Adds permissions and their tests
This commit is contained in:
Carla Iriberri
parent
5226af7c86
commit
50d1f502f7
@ -11,9 +11,97 @@ PL/pgSQL function cdb_geocoder_client.geocode_admin0_polygons(text) line 5 at SQ
|
|||||||
|
|
||||||
(1 row)
|
(1 row)
|
||||||
|
|
||||||
|
SELECT cdb_geocoder_client.geocode_admin1_polygon('California');
|
||||||
|
NOTICE: cdb_geocoder_client._geocode_admin1_polygon(3): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_admin1_polygon invoked with params (postgres, some_transaction_id, California)
|
||||||
|
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_admin1_polygon(session_user, txid_current(), admin1_name)"
|
||||||
|
PL/pgSQL function cdb_geocoder_client.geocode_admin1_polygon(text) line 5 at SQL statement
|
||||||
|
geocode_admin1_polygon
|
||||||
|
------------------------
|
||||||
|
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
SELECT cdb_geocoder_client.geocode_admin1_polygon('California', 'United States');
|
||||||
|
NOTICE: cdb_geocoder_client._geocode_admin1_polygon(4): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_admin1_polygon invoked with params (postgres, some_transaction_id, California, United States)
|
||||||
|
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_admin1_polygon(session_user, txid_current(), admin1_name, country_name)"
|
||||||
|
PL/pgSQL function cdb_geocoder_client.geocode_admin1_polygon(text,text) line 5 at SQL statement
|
||||||
|
geocode_admin1_polygon
|
||||||
|
------------------------
|
||||||
|
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx');
|
||||||
|
NOTICE: cdb_geocoder_client._geocode_namedplace_point(3): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_namedplace_point invoked with params (postgres, some_transaction_id, Elx)
|
||||||
|
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_namedplace_point(session_user, txid_current(), city_name)"
|
||||||
|
PL/pgSQL function cdb_geocoder_client.geocode_namedplace_point(text) line 5 at SQL statement
|
||||||
|
geocode_namedplace_point
|
||||||
|
--------------------------
|
||||||
|
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx', 'Valencia');
|
||||||
|
NOTICE: cdb_geocoder_client._geocode_namedplace_point(4): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_namedplace_point invoked with params (postgres, some_transaction_id, Elx, Valencia)
|
||||||
|
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_namedplace_point(session_user, txid_current(), city_name, country_name)"
|
||||||
|
PL/pgSQL function cdb_geocoder_client.geocode_namedplace_point(text,text) line 5 at SQL statement
|
||||||
|
geocode_namedplace_point
|
||||||
|
--------------------------
|
||||||
|
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx', 'Valencia', 'Spain');
|
||||||
|
NOTICE: cdb_geocoder_client._geocode_namedplace_point(5): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_namedplace_point invoked with params (postgres, some_transaction_id, Elx, Valencia, Spain)
|
||||||
|
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_namedplace_point(session_user, txid_current(), city_name, admin1_name, country_name)"
|
||||||
|
PL/pgSQL function cdb_geocoder_client.geocode_namedplace_point(text,text,text) line 5 at SQL statement
|
||||||
|
geocode_namedplace_point
|
||||||
|
--------------------------
|
||||||
|
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
SELECT cdb_geocoder_client.geocode_postalcode_polygon('03204', 'Spain');
|
||||||
|
NOTICE: cdb_geocoder_client._geocode_postalcode_polygon(4): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_postalcode_polygon invoked with params (postgres, some_transaction_id, 03204, Spain)
|
||||||
|
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_postalcode_polygon(session_user, txid_current(), postal_code, country_name)"
|
||||||
|
PL/pgSQL function cdb_geocoder_client.geocode_postalcode_polygon(text,text) line 5 at SQL statement
|
||||||
|
geocode_postalcode_polygon
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
SELECT cdb_geocoder_client.geocode_postalcode_polygon(3204, 'Spain');
|
||||||
|
NOTICE: cdb_geocoder_client._geocode_postalcode_polygon(4): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_postalcode_polygon invoked with params (postgres, some_transaction_id, 3204, Spain)
|
||||||
|
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_postalcode_polygon(session_user, txid_current(), postal_code, country_name)"
|
||||||
|
PL/pgSQL function cdb_geocoder_client.geocode_postalcode_polygon(integer,text) line 5 at SQL statement
|
||||||
|
geocode_postalcode_polygon
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
SELECT cdb_geocoder_client.geocode_ip('8.8.8.8');
|
||||||
|
NOTICE: cdb_geocoder_client._geocode_ip(3): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_namedplace_point invoked with params (postgres, some_transaction_id, 8.8.8.8)
|
||||||
|
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_ip(session_user, txid_current(), ip_address)"
|
||||||
|
PL/pgSQL function cdb_geocoder_client.geocode_ip(text) line 5 at SQL statement
|
||||||
|
geocode_ip
|
||||||
|
------------
|
||||||
|
|
||||||
|
(1 row)
|
||||||
|
|
||||||
-- Check the regular user has no permissions on private functions
|
-- Check the regular user has no permissions on private functions
|
||||||
SELECT cdb_geocoder_client._geocode_admin0_polygons('evil_user', 666, 'Hell');
|
SELECT cdb_geocoder_client._geocode_admin0_polygons('evil_user', 666, 'Hell');
|
||||||
ERROR: permission denied for function _geocode_admin0_polygons
|
ERROR: permission denied for function _geocode_admin0_polygons
