Adds permissions and their tests
This commit is contained in:
Carla Iriberri
parent
5226af7c86
commit
50d1f502f7
@ -11,9 +11,97 @@ PL/pgSQL function cdb_geocoder_client.geocode_admin0_polygons(text) line 5 at SQ
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT cdb_geocoder_client.geocode_admin1_polygon('California');
|
||||
NOTICE: cdb_geocoder_client._geocode_admin1_polygon(3): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_admin1_polygon invoked with params (postgres, some_transaction_id, California)
|
||||
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_admin1_polygon(session_user, txid_current(), admin1_name)"
|
||||
PL/pgSQL function cdb_geocoder_client.geocode_admin1_polygon(text) line 5 at SQL statement
|
||||
geocode_admin1_polygon
|
||||
------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT cdb_geocoder_client.geocode_admin1_polygon('California', 'United States');
|
||||
NOTICE: cdb_geocoder_client._geocode_admin1_polygon(4): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_admin1_polygon invoked with params (postgres, some_transaction_id, California, United States)
|
||||
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_admin1_polygon(session_user, txid_current(), admin1_name, country_name)"
|
||||
PL/pgSQL function cdb_geocoder_client.geocode_admin1_polygon(text,text) line 5 at SQL statement
|
||||
geocode_admin1_polygon
|
||||
------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx');
|
||||
NOTICE: cdb_geocoder_client._geocode_namedplace_point(3): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_namedplace_point invoked with params (postgres, some_transaction_id, Elx)
|
||||
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_namedplace_point(session_user, txid_current(), city_name)"
|
||||
PL/pgSQL function cdb_geocoder_client.geocode_namedplace_point(text) line 5 at SQL statement
|
||||
geocode_namedplace_point
|
||||
--------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx', 'Valencia');
|
||||
NOTICE: cdb_geocoder_client._geocode_namedplace_point(4): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_namedplace_point invoked with params (postgres, some_transaction_id, Elx, Valencia)
|
||||
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_namedplace_point(session_user, txid_current(), city_name, country_name)"
|
||||
PL/pgSQL function cdb_geocoder_client.geocode_namedplace_point(text,text) line 5 at SQL statement
|
||||
geocode_namedplace_point
|
||||
--------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx', 'Valencia', 'Spain');
|
||||
NOTICE: cdb_geocoder_client._geocode_namedplace_point(5): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_namedplace_point invoked with params (postgres, some_transaction_id, Elx, Valencia, Spain)
|
||||
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_namedplace_point(session_user, txid_current(), city_name, admin1_name, country_name)"
|
||||
PL/pgSQL function cdb_geocoder_client.geocode_namedplace_point(text,text,text) line 5 at SQL statement
|
||||
geocode_namedplace_point
|
||||
--------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT cdb_geocoder_client.geocode_postalcode_polygon('03204', 'Spain');
|
||||
NOTICE: cdb_geocoder_client._geocode_postalcode_polygon(4): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_postalcode_polygon invoked with params (postgres, some_transaction_id, 03204, Spain)
|
||||
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_postalcode_polygon(session_user, txid_current(), postal_code, country_name)"
|
||||
PL/pgSQL function cdb_geocoder_client.geocode_postalcode_polygon(text,text) line 5 at SQL statement
|
||||
geocode_postalcode_polygon
|
||||
----------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT cdb_geocoder_client.geocode_postalcode_polygon(3204, 'Spain');
|
||||
NOTICE: cdb_geocoder_client._geocode_postalcode_polygon(4): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_postalcode_polygon invoked with params (postgres, some_transaction_id, 3204, Spain)
|
||||
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_postalcode_polygon(session_user, txid_current(), postal_code, country_name)"
|
||||
PL/pgSQL function cdb_geocoder_client.geocode_postalcode_polygon(integer,text) line 5 at SQL statement
|
||||
geocode_postalcode_polygon
|
||||
----------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT cdb_geocoder_client.geocode_ip('8.8.8.8');
|
||||
NOTICE: cdb_geocoder_client._geocode_ip(3): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_namedplace_point invoked with params (postgres, some_transaction_id, 8.8.8.8)
|
||||
CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_ip(session_user, txid_current(), ip_address)"
|
||||
PL/pgSQL function cdb_geocoder_client.geocode_ip(text) line 5 at SQL statement
|
||||
geocode_ip
|
||||
------------
|
||||
|
||||
(1 row)
