Permissions check and client templates

2018-09-05 17:02:02 +02:00 · 2018-09-05 17:02:02 +02:00 · 652242a8f8
commit 652242a8f8
parent 48d82e025a
3 changed files with 105 additions and 1 deletions
--- a/client/renderer/interface.yaml
+++ b/client/renderer/interface.yaml
@ -1,33 +1,51 @@
 ---
 - name: cdb_geocode_admin0_polygon
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: country_name, type: text }

 - name: cdb_geocode_admin1_polygon
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: admin1_name, type: text }

 - name: cdb_geocode_admin1_polygon
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: admin1_name,  type: text }
    - { name: country_name, type: text }

 - name: cdb_geocode_namedplace_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: city_name, type: text}

 - name: cdb_geocode_namedplace_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: city_name,    type: text}
    - { name: country_name, type: text}

 - name: cdb_geocode_namedplace_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: city_name,    type: text}
    - { name: admin1_name,  type: text}
@ -35,35 +53,53 @@

 - name: cdb_geocode_postalcode_polygon
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: postal_code,  type: text}
    - { name: country_name, type: text}

 - name: cdb_geocode_postalcode_polygon
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: postal_code,  type: double precision}
    - { name: country_name, type: text}

 - name: cdb_geocode_postalcode_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: postal_code,  type: text}
    - { name: country_name, type: text}

 - name: cdb_geocode_postalcode_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: postal_code,  type: double precision}
    - { name: country_name, type: text}

 - name: cdb_geocode_ipaddress_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: ip_address,  type: text}

 - name: cdb_geocode_street_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: searchtext,  type: text}
    - { name: city,  type: text, default: 'NULL'}
@ -74,11 +110,17 @@
  return_type: SETOF cdb_dataservices_client.geocoding
  multi_row: true
  multi_field: true
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: searches,  type: jsonb } # Array of JSON objects with id, address, city, state and country fields

 - name: cdb_here_geocode_street_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: searchtext,  type: text}
    - { name: city,  type: text, default: 'NULL'}
@ -87,6 +129,9 @@

 - name: cdb_google_geocode_street_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: searchtext,  type: text}
    - { name: city,  type: text, default: 'NULL'}
@ -95,6 +140,9 @@

 - name: cdb_mapbox_geocode_street_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: searchtext,  type: text}
    - { name: city,  type: text, default: 'NULL'}
@ -103,6 +151,9 @@

 - name: cdb_tomtom_geocode_street_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: searchtext,  type: text}
    - { name: city,  type: text, default: 'NULL'}
@ -111,6 +162,9 @@

 - name: cdb_mapzen_geocode_street_point
  return_type: Geometry
+  requires_permission: true
+  permission_name: geocoding
+  permission_error: Geocoding is not allowed
  params:
    - { name: searchtext,  type: text}
    - { name: city,  type: text, default: 'NULL'}
@ -121,6 +175,9 @@
  return_type: SETOF cdb_dataservices_client.isoline
  multi_row: true
  multi_field: true
+  requires_permission: true
+  permission_name: isolines
+  permission_error: Isolines are not allowed
  params:
    - { name: source,  type: "geometry(Geometry, 4326)" }
    - { name: mode, type: text }
@ -131,6 +188,9 @@
  return_type: SETOF cdb_dataservices_client.isoline
  multi_row: true
  multi_field: true
+  requires_permission: true
+  permission_name: isolines
+  permission_error: Isolines are not allowed
  params:
    - { name: source,  type: "geometry(Geometry, 4326)" }
    - { name: mode, type: text }
@ -141,6 +201,9 @@
  return_type: SETOF cdb_dataservices_client.isoline
  multi_row: true
  multi_field: true
+  requires_permission: true
+  permission_name: isolines
+  permission_error: Isolines are not allowed
  params:
    - { name: source,  type: "geometry(Geometry, 4326)" }
    - { name: mode, type: text }
@ -151,6 +214,9 @@
  return_type: SETOF cdb_dataservices_client.isoline
  multi_row: true
  multi_field: true
+  requires_permission: true
+  permission_name: isolines
+  permission_error: Isolines are not allowed
  params:
    - { name: source,  type: "geometry(Geometry, 4326)" }
    - { name: mode, type: text }
@ -161,6 +227,9 @@
  return_type: SETOF cdb_dataservices_client.isoline
  multi_row: true
  multi_field: true
+  requires_permission: true
+  permission_name: isolines
+  permission_error: Isolines are not allowed
  params:
    - { name: source,  type: "geometry(Geometry, 4326)" }
    - { name: mode, type: text }
@ -171,6 +240,9 @@
  return_type: SETOF cdb_dataservices_client.isoline
  multi_row: true
  multi_field: true
+  requires_permission: true
+  permission_name: isolines
+  permission_error: Isolines are not allowed
  params:
    - { name: source,  type: "geometry(Geometry, 4326)" }
    - { name: mode, type: text }
@ -181,6 +253,9 @@
  return_type: SETOF cdb_dataservices_client.isoline
  multi_row: true
  multi_field: true
+  requires_permission: true
+  permission_name: isolines
+  permission_error: Isolines are not allowed
  params:
    - { name: source,  type: "geometry(Geometry, 4326)" }
    - { name: mode, type: text }
@ -191,6 +266,9 @@
  return_type: SETOF cdb_dataservices_client.isoline
  multi_row: true
  multi_field: true
+  requires_permission: true
+  permission_name: isolines
+  permission_error: Isolines are not allowed
  params:
    - { name: source,  type: "geometry(Geometry, 4326)" }
    - { name: mode, type: text }
@ -200,6 +278,9 @@
 - name: cdb_route_point_to_point
  return_type: cdb_dataservices_client.simple_route
  multi_field: true
+  requires_permission: true
+  permission_name: routing
+  permission_error: Routing is not allowed
  params:
    - { name: origin,  type: "geometry(Point, 4326)" }
    - { name: destination,  type: "geometry(Point, 4326)" }
@ -210,6 +291,9 @@
 - name: cdb_route_with_waypoints
  return_type: cdb_dataservices_client.simple_route
  multi_field: true
+  requires_permission: true
+  permission_name: routing
+  permission_error: Routing is not allowed
  params:
    - { name: waypoints,  type: "geometry(Point, 4326)[]" }
    - { name: mode, type: text }
--- a/client/renderer/sql-template-renderer
+++ b/client/renderer/sql-template-renderer
@ -28,6 +28,18 @@ class SqlTemplateRenderer
    @function_signature['return_type']
  end

+  def requires_permission
+    @function_signature['requires_permission']
+  end
+
+  def permission_name
+    @function_signature['permission_name']
+  end
+
+  def permission_error
+    @function_signature['permission_error']
+  end
+
  def multi_field
    @function_signature['multi_field']
  end
--- a/client/renderer/templates/20_public_functions.erb
+++ b/client/renderer/templates/20_public_functions.erb
@ -13,7 +13,15 @@ BEGIN
  IF session_user = 'publicuser' OR session_user ~ 'cartodb_publicuser_*' THEN
    RAISE EXCEPTION 'The api_key must be provided';
  END IF;
-  <% unless superuser_function? -%>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text);<% end %>
+  <% unless superuser_function? -%>
+  <% if requires_permission %>
+  SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json);
+  IF NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN
+    RAISE EXCEPTION '<%= permission_error %>';
+  END IF;
+  <% else %>
+  SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text);
+  <% end %><% end %>
  -- JSON value stored "" is taken as literal
  IF username IS NULL OR username = '' OR username = '""' THEN
    RAISE EXCEPTION 'Username is a mandatory argument, check it out';