Permissions check and client templates

This commit is contained in:
antoniocarlon 2018-09-05 17:02:02 +02:00
parent 48d82e025a
commit 652242a8f8
3 changed files with 105 additions and 1 deletions

View File

@ -1,33 +1,51 @@
---
- name: cdb_geocode_admin0_polygon
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: country_name, type: text }
- name: cdb_geocode_admin1_polygon
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: admin1_name, type: text }
- name: cdb_geocode_admin1_polygon
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: admin1_name, type: text }
- { name: country_name, type: text }
- name: cdb_geocode_namedplace_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: city_name, type: text}
- name: cdb_geocode_namedplace_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: city_name, type: text}
- { name: country_name, type: text}
- name: cdb_geocode_namedplace_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: city_name, type: text}
- { name: admin1_name, type: text}
@ -35,35 +53,53 @@
- name: cdb_geocode_postalcode_polygon
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: postal_code, type: text}
- { name: country_name, type: text}
- name: cdb_geocode_postalcode_polygon
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: postal_code, type: double precision}
- { name: country_name, type: text}
- name: cdb_geocode_postalcode_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: postal_code, type: text}
- { name: country_name, type: text}
- name: cdb_geocode_postalcode_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: postal_code, type: double precision}
- { name: country_name, type: text}
- name: cdb_geocode_ipaddress_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: ip_address, type: text}
- name: cdb_geocode_street_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: searchtext, type: text}
- { name: city, type: text, default: 'NULL'}
@ -74,11 +110,17 @@
return_type: SETOF cdb_dataservices_client.geocoding
multi_row: true
multi_field: true
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: searches, type: jsonb } # Array of JSON objects with id, address, city, state and country fields
- name: cdb_here_geocode_street_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: searchtext, type: text}
- { name: city, type: text, default: 'NULL'}
@ -87,6 +129,9 @@
- name: cdb_google_geocode_street_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: searchtext, type: text}
- { name: city, type: text, default: 'NULL'}
@ -95,6 +140,9 @@
- name: cdb_mapbox_geocode_street_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: searchtext, type: text}
- { name: city, type: text, default: 'NULL'}
@ -103,6 +151,9 @@
- name: cdb_tomtom_geocode_street_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: searchtext, type: text}
- { name: city, type: text, default: 'NULL'}
@ -111,6 +162,9 @@
- name: cdb_mapzen_geocode_street_point
return_type: Geometry
requires_permission: true
permission_name: geocoding
permission_error: Geocoding is not allowed
params:
- { name: searchtext, type: text}
- { name: city, type: text, default: 'NULL'}
@ -121,6 +175,9 @@
return_type: SETOF cdb_dataservices_client.isoline
multi_row: true
multi_field: true
requires_permission: true
permission_name: isolines
permission_error: Isolines are not allowed
params:
- { name: source, type: "geometry(Geometry, 4326)" }
- { name: mode, type: text }
@ -131,6 +188,9 @@
return_type: SETOF cdb_dataservices_client.isoline
multi_row: true
multi_field: true
requires_permission: true
permission_name: isolines
permission_error: Isolines are not allowed
params:
- { name: source, type: "geometry(Geometry, 4326)" }
- { name: mode, type: text }
@ -141,6 +201,9 @@
return_type: SETOF cdb_dataservices_client.isoline
multi_row: true
multi_field: true
requires_permission: true
permission_name: isolines
permission_error: Isolines are not allowed
params:
- { name: source, type: "geometry(Geometry, 4326)" }
- { name: mode, type: text }
@ -151,6 +214,9 @@
return_type: SETOF cdb_dataservices_client.isoline
multi_row: true
multi_field: true
requires_permission: true
permission_name: isolines
permission_error: Isolines are not allowed
params:
- { name: source, type: "geometry(Geometry, 4326)" }
- { name: mode, type: text }
@ -161,6 +227,9 @@
return_type: SETOF cdb_dataservices_client.isoline
multi_row: true
multi_field: true
requires_permission: true
permission_name: isolines
permission_error: Isolines are not allowed
params:
- { name: source, type: "geometry(Geometry, 4326)" }
- { name: mode, type: text }
@ -171,6 +240,9 @@
return_type: SETOF cdb_dataservices_client.isoline
multi_row: true
multi_field: true
requires_permission: true
permission_name: isolines
permission_error: Isolines are not allowed
params:
- { name: source, type: "geometry(Geometry, 4326)" }
- { name: mode, type: text }
@ -181,6 +253,9 @@
return_type: SETOF cdb_dataservices_client.isoline
multi_row: true
multi_field: true
requires_permission: true
permission_name: isolines
permission_error: Isolines are not allowed
params:
- { name: source, type: "geometry(Geometry, 4326)" }
- { name: mode, type: text }
@ -191,6 +266,9 @@
return_type: SETOF cdb_dataservices_client.isoline
multi_row: true
multi_field: true
requires_permission: true
permission_name: isolines
permission_error: Isolines are not allowed
params:
- { name: source, type: "geometry(Geometry, 4326)" }
- { name: mode, type: text }
@ -200,6 +278,9 @@
- name: cdb_route_point_to_point
return_type: cdb_dataservices_client.simple_route
multi_field: true
requires_permission: true
permission_name: routing
permission_error: Routing is not allowed
params:
- { name: origin, type: "geometry(Point, 4326)" }
- { name: destination, type: "geometry(Point, 4326)" }
@ -210,6 +291,9 @@
- name: cdb_route_with_waypoints
return_type: cdb_dataservices_client.simple_route
multi_field: true
requires_permission: true
permission_name: routing
permission_error: Routing is not allowed
params:
- { name: waypoints, type: "geometry(Point, 4326)[]" }
- { name: mode, type: text }

View File

@ -28,6 +28,18 @@ class SqlTemplateRenderer
@function_signature['return_type']
end
def requires_permission
@function_signature['requires_permission']
end
def permission_name
@function_signature['permission_name']
end
def permission_error
@function_signature['permission_error']
end
def multi_field
@function_signature['multi_field']
end

View File

@ -13,7 +13,15 @@ BEGIN
IF session_user = 'publicuser' OR session_user ~ 'cartodb_publicuser_*' THEN
RAISE EXCEPTION 'The api_key must be provided';
END IF;
<% unless superuser_function? -%>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text);<% end %>
<% unless superuser_function? -%>
<% if requires_permission %>
SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json);
IF NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN
RAISE EXCEPTION '<%= permission_error %>';
END IF;
<% else %>
SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text);
<% end %><% end %>
-- JSON value stored "" is taken as literal
IF username IS NULL OR username = '' OR username = '""' THEN
RAISE EXCEPTION 'Username is a mandatory argument, check it out';