cartodb4/dataservices-api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed permission check

Browse Source
This commit is contained in:
antoniocarlon 2018-09-06 15:40:41 +02:00
parent 8a8970efa8
commit ca717ed123
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/renderer/templates/20_public_functions.erb
View File

@ -16,7 +16,7 @@ BEGIN
RAISE EXCEPTION 'The api_key must be provided'; RAISE EXCEPTION 'The api_key must be provided';
END IF; END IF;
<% unless superuser_function? -%>SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json); <% unless superuser_function? -%>SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json);
<% if requires_permission %>IF NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN <% if requires_permission %>IF apikey_permissions IS NULL OR NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN
RAISE EXCEPTION '<%= permission_error %>'; RAISE EXCEPTION '<%= permission_error %>';
END IF; END IF;
<% else %>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text, a text, p json);<% end %><% end %> <% else %>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text, a text, p json);<% end %><% end %>

2
client/renderer/templates/25_exception_safe_private_functions.erb
View File

@ -17,7 +17,7 @@ BEGIN
RAISE EXCEPTION 'The api_key must be provided'; RAISE EXCEPTION 'The api_key must be provided';
END IF; END IF;
<% unless superuser_function? -%>SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json); <% unless superuser_function? -%>SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json);
<% if requires_permission %>IF NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN <% if requires_permission %>IF apikey_permissions IS NULL OR NOT apikey_permissions::jsonb ? '<%= permission_name %>' THEN
RAISE EXCEPTION '<%= permission_error %>'; RAISE EXCEPTION '<%= permission_error %>';
END IF; END IF;
<% else %>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text, a text, p json);<% end %><% end %> <% else %>SELECT u, o INTO username, orgname FROM <%= DATASERVICES_CLIENT_SCHEMA %>._cdb_entity_config() AS (u text, o text, a text, p json);<% end %><% end %>

2
client/sql/21_bulk_geocoding_functions.sql
View File

@ -22,7 +22,7 @@ BEGIN
RAISE EXCEPTION 'The api_key must be provided'; RAISE EXCEPTION 'The api_key must be provided';
END IF; END IF;
SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json); SELECT u, o, a, p INTO username, orgname, appname, apikey_permissions FROM cdb_dataservices_client._cdb_entity_config() AS (u text, o text, a text, p json);
IF NOT apikey_permissions::jsonb ? 'geocoding' THEN IF apikey_permissions IS NULL OR NOT apikey_permissions::jsonb ? 'geocoding' THEN
RAISE EXCEPTION 'Geocoding is not allowed'; RAISE EXCEPTION 'Geocoding is not allowed';
END IF; END IF;