Permissions check and client templates

This commit is contained in:
antoniocarlon 2018-09-05 17:28:15 +02:00
parent 652242a8f8
commit 2a2ae481fb
2 changed files with 13 additions and 2 deletions

View File

@ -9,13 +9,17 @@ RETURNS <%= return_type %> AS $$
DECLARE
<%= return_declaration if not multi_row %>
<%= user_org_declaration %>
<% unless superuser_function? -%>
appname TEXT;
apikey_permissions JSON;
<% end %>
BEGIN
IF session_user = 'publicuser' OR session_user ~ 'cartodb_publicuser_*' THEN
RAISE EXCEPTION 'The api_key must be provided';
END IF;
<% unless superuser_function? -%>
<% if requires_permission %>
SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json);
<% if requires_permission %>
IF NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN
RAISE EXCEPTION '<%= permission_error %>';
END IF;

View File

@ -1,6 +1,8 @@
CREATE TYPE cdb_dataservices_client._entity_config AS (
username text,
organization_name text
organization_name text,
application_name text,
apikey_permissions json
);
--
@ -13,10 +15,13 @@ CREATE OR REPLACE FUNCTION cdb_dataservices_client._cdb_entity_config()
RETURNS record AS $$
DECLARE
result cdb_dataservices_client._entity_config;
apikey_config json;
is_organization boolean;
username text;
organization_name text;
BEGIN
SELECT cartodb.cdb_conf_getconf('api_keys_'||session_user) INTO apikey_config;
SELECT cartodb.cdb_conf_getconf('user_config')->'is_organization' INTO is_organization;
IF is_organization IS NULL THEN
RAISE EXCEPTION 'User must have user configuration in the config table';
@ -32,6 +37,8 @@ BEGIN
END IF;
result.username = username;
result.organization_name = organization_name;
result.application_name = apikey_config->'application';
result.apikey_permissions = apikey_config->'permissions';
RETURN result;
END;
$$ LANGUAGE 'plpgsql' SECURITY DEFINER STABLE PARALLEL SAFE;