2018-04-24 00:17:44 +08:00
|
|
|
const FORBIDDEN_ENTITIES = {
|
|
|
|
carto: ['*'],
|
|
|
|
cartodb: [
|
|
|
|
'cdb_analysis_catalog',
|
|
|
|
'cdb_conf',
|
|
|
|
'cdb_tablemetadata'
|
|
|
|
],
|
|
|
|
pg_catalog: ['*'],
|
|
|
|
information_schema: ['*'],
|
|
|
|
public: ['spatial_ref_sys'],
|
|
|
|
topology: [
|
|
|
|
'layer',
|
|
|
|
'topology'
|
|
|
|
]
|
|
|
|
};
|
|
|
|
|
2018-04-24 19:21:43 +08:00
|
|
|
const Validator = {
|
2018-06-05 19:21:56 +08:00
|
|
|
validate(affectedTables, authorizationLevel) {
|
2018-04-24 00:17:44 +08:00
|
|
|
let hardValidationResult = true;
|
|
|
|
let softValidationResult = true;
|
|
|
|
|
|
|
|
if (!!affectedTables && affectedTables.tables) {
|
2018-04-26 16:13:03 +08:00
|
|
|
if (global.settings.validatePGEntitiesAccess) {
|
2018-04-24 00:17:44 +08:00
|
|
|
hardValidationResult = this.hardValidation(affectedTables.tables);
|
|
|
|
}
|
2018-06-05 19:21:56 +08:00
|
|
|
|
|
|
|
if (authorizationLevel !== 'master') {
|
2018-04-24 00:17:44 +08:00
|
|
|
softValidationResult = this.softValidation(affectedTables.tables);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return hardValidationResult && softValidationResult;
|
|
|
|
},
|
|
|
|
|
|
|
|
hardValidation(tables) {
|
2018-04-24 16:10:37 +08:00
|
|
|
for (let table of tables) {
|
2018-04-24 19:21:43 +08:00
|
|
|
if (FORBIDDEN_ENTITIES[table.schema_name] && FORBIDDEN_ENTITIES[table.schema_name].length &&
|
2018-04-24 00:17:44 +08:00
|
|
|
(
|
2018-04-24 19:21:43 +08:00
|
|
|
FORBIDDEN_ENTITIES[table.schema_name][0] === '*' ||
|
2018-04-24 00:17:44 +08:00
|
|
|
FORBIDDEN_ENTITIES[table.schema_name].includes(table.table_name)
|
|
|
|
)
|
|
|
|
) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
},
|
|
|
|
|
|
|
|
softValidation(tables) {
|
2018-04-24 16:10:37 +08:00
|
|
|
for (let table of tables) {
|
2018-04-24 00:17:44 +08:00
|
|
|
if (table.table_name.match(/\bpg_/)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
2018-04-24 19:21:43 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
module.exports = Validator;
|