cartodb-postgresql/scripts-available/CDB_Groups_API.sql

196 lines
7.2 KiB
MySQL
Raw Normal View History

----------------------------------
-- GROUP METADATA API FUNCTIONS
--
-- Meant to be used by CDB_Group_* functions to sync data with the editor.
2015-08-20 23:32:36 +08:00
-- Requires configuration parameter. Example: SELECT cartodb.CDB_Conf_SetConf('groups_api', '{ "host": "127.0.0.1", "port": 3000, "timeout": 10, "username": "extension", "password": "elephant" }');
----------------------------------
2015-08-14 20:03:53 +08:00
2015-09-07 16:35:32 +08:00
-- TODO: delete this development cleanup before final merge
DROP FUNCTION IF EXISTS cartodb.CDB_Group_AddMember(group_name text, username text);
DROP FUNCTION IF EXISTS cartodb.CDB_Group_RemoveMember(group_name text, username text);
DROP FUNCTION IF EXISTS cartodb._CDB_Group_AddMember_API(group_name text, username text);
DROP FUNCTION IF EXISTS cartodb._CDB_Group_RemoveMember_API(group_name text, username text);
-- Sends the create group request
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_CreateGroup_API(group_name text, group_role text)
RETURNS VOID AS
$$
import string
2015-09-04 02:41:19 +08:00
url = '/api/v1/databases/{0}/groups'
2015-08-18 14:10:02 +08:00
body = '{ "name": "%s", "database_role": "%s" }' % (group_name, group_role)
2015-08-18 17:53:38 +08:00
query = "select cartodb._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
2015-08-18 16:44:10 +08:00
plpy.execute(query)
2015-08-20 16:03:48 +08:00
$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_DropGroup_API(group_name text)
RETURNS VOID AS
$$
import string
2015-09-03 22:38:12 +08:00
import urllib
2015-09-04 02:41:19 +08:00
url = '/api/v1/databases/{0}/groups/%s' % (urllib.pathname2url(group_name))
2015-09-09 18:24:54 +08:00
query = "select cartodb._CDB_Group_API_Request('DELETE', '%s', '', '{204, 404}') as response_status" % url
2015-08-18 16:44:10 +08:00
plpy.execute(query)
2015-08-20 16:03:48 +08:00
$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
2015-08-17 17:49:31 +08:00
2015-08-17 19:37:34 +08:00
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_RenameGroup_API(old_group_name text, new_group_name text, new_group_role text)
2015-08-17 19:37:34 +08:00
RETURNS VOID AS
$$
import string
2015-09-03 22:38:12 +08:00
import urllib
2015-08-17 19:37:34 +08:00
2015-09-04 02:41:19 +08:00
url = '/api/v1/databases/{0}/groups/%s' % (urllib.pathname2url(old_group_name))
2015-08-18 14:10:02 +08:00
body = '{ "name": "%s", "database_role": "%s" }' % (new_group_name, new_group_role)
2015-08-18 19:26:23 +08:00
query = "select cartodb._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
2015-08-18 16:44:10 +08:00
plpy.execute(query)
2015-08-20 16:03:48 +08:00
$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
2015-08-17 19:37:34 +08:00
2015-08-17 21:05:09 +08:00
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_AddUsers_API(group_name text, usernames text[])
2015-08-17 21:05:09 +08:00
RETURNS VOID AS
$$
import string
2015-09-03 22:38:12 +08:00
import urllib
2015-08-17 21:05:09 +08:00
2015-09-04 02:41:19 +08:00
url = '/api/v1/databases/{0}/groups/%s/users' % (urllib.pathname2url(group_name))
body = "{ \"users\": [\"%s\"] }" % "\",\"".join(usernames)
2015-08-18 17:53:38 +08:00
query = "select cartodb._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
2015-08-18 16:44:10 +08:00
plpy.execute(query)
2015-08-20 16:03:48 +08:00
$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
2015-08-17 21:05:09 +08:00
2015-08-17 21:20:15 +08:00
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_RemoveUsers_API(group_name text, usernames text[])
2015-08-17 21:20:15 +08:00
RETURNS VOID AS
$$
import string
2015-09-03 22:38:12 +08:00
import urllib
2015-08-17 21:20:15 +08:00
2015-09-07 16:35:04 +08:00
url = '/api/v1/databases/{0}/groups/%s/users' % (urllib.pathname2url(group_name))
body = "{ \"users\": [\"%s\"] }" % "\",\"".join(usernames)
2015-09-07 16:35:04 +08:00
query = "select cartodb._CDB_Group_API_Request('DELETE', '%s', '%s', '{200, 404}') as response_status" % (url, body)
2015-08-18 16:44:10 +08:00
plpy.execute(query)
2015-08-20 16:03:48 +08:00
$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
2015-08-17 21:20:15 +08:00
2015-08-17 17:49:31 +08:00
DO LANGUAGE 'plpgsql' $$
BEGIN
2015-08-19 17:20:06 +08:00
-- Needed for dropping type
DROP FUNCTION IF EXISTS cartodb._CDB_Group_API_Conf();
