dataservices-api/client/renderer/templates/20_public_functions.erb

31 lines
1.6 KiB
Plaintext
Raw Normal View History

--
2016-04-19 21:16:10 +08:00
-- Public dataservices API function
--
-- These are the only ones with permissions to publicuser role
-- and should also be the only ones with SECURITY DEFINER
CREATE OR REPLACE FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>.<%= name %> (<%= params_with_type_and_default.join(' ,') %>)
2015-11-19 01:38:06 +08:00
RETURNS <%= return_type %> AS $$
DECLARE
<%= return_declaration if not multi_row %>
<%= user_org_declaration %>
2018-09-10 18:54:37 +08:00
<% unless superuser_function? -%>apikey_permissions json;<% end %>
BEGIN
2018-09-11 17:07:59 +08:00
<% unless requires_permission %>IF session_user = 'publicuser' OR session_user ~ 'cartodb_publicuser_*' THEN
RAISE EXCEPTION 'The api_key must be provided';
2018-09-11 17:07:59 +08:00
END IF;<% end %>
2018-09-10 18:54:37 +08:00
<% unless superuser_function? -%>SELECT u, o, p INTO username, orgname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, p json);
2018-09-06 21:40:41 +08:00
<% if requires_permission %>IF apikey_permissions IS NULL OR NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN
2018-09-10 22:54:25 +08:00
RAISE EXCEPTION '<%= permission_error %>' USING ERRCODE = '01007';
2018-09-10 22:45:31 +08:00
END IF;<% end %>
<% else %>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text, p json);<% end %>
-- JSON value stored "" is taken as literal
IF username IS NULL OR username = '' OR username = '""' THEN
2015-12-03 02:12:11 +08:00
RAISE EXCEPTION 'Username is a mandatory argument, check it out';
END IF;
<% return_statement do %><%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= params(_with_user_org=true).join(', ') %>)<% end %>
END;
2019-10-07 22:23:07 +08:00
$$ LANGUAGE 'plpgsql' SECURITY DEFINER STABLE PARALLEL UNSAFE
SET search_path = pg_temp;