Permissions check and client templates
This commit is contained in:
parent
652242a8f8
commit
2a2ae481fb
@ -9,13 +9,17 @@ RETURNS <%= return_type %> AS $$
|
||||
DECLARE
|
||||
<%= return_declaration if not multi_row %>
|
||||
<%= user_org_declaration %>
|
||||
<% unless superuser_function? -%>
|
||||
appname TEXT;
|
||||
apikey_permissions JSON;
|
||||
<% end %>
|
||||
BEGIN
|
||||
IF session_user = 'publicuser' OR session_user ~ 'cartodb_publicuser_*' THEN
|
||||
RAISE EXCEPTION 'The api_key must be provided';
|
||||
END IF;
|
||||
<% unless superuser_function? -%>
|
||||
<% if requires_permission %>
|
||||
SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json);
|
||||
<% if requires_permission %>
|
||||
IF NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN
|
||||
RAISE EXCEPTION '<%= permission_error %>';
|
||||
END IF;
|
||||
|
@ -1,6 +1,8 @@
|
||||
CREATE TYPE cdb_dataservices_client._entity_config AS (
|
||||
username text,
|
||||
organization_name text
|
||||
organization_name text,
|
||||
application_name text,
|
||||
apikey_permissions json
|
||||
);
|
||||
|
||||
--
|
||||
@ -13,10 +15,13 @@ CREATE OR REPLACE FUNCTION cdb_dataservices_client._cdb_entity_config()
|
||||
RETURNS record AS $$
|
||||
DECLARE
|
||||
result cdb_dataservices_client._entity_config;
|
||||
apikey_config json;
|
||||
is_organization boolean;
|
||||
username text;
|
||||
organization_name text;
|
||||
BEGIN
|
||||
SELECT cartodb.cdb_conf_getconf('api_keys_'||session_user) INTO apikey_config;
|
||||
|
||||
SELECT cartodb.cdb_conf_getconf('user_config')->'is_organization' INTO is_organization;
|
||||
IF is_organization IS NULL THEN
|
||||
RAISE EXCEPTION 'User must have user configuration in the config table';
|
||||
@ -32,6 +37,8 @@ BEGIN
|
||||
END IF;
|
||||
result.username = username;
|
||||
result.organization_name = organization_name;
|
||||
result.application_name = apikey_config->'application';
|
||||
result.apikey_permissions = apikey_config->'permissions';
|
||||
RETURN result;
|
||||
END;
|
||||
$$ LANGUAGE 'plpgsql' SECURITY DEFINER STABLE PARALLEL SAFE;
|
||||
|
Loading…
Reference in New Issue
Block a user