Merge pull request #99 from CartoDB/usertables_fix
added tests for usertables to check private tables are not returned
This commit is contained in:
javi santana
commit
d52e05c474
@ -17,9 +17,8 @@ WHERE c.relkind = 'r'
|
|||||||
AND c.relname NOT IN ('cdb_tablemetadata', 'spatial_ref_sys')
|
AND c.relname NOT IN ('cdb_tablemetadata', 'spatial_ref_sys')
|
||||||
AND n.nspname NOT IN ('pg_catalog', 'information_schema', 'topology')
|
AND n.nspname NOT IN ('pg_catalog', 'information_schema', 'topology')
|
||||||
AND CASE WHEN perm = 'public' THEN has_table_privilege('publicuser', c.oid, 'SELECT')
|
AND CASE WHEN perm = 'public' THEN has_table_privilege('publicuser', c.oid, 'SELECT')
|
||||||
WHEN perm = 'private' THEN (has_table_privilege(c.relowner, c.oid, 'SELECT') OR has_table_privilege(current_user, c.oid, 'SELECT'))
|
WHEN perm = 'private' THEN has_table_privilege(current_user, c.oid, 'SELECT') AND NOT has_table_privilege('publicuser', c.oid, 'SELECT')
|
||||||
AND NOT has_table_privilege('publicuser', c.oid, 'SELECT')
|
WHEN perm = 'all' THEN has_table_privilege(current_user, c.oid, 'SELECT') OR has_table_privilege('publicuser', c.oid, 'SELECT')
|
||||||
WHEN perm = 'all' THEN has_table_privilege(c.relowner, c.oid, 'SELECT') OR has_table_privilege('publicuser', c.oid, 'SELECT')
|
|
||||||
ELSE false END;
|
ELSE false END;
|
||||||
|
|
||||||
$$ LANGUAGE 'sql';
|
$$ LANGUAGE 'sql';
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
CREATE ROLE publicuser;
|
CREATE ROLE publicuser LOGIN;
|
||||||
CREATE TABLE pub(a int);
|
CREATE TABLE pub(a int);
|
||||||
CREATE TABLE prv(a int);
|
CREATE TABLE prv(a int);
|
||||||
GRANT SELECT ON TABLE pub TO publicuser;
|
GRANT SELECT ON TABLE pub TO publicuser;
|
||||||
@ -8,6 +8,12 @@ SELECT 'all',CDB_UserTables('all') ORDER BY 2;
|
|||||||
SELECT 'public',CDB_UserTables('public') ORDER BY 2;
|
SELECT 'public',CDB_UserTables('public') ORDER BY 2;
|
||||||
SELECT 'private',CDB_UserTables('private') ORDER BY 2;
|
SELECT 'private',CDB_UserTables('private') ORDER BY 2;
|
||||||
SELECT '--unsupported--',CDB_UserTables('--unsupported--') ORDER BY 2;
|
SELECT '--unsupported--',CDB_UserTables('--unsupported--') ORDER BY 2;
|
||||||
|
-- now tests with public user
|
||||||
|
\c contrib_regression publicuser
|
||||||
|
SELECT 'all_publicuser',CDB_UserTables('all') ORDER BY 2;
|
||||||
|
SELECT 'public_publicuser',CDB_UserTables('public') ORDER BY 2;
|
||||||
|
SELECT 'private_publicuser',CDB_UserTables('private') ORDER BY 2;
|
||||||
|
\c contrib_regression postgres
|
||||||
DROP TABLE pub;
|
DROP TABLE pub;
|
||||||
DROP TABLE prv;
|
DROP TABLE prv;
|
||||||
DROP ROLE publicuser;
|
DROP ROLE publicuser;
|
||||||
|
|||||||
@ -9,6 +9,10 @@ all|prv
|
|||||||
all|pub
|
all|pub
|
||||||
public|pub
|
public|pub
|
||||||
private|prv
|
private|prv
|
||||||
|
You are now connected to database "contrib_regression" as user "publicuser".
|
||||||
|
all_publicuser|pub
|
||||||
|
public_publicuser|pub
|
||||||
|
You are now connected to database "contrib_regression" as user "postgres".
