Mercurial > gemma

changeset 4676:5b9ba358a4e7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add missing RLS policies for sections
author Tom Gottfried <tom@intevation.de>
date Tue, 15 Oct 2019 16:28:46 +0200
parents a586de1b4466
children fa55e48bbca1
files schema/auth.sql schema/updates/1304/01.add_section_rls.sql schema/version.sql
diffstat 3 files changed, 17 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/schema/auth.sql	Tue Oct 15 16:13:10 2019 +0200
+++ b/schema/auth.sql	Tue Oct 15 16:28:46 2019 +0200
@@ -92,6 +92,7 @@
         'gauge_measurements',
         'waterway_profiles',
         'fairway_dimensions',
+        'sections',
         'bottlenecks',
         'sounding_results']
     LOOP
@@ -148,6 +149,10 @@
     FOR ALL TO waterway_admin
     USING (users.utm_covers(area));
 
+CREATE POLICY responsibility_area ON waterway.sections
+    FOR ALL TO waterway_admin
+    USING (users.utm_covers(area));
+
 CREATE POLICY sys_admin ON users.stretches
     FOR ALL TO sys_admin
     USING (true);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/schema/updates/1304/01.add_section_rls.sql	Tue Oct 15 16:28:46 2019 +0200
@@ -0,0 +1,11 @@
+CREATE POLICY hide_staging ON waterway.sections
+    FOR SELECT TO waterway_user USING (staging_done);
+
+CREATE POLICY sys_admin ON waterway.sections
+    FOR ALL TO sys_admin USING (true);
+
+CREATE POLICY responsibility_area ON waterway.sections
+    FOR ALL TO waterway_admin
+    USING (users.utm_covers(area));
+
+ALTER TABLE waterway.sections ENABLE ROW LEVEL SECURITY
--- a/schema/version.sql	Tue Oct 15 16:13:10 2019 +0200
+++ b/schema/version.sql	Tue Oct 15 16:28:46 2019 +0200
@@ -1,1 +1,1 @@
-INSERT INTO gemma_schema_version(version) VALUES (1303);
+INSERT INTO gemma_schema_version(version) VALUES (1304);