Add ability to grant fdw role to org members

2019-07-15 16:54:23 +02:00 · 2019-07-15 16:54:23 +02:00 · 3a10ef7e76
commit 3a10ef7e76
parent a20676f391
3 changed files with 33 additions and 1 deletions
--- a/scripts-available/CDB_ForeignTable.sql
+++ b/scripts-available/CDB_ForeignTable.sql
@ -167,7 +167,7 @@ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
 -- It is the responsibility of the caller to grant that role to either:
 --   * Nobody
 --   * Specific roles: GRANT amazon TO role_name;
--   * Members of the organization: SELECT cartodb.CDB_Grant_Role_To_Org_Members('amazon'); TODO
+--   * Members of the organization: SELECT cartodb.CDB_Organization_Grant_Role('amazon');
 --   * The publicuser: GRANT amazon TO publicuser;
 CREATE OR REPLACE FUNCTION @extschema@.CDB_SetUp_User_Foreign_Server(fdw_name NAME, config json)
 RETURNS void AS $$
--- a/scripts-available/CDB_Organizations.sql
+++ b/scripts-available/CDB_Organizations.sql
@ -169,3 +169,30 @@ BEGIN
    EXECUTE 'SELECT @extschema@.CDB_Organization_Remove_Access_Permission(''' || from_schema || ''', ''' || table_name || ''', ''' || @extschema@.CDB_Organization_Member_Group_Role_Member_Name() || ''');';
 END
 $$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;
+
+
+--------------------------------------------------------------------------------
+-- Role management
+--------------------------------------------------------------------------------
+CREATE OR REPLACE
+FUNCTION @extschema@.CDB_Organization_Grant_Role(role_name name)
+RETURNS VOID AS $$
+DECLARE
+    org_role TEXT;
+BEGIN
+    org_role := @extschema@.CDB_Organization_Member_Group_Role_Member_Name();
+    EXECUTE format('GRANT %I TO %I', role_name, org_role);
+END
+$$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;
+
+
+CREATE OR REPLACE
+FUNCTION @extschema@.CDB_Organization_Revoke_Role(role_name name)
+RETURNS VOID AS $$
+DECLARE
+    org_role TEXT;
+BEGIN
+    org_role := @extschema@.CDB_Organization_Member_Group_Role_Member_Name();
+    EXECUTE format('REVOKE %I FROM %I', role_name, org_role);
+END
+$$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;
--- a/test/extension/test.sh
+++ b/test/extension/test.sh
@ -621,6 +621,11 @@ EOF
    sql cdb_testmember_2 "SELECT a from test_user_fdw.foo LIMIT 1;" should 42
    sql cdb_testmember_1 "REVOKE test_user_fdw FROM cdb_testmember_2;"

+    # Check that the table can be accessed by org members
+    sql cdb_testmember_1 "SELECT cartodb.CDB_Organization_Grant_Role('test_user_fdw');"
+    sql cdb_testmember_2 "SELECT a from test_user_fdw.foo LIMIT 1;" should 42
+    sql cdb_testmember_1 "SELECT cartodb.CDB_Organization_Revoke_Role('test_user_fdw');"
+

    # Teardown
    DATABASE=fdw_target sql postgres 'REVOKE USAGE ON SCHEMA test_fdw FROM fdw_user;'