Add ability to grant fdw role to org members
This commit is contained in:
parent
a20676f391
commit
3a10ef7e76
@ -167,7 +167,7 @@ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
|
|||||||
-- It is the responsibility of the caller to grant that role to either:
|
-- It is the responsibility of the caller to grant that role to either:
|
||||||
-- * Nobody
|
-- * Nobody
|
||||||
-- * Specific roles: GRANT amazon TO role_name;
|
-- * Specific roles: GRANT amazon TO role_name;
|
||||||
-- * Members of the organization: SELECT cartodb.CDB_Grant_Role_To_Org_Members('amazon'); TODO
|
-- * Members of the organization: SELECT cartodb.CDB_Organization_Grant_Role('amazon');
|
||||||
-- * The publicuser: GRANT amazon TO publicuser;
|
-- * The publicuser: GRANT amazon TO publicuser;
|
||||||
CREATE OR REPLACE FUNCTION @extschema@.CDB_SetUp_User_Foreign_Server(fdw_name NAME, config json)
|
CREATE OR REPLACE FUNCTION @extschema@.CDB_SetUp_User_Foreign_Server(fdw_name NAME, config json)
|
||||||
RETURNS void AS $$
|
RETURNS void AS $$
|
||||||
|
@ -169,3 +169,30 @@ BEGIN
|
|||||||
EXECUTE 'SELECT @extschema@.CDB_Organization_Remove_Access_Permission(''' || from_schema || ''', ''' || table_name || ''', ''' || @extschema@.CDB_Organization_Member_Group_Role_Member_Name() || ''');';
|
EXECUTE 'SELECT @extschema@.CDB_Organization_Remove_Access_Permission(''' || from_schema || ''', ''' || table_name || ''', ''' || @extschema@.CDB_Organization_Member_Group_Role_Member_Name() || ''');';
|
||||||
END
|
END
|
||||||
$$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;
|
$$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;
|
||||||
|
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
-- Role management
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
CREATE OR REPLACE
|
||||||
|
FUNCTION @extschema@.CDB_Organization_Grant_Role(role_name name)
|
||||||
|
RETURNS VOID AS $$
|
||||||
|
DECLARE
|
||||||
|
org_role TEXT;
|
||||||
|
BEGIN
|
||||||
|
org_role := @extschema@.CDB_Organization_Member_Group_Role_Member_Name();
|
||||||
|
EXECUTE format('GRANT %I TO %I', role_name, org_role);
|
||||||
|
END
|
||||||
|
$$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;
|
||||||
|
|
||||||
|
|
||||||
|
CREATE OR REPLACE
|
||||||
|
FUNCTION @extschema@.CDB_Organization_Revoke_Role(role_name name)
|
||||||
|
RETURNS VOID AS $$
|
||||||
|
DECLARE
|
||||||
|
org_role TEXT;
|
||||||
|
BEGIN
|
||||||
|
org_role := @extschema@.CDB_Organization_Member_Group_Role_Member_Name();
|
||||||
|
EXECUTE format('REVOKE %I FROM %I', role_name, org_role);
|
||||||
|
END
|
||||||
|
$$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;
|
||||||
|
@ -621,6 +621,11 @@ EOF
|
|||||||
sql cdb_testmember_2 "SELECT a from test_user_fdw.foo LIMIT 1;" should 42
|
sql cdb_testmember_2 "SELECT a from test_user_fdw.foo LIMIT 1;" should 42
|
||||||
sql cdb_testmember_1 "REVOKE test_user_fdw FROM cdb_testmember_2;"
|
sql cdb_testmember_1 "REVOKE test_user_fdw FROM cdb_testmember_2;"
|
||||||
|
|
||||||
|
# Check that the table can be accessed by org members
|
||||||
|
sql cdb_testmember_1 "SELECT cartodb.CDB_Organization_Grant_Role('test_user_fdw');"
|
||||||
|
sql cdb_testmember_2 "SELECT a from test_user_fdw.foo LIMIT 1;" should 42
|
||||||
|
sql cdb_testmember_1 "SELECT cartodb.CDB_Organization_Revoke_Role('test_user_fdw');"
|
||||||
|
|
||||||
|
|
||||||
# Teardown
|
# Teardown
|
||||||
DATABASE=fdw_target sql postgres 'REVOKE USAGE ON SCHEMA test_fdw FROM fdw_user;'
|
DATABASE=fdw_target sql postgres 'REVOKE USAGE ON SCHEMA test_fdw FROM fdw_user;'
|
||||||
|
Loading…
Reference in New Issue
Block a user