diff --git a/Makefile b/Makefile index 3881e89..c3ce7f8 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,6 @@ EXTVERSION = 0.2.0dev SED = sed CDBSCRIPTS = \ - scripts-available/CDB_Roles.sql \ scripts-enabled/*.sql \ scripts-available/CDB_SearchPath.sql \ scripts-available/CDB_DDLTriggers.sql \ diff --git a/NEWS b/NEWS index c4f469a..5ca6552 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,10 @@ Important changes: - This release adds dependency on "plpythonu" extension + - Roles are not created anymore, previously private functions + for table information extraction will now be callable by + anyone while only returning information about tables over + which the calling user has SELECT privilege (#36) Bug fixes: diff --git a/scripts-available/CDB_ColumnNames.sql b/scripts-available/CDB_ColumnNames.sql index 2c74dbc..c392321 100644 --- a/scripts-available/CDB_ColumnNames.sql +++ b/scripts-available/CDB_ColumnNames.sql @@ -11,6 +11,3 @@ AS $$ $$ LANGUAGE SQL; --- This is a private function, so only the db owner need privileges -REVOKE ALL ON FUNCTION CDB_ColumnNames(REGCLASS) FROM PUBLIC; -GRANT EXECUTE ON FUNCTION CDB_ColumnNames(REGCLASS) TO ":DATABASE_USERNAME"; diff --git a/scripts-available/CDB_ColumnType.sql b/scripts-available/CDB_ColumnType.sql index 6b8196e..4319bbe 100644 --- a/scripts-available/CDB_ColumnType.sql +++ b/scripts-available/CDB_ColumnType.sql @@ -12,6 +12,3 @@ AS $$ $$ LANGUAGE SQL; --- This is a private function, so only the db owner need privileges -REVOKE ALL ON FUNCTION CDB_ColumnType(REGCLASS, TEXT) FROM PUBLIC; -GRANT EXECUTE ON FUNCTION CDB_ColumnType(REGCLASS, TEXT) TO ":DATABASE_USERNAME"; diff --git a/scripts-available/CDB_DDLTriggers.sql b/scripts-available/CDB_DDLTriggers.sql index ccb25c8..37ab988 100644 --- a/scripts-available/CDB_DDLTriggers.sql +++ b/scripts-available/CDB_DDLTriggers.sql @@ -1,8 +1,3 @@ ---LOAD 'schema_triggers.so'; ---CREATE EXTENSION IF NOT EXISTS schema_triggers; - ---GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA schema_triggers TO public; - -- Table creation -- { CREATE OR REPLACE FUNCTION cartodb.cdb_handle_create_table () diff --git a/scripts-available/CDB_Roles.sql b/scripts-available/CDB_Roles.sql deleted file mode 100644 index c984d3c..0000000 --- a/scripts-available/CDB_Roles.sql +++ /dev/null @@ -1,13 +0,0 @@ -DO LANGUAGE 'plpgsql' $$ -BEGIN - IF NOT EXISTS ( SELECT * FROM pg_roles WHERE rolname= 'cdb_org_admin' ) - THEN - CREATE ROLE cdb_org_admin NOLOGIN; - END IF; - - IF NOT EXISTS ( SELECT * FROM pg_roles WHERE rolname= 'cdb_org_user' ) - THEN - CREATE ROLE cdb_org_user NOLOGIN; - END IF; -END -$$; diff --git a/scripts-available/CDB_TableIndexes.sql b/scripts-available/CDB_TableIndexes.sql index c6871fe..bbb7e00 100644 --- a/scripts-available/CDB_TableIndexes.sql +++ b/scripts-available/CDB_TableIndexes.sql @@ -17,10 +17,8 @@ AS $$ ON pg_class.oid = idx.indexrelid WHERE pg_indexes.tablename = '' || $1 || '' AND '' || $1 || '' IN (SELECT CDB_UserTables()) - AND pg_class.relname=pg_indexes.indexname; + AND pg_class.relname=pg_indexes.indexname + ; $$ LANGUAGE SQL; --- This is a private function, so only the db owner need privileges -REVOKE ALL ON FUNCTION CDB_TableIndexes(REGCLASS) FROM PUBLIC; -GRANT EXECUTE ON FUNCTION CDB_TableIndexes(REGCLASS) TO ":DATABASE_USERNAME"; diff --git a/scripts-available/CDB_UserTables.sql b/scripts-available/CDB_UserTables.sql index c2fa4ee..aa9e350 100644 --- a/scripts-available/CDB_UserTables.sql +++ b/scripts-available/CDB_UserTables.sql @@ -26,14 +26,14 @@ AS $$ FROM usertables ) SELECT t FROM perms - WHERE p = CASE WHEN $1 = 'private' THEN false + WHERE ( + p = CASE WHEN $1 = 'private' THEN false WHEN $1 = 'public' THEN true ELSE not p -- none END OR $1 = 'all' + ) + AND has_table_privilege('public'||'.'||t, 'SELECT') ; $$ LANGUAGE 'sql'; --- This is a private function, so only the db owner need privileges -REVOKE ALL ON FUNCTION CDB_UserTables(text) FROM PUBLIC; -GRANT EXECUTE ON FUNCTION CDB_UserTables(text) TO ":DATABASE_USERNAME";