# HG changeset patch
# User Tom Gottfried <tom@intevation.de>
# Date 1528297689 -7200
# Node ID d036e1bd5f00961835a0fdc5acb436d9d477744d
# Parent  c79fd71ebe06e5693fb6bbbfaa56a99ea2b0f105
Add roles, privileges and RLS policies.

I'm afraid I need (TAP) tests to verify.

diff -r c79fd71ebe06 -r d036e1bd5f00 Dockerfile
--- a/Dockerfile	Fri Jun 01 20:52:03 2018 +0200
+++ b/Dockerfile	Wed Jun 06 17:08:09 2018 +0200
@@ -35,6 +35,7 @@
     psql -c "CREATE USER wamos PASSWORD 'wamos'" && \
     createdb wamos && \
     psql -f wamos.sql -d wamos && \
+    psql -f auth.sql -d wamos && \
     $PGBIN/pg_ctl stop -m smart
 
 # Set the default command to run when starting the container
diff -r c79fd71ebe06 -r d036e1bd5f00 auth.sql
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/auth.sql	Wed Jun 06 17:08:09 2018 +0200
@@ -0,0 +1,94 @@
+BEGIN;
+
+--
+-- Roles, privileges and policies for the WAMOS database
+--
+SET search_path TO public, wamos, wamos_waterway, wamos_fairway;
+
+-- We do not want any users to be able to create any objects
+REVOKE CREATE ON SCHEMA public FROM PUBLIC;
+
+--
+-- Primary WAMOS roles (SRS table 3)
+--
+CREATE ROLE waterway_user;
+CREATE ROLE waterway_admin IN ROLE waterway_user;
+CREATE ROLE sys_admin CREATEROLE BYPASSRLS IN ROLE waterway_admin;
+
+--
+-- Privileges for waterway_user
+--
+GRANT USAGE ON SCHEMA wamos_waterway, wamos_fairway TO waterway_user;
+GRANT SELECT ON ALL TABLES IN SCHEMA wamos_waterway, wamos_fairway
+      TO waterway_user;
+GRANT SELECT ON templates, user_profiles TO waterway_user;
+
+--
+-- Extended privileges for waterway_admin
+--
+GRANT INSERT, UPDATE ON ALL TABLES IN SCHEMA wamos_waterway, wamos_fairway
+      TO waterway_admin;
+-- TODO: will there ever be UPDATEs or can we drop that due to historicisation?
+GRANT INSERT, UPDATE ON templates, user_templates TO waterway_admin;
+
+--
+-- Extended privileges for sys_admin
+--
+GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA wamos
+      TO sys_admin;
+
+--
+-- RLS policies for waterway_user
+--
+
+-- Staging area
+CREATE FUNCTION create_hide_staging_policy() RETURNS void AS $$
+DECLARE the_table varchar;
+BEGIN
+    FOREACH the_table IN ARRAY ARRAY[
+        'bottlenecks', 'sounding_results']
+    -- TODO: add all relevant tables here
+    LOOP
+        EXECUTE format('CREATE POLICY hide_staging ON %I '
+            'FOR SELECT TO waterway_user USING (staging_done)', the_table);
+        EXECUTE format('ALTER TABLE %I ENABLE ROW LEVEL SECURITY', the_table);
+    END LOOP;
+END;
+$$ LANGUAGE plpgsql;
+SELECT create_hide_staging_policy();
+DROP FUNCTION create_hide_staging_policy;
+
+CREATE POLICY see_yourself ON user_profiles FOR SELECT TO waterway_user
+       USING (username = current_user);
+ALTER TABLE user_profiles ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY own_templates ON templates FOR SELECT TO waterway_user
+       USING (id IN(SELECT t.id FROM templates t
+                    JOIN user_templates ut ON t.id = ut.template_id
+                    JOIN user_profiles p ON ut.username = p.username
+                    WHERE p.username = current_user));
+ALTER TABLE templates ENABLE ROW LEVEL SECURITY;
+
+--
+-- RLS policies for waterway_admin
+--
+
+-- Staging area
+-- TODO: add all relevant tables here
+CREATE POLICY responsibility_area ON bottlenecks FOR ALL TO waterway_admin
+       USING (ST_Within(area, (SELECT area FROM responsibility_areas
+           WHERE country = (SELECT country FROM user_profiles
+               WHERE username = current_user))));
+CREATE POLICY responsibility_area ON sounding_results FOR ALL TO waterway_admin
+       USING (ST_Within(area, (SELECT area FROM responsibility_areas
+           WHERE country = (SELECT country FROM user_profiles
+               WHERE username = current_user))));
+
+CREATE POLICY manage_templates ON templates FOR ALL TO waterway_admin
+       USING (id IN(SELECT t.id FROM templates t
+                    JOIN user_templates ut ON t.id = ut.template_id
+                    JOIN user_profiles p ON ut.username = p.username
+                    WHERE p.country = (SELECT country FROM user_profiles
+                        WHERE username = current_user)));
+
+COMMIT;
diff -r c79fd71ebe06 -r d036e1bd5f00 wamos.sql
--- a/wamos.sql	Fri Jun 01 20:52:03 2018 +0200
+++ b/wamos.sql	Wed Jun 06 17:08:09 2018 +0200
@@ -5,6 +5,8 @@
 --
 CREATE EXTENSION postgis;
 
+-- TODO: will there ever be UPDATEs or can we drop that function due to
+-- historicisation?
 CREATE FUNCTION update_date_info() RETURNS trigger
     LANGUAGE plpgsql
     AS $$
@@ -37,6 +39,9 @@
 CREATE SCHEMA wamos_waterway;
 CREATE SCHEMA wamos_fairway;
 SET search_path TO public, wamos, wamos_waterway, wamos_fairway;
+-- TODO: consolidate schemas. The current distribution of tables is mainly
+-- for diagram generation. A privilege based distribution might ease
+-- privilege management.
 
 --
 -- Auxiliary tables