cartodb4/cartodb-postgresql
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't allow users to pick database name, keeping group operations inside their org

Browse Source
This commit is contained in:
Juan Ignacio Sánchez Lara
2015-08-19 10:37:52 +02:00
parent 0cb55d043a
commit 1fe9bb2e84
2 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts-available/CDB_Groups.sql
View File

@@ -7,7 +7,7 @@ DECLARE
BEGIN
group_role := cartodb._CDB_Group_GroupRole(group_name);
EXECUTE format('CREATE ROLE "%s" NOLOGIN;', group_role);
PERFORM cartodb._CDB_Group_CreateGroup_API(current_database(), group_name, group_role);
PERFORM cartodb._CDB_Group_CreateGroup_API(group_name, group_role);
END
$$ LANGUAGE PLPGSQL VOLATILE;
@@ -25,7 +25,7 @@ BEGIN
group_role := cartodb._CDB_Group_GroupRole(group_name);
EXECUTE format('DROP OWNED BY "%s"', group_role);
EXECUTE format('DROP ROLE IF EXISTS "%s"', group_role);
PERFORM cartodb._CDB_Group_DropGroup_API(current_database(), group_name);
PERFORM cartodb._CDB_Group_DropGroup_API(group_name);
END
$$ LANGUAGE PLPGSQL VOLATILE;

23
scripts-available/CDB_Groups_API.sql
View File

@@ -2,59 +2,59 @@
-- Sends the create group request
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_CreateGroup_API(database_name text, group_name text, group_role text)
FUNCTION cartodb._CDB_Group_CreateGroup_API(group_name text, group_role text)
RETURNS VOID AS
$$
import string
url = '/api/v1/databases/%s/groups' % database_name
url = '/api/v1/databases/%s/groups'
body = '{ "name": "%s", "database_role": "%s" }' % (group_name, group_role)
query = "select cartodb._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
plpy.execute(query)
$$ LANGUAGE 'plpythonu' VOLATILE;
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_DropGroup_API(database_name text, group_name text)
FUNCTION cartodb._CDB_Group_DropGroup_API(group_name text)
RETURNS VOID AS
$$
import string
url = '/api/v1/databases/%s/groups/%s' % (database_name, group_name)
url = '/api/v1/databases/%s/groups/%s' % ('%s', group_name)
query = "select cartodb._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url
plpy.execute(query)
$$ LANGUAGE 'plpythonu' VOLATILE;
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_RenameGroup_API(database_name text, old_group_name text, new_group_name text, new_group_role text)
FUNCTION cartodb._CDB_Group_RenameGroup_API(old_group_name text, new_group_name text, new_group_role text)
RETURNS VOID AS
$$
import string
url = '/api/v1/databases/%s/groups/%s' % (database_name, old_group_name)
url = '/api/v1/databases/%s/groups/%s' % ('%s', old_group_name)
body = '{ "name": "%s", "database_role": "%s" }' % (new_group_name, new_group_role)
query = "select cartodb._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
plpy.execute(query)
$$ LANGUAGE 'plpythonu' VOLATILE;
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_AddMember_API(database_name text, group_name text, username text)
FUNCTION cartodb._CDB_Group_AddMember_API(group_name text, username text)
RETURNS VOID AS
$$
import string
url = '/api/v1/databases/%s/groups/%s/users' % (database_name, group_name)
url = '/api/v1/databases/%s/groups/%s/users' % ('%s', group_name)
body = '{ "username": "%s" }' % username
query = "select cartodb._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
plpy.execute(query)
$$ LANGUAGE 'plpythonu' VOLATILE;
CREATE OR REPLACE
FUNCTION cartodb._CDB_Group_RemoveMember_API(database_name text, group_name text, username text)
FUNCTION cartodb._CDB_Group_RemoveMember_API(group_name text, username text)
RETURNS VOID AS
$$
import string
url = '/api/v1/databases/%s/groups/%s/users/%s' % (database_name, group_name, username)
url = '/api/v1/databases/%s/groups/%s/users/%s' % ('%s', group_name, username)
query = "select cartodb._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url
plpy.execute(query)
$$ LANGUAGE 'plpythonu' VOLATILE;
@@ -116,7 +116,8 @@ $$
while retry > 0:
try:
client = SD['groups_api_client'] = httplib.HTTPConnection(params['host'], params['port'], False, params['timeout'])
client.request(method, url, body, headers)
database_name = plpy.execute("select current_database();")[0]['current_database']
client.request(method, url % database_name, body, headers)
response = client.getresponse()
assert response.status in valid_return_codes
return response.status