From c4fc37349b2f081e70e399f634b907aa38a7a225 Mon Sep 17 00:00:00 2001 From: jordi fita mas Date: Wed, 18 Jan 2023 14:12:59 +0100 Subject: [PATCH] Move check_cookie to public and give access to authenticator I do not want to give access to authenticator until i know who the user is, herefore that function can not be in the numerus schema as the authenticator user can not see it. --- deploy/check_cookie.sql | 2 +- deploy/schema_public.sql | 1 + revert/check_cookie.sql | 2 +- test/check_cookie.sql | 18 +++++++++--------- test/schemas.sql | 2 +- verify/check_cookie.sql | 2 +- 6 files changed, 14 insertions(+), 13 deletions(-) diff --git a/deploy/check_cookie.sql b/deploy/check_cookie.sql index f17a6cb..f3f816a 100644 --- a/deploy/check_cookie.sql +++ b/deploy/check_cookie.sql @@ -4,7 +4,7 @@ begin; -set search_path to numerus, auth, public; +set search_path to public, numerus, auth; create or replace function check_cookie(input_cookie text) returns record as $$ diff --git a/deploy/schema_public.sql b/deploy/schema_public.sql index 2b2a2e5..bc06309 100644 --- a/deploy/schema_public.sql +++ b/deploy/schema_public.sql @@ -6,6 +6,7 @@ begin; revoke create on schema public from public; revoke usage on schema public from public; +grant usage on schema public to authenticator; grant usage on schema public to guest; grant usage on schema public to invoicer; grant usage on schema public to admin; diff --git a/revert/check_cookie.sql b/revert/check_cookie.sql index dda09cd..45b5a97 100644 --- a/revert/check_cookie.sql +++ b/revert/check_cookie.sql @@ -2,6 +2,6 @@ begin; -drop function if exists numerus.check_cookie(text); +drop function if exists public.check_cookie(text); commit; diff --git a/test/check_cookie.sql b/test/check_cookie.sql index c378ab2..5789045 100644 --- a/test/check_cookie.sql +++ b/test/check_cookie.sql @@ -9,15 +9,15 @@ select plan(15); set search_path to auth, numerus, public; -select has_function('check_cookie'); -select function_lang_is('check_cookie', array ['text'], 'plpgsql'); -select function_returns('check_cookie', array ['text'], 'record'); -select is_definer('check_cookie', array ['text']); -select volatility_is('check_cookie', array ['text'], 'stable'); -select function_privs_are('check_cookie', array ['text'], 'guest', array []::text[]); -select function_privs_are('check_cookie', array ['text'], 'invoicer', array []::text[]); -select function_privs_are('check_cookie', array ['text'], 'admin', array []::text[]); -select function_privs_are('check_cookie', array ['text'], 'authenticator', array ['EXECUTE']); +select has_function('public', 'check_cookie', array ['text']); +select function_lang_is('public', 'check_cookie', array ['text'], 'plpgsql'); +select function_returns('public', 'check_cookie', array ['text'], 'record'); +select is_definer('public', 'check_cookie', array ['text']); +select volatility_is('public', 'check_cookie', array ['text'], 'stable'); +select function_privs_are('public', 'check_cookie', array ['text'], 'guest', array []::text[]); +select function_privs_are('public', 'check_cookie', array ['text'], 'invoicer', array []::text[]); +select function_privs_are('public', 'check_cookie', array ['text'], 'admin', array []::text[]); +select function_privs_are('public', 'check_cookie', array ['text'], 'authenticator', array ['EXECUTE']); set client_min_messages to warning; truncate auth."user" cascade; diff --git a/test/schemas.sql b/test/schemas.sql index 2b345fc..01979c6 100644 --- a/test/schemas.sql +++ b/test/schemas.sql @@ -27,7 +27,7 @@ select schema_privs_are('numerus', 'authenticator', array[]::text[]); select schema_privs_are('public', 'guest', array['USAGE']); select schema_privs_are('public', 'invoicer', array['USAGE']); select schema_privs_are('public', 'admin', array['USAGE']); -select schema_privs_are('public', 'authenticator', array[]::text[]); +select schema_privs_are('public', 'authenticator', array['USAGE']); select schema_privs_are('sqitch', 'guest', array[]::text[]); select schema_privs_are('sqitch', 'invoicer', array[]::text[]); diff --git a/verify/check_cookie.sql b/verify/check_cookie.sql index f601bfd..57b1374 100644 --- a/verify/check_cookie.sql +++ b/verify/check_cookie.sql @@ -2,6 +2,6 @@ begin; -select has_function_privilege('numerus.check_cookie(text)', 'execute'); +select has_function_privilege('public.check_cookie(text)', 'execute'); rollback;