Mercurial > gemma
diff schema/auth.sql @ 271:02aaff4b4a66
Merged.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Mon, 30 Jul 2018 12:32:11 +0200 |
| parents | 72062ca52746 |
| children | 750a9c9cd965 |
line wrap: on
line diff
--- a/schema/auth.sql Mon Jul 30 12:31:46 2018 +0200 +++ b/schema/auth.sql Mon Jul 30 12:32:11 2018 +0200 @@ -35,10 +35,10 @@ -- -- Sometimes using FOR ALL because we rely on GRANTed privileges for allowing -- data modifications generally. --- Sometimes using 'username IN(SELECT username FROM user_profiles)' instead +-- Sometimes using 'username IN(SELECT username FROM users.list_users)' instead -- of 'username = current_user', because waterway_admin is intentionally -- allowed more with these policies (note that the subselect implies different --- policies on user_profiles depending on current_user). +-- filtering on list_users depending on current_user). -- -- Staging area @@ -62,12 +62,8 @@ SELECT create_hide_staging_policy(); DROP FUNCTION create_hide_staging_policy; -CREATE POLICY see_yourself ON users.user_profiles FOR SELECT TO waterway_user - USING (username = current_user); -ALTER TABLE users.user_profiles ENABLE ROW LEVEL SECURITY; - CREATE POLICY user_templates ON users.user_templates FOR ALL TO waterway_user - USING (username IN(SELECT username FROM users.user_profiles)); + USING (username IN(SELECT username FROM users.list_users)); ALTER TABLE users.user_templates ENABLE ROW LEVEL SECURITY; CREATE POLICY user_templates ON users.templates FOR ALL TO waterway_user @@ -90,8 +86,4 @@ USING (ST_Within(area, (SELECT area FROM users.responsibility_areas WHERE country = current_user_country()))); -CREATE POLICY country_profiles ON users.user_profiles - FOR SELECT TO waterway_admin - USING (country = current_user_country()); - COMMIT;