Mercurial > gemma

changeset 1834:06d162ac0b9f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Sync access to import config attributes to import config Before, everybody could read the attributes, that could contain sensitive information such as credentials.
author Tom Gottfried <tom@intevation.de>
date Wed, 16 Jan 2019 18:12:41 +0100
parents b9c59050014a
children f7b926440449
files schema/auth.sql
diffstat 1 files changed, 11 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/schema/auth.sql	Wed Jan 16 17:41:05 2019 +0100
+++ b/schema/auth.sql	Wed Jan 16 18:12:41 2019 +0100
@@ -92,6 +92,7 @@
 END;
 $$;
 
+-- templates
 CREATE POLICY user_templates ON users.user_templates FOR ALL TO waterway_user
     USING (username IN(SELECT username FROM users.list_users));
 ALTER TABLE users.user_templates ENABLE ROW LEVEL SECURITY;
@@ -120,7 +121,10 @@
     FOR ALL TO waterway_admin
     USING (utm_covers(area));
 
--- Imports and import config
+
+--
+-- RLS policies for imports and import config
+--
 
 CREATE POLICY same_country ON waterway.imports
     FOR ALL TO waterway_admin
@@ -161,4 +165,10 @@
 
 ALTER table waterway.import_configuration ENABLE ROW LEVEL SECURITY;
 
+CREATE POLICY parent_allowed ON waterway.import_configuration_attributes
+    FOR ALL TO waterway_admin
+    USING (import_configuration_id IN (
+        SELECT id FROM waterway.import_configuration));
+ALTER table waterway.import_configuration_attributes ENABLE ROW LEVEL SECURITY;
+
 COMMIT;