From 75c4308ea9de5f1f0a3f0df50b4118663c9bb4af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Ignacio=20S=C3=A1nchez=20Lara?= Date: Wed, 19 Aug 2015 18:43:25 +0200 Subject: [PATCH] Grant and revoking permissions API sync --- scripts-available/CDB_Groups.sql | 5 +++- scripts-available/CDB_Groups_API.sql | 39 ++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/scripts-available/CDB_Groups.sql b/scripts-available/CDB_Groups.sql index 220f403..42e89da 100644 --- a/scripts-available/CDB_Groups.sql +++ b/scripts-available/CDB_Groups.sql @@ -100,6 +100,7 @@ BEGIN group_role := cartodb._CDB_Group_GroupRole(group_name); EXECUTE format('GRANT USAGE ON SCHEMA "%s" TO "%s"', username, group_role); EXECUTE format('GRANT SELECT ON TABLE "%s"."%s" TO "%s"', username, table_name, group_role ); + PERFORM cartodb._CDB_Group_Table_GrantPermission_API(group_name, username, table_name, 'r'); END $$ LANGUAGE PLPGSQL VOLATILE; @@ -113,6 +114,7 @@ BEGIN group_role := cartodb._CDB_Group_GroupRole(group_name); EXECUTE format('GRANT USAGE ON SCHEMA "%s" TO "%s"', username, group_role); EXECUTE format('GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE "%s"."%s" TO "%s"', username, table_name, group_role); + PERFORM cartodb._CDB_Group_Table_GrantPermission_API(group_name, username, table_name, 'w'); END $$ LANGUAGE PLPGSQL VOLATILE; @@ -125,6 +127,7 @@ DECLARE BEGIN group_role := cartodb._CDB_Group_GroupRole(group_name); EXECUTE format('REVOKE ALL ON TABLE "%s"."%s" FROM "%s"', username, table_name, group_role); + PERFORM cartodb._CDB_Group_Table_RevokeAllPermission_API(group_name, username, table_name); END $$ LANGUAGE PLPGSQL VOLATILE; @@ -158,7 +161,7 @@ DECLARE user_role TEXT; BEGIN -- This was preferred, but non-superadmins won't get results - --EXECUTE 'SELECT SCHEMA_OWNER FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = $1 LIMIT 1' INTO user_role USING username; + -- SELECT SCHEMA_OWNER FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = $1 LIMIT 1' EXECUTE 'SELECT pg_get_userbyid(nspowner) FROM pg_namespace WHERE nspname = $1;' INTO user_role USING username; RETURN user_role; END diff --git a/scripts-available/CDB_Groups_API.sql b/scripts-available/CDB_Groups_API.sql index d36550e..a7669c0 100644 --- a/scripts-available/CDB_Groups_API.sql +++ b/scripts-available/CDB_Groups_API.sql @@ -72,6 +72,45 @@ BEGIN END $$; +CREATE OR REPLACE +FUNCTION cartodb._CDB_Group_Table_GrantPermission_API(group_name text, username text, table_name text, access text) + RETURNS VOID AS +$$ + import string + + url = '/api/v1/databases/%s/groups/%s/permission/%s/tables/%s' % ('%s', group_name, username, table_name) + body = '{ "access": "%s" }' % access + query = "select cartodb._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body) + plpy.execute(query) +$$ LANGUAGE 'plpythonu' VOLATILE; + +DO LANGUAGE 'plpgsql' $$ +BEGIN + -- Needed for dropping type + DROP FUNCTION IF EXISTS cartodb._CDB_Group_API_Conf(); + DROP TYPE IF EXISTS _CDB_Group_API_Params; +END +$$; + +CREATE OR REPLACE +FUNCTION cartodb._CDB_Group_Table_RevokeAllPermission_API(group_name text, username text, table_name text) + RETURNS VOID AS +$$ + import string + + url = '/api/v1/databases/%s/groups/%s/permission/%s/tables/%s' % ('%s', group_name, username, table_name) + query = "select cartodb._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url + plpy.execute(query) +$$ LANGUAGE 'plpythonu' VOLATILE; + +DO LANGUAGE 'plpgsql' $$ +BEGIN + -- Needed for dropping type + DROP FUNCTION IF EXISTS cartodb._CDB_Group_API_Conf(); + DROP TYPE IF EXISTS _CDB_Group_API_Params; +END +$$; + CREATE TYPE _CDB_Group_API_Params AS ( host text, port int,