|
||||
|
||||
-- Check the regular user has no permissions on private functions
|
||||
SELECT cdb_geocoder_client._geocode_admin0_polygons('evil_user', 666, 'Hell');
|
||||
ERROR: permission denied for function _geocode_admin0_polygons
|
||||
SELECT cdb_geocoder_client._geocode_admin1_polygon('evil_user', 666, 'Hell');
|
||||
ERROR: permission denied for function _geocode_admin1_polygon
|
||||
SELECT cdb_geocoder_client._geocode_admin1_polygon('evil_user', 666, 'Sheol', 'Hell');
|
||||
ERROR: permission denied for function _geocode_admin1_polygon
|
||||
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol');
|
||||
ERROR: permission denied for function _geocode_namedplace_point
|
||||
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol', 'Hell');
|
||||
ERROR: permission denied for function _geocode_namedplace_point
|
||||
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol', 'Hell', 'Ugly world');
|
||||
ERROR: permission denied for function _geocode_namedplace_point
|
||||
SELECT cdb_geocoder_client._geocode_postalcode_polygon('evil_user', 666, '66666', 'Hell');
|
||||
ERROR: permission denied for function _geocode_postalcode_polygon
|
||||
SELECT cdb_geocoder_client._geocode_postalcode_polygon('evil_user', 666, 66666, 'Hell');
|
||||
ERROR: permission denied for function _geocode_postalcode_polygon
|
||||
SELECT cdb_geocoder_client._geocode_ip('evil_user', 666, '8.8.8.8');
|
||||
ERROR: permission denied for function _geocode_ip
|
||||
-- Check the regular user cannot look into config table
|
||||
SELECT * from cdb_geocoder_client._config;
|
||||
ERROR: permission denied for relation _config
|
||||
|
||||
@ -13,3 +13,11 @@ REVOKE EXECUTE ON ALL FUNCTIONS IN SCHEMA cdb_geocoder_client FROM PUBLIC, publi
|
||||
-- Explicitly grant permissions to public functions
|
||||
-- NOTE: All public functions must be listed below, grating permissions to publicuser
|
||||
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_admin0_polygons(country_name text) TO publicuser;
|
||||
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_admin1_polygon(admin1_name text) TO publicuser;
|
||||
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_admin1_polygon(admin1_name text, country_name text) TO publicuser;
|
||||
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_namedplace_point(city_name text) TO publicuser;
|
||||
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_namedplace_point(city_name text, country_name text) TO publicuser;
|
||||
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_namedplace_point(city_name text, admin1_name text, country_name text) TO publicuser;
|
||||
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_postalcode_polygon(postal_code text, country_name text) TO publicuser;
|
||||
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_postalcode_polygon(postal_code integer, country_name text) TO publicuser;
|
||||
GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_ip(ip_address text) TO publicuser;
|
||||
|
||||
@ -4,9 +4,25 @@ SET ROLE test_regular_user;
|
||||
-- Exercise the public function
|
||||
-- it is public, it shall work
|
||||
SELECT cdb_geocoder_client.geocode_admin0_polygons('Spain');
|
||||
SELECT cdb_geocoder_client.geocode_admin1_polygon('California');
|
||||
SELECT cdb_geocoder_client.geocode_admin1_polygon('California', 'United States');
|
||||
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx');
|
||||
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx', 'Valencia');
|
||||
SELECT cdb_geocoder_client.geocode_namedplace_point('Elx', 'Valencia', 'Spain');
|
||||
SELECT cdb_geocoder_client.geocode_postalcode_polygon('03204', 'Spain');
|
||||
SELECT cdb_geocoder_client.geocode_postalcode_polygon(3204, 'Spain');
|
||||
SELECT cdb_geocoder_client.geocode_ip('8.8.8.8');
|
||||
|
||||
-- Check the regular user has no permissions on private functions
|
||||
SELECT cdb_geocoder_client._geocode_admin0_polygons('evil_user', 666, 'Hell');
|
||||
SELECT cdb_geocoder_client._geocode_admin1_polygon('evil_user', 666, 'Hell');
|
||||
SELECT cdb_geocoder_client._geocode_admin1_polygon('evil_user', 666, 'Sheol', 'Hell');
|
||||
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol');
|
||||
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol', 'Hell');
|
||||
SELECT cdb_geocoder_client._geocode_namedplace_point('evil_user', 666, 'Sheol', 'Hell', 'Ugly world');
|
||||
SELECT cdb_geocoder_client._geocode_postalcode_polygon('evil_user', 666, '66666', 'Hell');
|
||||
SELECT cdb_geocoder_client._geocode_postalcode_polygon('evil_user', 666, 66666, 'Hell');
|
||||
SELECT cdb_geocoder_client._geocode_ip('evil_user', 666, '8.8.8.8');
|
||||
|
||||
-- Check the regular user cannot look into config table
|
||||
SELECT * from cdb_geocoder_client._config;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user