Mercurial > gemma
changeset 327:363983d5c567
Allow Waterway User to update a limited set of profile attributes
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Thu, 02 Aug 2018 19:25:30 +0200 |
parents | a7b2db8b3d18 |
children | 003243ec5ce5 |
files | controllers/user.go schema/auth.sql schema/manage_users_tests.sql schema/run_tests.sh |
diffstat | 4 files changed, 38 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/controllers/user.go Thu Aug 02 18:39:01 2018 +0200 +++ b/controllers/user.go Thu Aug 02 19:25:30 2018 +0200 @@ -15,6 +15,10 @@ createUserExtentSQL = `SELECT sys_admin.create_user($1, $2, $3, $4, ST_MakeBox2D(ST_Point($5, $6), ST_Point($7, $8)), $9)` + updateUserUnprivSQL = `UPDATE users.list_users + SET (pw, map_extent, email_address) + = ($2, ST_MakeBox2D(ST_Point($3, $4), ST_Point($5, $6)), $7) + WHERE username = $1` updateUserSQL = `UPDATE users.list_users SET (rolname, username, pw, country, map_extent, email_address) = ($2, $3, $4, $5, NULL, $6) @@ -112,7 +116,14 @@ ) } } else { - // ... + res, err = db.Exec( + updateUserUnprivSQL, + user, + newUser.Password, + newUser.Extent.X1, newUser.Extent.Y1, + newUser.Extent.X2, newUser.Extent.Y2, + newUser.Email, + ) } if err != nil {
--- a/schema/auth.sql Thu Aug 02 18:39:01 2018 +0200 +++ b/schema/auth.sql Thu Aug 02 19:25:30 2018 +0200 @@ -12,6 +12,8 @@ -- GRANT USAGE ON SCHEMA public, users, waterway TO waterway_user; GRANT SELECT ON ALL TABLES IN SCHEMA public, users, waterway TO waterway_user; +GRANT UPDATE (pw, map_extent, email_address) ON users.list_users + TO waterway_user; -- -- Extended privileges for waterway_admin
--- a/schema/manage_users_tests.sql Thu Aug 02 18:39:01 2018 +0200 +++ b/schema/manage_users_tests.sql Thu Aug 02 19:25:30 2018 +0200 @@ -102,6 +102,29 @@ -- -- Role update -- + +SET SESSION AUTHORIZATION test_user_at; + +SELECT results_eq($$ + UPDATE users.list_users + SET (pw, map_extent, email_address) + = ('user_at2!', 'BOX(0 0,1 1)', 'user_at_test') + RETURNING username + $$, + $$ + SELECT CAST('test_user_at' AS varchar) + $$, + 'Waterway user can update own password, map extent and email address'); + +SELECT throws_ok($$ + UPDATE users.list_users + SET username = 'test_rename', rolname = 'test' + $$, + 42501, NULL, + 'Waterway user cannot update arbitrary user attributes'); + +SET SESSION AUTHORIZATION test_sys_admin1; + SELECT lives_ok($$ SELECT sys_admin.create_user( 'waterway_user', 'test2', 'secret1$', 'AT', NULL, 'test2');
--- a/schema/run_tests.sh Thu Aug 02 18:39:01 2018 +0200 +++ b/schema/run_tests.sh Thu Aug 02 19:25:30 2018 +0200 @@ -16,7 +16,7 @@ -c 'SET client_min_messages TO WARNING' \ -c "DROP ROLE IF EXISTS $TEST_ROLES" \ -f tap_tests_data.sql \ - -c 'SELECT plan(42)' \ + -c 'SELECT plan(44)' \ -f auth_tests.sql \ -f manage_users_tests.sql \ -c 'SELECT * FROM finish()'