|
||||||
|
SELECT cdb_geocoder_client._geocode_admin1_polygon('evil_user', 666, 'Hell');
|
||||||
|
ERROR: permission denied for function _geocode_admin1_polygon
|
||||||
|
SELECT cdb_geocoder_client._geocode_admin1_polygon('evil_user', 666, 'Sheol', 'Hell');
|
||||||
|
ERROR: permission denied for function _geocode_admin1_polygon
|
||||||
|
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol');
|
||||||
|
ERROR: permission denied for function _geocode_namedplace_point
|
||||||
|
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol', 'Hell');
|
||||||
|
ERROR: permission denied for function _geocode_namedplace_point
|
||||||
|
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol', 'Hell', 'Ugly world');
|
||||||
|
ERROR: permission denied for function _geocode_namedplace_point
|
||||||
|
SELECT cdb_geocoder_client._geocode_postalcode_polygon('evil_user', 666, '66666', 'Hell');
|
||||||
|
ERROR: permission denied for function _geocode_postalcode_polygon
|
||||||
|
SELECT cdb_geocoder_client._geocode_postalcode_polygon('evil_user', 666, 66666, 'Hell');
|
||||||
|
ERROR: permission denied for function _geocode_postalcode_polygon
|
||||||
|
SELECT cdb_geocoder_client._geocode_ip('evil_user', 666, '8.8.8.8');
|
||||||
|
ERROR: permission denied for function _geocode_ip
|
||||||
-- Check the regular user cannot look into config table
|
-- Check the regular user cannot look into config table
|
||||||
SELECT * from cdb_geocoder_client._config;
|
SELECT * from cdb_geocoder_client._config;
|
||||||
ERROR: permission denied for relation _config
|
ERROR: permission denied for relation _config
|
||||||
|
|||||||
@ -13,3 +13,11 @@ REVOKE EXECUTE ON ALL FUNCTIONS IN SCHEMA cdb_geocoder_client FROM PUBLIC, publi
|
|||||||
-- Explicitly grant permissions to public functions
|
-- Explicitly grant permissions to public functions
|
||||||
-- NOTE: All public functions must be listed below, grating permissions to publicuser
|
-- NOTE: All public functions must be listed below, grating permissions to publicuser
|
||||||
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_admin0_polygons(country_name text) TO publicuser;
|
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_admin0_polygons(country_name text) TO publicuser;
|
||||||
|
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_admin1_polygon(admin1_name text) TO publicuser;
|
||||||
|
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_admin1_polygon(admin1_name text, country_name text) TO publicuser;
|
||||||
|
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_namedplace_point(city_name text) TO publicuser;
|
||||||
|
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_namedplace_point(city_name text, country_name text) TO publicuser;
|
||||||
|
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_namedplace_point(city_name text, admin1_name text, country_name text) TO publicuser;
|
||||||
|
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_postalcode_polygon(postal_code text, country_name text) TO publicuser;
|
||||||
|
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_postalcode_polygon(postal_code integer, country_name text) TO publicuser;
|
||||||
|
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_ip(ip_address text) TO publicuser;
|
||||||
|
|||||||
@ -4,9 +4,25 @@ SET ROLE test_regular_user;
|
|||||||
-- Exercise the public function
|
-- Exercise the public function
|
||||||
-- it is public, it shall work
|
-- it is public, it shall work
|
||||||
SELECT cdb_geocoder_client.geocode_admin0_polygons('Spain');
|
SELECT cdb_geocoder_client.geocode_admin0_polygons('Spain');
|
||||||
|
SELECT cdb_geocoder_client.geocode_admin1_polygon('California');
|
||||||
|
SELECT cdb_geocoder_client.geocode_admin1_polygon('California', 'United States');
|
||||||
|
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx');
|
||||||
|
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx', 'Valencia');
|
||||||
|
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx', 'Valencia', 'Spain');
|
||||||
|
SELECT cdb_geocoder_client.geocode_postalcode_polygon('03204', 'Spain');
|
||||||
|
SELECT cdb_geocoder_client.geocode_postalcode_polygon(3204, 'Spain');
|
||||||
|
SELECT cdb_geocoder_client.geocode_ip('8.8.8.8');
|
||||||
|
|
||||||
-- Check the regular user has no permissions on private functions
|
-- Check the regular user has no permissions on private functions
|
||||||
SELECT cdb_geocoder_client._geocode_admin0_polygons('evil_user', 666, 'Hell');
|
SELECT cdb_geocoder_client._geocode_admin0_polygons('evil_user', 666, 'Hell');
|
||||||
|
SELECT cdb_geocoder_client._geocode_admin1_polygon('evil_user', 666, 'Hell');
|
||||||
|
SELECT cdb_geocoder_client._geocode_admin1_polygon('evil_user', 666, 'Sheol', 'Hell');
|
||||||
|
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol');
|
||||||
|
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol', 'Hell');
|
||||||
|
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol', 'Hell', 'Ugly world');
|
||||||
|
SELECT cdb_geocoder_client._geocode_postalcode_polygon('evil_user', 666, '66666', 'Hell');
|
||||||
|
SELECT cdb_geocoder_client._geocode_postalcode_polygon('evil_user', 666, 66666, 'Hell');
|
||||||
|
SELECT cdb_geocoder_client._geocode_ip('evil_user', 666, '8.8.8.8');
|
||||||
|
|
||||||
-- Check the regular user cannot look into config table
|
-- Check the regular user cannot look into config table
|
||||||
SELECT * from cdb_geocoder_client._config;
|
SELECT * from cdb_geocoder_client._config;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user