Mercurial > gemma

diff schema/gemma.sql @ 4755:dfd990a4ac64

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Hide sys_admin accounts to waterway admins Since imports and import configurations are authorized based on the visibility of the user that created the import, that way waterway admins are no longer allowed to see imports and import configurations created by sys_admins.
author Tom Gottfried <tom@intevation.de>
date Fri, 18 Oct 2019 17:55:12 +0200
parents fd9f171b87e4
children c69e35ec6adf
line wrap: on
line diff
--- a/schema/gemma.sql	Fri Oct 18 17:32:02 2019 +0200
+++ b/schema/gemma.sql	Fri Oct 18 17:55:12 2019 +0200
@@ -441,7 +441,7 @@
     CREATE TRIGGER templates_date_info BEFORE UPDATE ON templates
         FOR EACH ROW EXECUTE PROCEDURE update_date_info()
 
-    CREATE VIEW users.list_users WITH (security_barrier) AS
+    CREATE VIEW list_users WITH (security_barrier) AS
         SELECT
             r.rolname,
             p.username,
@@ -458,6 +458,7 @@
                 AND p.country = (
                     SELECT country FROM internal.user_profiles
                         WHERE username = current_user)
+                AND r.rolname <> 'sys_admin'
             OR pg_has_role('sys_admin', 'MEMBER')
 ;