Move check_cookie to public and give access to authenticator

I do not want to give access to authenticator until i know who the user is, herefore that function can not be in the numerus schema as the authenticator user can not see it.
2023-01-18 14:12:59 +01:00 · 2023-01-18 14:12:59 +01:00 · c4fc37349b
parent c369364642
commit c4fc37349b
6 changed files with 14 additions and 13 deletions
--- a/deploy/check_cookie.sql
+++ b/deploy/check_cookie.sql
@ -4,7 +4,7 @@
 begin;
-set search_path to numerus, auth, public;
+set search_path to public, numerus, auth;
 create or replace function check_cookie(input_cookie text) returns record as
 $$
--- a/deploy/schema_public.sql
+++ b/deploy/schema_public.sql
@ -6,6 +6,7 @@ begin;
 revoke create on schema public from public;
 revoke usage on schema public from public;
 grant usage on schema public to authenticator;
 grant usage on schema public to guest;
 grant usage on schema public to invoicer;
 grant usage on schema public to admin;
--- a/revert/check_cookie.sql
+++ b/revert/check_cookie.sql
@ -2,6 +2,6 @@
 begin;
-drop function if exists numerus.check_cookie(text);
+drop function if exists public.check_cookie(text);
 commit;
--- a/test/check_cookie.sql
+++ b/test/check_cookie.sql
@ -9,15 +9,15 @@ select plan(15);
 set search_path to auth, numerus, public;
-select has_function('check_cookie');
+select has_function('public', 'check_cookie', array ['text']);
-select function_lang_is('check_cookie', array ['text'], 'plpgsql');
+select function_lang_is('public', 'check_cookie', array ['text'], 'plpgsql');
-select function_returns('check_cookie', array ['text'], 'record');
+select function_returns('public', 'check_cookie', array ['text'], 'record');
-select is_definer('check_cookie', array ['text']);
+select is_definer('public', 'check_cookie', array ['text']);
-select volatility_is('check_cookie', array ['text'], 'stable');
+select volatility_is('public', 'check_cookie', array ['text'], 'stable');
-select function_privs_are('check_cookie', array ['text'], 'guest', array []::text[]);
+select function_privs_are('public', 'check_cookie', array ['text'], 'guest', array []::text[]);
-select function_privs_are('check_cookie', array ['text'], 'invoicer', array []::text[]);
+select function_privs_are('public', 'check_cookie', array ['text'], 'invoicer', array []::text[]);
-select function_privs_are('check_cookie', array ['text'], 'admin', array []::text[]);
+select function_privs_are('public', 'check_cookie', array ['text'], 'admin', array []::text[]);
-select function_privs_are('check_cookie', array ['text'], 'authenticator', array ['EXECUTE']);
+select function_privs_are('public', 'check_cookie', array ['text'], 'authenticator', array ['EXECUTE']);
 set client_min_messages to warning;
 truncate auth."user" cascade;
--- a/test/schemas.sql
+++ b/test/schemas.sql
@ -27,7 +27,7 @@ select schema_privs_are('numerus', 'authenticator', array[]::text[]);
 select schema_privs_are('public', 'guest', array['USAGE']);
 select schema_privs_are('public', 'invoicer', array['USAGE']);
 select schema_privs_are('public', 'admin', array['USAGE']);
-select schema_privs_are('public', 'authenticator', array[]::text[]);
+select schema_privs_are('public', 'authenticator', array['USAGE']);
 select schema_privs_are('sqitch', 'guest', array[]::text[]);
 select schema_privs_are('sqitch', 'invoicer', array[]::text[]);
--- a/verify/check_cookie.sql
+++ b/verify/check_cookie.sql
@ -2,6 +2,6 @@
 begin;
-select has_function_privilege('numerus.check_cookie(text)', 'execute');
+select has_function_privilege('public.check_cookie(text)', 'execute');
 rollback;