212
diff
changeset
|
203 SECURITY DEFINER; |
232
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
204 |
307
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
205 CREATE TRIGGER update_user INSTEAD OF UPDATE ON users.list_users FOR EACH ROW |
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
206 EXECUTE PROCEDURE internal.update_user(); |
750a9c9cd965
Use SQL UPDATE to update users
Tom Gottfried <tom@intevation.de>
parents:
269
diff
changeset
|
207 |
232
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
208 |
342
c6bd6ed18942
Use INSTEAD OF trigger for user deletion
Tom Gottfried <tom@intevation.de>
parents:
334
diff
changeset
|
209 CREATE OR REPLACE FUNCTION internal.delete_user() RETURNS trigger |
232
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
210 AS $$ |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
211 DECLARE |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
212 bid int; |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
213 BEGIN |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
214 -- Terminate the users backends started before the current transaction |
342
c6bd6ed18942
Use INSTEAD OF trigger for user deletion
Tom Gottfried <tom@intevation.de>
parents:
334
diff
changeset
|
215 FOR bid IN SELECT pid FROM pg_stat_activity WHERE usename = OLD.username |
c6bd6ed18942
Use INSTEAD OF trigger for user deletion
Tom Gottfried <tom@intevation.de>
parents:
334
diff
changeset
|
216 LOOP |
232
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
217 PERFORM pg_terminate_backend(bid); |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
218 END LOOP; |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
219 -- Note that any backend that might be started during the transaction |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
220 -- in which this function is executed will not be terminated but lost |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
221 -- without any privileges after commiting this transaction |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
222 |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
223 -- Delete user |
342
c6bd6ed18942
Use INSTEAD OF trigger for user deletion
Tom Gottfried <tom@intevation.de>
parents:
334
diff
changeset
|
224 EXECUTE format('DROP ROLE %I', OLD.username); |
268
72062ca52746
Make user_profiles table invisible for users
Tom Gottfried <tom@intevation.de>
parents:
263
diff
changeset
|
225 DELETE FROM internal.user_profiles p |
342
c6bd6ed18942
Use INSTEAD OF trigger for user deletion
Tom Gottfried <tom@intevation.de>
parents:
334
diff
changeset
|
226 WHERE p.username = OLD.username; |
c6bd6ed18942
Use INSTEAD OF trigger for user deletion
Tom Gottfried <tom@intevation.de>
parents:
334
diff
changeset
|
227 |
c6bd6ed18942
Use INSTEAD OF trigger for user deletion
Tom Gottfried <tom@intevation.de>
parents:
334
diff
changeset
|
228 RETURN OLD; |
232
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
229 END; |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
230 $$ |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
231 LANGUAGE plpgsql |
4859aa6c96be
Add database function to delete role and user profile
Tom Gottfried <tom@intevation.de>
parents:
225
diff
changeset
|
232 SECURITY DEFINER; |
319
ac760b0f22a9
Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents:
312
diff
changeset
|
233 |
342
c6bd6ed18942
Use INSTEAD OF trigger for user deletion
Tom Gottfried <tom@intevation.de>
parents:
334
diff
changeset
|
234 CREATE TRIGGER delete_user INSTEAD OF DELETE ON users.list_users FOR EACH ROW |
c6bd6ed18942
Use INSTEAD OF trigger for user deletion
Tom Gottfried <tom@intevation.de>
parents:
334
diff
changeset
|
235 EXECUTE PROCEDURE internal.delete_user(); |
c6bd6ed18942
Use INSTEAD OF trigger for user deletion
Tom Gottfried <tom@intevation.de>
parents:
334
diff
changeset
|
236 |
467
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
463
diff
changeset
|
237 -- To set a role from a hex-encoded user name (which is save from SQL injections). |
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
463
diff
changeset
|
238 CREATE OR REPLACE FUNCTION public.setrole(role text) RETURNS void |
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
463
diff
changeset
|
239 AS $$ |
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
463
diff
changeset
|
240 BEGIN |
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
463
diff
changeset
|
241 IF role IS NOT NULL AND role <> '' THEN |
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
463
diff
changeset
|
242 EXECUTE format('SET ROLE %I', convert_from(decode(role, 'hex'), 'UTF-8')); |
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
463
diff
changeset
|
243 END IF; |
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
463
diff
changeset
|
244 END; |
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
463
diff
changeset
|
245 $$ |
73c7b2d6246e
Used hex-encoded usernames and a stored procedure to decode them to impersonate with the metamorph user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
463
diff
changeset
|
246 LANGUAGE plpgsql; |
468
ff9dbe14f033
Don't use hex encoding for user impersonation when running it from a planned statement.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
247 |
ff9dbe14f033
Don't use hex encoding for user impersonation when running it from a planned statement.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
248 -- To set a role in form of a plannable statement (which is save from SQL injections). |
ff9dbe14f033
Don't use hex encoding for user impersonation when running it from a planned statement.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
249 CREATE OR REPLACE FUNCTION public.setrole_plan(role text) RETURNS void |
ff9dbe14f033
Don't use hex encoding for user impersonation when running it from a planned statement.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
250 AS $$ |
ff9dbe14f033
Don't use hex encoding for user impersonation when running it from a planned statement.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
251 BEGIN |
ff9dbe14f033
Don't use hex encoding for user impersonation when running it from a planned statement.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
252 IF role IS NOT NULL AND role <> '' THEN |
ff9dbe14f033
Don't use hex encoding for user impersonation when running it from a planned statement.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
253 EXECUTE format('SET ROLE %I', role); |
ff9dbe14f033
Don't use hex encoding for user impersonation when running it from a planned statement.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
254 END IF; |
ff9dbe14f033
Don't use hex encoding for user impersonation when running it from a planned statement.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
255 END; |
ff9dbe14f033
Don't use hex encoding for user impersonation when running it from a planned statement.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
256 $$ |
ff9dbe14f033
Don't use hex encoding for user impersonation when running it from a planned statement.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
467
diff
changeset
|
257 LANGUAGE plpgsql; |