Mercurial > gemma

diff schema/auth.sql @ 4740:2440d2f86f4e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Authorize sections based on country of creator Disregarding the area of resposibility will allow to create sections outside of the country of the user in order to allow data analysis and aggregation based on sections spanning over multiple countries.
author Tom Gottfried <tom@intevation.de>
date Fri, 18 Oct 2019 12:04:04 +0200
parents 5b9ba358a4e7
children 1fef9d8e7eb2
line wrap: on
line diff
--- a/schema/auth.sql	Fri Oct 18 12:01:21 2019 +0200
+++ b/schema/auth.sql	Fri Oct 18 12:04:04 2019 +0200
@@ -149,9 +149,10 @@
     FOR ALL TO waterway_admin
     USING (users.utm_covers(area));
 
-CREATE POLICY responsibility_area ON waterway.sections
+CREATE POLICY same_country ON waterway.sections
     FOR ALL TO waterway_admin
-    USING (users.utm_covers(area));
+    USING (country = (
+        SELECT country FROM users.list_users WHERE username = current_user));
 
 CREATE POLICY sys_admin ON users.stretches
     FOR ALL TO sys_admin