734561de4c
This is consistent with cartodb behaviour, but not exactly the same as the contract that the 'public' role guarantees access to public resources. Possibly a better fix would be to audit (ug) everything and make sure that it's really using the public role to mean public, rather than the 'publicuser' connection role. That CDB creates.
30 lines
1.2 KiB
PL/PgSQL
30 lines
1.2 KiB
PL/PgSQL
-- Function returning list of cartodb user tables
|
|
--
|
|
-- The optional argument restricts the result to tables
|
|
-- of the specified access type.
|
|
--
|
|
-- Currently accepted permissions are: 'public', 'private' or 'all'
|
|
--
|
|
DROP FUNCTION IF EXISTS cdb_usertables(text);
|
|
CREATE OR REPLACE FUNCTION CDB_UserTables(perm text DEFAULT 'all')
|
|
RETURNS SETOF name
|
|
AS $$
|
|
|
|
SELECT c.relname
|
|
FROM pg_class c
|
|
JOIN pg_namespace n ON n.oid = c.relnamespace
|
|
WHERE c.relkind = 'r'
|
|
AND c.relname NOT IN ('cdb_tablemetadata', 'spatial_ref_sys')
|
|
AND n.nspname NOT IN ('pg_catalog', 'information_schema', 'topology')
|
|
AND CASE WHEN perm = 'public' THEN has_table_privilege('publicuser', c.oid, 'SELECT')
|
|
WHEN perm = 'private' THEN (has_table_privilege(c.relowner, c.oid, 'SELECT') OR has_table_privilege(current_user, c.oid, 'SELECT'))
|
|
AND NOT has_table_privilege('publicuser', c.oid, 'SELECT')
|
|
WHEN perm = 'all' THEN has_table_privilege(c.relowner, c.oid, 'SELECT') OR has_table_privilege('publicuser', c.oid, 'SELECT')
|
|
ELSE false END;
|
|
|
|
$$ LANGUAGE 'sql';
|
|
|
|
-- This is to migrate from pre-0.2.0 version
|
|
-- See http://github.com/CartoDB/cartodb-postgresql/issues/36
|
|
GRANT EXECUTE ON FUNCTION CDB_UserTables(text) TO public;
|