CDB_Groups_API: Secure search_path
This commit is contained in:
parent
5a12033609
commit
048234cd80
@ -22,7 +22,11 @@ $$
|
||||
body = '{ "name": "%s", "database_role": "%s" }' % (group_name, group_role)
|
||||
query = "select @extschema@._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
||||
plpy.execute(query)
|
||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
||||
$$ LANGUAGE 'plpythonu'
|
||||
VOLATILE
|
||||
PARALLEL UNSAFE
|
||||
SECURITY DEFINER
|
||||
SET search_path = pg_temp;
|
||||
|
||||
CREATE OR REPLACE
|
||||
FUNCTION @extschema@._CDB_Group_DropGroup_API(group_name text)
|
||||
@ -35,7 +39,11 @@ $$
|
||||
|
||||
query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '', '{204, 404}') as response_status" % url
|
||||
plpy.execute(query)
|
||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
||||
$$ LANGUAGE 'plpythonu'
|
||||
VOLATILE
|
||||
PARALLEL UNSAFE
|
||||
SECURITY DEFINER
|
||||
SET search_path = pg_temp;
|
||||
|
||||
CREATE OR REPLACE
|
||||
FUNCTION @extschema@._CDB_Group_RenameGroup_API(old_group_name text, new_group_name text, new_group_role text)
|
||||
@ -48,7 +56,11 @@ $$
|
||||
body = '{ "name": "%s", "database_role": "%s" }' % (new_group_name, new_group_role)
|
||||
query = "select @extschema@._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
||||
plpy.execute(query)
|
||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
||||
$$ LANGUAGE 'plpythonu'
|
||||
VOLATILE
|
||||
PARALLEL UNSAFE
|
||||
SECURITY DEFINER
|
||||
SET search_path = pg_temp;
|
||||
|
||||
CREATE OR REPLACE
|
||||
FUNCTION @extschema@._CDB_Group_AddUsers_API(group_name text, usernames text[])
|
||||
@ -61,7 +73,11 @@ $$
|
||||
body = "{ \"users\": [\"%s\"] }" % "\",\"".join(usernames)
|
||||
query = "select @extschema@._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
||||
plpy.execute(query)
|
||||
$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
|
||||
$$ LANGUAGE 'plpythonu'
|
||||
VOLATILE
|
||||
PARALLEL UNSAFE
|
||||
SECURITY DEFINER
|
||||
SET search_path = pg_temp;
|
||||
|
||||
CREATE OR REPLACE
|
||||
FUNCTION @extschema@._CDB_Group_RemoveUsers_API(group_name text, usernames text[])
|
||||
@ -74,7 +90,11 @@ $$
|
||||
body = "{ \"users\": [\"%s\"] }" % "\",\"".join(usernames)
|
||||
query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '%s', '{200, 404}') as response_status" % (url, body)
|
||||
plpy.execute(query)
|
||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
||||
$$ LANGUAGE 'plpythonu'
|
||||
VOLATILE
|
||||
PARALLEL UNSAFE
|
||||
SECURITY DEFINER
|
||||
SET search_path = pg_temp;
|
||||
|
||||
DO LANGUAGE 'plpgsql' $$
|
||||
BEGIN
|
||||
@ -95,7 +115,11 @@ $$
|
||||
body = '{ "access": "%s" }' % access
|
||||
query = "select @extschema@._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
||||
plpy.execute(query)
|
||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
||||
$$ LANGUAGE 'plpythonu'
|
||||
VOLATILE
|
||||
PARALLEL UNSAFE
|
||||
SECURITY DEFINER
|
||||
SET search_path = pg_temp;
|
||||
|
||||
DO LANGUAGE 'plpgsql' $$
|
||||
BEGIN
|
||||
@ -115,7 +139,11 @@ $$
|
||||
url = '/api/v1/databases/{0}/groups/%s/permission/%s/tables/%s' % (urllib.pathname2url(group_name), username, table_name)
|
||||
query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url
|
||||
plpy.execute(query)
|
||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
||||
$$ LANGUAGE 'plpythonu'
|
||||
VOLATILE
|
||||
PARALLEL UNSAFE
|
||||
SECURITY DEFINER
|
||||
SET search_path = pg_temp;
|
||||
|
||||
DO LANGUAGE 'plpgsql' $$
|
||||
BEGIN
|
||||
|
Loading…
Reference in New Issue
Block a user