Mercurial > gemma
comparison schema/auth.sql @ 4788:9e077ca97505
Added epic comments on responsibility_area and same_country policies.
| author | Sascha Wilde <wilde@intevation.de> |
|---|---|
| date | Wed, 23 Oct 2019 16:41:43 +0200 |
| parents | 1fef9d8e7eb2 |
| children | d410e7ab03fe |
comparison
equal
deleted
inserted
replaced
| 4787:3a8ec3c396e0 | 4788:9e077ca97505 |
|---|---|
| 125 -- | 125 -- |
| 126 | 126 |
| 127 -- Staging area | 127 -- Staging area |
| 128 -- TODO: add all relevant tables here | 128 -- TODO: add all relevant tables here |
| 129 | 129 |
| 130 -- In many cases it is more efficient to check for "staging_done" to | |
| 131 -- prevent the more expensive checks for read only access (which is | |
| 132 -- allowed for all users, when staging is done). | |
| 130 CREATE POLICY same_country ON waterway.gauge_measurements | 133 CREATE POLICY same_country ON waterway.gauge_measurements |
| 131 FOR ALL TO waterway_admin | 134 FOR ALL TO waterway_admin |
| 132 USING (staging_done | 135 USING (staging_done |
| 133 OR (location).country_code = | 136 OR (location).country_code = |
| 134 (SELECT country FROM users.list_users | 137 (SELECT country FROM users.list_users |
| 160 CREATE POLICY responsibility_area ON waterway.fairway_dimensions | 163 CREATE POLICY responsibility_area ON waterway.fairway_dimensions |
| 161 FOR ALL TO waterway_admin | 164 FOR ALL TO waterway_admin |
| 162 USING (staging_done OR users.utm_covers(area)) | 165 USING (staging_done OR users.utm_covers(area)) |
| 163 WITH CHECK (users.utm_covers(area)); | 166 WITH CHECK (users.utm_covers(area)); |
| 164 | 167 |
| 168 -- In the case of sections differentiating between read and write | |
| 169 -- access is not neccessary: the country code based access check is | |
| 170 -- quiet cheap in this case and there are only (relatively) few | |
| 171 -- sections in the system anyway. | |
| 165 CREATE POLICY same_country ON waterway.sections | 172 CREATE POLICY same_country ON waterway.sections |
| 166 FOR ALL TO waterway_admin | 173 FOR ALL TO waterway_admin |
| 167 USING (country = ( | 174 USING (country = ( |
| 168 SELECT country FROM users.list_users WHERE username = current_user)); | 175 SELECT country FROM users.list_users WHERE username = current_user)); |
| 169 | 176 |