Mercurial > gemma

diff schema/manage_users.sql @ 319:ac760b0f22a9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add special role for password reset As password reset is exposed without requiring a login, let this role have privileges limited to reseting passwords, and only reseting passwords.
author Tom Gottfried <tom@intevation.de>
date Thu, 02 Aug 2018 13:06:39 +0200
parents 0745b4d336c4
children df1fc589ad9d
line wrap: on
line diff
--- a/schema/manage_users.sql	Thu Aug 02 12:48:59 2018 +0200
+++ b/schema/manage_users.sql	Thu Aug 02 13:06:39 2018 +0200
@@ -52,6 +52,7 @@
         WHERE p.username = current_user
             OR pg_has_role('waterway_admin', 'MEMBER')
                 AND p.country = users.current_user_country()
+            OR pg_has_role('pw_reset', 'MEMBER')
             OR pg_has_role('sys_admin', 'MEMBER');
 
 
@@ -156,3 +157,7 @@
 $$
     LANGUAGE plpgsql
     SECURITY DEFINER;
+
+
+CREATE OR REPLACE VIEW pw_reset.list_users AS
+    SELECT username, pw, email_address FROM users.list_users;