gemma: schema/updates/1427/01.fix_rls

annotate schema/updates/1427/01.fix_rls_policies.sql @ 5560:f2204f91d286

Join the log lines of imports to the log exports to recover data from them. Used in SR export to extract information that where in the meta json but now are only found in the log.

author	Sascha L. Teichmann <sascha.teichmann@intevation.de>
date	Wed, 09 Feb 2022 18:34:40 +0100
parents	4c658a8f34da
children

rev	line source
5025 4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	1 DROP POLICY same_country ON waterway.gauge_measurements;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	2 DROP POLICY same_country ON waterway.waterway_profiles;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	3
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	4 DO LANGUAGE plpgsql
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	5 $do$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	6 DECLARE
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	7 the_table varchar;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	8 condition CONSTANT text = $$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	9 (location).country_code =
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	10 (SELECT country FROM users.list_users
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	11 WHERE username = current_user)
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	12 $$;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	13 BEGIN
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	14 FOREACH the_table IN ARRAY ARRAY[
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	15 'gauge_measurements',
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	16 'waterway_profiles']
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	17 LOOP
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	18 EXECUTE format($$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	19 CREATE POLICY same_country_insert ON waterway.%I
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	20 FOR INSERT TO waterway_admin
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	21 WITH CHECK (%s)
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	22 $$, the_table, condition);
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	23 EXECUTE format($$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	24 CREATE POLICY same_country_select ON waterway.%I
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	25 FOR SELECT TO waterway_admin
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	26 USING (staging_done OR %s)
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	27 $$, the_table, condition);
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	28 EXECUTE format($$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	29 CREATE POLICY same_country_update ON waterway.%I
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	30 FOR UPDATE TO waterway_admin
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	31 USING (%s)
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	32 $$, the_table, condition);
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	33 EXECUTE format($$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	34 CREATE POLICY same_country_delete ON waterway.%I
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	35 FOR DELETE TO waterway_admin
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	36 USING (%s)
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	37 $$, the_table, condition);
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	38 END LOOP;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	39 END;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	40 $do$;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	41
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	42
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	43 DROP POLICY responsibility_area ON waterway.bottlenecks;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	44 DROP POLICY responsibility_area ON waterway.sounding_results;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	45 DROP POLICY responsibility_area ON waterway.fairway_dimensions;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	46
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	47 DO LANGUAGE plpgsql
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	48 $do$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	49 DECLARE
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	50 the_table varchar;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	51 condition CONSTANT text = $$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	52 (SELECT ST_Covers(a, ST_Transform(CAST(area AS geometry), ST_SRID(a)))
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	53 FROM users.current_user_area_utm() AS a (a))
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	54 $$;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	55 BEGIN
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	56 FOREACH the_table IN ARRAY ARRAY[
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	57 'fairway_dimensions',
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	58 'bottlenecks',
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	59 'sounding_results']
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	60 LOOP
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	61 EXECUTE format($$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	62 CREATE POLICY responsibility_area_insert ON waterway.%I
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	63 FOR INSERT TO waterway_admin
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	64 WITH CHECK (%s)
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	65 $$, the_table, condition);
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	66 -- In many cases it is more efficient to check for "staging_done" to
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	67 -- prevent the more expensive checks for read only access (which is
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	68 -- allowed for all users, when staging is done).
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	69 EXECUTE format($$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	70 CREATE POLICY responsibility_area_select ON waterway.%I
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	71 FOR SELECT TO waterway_admin
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	72 USING (staging_done OR %s)
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	73 $$, the_table, condition);
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	74 EXECUTE format($$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	75 CREATE POLICY responsibility_area_update ON waterway.%I
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	76 FOR UPDATE TO waterway_admin
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	77 USING (%s)
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	78 $$, the_table, condition);
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	79 EXECUTE format($$
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	80 CREATE POLICY responsibility_area_delete ON waterway.%I
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	81 FOR DELETE TO waterway_admin
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	82 USING (%s)
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	83 $$, the_table, condition);
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	84 END LOOP;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	85 END;
4c658a8f34da Fix row level security policies for waterway admin Tom Gottfried <tom@intevation.de> parents: diff changeset	86 $do$;

Mercurial > gemma

annotate schema/updates/1427/01.fix_rls_policies.sql @ 5560:f2204f91d286