Mercurial > gemma
comparison schema/manage_users.sql @ 207:88d21c29cf04
Care for the fact that role attributes are not inherited
Tests are now run with login roles instead of abstract base roles.
create_user has become a SECURITY DEFINER function, thus circumventing
RLS policies and that a sys_admin cannot CREATE ROLEs by himself. A test
has been added to showcase the intentional error in case the name of
an abstract base role is used as a new username.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Mon, 23 Jul 2018 11:29:41 +0200 |
| parents | 5dc8e734487a |
| children | 229f385448fa |
comparison
equal
deleted
inserted
replaced
| 206:cd6ad5eaef8d | 207:88d21c29cf04 |
|---|---|
| 18 username, country, map_extent, email_adress); | 18 username, country, map_extent, email_adress); |
| 19 EXECUTE format( | 19 EXECUTE format( |
| 20 'CREATE ROLE %I IN ROLE %I LOGIN PASSWORD %L', username, userrole, pw); | 20 'CREATE ROLE %I IN ROLE %I LOGIN PASSWORD %L', username, userrole, pw); |
| 21 END; | 21 END; |
| 22 $$ | 22 $$ |
| 23 LANGUAGE plpgsql; | 23 LANGUAGE plpgsql |
| 24 SECURITY DEFINER; |