2015-08-17 17:49:31 +08:00
DROP TYPE IF EXISTS _CDB_Group_API_Params;
END
$$;
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_Table_GrantPermission_API(group_name text, username text, table_name text, access text)
RETURNS VOID AS
$$
import string
2015-09-03 22:38:12 +08:00
import urllib
2015-09-04 02:41:19 +08:00
url = '/api/v1/databases/{0}/groups/%s/permission/%s/tables/%s' % (urllib.pathname2url(group_name), username, table_name)
body = '{ "access": "%s" }' % access
query = "select cartodb._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
plpy.execute(query)
2015-08-20 16:03:48 +08:00
$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
DO LANGUAGE 'plpgsql' $$
BEGIN
-- Needed for dropping type
DROP FUNCTION IF EXISTS cartodb._CDB_Group_API_Conf();
DROP TYPE IF EXISTS _CDB_Group_API_Params;
END
$$;
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_Table_RevokeAllPermission_API(group_name text, username text, table_name text)
RETURNS VOID AS
$$
import string
2015-09-03 22:38:12 +08:00
import urllib
2015-09-04 02:41:19 +08:00
url = '/api/v1/databases/{0}/groups/%s/permission/%s/tables/%s' % (urllib.pathname2url(group_name), username, table_name)
query = "select cartodb._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url
plpy.execute(query)
2015-08-20 16:03:48 +08:00
$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
DO LANGUAGE 'plpgsql' $$
BEGIN
-- Needed for dropping type
DROP FUNCTION IF EXISTS cartodb._CDB_Group_API_Conf();
DROP TYPE IF EXISTS _CDB_Group_API_Params;
END
$$;
2015-08-17 17:49:31 +08:00
CREATE TYPE _CDB_Group_API_Params AS (
host text,
port int,
timeout int,
2015-08-17 18:26:38 +08:00
auth text
2015-08-17 17:49:31 +08:00
);
-- This must be explicitally extracted because "composite types are currently not supported".
-- See http://www.postgresql.org/docs/9.3/static/plpython-database.html.
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_API_Conf()
RETURNS _CDB_Group_API_Params AS
$$
conf = plpy.execute("SELECT cartodb.CDB_Conf_GetConf('groups_api') conf")[0]['conf']
if conf is None:
return None
else:
import json
params = json.loads(conf)
2015-08-17 18:55:42 +08:00
auth = 'Basic %s' % plpy.execute("SELECT cartodb._CDB_Group_API_Auth('%s', '%s') as auth" % (params['username'], params['password']))[0]['auth']
2015-08-17 18:26:38 +08:00
return { "host": params['host'], "port": params['port'], 'timeout': params['timeout'], 'auth': auth }
2015-08-17 17:49:31 +08:00
$$ LANGUAGE 'plpythonu' VOLATILE;
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_API_Auth(username text, password text)
RETURNS TEXT AS
$$
import base64
2015-08-20 18:54:46 +08:00
return base64.encodestring('%s:%s' % (username, password)).replace('\n', '')
$$ LANGUAGE 'plpythonu' VOLATILE;
2015-08-18 14:10:02 +08:00
2015-08-19 17:08:05 +08:00
-- url must contain a '%s' placeholder that will be replaced by current_database, for security reasons.
2015-08-18 14:10:02 +08:00
CREATE OR REPLACE
2015-08-18 17:53:38 +08:00
FUNCTION cartodb._CDB_Group_API_Request(method text, url text, body text, valid_return_codes int[])
2015-08-18 14:10:02 +08:00
RETURNS int AS
$$
import httplib
params = plpy.execute("select c.host, c.port, c.timeout, c.auth from cartodb._CDB_Group_API_Conf() c;")[0]
if params['host'] is None:
return None
headers = { 'Authorization': params['auth'], 'Content-Type': 'application/json' }
retry = 3
last_err = None
while retry > 0:
try:
2015-08-18 14:27:14 +08:00
client = SD['groups_api_client'] = httplib.HTTPConnection(params['host'], params['port'], False, params['timeout'])
database_name = plpy.execute("select current_database();")[0]['current_database']
2015-09-04 02:41:19 +08:00
client.request(method, url.format(database_name), body, headers)
2015-08-18 14:10:02 +08:00
response = client.getresponse()
2015-08-18 17:53:38 +08:00
assert response.status in valid_return_codes
2015-08-18 14:10:02 +08:00
return response.status
except Exception as err:
retry -= 1
last_err = err
plpy.warning('Retrying after: ' + str(err))
2015-08-18 14:27:14 +08:00
client = SD['groups_api_client'] = None
2015-08-18 14:10:02 +08:00
if last_err is not None:
plpy.error('Fatal Group API error: ' + str(last_err))
raise last_err
2015-08-18 16:44:10 +08:00
return None
2015-08-20 16:03:48 +08:00
$$ LANGUAGE 'plpythonu' VOLATILE;
revoke all on function cartodb._CDB_Group_API_Request(text, text, text, int[]) from public;