Fixed permission check

This commit is contained in:
antoniocarlon 2018-09-06 15:40:41 +02:00
parent 8a8970efa8
commit ca717ed123
3 changed files with 3 additions and 3 deletions

View File

@ -16,7 +16,7 @@ BEGIN
RAISE EXCEPTION 'The api_key must be provided'; RAISE EXCEPTION 'The api_key must be provided';
END IF; END IF;
<% unless superuser_function? -%>SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json); <% unless superuser_function? -%>SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json);
<% if requires_permission %>IF NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN <% if requires_permission %>IF apikey_permissions IS NULL OR NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN
RAISE EXCEPTION '<%= permission_error %>'; RAISE EXCEPTION '<%= permission_error %>';
END IF; END IF;
<% else %>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text, a text, p json);<% end %><% end %> <% else %>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text, a text, p json);<% end %><% end %>

View File

@ -17,7 +17,7 @@ BEGIN
RAISE EXCEPTION 'The api_key must be provided'; RAISE EXCEPTION 'The api_key must be provided';
END IF; END IF;
<% unless superuser_function? -%>SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json); <% unless superuser_function? -%>SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json);
<% if requires_permission %>IF NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN <% if requires_permission %>IF apikey_permissions IS NULL OR NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN
RAISE EXCEPTION '<%= permission_error %>'; RAISE EXCEPTION '<%= permission_error %>';
END IF; END IF;
<% else %>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text, a text, p json);<% end %><% end %> <% else %>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text, a text, p json);<% end %><% end %>

View File

@ -22,7 +22,7 @@ BEGIN
RAISE EXCEPTION 'The api_key must be provided'; RAISE EXCEPTION 'The api_key must be provided';
END IF; END IF;
SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json); SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json);
IF NOT apikey_permissions::jsonb ? 'geocoding' THEN IF apikey_permissions IS NULL OR NOT apikey_permissions::jsonb ? 'geocoding' THEN
RAISE EXCEPTION 'Geocoding is not allowed'; RAISE EXCEPTION 'Geocoding is not allowed';
END IF; END IF;