Mercurial > gemma
diff schema/auth.sql @ 4740:2440d2f86f4e
Authorize sections based on country of creator
Disregarding the area of resposibility will allow to create sections
outside of the country of the user in order to allow data analysis
and aggregation based on sections spanning over multiple countries.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Fri, 18 Oct 2019 12:04:04 +0200 |
parents | 5b9ba358a4e7 |
children | 1fef9d8e7eb2 |
line wrap: on
line diff
--- a/schema/auth.sql Fri Oct 18 12:01:21 2019 +0200 +++ b/schema/auth.sql Fri Oct 18 12:04:04 2019 +0200 @@ -149,9 +149,10 @@ FOR ALL TO waterway_admin USING (users.utm_covers(area)); -CREATE POLICY responsibility_area ON waterway.sections +CREATE POLICY same_country ON waterway.sections FOR ALL TO waterway_admin - USING (users.utm_covers(area)); + USING (country = ( + SELECT country FROM users.list_users WHERE username = current_user)); CREATE POLICY sys_admin ON users.stretches FOR ALL TO sys_admin