Mercurial > gemma
diff schema/run_tests.sh @ 410:3f803d64a6ee
Do not rely on session_user for authorization
Privileges are usually checked based on current_user, which
can be changed using SET ROLE, while session_user is based on the actually
logged in user and can only be changed by a superuser using
SET SESSION AUTHORIZATION. Using session_user for authorization purposes
prevents the expected behaviour of SET ROLE.
current_user_country() does not need to be SECURITY DEFINER since a while,
because there is no RLS policy affected by what is mentioned in the
removed comment.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Wed, 15 Aug 2018 16:39:00 +0200 |
parents | f5087cebc740 |
children | 5611cf72cc92 |
line wrap: on
line diff
--- a/schema/run_tests.sh Wed Aug 15 15:57:36 2018 +0200 +++ b/schema/run_tests.sh Wed Aug 15 16:39:00 2018 +0200 @@ -16,7 +16,7 @@ -c 'SET client_min_messages TO WARNING' \ -c "DROP ROLE IF EXISTS $TEST_ROLES" \ -f tap_tests_data.sql \ - -c 'SELECT plan(44)' \ + -c 'SELECT plan(45)' \ -f auth_tests.sql \ -f manage_users_tests.sql \ -c 'SELECT * FROM finish()'