Mercurial > gemma

comparison schema/manage_users.sql @ 319:ac760b0f22a9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add special role for password reset As password reset is exposed without requiring a login, let this role have privileges limited to reseting passwords, and only reseting passwords.
author Tom Gottfried <tom@intevation.de>
date Thu, 02 Aug 2018 13:06:39 +0200
parents 0745b4d336c4
children df1fc589ad9d
comparison
equal deleted inserted replaced
318:1a2dfd9351e9 319:ac760b0f22a9
50 JOIN pg_auth_members a ON u.oid = a.member 50 JOIN pg_auth_members a ON u.oid = a.member
51 JOIN pg_roles r ON a.roleid = r.oid 51 JOIN pg_roles r ON a.roleid = r.oid
52 WHERE p.username = current_user 52 WHERE p.username = current_user
53 OR pg_has_role('waterway_admin', 'MEMBER') 53 OR pg_has_role('waterway_admin', 'MEMBER')
54 AND p.country = users.current_user_country() 54 AND p.country = users.current_user_country()
55 OR pg_has_role('pw_reset', 'MEMBER')
55 OR pg_has_role('sys_admin', 'MEMBER'); 56 OR pg_has_role('sys_admin', 'MEMBER');
56 57
57 58
58 CREATE OR REPLACE FUNCTION sys_admin.create_user( 59 CREATE OR REPLACE FUNCTION sys_admin.create_user(
59 userrole varchar, 60 userrole varchar,
154 WHERE p.username = delete_user.username; 155 WHERE p.username = delete_user.username;
155 END; 156 END;
156 $$ 157 $$
157 LANGUAGE plpgsql 158 LANGUAGE plpgsql
158 SECURITY DEFINER; 159 SECURITY DEFINER;
160
161
162 CREATE OR REPLACE VIEW pw_reset.list_users AS
163 SELECT username, pw, email_address FROM users.list_users;