cartodb/cartodb-postgresql
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Drop role management

Browse Source 
Roles are not created anymore, previously private functions for table
information extraction (CDB_UserTables, CDB_TableIndexes, CDB_ColumnNames,
CDB_ColumnType) will now be callable by anyone while only returning
information about tables over which the calling user has SELECT privilege.

Closes #36
This commit is contained in:
Sandro Santilli 2014-06-06 11:02:51 +02:00
parent edc56e60ee
commit 01ae7b8c10
8 changed files with 10 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile
View File

@ -6,7 +6,6 @@ EXTVERSION = 0.2.0dev
SED = sed
CDBSCRIPTS = \
scripts-available/CDB_Roles.sql \
scripts-enabled/*.sql \
scripts-available/CDB_SearchPath.sql \
scripts-available/CDB_DDLTriggers.sql \

4
NEWS
View File

@ -4,6 +4,10 @@
Important changes:
- This release adds dependency on "plpythonu" extension
- Roles are not created anymore, previously private functions
for table information extraction will now be callable by
anyone while only returning information about tables over
which the calling user has SELECT privilege (#36)
Bug fixes:

3
scripts-available/CDB_ColumnNames.sql
View File

@ -11,6 +11,3 @@ AS $$
$$ LANGUAGE SQL;
-- This is a private function, so only the db owner need privileges
REVOKE ALL ON FUNCTION CDB_ColumnNames(REGCLASS) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION CDB_ColumnNames(REGCLASS) TO ":DATABASE_USERNAME";

3
scripts-available/CDB_ColumnType.sql
View File

@ -12,6 +12,3 @@ AS $$
$$ LANGUAGE SQL;
-- This is a private function, so only the db owner need privileges
REVOKE ALL ON FUNCTION CDB_ColumnType(REGCLASS, TEXT) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION CDB_ColumnType(REGCLASS, TEXT) TO ":DATABASE_USERNAME";

5
scripts-available/CDB_DDLTriggers.sql
View File

@ -1,8 +1,3 @@
--LOAD 'schema_triggers.so';
--CREATE EXTENSION IF NOT EXISTS schema_triggers;
--GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA schema_triggers TO public;
-- Table creation
-- {
CREATE OR REPLACE FUNCTION cartodb.cdb_handle_create_table ()

13
scripts-available/CDB_Roles.sql
View File

@ -1,13 +0,0 @@
DO LANGUAGE 'plpgsql' $$
BEGIN
IF NOT EXISTS ( SELECT * FROM pg_roles WHERE rolname= 'cdb_org_admin' )
THEN
CREATE ROLE cdb_org_admin NOLOGIN;
END IF;
IF NOT EXISTS ( SELECT * FROM pg_roles WHERE rolname= 'cdb_org_user' )
THEN
CREATE ROLE cdb_org_user NOLOGIN;
END IF;
END
$$;

6
scripts-available/CDB_TableIndexes.sql
View File

@ -17,10 +17,8 @@ AS $$
ON pg_class.oid = idx.indexrelid
WHERE pg_indexes.tablename = '' || $1 || ''
AND '' || $1 || '' IN (SELECT CDB_UserTables())
AND pg_class.relname=pg_indexes.indexname;
AND pg_class.relname=pg_indexes.indexname
;
$$ LANGUAGE SQL;
-- This is a private function, so only the db owner need privileges
REVOKE ALL ON FUNCTION CDB_TableIndexes(REGCLASS) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION CDB_TableIndexes(REGCLASS) TO ":DATABASE_USERNAME";

8
scripts-available/CDB_UserTables.sql
View File

@ -26,14 +26,14 @@ AS $$
FROM usertables
)
SELECT t FROM perms
WHERE p = CASE WHEN $1 = 'private' THEN false
WHERE (
p = CASE WHEN $1 = 'private' THEN false
WHEN $1 = 'public' THEN true
ELSE not p -- none
END
OR $1 = 'all'
)
AND has_table_privilege('public'||'.'||t, 'SELECT')
;
$$ LANGUAGE 'sql';
-- This is a private function, so only the db owner need privileges
REVOKE ALL ON FUNCTION CDB_UserTables(text) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION CDB_UserTables(text) TO ":DATABASE_USERNAME";