# HG changeset patch # User Tom Gottfried # Date 1533230730 -7200 # Node ID 363983d5c567d0a8fa84d16f21019521a9d71c53 # Parent a7b2db8b3d18a388e3782a45bfeb91594488a1fc Allow Waterway User to update a limited set of profile attributes diff -r a7b2db8b3d18 -r 363983d5c567 controllers/user.go --- a/controllers/user.go Thu Aug 02 18:39:01 2018 +0200 +++ b/controllers/user.go Thu Aug 02 19:25:30 2018 +0200 @@ -15,6 +15,10 @@ createUserExtentSQL = `SELECT sys_admin.create_user($1, $2, $3, $4, ST_MakeBox2D(ST_Point($5, $6), ST_Point($7, $8)), $9)` + updateUserUnprivSQL = `UPDATE users.list_users + SET (pw, map_extent, email_address) + = ($2, ST_MakeBox2D(ST_Point($3, $4), ST_Point($5, $6)), $7) + WHERE username = $1` updateUserSQL = `UPDATE users.list_users SET (rolname, username, pw, country, map_extent, email_address) = ($2, $3, $4, $5, NULL, $6) @@ -112,7 +116,14 @@ ) } } else { - // ... + res, err = db.Exec( + updateUserUnprivSQL, + user, + newUser.Password, + newUser.Extent.X1, newUser.Extent.Y1, + newUser.Extent.X2, newUser.Extent.Y2, + newUser.Email, + ) } if err != nil { diff -r a7b2db8b3d18 -r 363983d5c567 schema/auth.sql --- a/schema/auth.sql Thu Aug 02 18:39:01 2018 +0200 +++ b/schema/auth.sql Thu Aug 02 19:25:30 2018 +0200 @@ -12,6 +12,8 @@ -- GRANT USAGE ON SCHEMA public, users, waterway TO waterway_user; GRANT SELECT ON ALL TABLES IN SCHEMA public, users, waterway TO waterway_user; +GRANT UPDATE (pw, map_extent, email_address) ON users.list_users + TO waterway_user; -- -- Extended privileges for waterway_admin diff -r a7b2db8b3d18 -r 363983d5c567 schema/manage_users_tests.sql --- a/schema/manage_users_tests.sql Thu Aug 02 18:39:01 2018 +0200 +++ b/schema/manage_users_tests.sql Thu Aug 02 19:25:30 2018 +0200 @@ -102,6 +102,29 @@ -- -- Role update -- + +SET SESSION AUTHORIZATION test_user_at; + +SELECT results_eq($$ + UPDATE users.list_users + SET (pw, map_extent, email_address) + = ('user_at2!', 'BOX(0 0,1 1)', 'user_at_test') + RETURNING username + $$, + $$ + SELECT CAST('test_user_at' AS varchar) + $$, + 'Waterway user can update own password, map extent and email address'); + +SELECT throws_ok($$ + UPDATE users.list_users + SET username = 'test_rename', rolname = 'test' + $$, + 42501, NULL, + 'Waterway user cannot update arbitrary user attributes'); + +SET SESSION AUTHORIZATION test_sys_admin1; + SELECT lives_ok($$ SELECT sys_admin.create_user( 'waterway_user', 'test2', 'secret1$', 'AT', NULL, 'test2'); diff -r a7b2db8b3d18 -r 363983d5c567 schema/run_tests.sh --- a/schema/run_tests.sh Thu Aug 02 18:39:01 2018 +0200 +++ b/schema/run_tests.sh Thu Aug 02 19:25:30 2018 +0200 @@ -16,7 +16,7 @@ -c 'SET client_min_messages TO WARNING' \ -c "DROP ROLE IF EXISTS $TEST_ROLES" \ -f tap_tests_data.sql \ - -c 'SELECT plan(42)' \ + -c 'SELECT plan(44)' \ -f auth_tests.sql \ -f manage_users_tests.sql \ -c 'SELECT * FROM finish()'