Grant and revoking permissions API sync

9 years ago · 75c4308ea9
parent 70fe432102
commit 75c4308ea9
2 changed files with 43 additions and 1 deletions
--- a/scripts-available/CDB_Groups.sql
+++ b/scripts-available/CDB_Groups.sql
@ -100,6 +100,7 @@ BEGIN
    group_role := cartodb._CDB_Group_GroupRole(group_name);
    EXECUTE format('GRANT USAGE ON SCHEMA "%s" TO "%s"', username, group_role);
    EXECUTE format('GRANT SELECT ON TABLE "%s"."%s" TO "%s"', username, table_name, group_role );
+    PERFORM cartodb._CDB_Group_Table_GrantPermission_API(group_name, username, table_name, 'r');
 END
 $$ LANGUAGE PLPGSQL VOLATILE;

@ -113,6 +114,7 @@ BEGIN
    group_role := cartodb._CDB_Group_GroupRole(group_name);
    EXECUTE format('GRANT USAGE ON SCHEMA "%s" TO "%s"', username, group_role);
    EXECUTE format('GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE "%s"."%s" TO "%s"', username, table_name, group_role);
+    PERFORM cartodb._CDB_Group_Table_GrantPermission_API(group_name, username, table_name, 'w');
 END
 $$ LANGUAGE PLPGSQL VOLATILE;

@ -125,6 +127,7 @@ DECLARE
 BEGIN
    group_role := cartodb._CDB_Group_GroupRole(group_name);
    EXECUTE format('REVOKE ALL ON TABLE "%s"."%s" FROM "%s"', username, table_name, group_role);
+    PERFORM cartodb._CDB_Group_Table_RevokeAllPermission_API(group_name, username, table_name);
 END
 $$ LANGUAGE PLPGSQL VOLATILE;

@ -158,7 +161,7 @@ DECLARE
    user_role TEXT;
 BEGIN
    -- This was preferred, but non-superadmins won't get results
-    --EXECUTE 'SELECT SCHEMA_OWNER FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = $1 LIMIT 1' INTO user_role USING username;
+    -- SELECT SCHEMA_OWNER FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = $1 LIMIT 1'
    EXECUTE 'SELECT pg_get_userbyid(nspowner) FROM pg_namespace WHERE nspname = $1;' INTO user_role USING username;
    RETURN user_role;
 END
--- a/scripts-available/CDB_Groups_API.sql
+++ b/scripts-available/CDB_Groups_API.sql
@ -72,6 +72,45 @@ BEGIN
 END
 $$;

+CREATE OR REPLACE
+FUNCTION cartodb._CDB_Group_Table_GrantPermission_API(group_name text, username text, table_name text, access text)
+    RETURNS VOID AS
+$$
+    import string
+
+    url = '/api/v1/databases/%s/groups/%s/permission/%s/tables/%s' % ('%s', group_name, username, table_name)
+    body = '{ "access": "%s" }' % access
+    query = "select cartodb._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
+    plpy.execute(query)
+$$ LANGUAGE 'plpythonu' VOLATILE;
+
+DO LANGUAGE 'plpgsql' $$
+BEGIN
+    -- Needed for dropping type
+    DROP FUNCTION IF EXISTS cartodb._CDB_Group_API_Conf();
+    DROP TYPE IF EXISTS _CDB_Group_API_Params;
+END
+$$;
+
+CREATE OR REPLACE
+FUNCTION cartodb._CDB_Group_Table_RevokeAllPermission_API(group_name text, username text, table_name text)
+    RETURNS VOID AS
+$$
+    import string
+
+    url = '/api/v1/databases/%s/groups/%s/permission/%s/tables/%s' % ('%s', group_name, username, table_name)
+    query = "select cartodb._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url
+    plpy.execute(query)
+$$ LANGUAGE 'plpythonu' VOLATILE;
+
+DO LANGUAGE 'plpgsql' $$
+BEGIN
+    -- Needed for dropping type
+    DROP FUNCTION IF EXISTS cartodb._CDB_Group_API_Conf();
+    DROP TYPE IF EXISTS _CDB_Group_API_Params;
+END
+$$;
+
 CREATE TYPE _CDB_Group_API_Params AS (
    host text,
    port int,