Mercurial > gemma
changeset 2267:37ae1bee3e4a
Ajjusted RLS for user templates.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Thu, 14 Feb 2019 15:11:00 +0100 |
parents | 153c77e529dc |
children | 05cfeeb65411 |
files | pkg/controllers/printtemplates.go schema/auth.sql schema/gemma.sql |
diffstat | 3 files changed, 12 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/pkg/controllers/printtemplates.go Thu Feb 14 14:47:33 2019 +0100 +++ b/pkg/controllers/printtemplates.go Thu Feb 14 15:11:00 2019 +0100 @@ -47,8 +47,13 @@ SELECT template_data FROM users.templates WHERE template_name = $1` insertPrintTemplateSQL = ` -INSERT INTO users.templates (template_name, template_data) -VALUES ($1, $2)` +INSERT INTO users.templates (template_name, template_data, country) +SELECT + $1, + $2, + CASE WHEN pg_has_role('sys_admin', 'MEMBER') THEN NULL + ELSE users.current_user_country() + END` updatePrintTemplateSQL = ` UPDATE user.templates template_data = $2 WHERE template_name = $1`
--- a/schema/auth.sql Thu Feb 14 14:47:33 2019 +0100 +++ b/schema/auth.sql Thu Feb 14 15:11:00 2019 +0100 @@ -110,7 +110,10 @@ -- -- RLS policies for templates -- -CREATE POLICY user_templates ON users.templates FOR ALL TO waterway_user +CREATE POLICY select_templates ON users.templates FOR SELECT TO waterway_user + USING (country IS NULL OR country = users.current_user_country()); + +CREATE POLICY user_templates ON users.templates FOR ALL TO waterway_admin USING (country = users.current_user_country()); CREATE POLICY admin_templates ON users.templates FOR ALL TO sys_admin
--- a/schema/gemma.sql Thu Feb 14 14:47:33 2019 +0100 +++ b/schema/gemma.sql Thu Feb 14 15:11:00 2019 +0100 @@ -183,7 +183,7 @@ CREATE TABLE templates ( template_name varchar PRIMARY KEY, - country char(2) NOT NULL REFERENCES countries, + country char(2) REFERENCES countries, template_data bytea NOT NULL, date_info timestamp with time zone NOT NULL DEFAULT CURRENT_TIMESTAMP )