Mercurial > gemma
comparison schema/auth.sql @ 2818:89f5af7e14ad
Due to performance problems with users.current_user_country() inlined it as
(SELECT country FROM users.list_users WHERE username = current_user) in RLS policies.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Wed, 27 Mar 2019 10:52:09 +0100 |
| parents | fc7d828695c9 |
| children | 69292eb68984 |
comparison
equal
deleted
inserted
replaced
| 2817:ff58440ce809 | 2818:89f5af7e14ad |
|---|---|
| 110 | 110 |
| 111 -- | 111 -- |
| 112 -- RLS policies for templates | 112 -- RLS policies for templates |
| 113 -- | 113 -- |
| 114 CREATE POLICY select_templates ON users.templates FOR SELECT TO waterway_user | 114 CREATE POLICY select_templates ON users.templates FOR SELECT TO waterway_user |
| 115 USING (country IS NULL OR country = users.current_user_country()); | 115 USING (country IS NULL OR country = (SELECT country FROM users.list_users WHERE username = current_user)); |
| 116 | 116 |
| 117 CREATE POLICY user_templates ON users.templates FOR ALL TO waterway_admin | 117 CREATE POLICY user_templates ON users.templates FOR ALL TO waterway_admin |
| 118 USING (country = users.current_user_country()); | 118 USING (country = (SELECT country FROM users.list_users WHERE username = current_user)); |
| 119 | 119 |
| 120 CREATE POLICY admin_templates ON users.templates FOR ALL TO sys_admin | 120 CREATE POLICY admin_templates ON users.templates FOR ALL TO sys_admin |
| 121 USING (true); | 121 USING (true); |
| 122 | 122 |
| 123 ALTER TABLE users.templates ENABLE ROW LEVEL SECURITY; | 123 ALTER TABLE users.templates ENABLE ROW LEVEL SECURITY; |
| 129 -- Staging area | 129 -- Staging area |
| 130 -- TODO: add all relevant tables here | 130 -- TODO: add all relevant tables here |
| 131 | 131 |
| 132 CREATE POLICY same_country ON waterway.gauge_measurements | 132 CREATE POLICY same_country ON waterway.gauge_measurements |
| 133 FOR ALL TO waterway_admin | 133 FOR ALL TO waterway_admin |
| 134 USING ((fk_gauge_id).country_code = users.current_user_country()); | 134 USING ((fk_gauge_id).country_code = (SELECT country FROM users.list_users WHERE username = current_user)); |
| 135 | 135 |
| 136 CREATE POLICY same_country ON waterway.waterway_profiles | 136 CREATE POLICY same_country ON waterway.waterway_profiles |
| 137 FOR ALL TO waterway_admin | 137 FOR ALL TO waterway_admin |
| 138 USING ((location).country_code = users.current_user_country()); | 138 USING ((location).country_code = (SELECT country FROM users.list_users WHERE username = current_user)); |
| 139 | 139 |
| 140 CREATE POLICY responsibility_area ON waterway.bottlenecks | 140 CREATE POLICY responsibility_area ON waterway.bottlenecks |
| 141 FOR ALL TO waterway_admin | 141 FOR ALL TO waterway_admin |
| 142 USING (utm_covers(area)); | 142 USING (utm_covers(area)); |
| 143 | 143 |
| 210 ALTER table import.track_imports ENABLE ROW LEVEL SECURITY; | 210 ALTER table import.track_imports ENABLE ROW LEVEL SECURITY; |
| 211 | 211 |
| 212 CREATE POLICY import_configuration_policy ON import.import_configuration | 212 CREATE POLICY import_configuration_policy ON import.import_configuration |
| 213 FOR ALL TO waterway_admin | 213 FOR ALL TO waterway_admin |
| 214 USING ( | 214 USING ( |
| 215 users.current_user_country() = ( | 215 (SELECT country FROM users.list_users WHERE username = current_user) = ( |
| 216 SELECT country FROM users.list_users lu | 216 SELECT country FROM users.list_users lu |
| 217 WHERE lu.username = import.import_configuration.username)); | 217 WHERE lu.username = import.import_configuration.username)); |
| 218 | 218 |
| 219 CREATE POLICY import_configuration_policy_sys_admin ON import.import_configuration | 219 CREATE POLICY import_configuration_policy_sys_admin ON import.import_configuration |
| 220 FOR ALL TO sys_admin | 220 FOR ALL TO sys_admin |