Use 'publicuser' as public role, not 'public', closes #95.

This is consistent with cartodb behaviour, but not exactly the same as the contract that the 'public' role guarantees access to public resources. Possibly a better fix would be to audit (ug) everything and make sure that it's really using the public role to mean public, rather than the 'publicuser' connection role. That CDB creates.
2015-07-07 05:49:28 -07:00 · 2015-07-07 05:49:28 -07:00 · 734561de4c
commit 734561de4c
parent 8516cbd4c3
3 changed files with 16 additions and 14 deletions
--- a/scripts-available/CDB_UserTables.sql
+++ b/scripts-available/CDB_UserTables.sql
@ -12,16 +12,14 @@ AS $$

 SELECT c.relname 
 FROM pg_class c 
-JOIN pg_roles r ON r.oid = c.relowner
 JOIN pg_namespace n ON n.oid = c.relnamespace
-WHERE r.rolname = current_user 
-AND c.relkind = 'r' 
+WHERE c.relkind = 'r' 
 AND c.relname NOT IN ('cdb_tablemetadata', 'spatial_ref_sys')
-AND n.nspname NOT IN ('pg_catalog', 'information_schema')
-AND CASE WHEN perm = 'public' THEN has_table_privilege('public', c.oid, 'SELECT')
-         WHEN perm = 'private' THEN has_table_privilege(c.oid, 'SELECT') AND NOT 
-                                    has_table_privilege('public', c.oid, 'SELECT')
-         WHEN perm = 'all' THEN has_table_privilege(c.oid, 'SELECT') 
+AND n.nspname NOT IN ('pg_catalog', 'information_schema', 'topology')
+AND CASE WHEN perm = 'public' THEN has_table_privilege('publicuser', c.oid, 'SELECT')
+         WHEN perm = 'private' THEN (has_table_privilege(c.relowner, c.oid, 'SELECT') OR has_table_privilege(current_user, c.oid, 'SELECT'))
+                                    AND NOT has_table_privilege('publicuser', c.oid, 'SELECT')
+         WHEN perm = 'all' THEN has_table_privilege(c.relowner, c.oid, 'SELECT') OR has_table_privilege('publicuser', c.oid, 'SELECT')
         ELSE false END;

 $$ LANGUAGE 'sql';
--- a/test/CDB_UserTablesTest.sql
+++ b/test/CDB_UserTablesTest.sql
@ -1,11 +1,13 @@
-create table pub(a int);
-create table prv(a int);
-GRANT SELECT ON TABLE pub TO public;
-REVOKE SELECT ON TABLE prv FROM public;
+CREATE ROLE publicuser;
+CREATE TABLE pub(a int);
+CREATE TABLE prv(a int);
+GRANT SELECT ON TABLE pub TO publicuser;
+REVOKE SELECT ON TABLE prv FROM publicuser;
 SELECT CDB_UserTables() ORDER BY 1;
 SELECT 'all',CDB_UserTables('all') ORDER BY 2;
 SELECT 'public',CDB_UserTables('public') ORDER BY 2;
 SELECT 'private',CDB_UserTables('private') ORDER BY 2;
 SELECT '--unsupported--',CDB_UserTables('--unsupported--') ORDER BY 2;
-drop table pub;
-drop table prv;
+DROP TABLE pub;
+DROP TABLE prv;
+DROP ROLE publicuser;
--- a/test/CDB_UserTablesTest_expect
+++ b/test/CDB_UserTablesTest_expect
@ -1,3 +1,4 @@
+CREATE ROLE
 CREATE TABLE
 CREATE TABLE
 GRANT
@ -10,3 +11,4 @@ public|pub
 private|prv
 DROP TABLE
 DROP TABLE
+DROP ROLE