2015-11-17 23:28:33 +08:00
--
2016-04-19 21:16:10 +08:00
-- Public dataservices API function
2015-11-17 23:28:33 +08:00
--
-- These are the only ones with permissions to publicuser role
-- and should also be the only ones with SECURITY DEFINER
2016-11-24 20:27:32 +08:00
CREATE OR REPLACE FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>.<%= name %> (<%= params_with_type_and_default.join(' ,') %>)
2015-11-19 01:38:06 +08:00
RETURNS <%= return_type %> AS $$
2015-11-17 23:28:33 +08:00
DECLARE
2017-03-22 23:31:45 +08:00
<%= return_declaration if not multi_row %>
2017-03-28 16:37:21 +08:00
<%= user_org_declaration %>
2015-11-17 23:28:33 +08:00
BEGIN
2015-11-27 20:20:55 +08:00
IF session_user = 'publicuser' OR session_user ~ 'cartodb_publicuser_*' THEN
2015-11-24 19:25:43 +08:00
RAISE EXCEPTION 'The api_key must be provided';
END IF;
2017-03-30 19:18:38 +08:00
<% unless superuser_function? -%>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text);<% end %>
2015-12-03 18:03:10 +08:00
-- JSON value stored "" is taken as literal
IF username IS NULL OR username = '' OR username = '""' THEN
2015-12-03 02:12:11 +08:00
RAISE EXCEPTION 'Username is a mandatory argument, check it out';
END IF;
2017-03-22 23:31:45 +08:00
2017-03-28 16:37:21 +08:00
<% return_statement do %><%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= params(_with_user_org=true).join(', ') %>)<% end %>
2015-11-17 23:28:33 +08:00
END;
2017-11-07 18:45:07 +08:00
$$ LANGUAGE 'plpgsql' SECURITY DEFINER STABLE PARALLEL UNSAFE;