diff --git a/scripts-available/CDB_Groups.sql b/scripts-available/CDB_Groups.sql index e232768..152ba82 100644 --- a/scripts-available/CDB_Groups.sql +++ b/scripts-available/CDB_Groups.sql @@ -3,14 +3,14 @@ CREATE OR REPLACE FUNCTION cartodb.CDB_Group_CreateGroup(group_name text) RETURNS VOID AS $$ DECLARE - cdb_group_role TEXT; + cdb_group_role TEXT; BEGIN - -- TODO: escape group_name - cdb_group_role := cartodb._CDB_Group_GroupRole(group_name); - IF NOT EXISTS ( SELECT 1 FROM pg_roles WHERE rolname = cdb_group_role ) - THEN - EXECUTE 'CREATE ROLE "' || cdb_group_role || '" NOLOGIN;'; - END IF; + -- TODO: escape group_name + cdb_group_role := cartodb._CDB_Group_GroupRole(group_name); + IF NOT EXISTS ( SELECT 1 FROM pg_roles WHERE rolname = cdb_group_role ) + THEN + EXECUTE 'CREATE ROLE "' || cdb_group_role || '" NOLOGIN;'; + END IF; END $$ LANGUAGE PLPGSQL; @@ -19,8 +19,8 @@ CREATE OR REPLACE FUNCTION cartodb.CDB_Group_DropGroup(group_name text) RETURNS VOID AS $$ BEGIN - EXECUTE 'DROP OWNED BY "' || cartodb._CDB_Group_GroupRole(group_name) || '"'; - EXECUTE 'DROP ROLE IF EXISTS "' || cartodb._CDB_Group_GroupRole(group_name) || '"'; + EXECUTE 'DROP OWNED BY "' || cartodb._CDB_Group_GroupRole(group_name) || '"'; + EXECUTE 'DROP ROLE IF EXISTS "' || cartodb._CDB_Group_GroupRole(group_name) || '"'; END $$ LANGUAGE PLPGSQL; @@ -29,7 +29,7 @@ CREATE OR REPLACE FUNCTION cartodb.CDB_Group_RenameGroup(old_group_name text, new_group_name text) RETURNS VOID AS $$ BEGIN - EXECUTE 'ALTER ROLE "' || cartodb._CDB_Group_GroupRole(old_group_name) || '" RENAME TO "' || cartodb._CDB_Group_GroupRole(new_group_name) || '"'; + EXECUTE 'ALTER ROLE "' || cartodb._CDB_Group_GroupRole(old_group_name) || '" RENAME TO "' || cartodb._CDB_Group_GroupRole(new_group_name) || '"'; END $$ LANGUAGE PLPGSQL; @@ -38,12 +38,12 @@ CREATE OR REPLACE FUNCTION cartodb.CDB_Group_AddMember(group_name text, username text) RETURNS VOID AS $$ DECLARE - cdb_group_role TEXT; - cdb_user_role TEXT; + cdb_group_role TEXT; + cdb_user_role TEXT; BEGIN - cdb_group_role := cartodb._CDB_Group_GroupRole(group_name); - cdb_user_role := cartodb._CDB_User_RoleFromUsername(username); - EXECUTE 'GRANT "' || cdb_group_role || '" TO "' || cdb_user_role || '"'; + cdb_group_role := cartodb._CDB_Group_GroupRole(group_name); + cdb_user_role := cartodb._CDB_User_RoleFromUsername(username); + EXECUTE 'GRANT "' || cdb_group_role || '" TO "' || cdb_user_role || '"'; END $$ LANGUAGE PLPGSQL; @@ -52,12 +52,12 @@ CREATE OR REPLACE FUNCTION cartodb.CDB_Group_RemoveMember(group_name text, username text) RETURNS VOID AS $$ DECLARE - cdb_group_role TEXT; - cdb_user_role TEXT; + cdb_group_role TEXT; + cdb_user_role TEXT; BEGIN - cdb_group_role := cartodb._CDB_Group_GroupRole(group_name); - cdb_user_role := cartodb._CDB_User_RoleFromUsername(username); - EXECUTE 'REVOKE "' || cdb_group_role || '" FROM "' || cdb_user_role || '"'; + cdb_group_role := cartodb._CDB_Group_GroupRole(group_name); + cdb_user_role := cartodb._CDB_User_RoleFromUsername(username); + EXECUTE 'REVOKE "' || cdb_group_role || '" FROM "' || cdb_user_role || '"'; END $$ LANGUAGE PLPGSQL; @@ -118,9 +118,9 @@ CREATE OR REPLACE FUNCTION cartodb._CDB_User_RoleFromUsername(username text) RETURNS TEXT AS $$ DECLARE - user_role TEXT; + user_role TEXT; BEGIN - EXECUTE 'SELECT SCHEMA_OWNER FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = $1 LIMIT 1' INTO user_role USING username; - RETURN user_role; + EXECUTE 'SELECT SCHEMA_OWNER FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = $1 LIMIT 1' INTO user_role USING username; + RETURN user_role; END $$ LANGUAGE PLPGSQL; diff --git a/test/organization/test.sh b/test/organization/test.sh index c3ca449..64b9b10 100644 --- a/test/organization/test.sh +++ b/test/organization/test.sh @@ -38,11 +38,11 @@ function sql() { fi if [ -n "${ROLE}" ]; then - log_debug "Executing query '${QUERY}' as ${ROLE}" - RESULT=`${CMD} -U "${ROLE}" ${DATABASE} -c "${QUERY}" -A -t 2>"${ERROR_OUTPUT_FILE}"` + log_debug "Executing query '${QUERY}' as ${ROLE}" + RESULT=`${CMD} -U "${ROLE}" ${DATABASE} -c "${QUERY}" -A -t 2>"${ERROR_OUTPUT_FILE}"` else - log_debug "Executing query '${QUERY}'" - RESULT=`${CMD} ${DATABASE} -c "${QUERY}" -A -t 2>"${ERROR_OUTPUT_FILE}"` + log_debug "Executing query '${QUERY}'" + RESULT=`${CMD} ${DATABASE} -c "${QUERY}" -A -t 