From 29117d32b0ff7acecb09ff3bf00e19d614f5119b Mon Sep 17 00:00:00 2001
From: Javier Torres <jtorres@carto.com>
Date: Wed, 14 Feb 2018 16:54:53 +0100
Subject: [PATCH] Comment explaining the quota trigger GRANT

---
 app/models/carto/api_key.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/models/carto/api_key.rb b/app/models/carto/api_key.rb
index 869b09a224..e764917ea0 100644
--- a/app/models/carto/api_key.rb
+++ b/app/models/carto/api_key.rb
@@ -197,6 +197,11 @@ module Carto
         "ALTER ROLE \"#{db_role}\" SET search_path TO #{user.db_service.build_search_path}"
       ]
 
+      # This is GRANTED to the organizational role for organization users, and the PUBLIC users for non-orgs
+      # We do not want to grant the organization role to the Api Keys, since that also opens access to the analysis
+      # catalog and tablemetadata. To be more consistent, we should probably GRANT this to the organization public
+      # user instead, but that has the downside of leaking quotas to the public.
+      # This works for now, but if you are adding new permissions, please reconsider this decision.
       if user.organization_user?
         queries << "GRANT ALL ON FUNCTION \"#{user.database_schema}\"._CDB_UserQuotaInBytes() TO \"#{db_role}\""
       end