tandem
/
numerus
2
0
Fork 0
Code Issues 39 Pull Requests Packages Projects 1 Releases 1 Wiki Activity

Move check_cookie to public and give access to authenticator 

I do not want to give access to authenticator until i know who the user
is, herefore that function can not be in the numerus schema as the
authenticator user can not see it.
This commit is contained in:
jordi fita mas 2023-01-18 14:12:59 +01:00
parent c369364642
commit c4fc37349b
6 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/check_cookie.sql
View File

@ -4,7 +4,7 @@
begin;
set search_path to numerus, auth, public;
set search_path to public, numerus, auth;
create or replace function check_cookie(input_cookie text) returns record as
$$

1
deploy/schema_public.sql
View File

@ -6,6 +6,7 @@ begin;
revoke create on schema public from public;
revoke usage on schema public from public;
grant usage on schema public to authenticator;
grant usage on schema public to guest;
grant usage on schema public to invoicer;
grant usage on schema public to admin;

2
revert/check_cookie.sql
View File

@ -2,6 +2,6 @@
begin;
drop function if exists numerus.check_cookie(text);
drop function if exists public.check_cookie(text);
commit;

18
test/check_cookie.sql
View File

@ -9,15 +9,15 @@ select plan(15);
set search_path to auth, numerus, public;
select has_function('check_cookie');
select function_lang_is('check_cookie', array ['text'], 'plpgsql');
select function_returns('check_cookie', array ['text'], 'record');
select is_definer('check_cookie', array ['text']);
select volatility_is('check_cookie', array ['text'], 'stable');
select function_privs_are('check_cookie', array ['text'], 'guest', array []::text[]);
select function_privs_are('check_cookie', array ['text'], 'invoicer', array []::text[]);
select function_privs_are('check_cookie', array ['text'], 'admin', array []::text[]);
select function_privs_are('check_cookie', array ['text'], 'authenticator', array ['EXECUTE']);
select has_function('public', 'check_cookie', array ['text']);
select function_lang_is('public', 'check_cookie', array ['text'], 'plpgsql');
select function_returns('public', 'check_cookie', array ['text'], 'record');
select is_definer('public', 'check_cookie', array ['text']);
select volatility_is('public', 'check_cookie', array ['text'], 'stable');
select function_privs_are('public', 'check_cookie', array ['text'], 'guest', array []::text[]);
select function_privs_are('public', 'check_cookie', array ['text'], 'invoicer', array []::text[]);
select function_privs_are('public', 'check_cookie', array ['text'], 'admin', array []::text[]);
select function_privs_are('public', 'check_cookie', array ['text'], 'authenticator', array ['EXECUTE']);
set client_min_messages to warning;
truncate auth."user" cascade;

2
test/schemas.sql
View File

@ -27,7 +27,7 @@ select schema_privs_are('numerus', 'authenticator', array[]::text[]);
select schema_privs_are('public', 'guest', array['USAGE']);
select schema_privs_are('public', 'invoicer', array['USAGE']);
select schema_privs_are('public', 'admin', array['USAGE']);
select schema_privs_are('public', 'authenticator', array[]::text[]);
select schema_privs_are('public', 'authenticator', array['USAGE']);
select schema_privs_are('sqitch', 'guest', array[]::text[]);
select schema_privs_are('sqitch', 'invoicer', array[]::text[]);

2
verify/check_cookie.sql
View File

@ -2,6 +2,6 @@
begin;
select has_function_privilege('numerus.check_cookie(text)', 'execute');
select has_function_privilege('public.check_cookie(text)', 'execute');
rollback;