Mercurial > gemma
changeset 1834:06d162ac0b9f
Sync access to import config attributes to import config
Before, everybody could read the attributes, that could contain
sensitive information such as credentials.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Wed, 16 Jan 2019 18:12:41 +0100 |
parents | b9c59050014a |
children | f7b926440449 |
files | schema/auth.sql |
diffstat | 1 files changed, 11 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/schema/auth.sql Wed Jan 16 17:41:05 2019 +0100 +++ b/schema/auth.sql Wed Jan 16 18:12:41 2019 +0100 @@ -92,6 +92,7 @@ END; $$; +-- templates CREATE POLICY user_templates ON users.user_templates FOR ALL TO waterway_user USING (username IN(SELECT username FROM users.list_users)); ALTER TABLE users.user_templates ENABLE ROW LEVEL SECURITY; @@ -120,7 +121,10 @@ FOR ALL TO waterway_admin USING (utm_covers(area)); --- Imports and import config + +-- +-- RLS policies for imports and import config +-- CREATE POLICY same_country ON waterway.imports FOR ALL TO waterway_admin @@ -161,4 +165,10 @@ ALTER table waterway.import_configuration ENABLE ROW LEVEL SECURITY; +CREATE POLICY parent_allowed ON waterway.import_configuration_attributes + FOR ALL TO waterway_admin + USING (import_configuration_id IN ( + SELECT id FROM waterway.import_configuration)); +ALTER table waterway.import_configuration_attributes ENABLE ROW LEVEL SECURITY; + COMMIT;