Mercurial > gemma
changeset 3024:5470aa3ffb9a
Fix privileges for GeoServer views
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Fri, 12 Apr 2019 11:41:24 +0200 |
parents | 5d06629a14df |
children | 37cc0d75ad84 |
files | schema/auth_tests.sql schema/install-db.sh schema/run_tests.sh |
diffstat | 3 files changed, 27 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/schema/auth_tests.sql Fri Apr 12 11:34:47 2019 +0200 +++ b/schema/auth_tests.sql Fri Apr 12 11:41:24 2019 +0200 @@ -15,6 +15,28 @@ -- pgTAP test script for privileges and RLS policies -- +CREATE FUNCTION test_privs() RETURNS SETOF TEXT AS +$$ +DECLARE the_schema CONSTANT varchar = 'waterway'; +DECLARE the_table varchar; +BEGIN + FOR the_table IN + SELECT table_name + FROM information_schema.tables + WHERE table_schema = the_schema + LOOP + RETURN NEXT table_privs_are( + the_schema, + the_table, + 'waterway_user', + ARRAY['SELECT'], + format('waterway_user can SELECT from %I.%I', + the_schema, the_table)); + END LOOP; +END; +$$ LANGUAGE plpgsql; +SELECT * FROM test_privs(); + -- -- Run tests as unprivileged user --
--- a/schema/install-db.sh Fri Apr 12 11:34:47 2019 +0200 +++ b/schema/install-db.sh Fri Apr 12 11:41:24 2019 +0200 @@ -130,9 +130,9 @@ -f "$BASEDIR/search_functions.sql" \ -f "$BASEDIR/geonames.sql" \ -f "$BASEDIR/manage_users.sql" \ + -f "$BASEDIR/geoserver_views.sql" \ -f "$BASEDIR/auth.sql" \ -f "$BASEDIR/isrs_functions.sql" \ - -f "$BASEDIR/geoserver_views.sql" \ -f "$BASEDIR/default_sysconfig.sql"
--- a/schema/run_tests.sh Fri Apr 12 11:34:47 2019 +0200 +++ b/schema/run_tests.sh Fri Apr 12 11:41:24 2019 +0200 @@ -28,7 +28,10 @@ -c 'SET client_min_messages TO WARNING' \ -c "DROP ROLE IF EXISTS $TEST_ROLES" \ -f tap_tests_data.sql \ - -c 'SELECT plan(64)' \ + -c "SELECT plan(64 + ( + SELECT count(*)::int + FROM information_schema.tables + WHERE table_schema = 'waterway'))" \ -f gemma_tests.sql \ -f isrs_tests.sql \ -f auth_tests.sql \