Mercurial > gemma
comparison schema/auth.sql @ 1834:06d162ac0b9f
Sync access to import config attributes to import config
Before, everybody could read the attributes, that could contain
sensitive information such as credentials.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Wed, 16 Jan 2019 18:12:41 +0100 |
| parents | 661597546ed9 |
| children | 56357561938f |
comparison
equal
deleted
inserted
replaced
| 1833:b9c59050014a | 1834:06d162ac0b9f |
|---|---|
| 90 the_table); | 90 the_table); |
| 91 END LOOP; | 91 END LOOP; |
| 92 END; | 92 END; |
| 93 $$; | 93 $$; |
| 94 | 94 |
| 95 -- templates | |
| 95 CREATE POLICY user_templates ON users.user_templates FOR ALL TO waterway_user | 96 CREATE POLICY user_templates ON users.user_templates FOR ALL TO waterway_user |
| 96 USING (username IN(SELECT username FROM users.list_users)); | 97 USING (username IN(SELECT username FROM users.list_users)); |
| 97 ALTER TABLE users.user_templates ENABLE ROW LEVEL SECURITY; | 98 ALTER TABLE users.user_templates ENABLE ROW LEVEL SECURITY; |
| 98 | 99 |
| 99 CREATE POLICY user_templates ON users.templates FOR ALL TO waterway_user | 100 CREATE POLICY user_templates ON users.templates FOR ALL TO waterway_user |
| 118 | 119 |
| 119 CREATE POLICY responsibility_area ON waterway.sounding_results | 120 CREATE POLICY responsibility_area ON waterway.sounding_results |
| 120 FOR ALL TO waterway_admin | 121 FOR ALL TO waterway_admin |
| 121 USING (utm_covers(area)); | 122 USING (utm_covers(area)); |
| 122 | 123 |
| 123 -- Imports and import config | 124 |
| 125 -- | |
| 126 -- RLS policies for imports and import config | |
| 127 -- | |
| 124 | 128 |
| 125 CREATE POLICY same_country ON waterway.imports | 129 CREATE POLICY same_country ON waterway.imports |
| 126 FOR ALL TO waterway_admin | 130 FOR ALL TO waterway_admin |
| 127 USING (users.current_user_country() = ( | 131 USING (users.current_user_country() = ( |
| 128 SELECT country FROM users.list_users lu | 132 SELECT country FROM users.list_users lu |
| 159 FOR ALL TO sys_admin | 163 FOR ALL TO sys_admin |
| 160 USING (true); | 164 USING (true); |
| 161 | 165 |
| 162 ALTER table waterway.import_configuration ENABLE ROW LEVEL SECURITY; | 166 ALTER table waterway.import_configuration ENABLE ROW LEVEL SECURITY; |
| 163 | 167 |
| 168 CREATE POLICY parent_allowed ON waterway.import_configuration_attributes | |
| 169 FOR ALL TO waterway_admin | |
| 170 USING (import_configuration_id IN ( | |
| 171 SELECT id FROM waterway.import_configuration)); | |
| 172 ALTER table waterway.import_configuration_attributes ENABLE ROW LEVEL SECURITY; | |
| 173 | |
| 164 COMMIT; | 174 COMMIT; |