|
||||||
DROP TABLE
|
DROP TABLE
|
||||||
DROP TABLE
|
DROP TABLE
|
||||||
DROP ROLE
|
DROP ROLE
|
||||||
|
|||||||
@ -142,6 +142,8 @@ function setup() {
|
|||||||
log_info "############################# SETUP #############################"
|
log_info "############################# SETUP #############################"
|
||||||
create_role_and_schema cdb_testmember_1
|
create_role_and_schema cdb_testmember_1
|
||||||
create_role_and_schema cdb_testmember_2
|
create_role_and_schema cdb_testmember_2
|
||||||
|
sql "CREATE ROLE publicuser LOGIN;"
|
||||||
|
sql "GRANT CONNECT ON DATABASE \"${DATABASE}\" TO publicuser;"
|
||||||
|
|
||||||
create_table cdb_testmember_1 foo
|
create_table cdb_testmember_1 foo
|
||||||
sql cdb_testmember_1 'INSERT INTO cdb_testmember_1.foo VALUES (1), (2), (3), (4), (5);'
|
sql cdb_testmember_1 'INSERT INTO cdb_testmember_1.foo VALUES (1), (2), (3), (4), (5);'
|
||||||
@ -168,9 +170,11 @@ function tear_down() {
|
|||||||
|
|
||||||
sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM cdb_testmember_1;"
|
sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM cdb_testmember_1;"
|
||||||
sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM cdb_testmember_2;"
|
sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM cdb_testmember_2;"
|
||||||
|
sql "REVOKE CONNECT ON DATABASE \"${DATABASE}\" FROM publicuser;"
|
||||||
|
|
||||||
sql 'DROP ROLE cdb_testmember_1;'
|
sql 'DROP ROLE cdb_testmember_1;'
|
||||||
sql 'DROP ROLE cdb_testmember_2;'
|
sql 'DROP ROLE cdb_testmember_2;'
|
||||||
|
sql 'DROP ROLE publicuser;'
|
||||||
|
|
||||||
${CMD} -c "DROP DATABASE ${DATABASE}"
|
${CMD} -c "DROP DATABASE ${DATABASE}"
|
||||||
}
|
}
|
||||||
@ -346,6 +350,25 @@ function test_cdb_querytables_does_not_return_functions_as_part_of_the_resultset
|
|||||||
sql postgres "select * from CDB_QueryTables('select * from cdb_testmember_1.foo, cdb_testmember_2.bar, plainto_tsquery(''foo'')');" should "{cdb_testmember_1.foo,cdb_testmember_2.bar}"
|
sql postgres "select * from CDB_QueryTables('select * from cdb_testmember_1.foo, cdb_testmember_2.bar, plainto_tsquery(''foo'')');" should "{cdb_testmember_1.foo,cdb_testmember_2.bar}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function test_cdb_usertables_should_work_with_orgusers() {
|
||||||
|
sql "GRANT USAGE ON SCHEMA cartodb TO publicuser;"
|
||||||
|
${CMD} -d ${DATABASE} -f scripts-available/CDB_UserTables.sql
|
||||||
|
sql cdb_testmember_1 "CREATE TABLE test_perms_pub (a int)"
|
||||||
|
sql cdb_testmember_1 "CREATE TABLE test_perms_priv (a int)"
|
||||||
|
sql cdb_testmember_1 "GRANT SELECT ON TABLE test_perms_pub TO publicuser"
|
||||||
|
sql publicuser "SELECT count(*) FROM CDB_UserTables('all')" should 1
|
||||||
|
sql publicuser "SELECT count(*) FROM CDB_UserTables('public')" should 1
|
||||||
|
sql publicuser "SELECT count(*) FROM CDB_UserTables('private')" should 0
|
||||||
|
# the following tests are for https://github.com/CartoDB/cartodb-postgresql/issues/98
|
||||||
|
#sql cdb_testmember_2 "SELECT count(*) FROM CDB_UserTables('all')" should 1
|
||||||
|
#sql cdb_testmember_2 "SELECT count(*) FROM CDB_UserTables('public')" should 1
|
||||||
|
#sql cdb_testmember_2 "SELECT count(*) FROM CDB_UserTables('private')" should 0
|
||||||
|
|
||||||
|
sql cdb_testmember_1 "DROP TABLE test_perms_pub"
|
||||||
|
sql cdb_testmember_1 "DROP TABLE test_perms_priv"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#################################################### TESTS END HERE ####################################################
|
#################################################### TESTS END HERE ####################################################
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user