Mercurial > gemma
comparison auth.sql @ 103:b29538ac409d
Fix authorisation of templates for waterway_user.
SELECT privilege for relation-table is needed to rely on it
in RLS policy.
Removed unnecessary JOINs that lead to infinite recursion.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Fri, 15 Jun 2018 18:12:40 +0200 |
| parents | 81a2b26bf16b |
| children | b5e403843639 |
comparison
equal
deleted
inserted
replaced
| 102:3780a1afdc98 | 103:b29538ac409d |
|---|---|
| 19 -- Privileges for waterway_user | 19 -- Privileges for waterway_user |
| 20 -- | 20 -- |
| 21 GRANT USAGE ON SCHEMA wamos, wamos_waterway, wamos_fairway TO waterway_user; | 21 GRANT USAGE ON SCHEMA wamos, wamos_waterway, wamos_fairway TO waterway_user; |
| 22 GRANT SELECT ON ALL TABLES IN SCHEMA wamos_waterway, wamos_fairway | 22 GRANT SELECT ON ALL TABLES IN SCHEMA wamos_waterway, wamos_fairway |
| 23 TO waterway_user; | 23 TO waterway_user; |
| 24 GRANT SELECT ON templates, user_profiles TO waterway_user; | 24 GRANT SELECT ON templates, user_templates, user_profiles TO waterway_user; |
| 25 | 25 |
| 26 -- | 26 -- |
| 27 -- Extended privileges for waterway_admin | 27 -- Extended privileges for waterway_admin |
| 28 -- | 28 -- |
| 29 GRANT INSERT, UPDATE ON ALL TABLES IN SCHEMA wamos_waterway, wamos_fairway | 29 GRANT INSERT, UPDATE ON ALL TABLES IN SCHEMA wamos_waterway, wamos_fairway |
| 61 CREATE POLICY see_yourself ON user_profiles FOR SELECT TO waterway_user | 61 CREATE POLICY see_yourself ON user_profiles FOR SELECT TO waterway_user |
| 62 USING (username = current_user); | 62 USING (username = current_user); |
| 63 ALTER TABLE user_profiles ENABLE ROW LEVEL SECURITY; | 63 ALTER TABLE user_profiles ENABLE ROW LEVEL SECURITY; |
| 64 | 64 |
| 65 CREATE POLICY own_templates ON templates FOR SELECT TO waterway_user | 65 CREATE POLICY own_templates ON templates FOR SELECT TO waterway_user |
| 66 USING (id IN(SELECT t.id FROM templates t | 66 USING (id IN(SELECT template_id FROM user_templates |
| 67 JOIN user_templates ut ON t.id = ut.template_id | 67 WHERE username = current_user)); |
| 68 JOIN user_profiles p ON ut.username = p.username | |
| 69 WHERE p.username = current_user)); | |
| 70 ALTER TABLE templates ENABLE ROW LEVEL SECURITY; | 68 ALTER TABLE templates ENABLE ROW LEVEL SECURITY; |
| 71 | 69 |
| 72 -- | 70 -- |
| 73 -- RLS policies for waterway_admin | 71 -- RLS policies for waterway_admin |
| 74 -- | 72 -- |