2>"${ERROR_OUTPUT_FILE}"` fi CODERESULT=$? ERROR_OUTPUT=`cat "${ERROR_OUTPUT_FILE}"` @@ -58,17 +58,17 @@ function sql() { # Some warnings should actually be failures if [[ ${CODERESULT} == "0" ]] then - case "${ERROR_OUTPUT}" in - WARNING:*no*privileges*were*granted*for*) - echo -n "FAILED BECAUSE OF PRIVILEGES GRANTING WARNING" - CODERESULT=1 - ;; - WARNING:*no*privileges*could*be*revoked*for*) - echo -n "FAILED BECAUSE OF PRIVILEGES REVOKING WARNING" - CODERESULT=1 - ;; - *) echo "All ok" ;; - esac + case "${ERROR_OUTPUT}" in + WARNING:*no*privileges*were*granted*for*) + echo -n "FAILED BECAUSE OF PRIVILEGES GRANTING WARNING" + CODERESULT=1 + ;; + WARNING:*no*privileges*could*be*revoked*for*) + echo -n "FAILED BECAUSE OF PRIVILEGES REVOKING WARNING" + CODERESULT=1 + ;; + *) echo "All ok" ;; + esac fi echo "- New code result: " @@ -435,33 +435,33 @@ function test_cdb_usertables_should_work_with_orgusers() { } function test_CDB_Group_Table_GrantRead_should_grant_select_and_RevokeAll_should_remove_it() { - create_table cdb_testmember_2 shared_with_group + create_table cdb_testmember_2 shared_with_group - sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' fails - sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' - sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_GrantRead('group_a', 'cdb_testmember_2', 'shared_with_group')" - sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' - sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' - sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_RevokeAll('group_a', 'cdb_testmember_2', 'shared_with_group')" - sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' fails - sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' + sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' fails + sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' + sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_GrantRead('group_a', 'cdb_testmember_2', 'shared_with_group')" + sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' + sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' + sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_RevokeAll('group_a', 'cdb_testmember_2', 'shared_with_group')" + sql cdb_testmember_1 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' fails + sql cdb_testmember_2 'SELECT count(*) FROM cdb_testmember_2.shared_with_group;' - sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;' + sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;' } function test_CDB_Group_Table_GrantReadWrite_should_grant_insert_and_RevokeAll_should_remove_it() { - create_table cdb_testmember_2 shared_with_group + create_table cdb_testmember_2 shared_with_group - sql cdb_testmember_1 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' fails - sql cdb_testmember_2 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' - sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_a', 'cdb_testmember_2', 'shared_with_group')" - sql cdb_testmember_1 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' - sql cdb_testmember_2 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' - sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_RevokeAll('group_a', 'cdb_testmember_2', 'shared_with_group')" - sql cdb_testmember_1 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' fails - sql cdb_testmember_2 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' + sql cdb_testmember_1 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' fails + sql cdb_testmember_2 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' + sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_GrantReadWrite('group_a', 'cdb_testmember_2', 'shared_with_group')" + sql cdb_testmember_1 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' + sql cdb_testmember_2 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' + sql cdb_testmember_2 "select cartoDB.CDB_Group_Table_RevokeAll('group_a', 'cdb_testmember_2', 'shared_with_group')" + sql cdb_testmember_1 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' fails + sql cdb_testmember_2 'INSERT INTO cdb_testmember_2.shared_with_group VALUES (1), (2), (3), (4), (5)' - sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;' + sql cdb_testmember_2 'DROP TABLE cdb_testmember_2.shared_with_group;' } function test_group_management_functions_cant_be_used_by_normal_members() {