Merge pull request #22 from CartoDB/set-permissions-properly

Add code to setup permissions properly
2015-11-12 10:25:30 +01:00 · 2015-11-12 10:25:30 +01:00 · 0df2845076
commit 0df2845076
parent 4e7525cc88 a7748f71c3
5 changed files with 55 additions and 0 deletions
--- a/client/expected/00_installation_test.out
+++ b/client/expected/00_installation_test.out
@ -12,3 +12,7 @@ SELECT cdb_geocoder_client._config_set('db_server_config', '{"connection_str": "

 -- Mock the server schema
 CREATE SCHEMA cdb_geocoder_server;
+-- Create a test user to check permissions
+DROP ROLE IF EXISTS test_regular_user;
+CREATE ROLE test_regular_user;
+GRANT publicuser TO test_regular_user;
--- a/client/expected/90_permissions_test.out
+++ b/client/expected/90_permissions_test.out
@ -0,0 +1,19 @@
+-- Use regular user role
+SET ROLE test_regular_user;
+-- Exercise the public function
+-- it is public, it shall work
+SELECT cdb_geocoder_client.geocode_admin0_polygons('Spain');
+NOTICE:  cdb_geocoder_client._geocode_admin0_polygons(3): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_admin0_polygons invoked with params (postgres, some_transaction_id, Spain)
+CONTEXT:  SQL statement "SELECT cdb_geocoder_client._geocode_admin0_polygons(session_user, txid_current(), country_name)"
+PL/pgSQL function cdb_geocoder_client.geocode_admin0_polygons(text) line 5 at SQL statement
+ geocode_admin0_polygons 
+-------------------------
+ 
+(1 row)
+
+-- Check the regular user has no permissions on private functions
+SELECT cdb_geocoder_client._geocode_admin0_polygons('evil_user', 666, 'Hell');
+ERROR:  permission denied for function _geocode_admin0_polygons
+-- Check the regular user cannot look into config table
+SELECT * from cdb_geocoder_client._config;
+ERROR:  permission denied for relation _config
--- a/client/sql/0.0.1/90_permissions.sql
+++ b/client/sql/0.0.1/90_permissions.sql
@ -0,0 +1,15 @@
+-- Make sure by default there are no permissions for publicuser
+-- NOTE: this happens at extension creation time, as part of an implicit transaction.
+REVOKE ALL PRIVILEGES ON SCHEMA cdb_geocoder_client FROM PUBLIC, publicuser CASCADE;
+
+-- Grant permissions on the schema to publicuser (but just the schema)
+GRANT USAGE ON SCHEMA cdb_geocoder_client TO publicuser;
+
+-- Revoke execute permissions on all functions in the schema by default
+REVOKE EXECUTE ON ALL FUNCTIONS IN SCHEMA cdb_geocoder_client FROM PUBLIC, publicuser;
+
+--------------------------------------------------------------------------------
+
+-- Explicitly grant permissions to public functions
+-- NOTE: All public functions must be listed below, grating permissions to publicuser
+GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_admin0_polygons(country_name text) TO publicuser;
--- a/client/sql/00_installation_test.sql
+++ b/client/sql/00_installation_test.sql
@ -10,3 +10,8 @@ SELECT cdb_geocoder_client._config_set('db_server_config', '{"connection_str": "

 -- Mock the server schema
 CREATE SCHEMA cdb_geocoder_server;
+
+-- Create a test user to check permissions
+DROP ROLE IF EXISTS test_regular_user;
+CREATE ROLE test_regular_user;
+GRANT publicuser TO test_regular_user;
--- a/client/sql/90_permissions_test.sql
+++ b/client/sql/90_permissions_test.sql
@ -0,0 +1,12 @@
+-- Use regular user role
+SET ROLE test_regular_user;
+
+-- Exercise the public function
+-- it is public, it shall work
+SELECT cdb_geocoder_client.geocode_admin0_polygons('Spain');
+
+-- Check the regular user has no permissions on private functions
+SELECT cdb_geocoder_client._geocode_admin0_polygons('evil_user', 666, 'Hell');
+
+-- Check the regular user cannot look into config table
+SELECT * from cdb_geocoder_client._config;