Mercurial > gemma
comparison schema/auth.sql @ 345:b97b3172c61a
Add staging feature to more tables
Added tables currently only have limited visibility for waterway_user
but not yet policies for write access.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Mon, 06 Aug 2018 15:19:05 +0200 |
parents | 363983d5c567 |
children | fe87457a05d7 |
comparison
equal
deleted
inserted
replaced
344:e98033e3683a | 345:b97b3172c61a |
---|---|
52 -- allowed more with these policies (note that the subselect implies different | 52 -- allowed more with these policies (note that the subselect implies different |
53 -- filtering on list_users depending on current_user). | 53 -- filtering on list_users depending on current_user). |
54 -- | 54 -- |
55 | 55 |
56 -- Staging area | 56 -- Staging area |
57 CREATE FUNCTION create_hide_staging_policy() | 57 DO LANGUAGE plpgsql |
58 RETURNS void | 58 $$ |
59 AS $$ | |
60 DECLARE the_table varchar; | 59 DECLARE the_table varchar; |
61 BEGIN | 60 BEGIN |
62 FOREACH the_table IN ARRAY ARRAY[ | 61 FOREACH the_table IN ARRAY ARRAY[ |
63 'bottlenecks', 'sounding_results'] | 62 'gauge_measurements', |
64 -- TODO: add all relevant tables here | 63 'sections_stretches', |
64 'waterway_profiles', | |
65 'fairway_dimensions', | |
66 'bottlenecks', | |
67 'sounding_results'] | |
65 LOOP | 68 LOOP |
66 EXECUTE format('CREATE POLICY hide_staging ON waterway.%I ' | 69 EXECUTE format('CREATE POLICY hide_staging ON waterway.%I ' |
67 'FOR SELECT TO waterway_user USING (staging_done)', the_table); | 70 'FOR SELECT TO waterway_user USING (staging_done)', the_table); |
68 EXECUTE format('ALTER TABLE waterway.%I ENABLE ROW LEVEL SECURITY', | 71 EXECUTE format('ALTER TABLE waterway.%I ENABLE ROW LEVEL SECURITY', |
69 the_table); | 72 the_table); |
70 END LOOP; | 73 END LOOP; |
71 END; | 74 END; |
72 $$ | 75 $$; |
73 LANGUAGE plpgsql; | |
74 SELECT create_hide_staging_policy(); | |
75 DROP FUNCTION create_hide_staging_policy; | |
76 | 76 |
77 CREATE POLICY user_templates ON users.user_templates FOR ALL TO waterway_user | 77 CREATE POLICY user_templates ON users.user_templates FOR ALL TO waterway_user |
78 USING (username IN(SELECT username FROM users.list_users)); | 78 USING (username IN(SELECT username FROM users.list_users)); |
79 ALTER TABLE users.user_templates ENABLE ROW LEVEL SECURITY; | 79 ALTER TABLE users.user_templates ENABLE ROW LEVEL SECURITY; |
80 | 80 |