Mercurial > gemma
changeset 4676:5b9ba358a4e7
Add missing RLS policies for sections
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Tue, 15 Oct 2019 16:28:46 +0200 |
parents | a586de1b4466 |
children | fa55e48bbca1 |
files | schema/auth.sql schema/updates/1304/01.add_section_rls.sql schema/version.sql |
diffstat | 3 files changed, 17 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/schema/auth.sql Tue Oct 15 16:13:10 2019 +0200 +++ b/schema/auth.sql Tue Oct 15 16:28:46 2019 +0200 @@ -92,6 +92,7 @@ 'gauge_measurements', 'waterway_profiles', 'fairway_dimensions', + 'sections', 'bottlenecks', 'sounding_results'] LOOP @@ -148,6 +149,10 @@ FOR ALL TO waterway_admin USING (users.utm_covers(area)); +CREATE POLICY responsibility_area ON waterway.sections + FOR ALL TO waterway_admin + USING (users.utm_covers(area)); + CREATE POLICY sys_admin ON users.stretches FOR ALL TO sys_admin USING (true);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/schema/updates/1304/01.add_section_rls.sql Tue Oct 15 16:28:46 2019 +0200 @@ -0,0 +1,11 @@ +CREATE POLICY hide_staging ON waterway.sections + FOR SELECT TO waterway_user USING (staging_done); + +CREATE POLICY sys_admin ON waterway.sections + FOR ALL TO sys_admin USING (true); + +CREATE POLICY responsibility_area ON waterway.sections + FOR ALL TO waterway_admin + USING (users.utm_covers(area)); + +ALTER TABLE waterway.sections ENABLE ROW LEVEL SECURITY