Show ownership of tables as part of the table permissions

5 years ago · 8c0e72bc33
parent 8b0b8fabb2
commit 8c0e72bc33
5 changed files with 62 additions and 14 deletions
--- a/app/controllers/carto/api/api_key_presenter.rb
+++ b/app/controllers/carto/api/api_key_presenter.rb
@ -56,6 +56,7 @@ module Carto
          {
            schema: p.schema,
            name: p.name,
+            owner: p.owner,
            permissions: p.permissions
          }
        end
--- a/app/models/carto/api_key.rb
+++ b/app/models/carto/api_key.rb
@ -192,21 +192,41 @@ module Carto

    def table_permissions_from_db
      query = %{
-        SELECT
-          table_schema,
-          table_name,
-          string_agg(DISTINCT lower(privilege_type),',') privilege_types
-        FROM
-          information_schema.table_privileges tp
-        WHERE
-          tp.grantee = '#{db_role}'
-        GROUP BY
-          table_schema,
-          table_name;
+          WITH permissions AS (
+            SELECT
+                table_schema,
+                table_name,
+                string_agg(DISTINCT lower(privilege_type),',') privilege_types
+            FROM
+                information_schema.table_privileges tp
+            WHERE
+                tp.grantee = '#{db_role}'
+            GROUP BY
+                table_schema,
+                table_name
+          ),
+          ownership AS (
+            SELECT
+                n.nspname as table_schema,
+                relname as table_name
+            FROM pg_class
+            JOIN pg_catalog.pg_namespace n ON n.oid = pg_class.relnamespace
+            WHERE pg_catalog.pg_get_userbyid(relowner) = '#{db_role}'
+          )
+          SELECT
+              p.table_name,
+              p.table_schema,
+              p.privilege_types,
+              CASE WHEN o.table_name IS NULL THEN false
+                  ELSE true
+              END AS owner
+          FROM permissions p
+          LEFT JOIN ownership o ON (p.table_name = o.table_name AND p.table_schema = o.table_schema)
        }
      db_run(query).map do |line|
        TablePermissions.new(schema: line['table_schema'],
                             name: line['table_name'],
+                             owner: line['owner'] == 't' ? true : false,
                             permissions: line['privilege_types'].split(','))
      end
    end
--- a/app/models/carto/api_key_permissions.rb
+++ b/app/models/carto/api_key_permissions.rb
@ -22,11 +22,12 @@ module Carto
  class TablePermissions < ApiKeyPermissions
    WRITE_PERMISSIONS = ['insert', 'update', 'delete', 'truncate'].freeze

-    attr_reader :schema
+    attr_reader :schema, :owner

-    def initialize(schema:, name:, permissions: [])
+    def initialize(schema:, name:, owner: false, permissions: [])
      super(name: name, permissions: permissions)
      @schema = schema
+      @owner = owner
    end

    def write_permissions
--- a/lib/formats/carto/api_key/grants.json
+++ b/lib/formats/carto/api_key/grants.json
@ -73,6 +73,9 @@
            "name": {
              "type": "string"
            },
+            "owner": {
+              "type": "boolean"
+            },
            "permissions": {
              "type": "array",
              "items": {
--- a/spec/models/carto/api_key_spec.rb
+++ b/spec/models/carto/api_key_spec.rb
@ -19,6 +19,7 @@ describe Carto::ApiKey do
  end

  def database_grant(database_schema = 'wadus', table_name = 'wadus',
+                     owner = false,
                     permissions: ['insert', 'select', 'update', 'delete'],
                     schema_permissions: ['create'])
    {
@ -27,6 +28,7 @@ describe Carto::ApiKey do
        {
          schema: database_schema,
          name: table_name,
+          owner: owner,
          permissions: permissions
        }
      ],
@ -39,7 +41,7 @@ describe Carto::ApiKey do
    }
  end

-  def table_grant(database_schema = 'wadus', table_name = 'wadus',
+  def table_grant(database_schema = 'wadus', table_name = 'wadus', owner = false,
                  permissions: ['insert', 'select', 'update', 'delete'])
    {
      type: "database",
@ -47,6 +49,7 @@ describe Carto::ApiKey do
        {
          schema: database_schema,
          name: table_name,
+          owner: owner,
          permissions: permissions
        }
      ]
@ -313,6 +316,26 @@ describe Carto::ApiKey do
      api_key.destroy
    end

+    it 'show ownership of the tables for the user' do
+      grants = [schema_grant(@carto_user1.database_schema), apis_grant]
+      api_key = @carto_user1.api_keys.create_regular_key!(name: 'table_owner_test', grants: grants)
+
+      with_connection_from_api_key(api_key) do |connection|
+        connection.execute("create table \"#{@carto_user1.database_schema}\".test_table as select 1 as test")
+        connection.execute("select count(1) from \"#{@carto_user1.database_schema}\".test_table") do |result|
+          result[0]['count'].should eq '1'
+        end
+      end
+
+      permissions = api_key.table_permissions_from_db
+
+      permissions.each do |p|
+        if p.name == 'test_table'
+          p.owner.should eq true
+        end
+      end
+    end
+
    let (:grants) { [database_grant(@table1.database_schema, @table1.name), apis_grant] }

    describe '#destroy' do