Mercurial > gemma
diff schema/manage_users.sql @ 319:ac760b0f22a9
Add special role for password reset
As password reset is exposed without requiring a login, let this role
have privileges limited to reseting passwords, and only reseting passwords.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Thu, 02 Aug 2018 13:06:39 +0200 |
parents | 0745b4d336c4 |
children | df1fc589ad9d |
line wrap: on
line diff
--- a/schema/manage_users.sql Thu Aug 02 12:48:59 2018 +0200 +++ b/schema/manage_users.sql Thu Aug 02 13:06:39 2018 +0200 @@ -52,6 +52,7 @@ WHERE p.username = current_user OR pg_has_role('waterway_admin', 'MEMBER') AND p.country = users.current_user_country() + OR pg_has_role('pw_reset', 'MEMBER') OR pg_has_role('sys_admin', 'MEMBER'); @@ -156,3 +157,7 @@ $$ LANGUAGE plpgsql SECURITY DEFINER; + + +CREATE OR REPLACE VIEW pw_reset.list_users AS + SELECT username, pw, email_address FROM users.list_users;