Mercurial > gemma
comparison schema/auth.sql @ 1834:06d162ac0b9f
Sync access to import config attributes to import config
Before, everybody could read the attributes, that could contain
sensitive information such as credentials.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Wed, 16 Jan 2019 18:12:41 +0100 |
parents | 661597546ed9 |
children | 56357561938f |
comparison
equal
deleted
inserted
replaced
1833:b9c59050014a | 1834:06d162ac0b9f |
---|---|
90 the_table); | 90 the_table); |
91 END LOOP; | 91 END LOOP; |
92 END; | 92 END; |
93 $$; | 93 $$; |
94 | 94 |
95 -- templates | |
95 CREATE POLICY user_templates ON users.user_templates FOR ALL TO waterway_user | 96 CREATE POLICY user_templates ON users.user_templates FOR ALL TO waterway_user |
96 USING (username IN(SELECT username FROM users.list_users)); | 97 USING (username IN(SELECT username FROM users.list_users)); |
97 ALTER TABLE users.user_templates ENABLE ROW LEVEL SECURITY; | 98 ALTER TABLE users.user_templates ENABLE ROW LEVEL SECURITY; |
98 | 99 |
99 CREATE POLICY user_templates ON users.templates FOR ALL TO waterway_user | 100 CREATE POLICY user_templates ON users.templates FOR ALL TO waterway_user |
118 | 119 |
119 CREATE POLICY responsibility_area ON waterway.sounding_results | 120 CREATE POLICY responsibility_area ON waterway.sounding_results |
120 FOR ALL TO waterway_admin | 121 FOR ALL TO waterway_admin |
121 USING (utm_covers(area)); | 122 USING (utm_covers(area)); |
122 | 123 |
123 -- Imports and import config | 124 |
125 -- | |
126 -- RLS policies for imports and import config | |
127 -- | |
124 | 128 |
125 CREATE POLICY same_country ON waterway.imports | 129 CREATE POLICY same_country ON waterway.imports |
126 FOR ALL TO waterway_admin | 130 FOR ALL TO waterway_admin |
127 USING (users.current_user_country() = ( | 131 USING (users.current_user_country() = ( |
128 SELECT country FROM users.list_users lu | 132 SELECT country FROM users.list_users lu |
159 FOR ALL TO sys_admin | 163 FOR ALL TO sys_admin |
160 USING (true); | 164 USING (true); |
161 | 165 |
162 ALTER table waterway.import_configuration ENABLE ROW LEVEL SECURITY; | 166 ALTER table waterway.import_configuration ENABLE ROW LEVEL SECURITY; |
163 | 167 |
168 CREATE POLICY parent_allowed ON waterway.import_configuration_attributes | |
169 FOR ALL TO waterway_admin | |
170 USING (import_configuration_id IN ( | |
171 SELECT id FROM waterway.import_configuration)); | |
172 ALTER table waterway.import_configuration_attributes ENABLE ROW LEVEL SECURITY; | |
173 | |
164 COMMIT; | 174 COMMIT; |