Mercurial > gemma
comparison schema/manage_users.sql @ 319:ac760b0f22a9
Add special role for password reset
As password reset is exposed without requiring a login, let this role
have privileges limited to reseting passwords, and only reseting passwords.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Thu, 02 Aug 2018 13:06:39 +0200 |
parents | 0745b4d336c4 |
children | df1fc589ad9d |
comparison
equal
deleted
inserted
replaced
318:1a2dfd9351e9 | 319:ac760b0f22a9 |
---|---|
50 JOIN pg_auth_members a ON u.oid = a.member | 50 JOIN pg_auth_members a ON u.oid = a.member |
51 JOIN pg_roles r ON a.roleid = r.oid | 51 JOIN pg_roles r ON a.roleid = r.oid |
52 WHERE p.username = current_user | 52 WHERE p.username = current_user |
53 OR pg_has_role('waterway_admin', 'MEMBER') | 53 OR pg_has_role('waterway_admin', 'MEMBER') |
54 AND p.country = users.current_user_country() | 54 AND p.country = users.current_user_country() |
55 OR pg_has_role('pw_reset', 'MEMBER') | |
55 OR pg_has_role('sys_admin', 'MEMBER'); | 56 OR pg_has_role('sys_admin', 'MEMBER'); |
56 | 57 |
57 | 58 |
58 CREATE OR REPLACE FUNCTION sys_admin.create_user( | 59 CREATE OR REPLACE FUNCTION sys_admin.create_user( |
59 userrole varchar, | 60 userrole varchar, |
154 WHERE p.username = delete_user.username; | 155 WHERE p.username = delete_user.username; |
155 END; | 156 END; |
156 $$ | 157 $$ |
157 LANGUAGE plpgsql | 158 LANGUAGE plpgsql |
158 SECURITY DEFINER; | 159 SECURITY DEFINER; |
160 | |
161 | |
162 CREATE OR REPLACE VIEW pw_reset.list_users AS | |
163 SELECT username, pw, email_address FROM users.list_users; |