Mercurial > gemma
changeset 4788:9e077ca97505
Added epic comments on responsibility_area and same_country policies.
| author | Sascha Wilde <wilde@intevation.de> |
|---|---|
| date | Wed, 23 Oct 2019 16:41:43 +0200 |
| parents | 3a8ec3c396e0 |
| children | 6f3730196ebb |
| files | schema/auth.sql |
| diffstat | 1 files changed, 7 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/schema/auth.sql Wed Oct 23 16:29:07 2019 +0200 +++ b/schema/auth.sql Wed Oct 23 16:41:43 2019 +0200 @@ -127,6 +127,9 @@ -- Staging area -- TODO: add all relevant tables here +-- In many cases it is more efficient to check for "staging_done" to +-- prevent the more expensive checks for read only access (which is +-- allowed for all users, when staging is done). CREATE POLICY same_country ON waterway.gauge_measurements FOR ALL TO waterway_admin USING (staging_done @@ -162,6 +165,10 @@ USING (staging_done OR users.utm_covers(area)) WITH CHECK (users.utm_covers(area)); +-- In the case of sections differentiating between read and write +-- access is not neccessary: the country code based access check is +-- quiet cheap in this case and there are only (relatively) few +-- sections in the system anyway. CREATE POLICY same_country ON waterway.sections FOR ALL TO waterway_admin USING (country = (