Move check_cookie to public and give access to authenticator
I do not want to give access to authenticator until i know who the user is, herefore that function can not be in the numerus schema as the authenticator user can not see it.
This commit is contained in:
parent
c369364642
commit
c4fc37349b
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
begin;
|
begin;
|
||||||
|
|
||||||
set search_path to numerus, auth, public;
|
set search_path to public, numerus, auth;
|
||||||
|
|
||||||
create or replace function check_cookie(input_cookie text) returns record as
|
create or replace function check_cookie(input_cookie text) returns record as
|
||||||
$$
|
$$
|
||||||
|
|
|
@ -6,6 +6,7 @@ begin;
|
||||||
revoke create on schema public from public;
|
revoke create on schema public from public;
|
||||||
revoke usage on schema public from public;
|
revoke usage on schema public from public;
|
||||||
|
|
||||||
|
grant usage on schema public to authenticator;
|
||||||
grant usage on schema public to guest;
|
grant usage on schema public to guest;
|
||||||
grant usage on schema public to invoicer;
|
grant usage on schema public to invoicer;
|
||||||
grant usage on schema public to admin;
|
grant usage on schema public to admin;
|
||||||
|
|
|
@ -2,6 +2,6 @@
|
||||||
|
|
||||||
begin;
|
begin;
|
||||||
|
|
||||||
drop function if exists numerus.check_cookie(text);
|
drop function if exists public.check_cookie(text);
|
||||||
|
|
||||||
commit;
|
commit;
|
||||||
|
|
|
@ -9,15 +9,15 @@ select plan(15);
|
||||||
|
|
||||||
set search_path to auth, numerus, public;
|
set search_path to auth, numerus, public;
|
||||||
|
|
||||||
select has_function('check_cookie');
|
select has_function('public', 'check_cookie', array ['text']);
|
||||||
select function_lang_is('check_cookie', array ['text'], 'plpgsql');
|
select function_lang_is('public', 'check_cookie', array ['text'], 'plpgsql');
|
||||||
select function_returns('check_cookie', array ['text'], 'record');
|
select function_returns('public', 'check_cookie', array ['text'], 'record');
|
||||||
select is_definer('check_cookie', array ['text']);
|
select is_definer('public', 'check_cookie', array ['text']);
|
||||||
select volatility_is('check_cookie', array ['text'], 'stable');
|
select volatility_is('public', 'check_cookie', array ['text'], 'stable');
|
||||||
select function_privs_are('check_cookie', array ['text'], 'guest', array []::text[]);
|
select function_privs_are('public', 'check_cookie', array ['text'], 'guest', array []::text[]);
|
||||||
select function_privs_are('check_cookie', array ['text'], 'invoicer', array []::text[]);
|
select function_privs_are('public', 'check_cookie', array ['text'], 'invoicer', array []::text[]);
|
||||||
select function_privs_are('check_cookie', array ['text'], 'admin', array []::text[]);
|
select function_privs_are('public', 'check_cookie', array ['text'], 'admin', array []::text[]);
|
||||||
select function_privs_are('check_cookie', array ['text'], 'authenticator', array ['EXECUTE']);
|
select function_privs_are('public', 'check_cookie', array ['text'], 'authenticator', array ['EXECUTE']);
|
||||||
|
|
||||||
set client_min_messages to warning;
|
set client_min_messages to warning;
|
||||||
truncate auth."user" cascade;
|
truncate auth."user" cascade;
|
||||||
|
|
|
@ -27,7 +27,7 @@ select schema_privs_are('numerus', 'authenticator', array[]::text[]);
|
||||||
select schema_privs_are('public', 'guest', array['USAGE']);
|
select schema_privs_are('public', 'guest', array['USAGE']);
|
||||||
select schema_privs_are('public', 'invoicer', array['USAGE']);
|
select schema_privs_are('public', 'invoicer', array['USAGE']);
|
||||||
select schema_privs_are('public', 'admin', array['USAGE']);
|
select schema_privs_are('public', 'admin', array['USAGE']);
|
||||||
select schema_privs_are('public', 'authenticator', array[]::text[]);
|
select schema_privs_are('public', 'authenticator', array['USAGE']);
|
||||||
|
|
||||||
select schema_privs_are('sqitch', 'guest', array[]::text[]);
|
select schema_privs_are('sqitch', 'guest', array[]::text[]);
|
||||||
select schema_privs_are('sqitch', 'invoicer', array[]::text[]);
|
select schema_privs_are('sqitch', 'invoicer', array[]::text[]);
|
||||||
|
|
|
@ -2,6 +2,6 @@
|
||||||
|
|
||||||
begin;
|
begin;
|
||||||
|
|
||||||
select has_function_privilege('numerus.check_cookie(text)', 'execute');
|
select has_function_privilege('public.check_cookie(text)', 'execute');
|
||||||
|
|
||||||
rollback;
|
rollback;
|
||||||
|
|
Loading…
Reference in New Issue