jordi fita mas
866af09b50
I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has.
27 lines
695 B
PL/PgSQL
27 lines
695 B
PL/PgSQL
-- Deploy camper:company_user to pg
|
|
-- requires: roles
|
|
-- requires: schema_camper
|
|
-- requires: user
|
|
-- requires: company
|
|
|
|
begin;
|
|
|
|
set search_path to camper, auth, public;
|
|
|
|
create table company_user (
|
|
company_id integer not null references company,
|
|
user_id integer not null references "user",
|
|
role name not null check (length(role) < 512),
|
|
primary key (company_id, user_id)
|
|
);
|
|
|
|
grant select on table company_user to employee;
|
|
grant select on table company_user to admin;
|
|
|
|
-- TODO:
|
|
-- I think we can enable row-level security for company_user because it would
|
|
-- be an infinite loop with user_profile, but in this case i think it is fine
|
|
-- because we can only see ids, nothing more.
|
|
|
|
commit;
|