Add ability to grant fdw role to org members

This commit is contained in:
Rafa de la Torre 2019-07-15 16:54:23 +02:00
parent a20676f391
commit 3a10ef7e76
3 changed files with 33 additions and 1 deletions

View File

@ -167,7 +167,7 @@ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
-- It is the responsibility of the caller to grant that role to either: -- It is the responsibility of the caller to grant that role to either:
-- * Nobody -- * Nobody
-- * Specific roles: GRANT amazon TO role_name; -- * Specific roles: GRANT amazon TO role_name;
-- * Members of the organization: SELECT cartodb.CDB_Grant_Role_To_Org_Members('amazon'); TODO -- * Members of the organization: SELECT cartodb.CDB_Organization_Grant_Role('amazon');
-- * The publicuser: GRANT amazon TO publicuser; -- * The publicuser: GRANT amazon TO publicuser;
CREATE OR REPLACE FUNCTION @extschema@.CDB_SetUp_User_Foreign_Server(fdw_name NAME, config json) CREATE OR REPLACE FUNCTION @extschema@.CDB_SetUp_User_Foreign_Server(fdw_name NAME, config json)
RETURNS void AS $$ RETURNS void AS $$

View File

@ -169,3 +169,30 @@ BEGIN
EXECUTE 'SELECT @extschema@.CDB_Organization_Remove_Access_Permission(''' || from_schema || ''', ''' || table_name || ''', ''' || @extschema@.CDB_Organization_Member_Group_Role_Member_Name() || ''');'; EXECUTE 'SELECT @extschema@.CDB_Organization_Remove_Access_Permission(''' || from_schema || ''', ''' || table_name || ''', ''' || @extschema@.CDB_Organization_Member_Group_Role_Member_Name() || ''');';
END END
$$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE; $$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;
--------------------------------------------------------------------------------
-- Role management
--------------------------------------------------------------------------------
CREATE OR REPLACE
FUNCTION @extschema@.CDB_Organization_Grant_Role(role_name name)
RETURNS VOID AS $$
DECLARE
org_role TEXT;
BEGIN
org_role := @extschema@.CDB_Organization_Member_Group_Role_Member_Name();
EXECUTE format('GRANT %I TO %I', role_name, org_role);
END
$$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;
CREATE OR REPLACE
FUNCTION @extschema@.CDB_Organization_Revoke_Role(role_name name)
RETURNS VOID AS $$
DECLARE
org_role TEXT;
BEGIN
org_role := @extschema@.CDB_Organization_Member_Group_Role_Member_Name();
EXECUTE format('REVOKE %I FROM %I', role_name, org_role);
END
$$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;

View File

@ -621,6 +621,11 @@ EOF
sql cdb_testmember_2 "SELECT a from test_user_fdw.foo LIMIT 1;" should 42 sql cdb_testmember_2 "SELECT a from test_user_fdw.foo LIMIT 1;" should 42
sql cdb_testmember_1 "REVOKE test_user_fdw FROM cdb_testmember_2;" sql cdb_testmember_1 "REVOKE test_user_fdw FROM cdb_testmember_2;"
# Check that the table can be accessed by org members
sql cdb_testmember_1 "SELECT cartodb.CDB_Organization_Grant_Role('test_user_fdw');"
sql cdb_testmember_2 "SELECT a from test_user_fdw.foo LIMIT 1;" should 42
sql cdb_testmember_1 "SELECT cartodb.CDB_Organization_Revoke_Role('test_user_fdw');"
# Teardown # Teardown
DATABASE=fdw_target sql postgres 'REVOKE USAGE ON SCHEMA test_fdw FROM fdw_user;' DATABASE=fdw_target sql postgres 'REVOKE USAGE ON SCHEMA test_fdw FROM fdw_user;'