diff --git a/client/renderer/interface.yaml b/client/renderer/interface.yaml index f13f6eb..7211802 100644 --- a/client/renderer/interface.yaml +++ b/client/renderer/interface.yaml @@ -428,21 +428,21 @@ - { name: service, type: "text" } - name: cdb_service_set_user_rate_limit - private: true + superuser: true return_type: void params: - { name: service, type: "text" } - { name: rate_limit, type: json } - name: cdb_service_set_org_rate_limit - private: true + superuser: true return_type: void params: - { name: service, type: "text" } - { name: rate_limit, type: json } - name: cdb_service_set_server_rate_limit - private: true + superuser: true return_type: void params: - { name: service, type: "text" } diff --git a/client/renderer/sql-template-renderer b/client/renderer/sql-template-renderer index 3019730..31d52f5 100755 --- a/client/renderer/sql-template-renderer +++ b/client/renderer/sql-template-renderer @@ -44,29 +44,29 @@ class SqlTemplateRenderer @function_signature['geocoder_config_key'] end - def parameters_info(with_credentials) + def parameters_info(with_user_org) parameters = [] - if with_credentials + if with_user_org parameters << { 'name' => 'username', 'type' => 'text' } parameters << { 'name' => 'orgname', 'type' => 'text' } end parameters + @function_signature['params'].reject(&:empty?) end - def credentials_declaration() - "username text;\n orgname text;" if public_function? + def user_org_declaration() + "username text;\n orgname text;" unless superuser_function? end - def params(with_credentials = !public_function?) - parameters_info(with_credentials).map { |p| p['name'].to_s } + def params(with_user_org = superuser_function?) + parameters_info(with_user_org).map { |p| p['name'].to_s } end - def params_with_type(with_credentials = !public_function?) - parameters_info(with_credentials).map { |p| "#{p['name']} #{p['type']}" } + def params_with_type(with_user_org = superuser_function?) + parameters_info(with_user_org).map { |p| "#{p['name']} #{p['type']}" } end - def params_with_type_and_default(with_credentials = !public_function?) - parameters = parameters_info(with_credentials).map do |p| + def params_with_type_and_default(with_user_org = superuser_function?) + parameters = parameters_info(with_user_org).map do |p| if not p['default'].nil? "#{p['name']} #{p['type']} DEFAULT #{p['default']}" else @@ -76,8 +76,8 @@ class SqlTemplateRenderer return parameters end - def public_function? - !@function_signature['private'] + def superuser_function? + !!@function_signature['superuser'] end def void_return_type? diff --git a/client/renderer/templates/20_public_functions.erb b/client/renderer/templates/20_public_functions.erb index 8e65ed5..abd6d05 100644 --- a/client/renderer/templates/20_public_functions.erb +++ b/client/renderer/templates/20_public_functions.erb @@ -8,7 +8,7 @@ CREATE OR REPLACE FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>.<%= name %> (<%= pa RETURNS <%= return_type %> AS $$ DECLARE <%= return_declaration if not multi_row %> - <%= credentials_declaration %> + <%= user_org_declaration %> BEGIN IF session_user = 'publicuser' OR session_user ~ 'cartodb_publicuser_*' THEN RAISE EXCEPTION 'The api_key must be provided'; @@ -19,6 +19,6 @@ BEGIN RAISE EXCEPTION 'Username is a mandatory argument, check it out'; END IF; - <% return_statement do %><%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= params(true).join(', ') %>)<% end %> + <% return_statement do %><%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= params(_with_user_org=true).join(', ') %>)<% end %> END; $$ LANGUAGE 'plpgsql' SECURITY DEFINER; diff --git a/client/renderer/templates/25_exception_safe_private_functions.erb b/client/renderer/templates/25_exception_safe_private_functions.erb index 4b19b67..b0d2921 100644 --- a/client/renderer/templates/25_exception_safe_private_functions.erb +++ b/client/renderer/templates/25_exception_safe_private_functions.erb @@ -6,7 +6,7 @@ CREATE OR REPLACE FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>_except RETURNS <%= return_type %> AS $$ DECLARE <%= return_declaration %> - <%= credentials_declaration %> + <%= user_org_declaration %> _returned_sqlstate TEXT; _message_text TEXT; _pg_exception_context TEXT; @@ -22,7 +22,7 @@ BEGIN BEGIN - <% return_statement do %><%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= params(true).join(', ') %>)<% end %> + <% return_statement do %><%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= params(_with_user_org=true).join(', ') %>)<% end %> EXCEPTION WHEN OTHERS THEN GET STACKED DIAGNOSTICS _returned_sqlstate = RETURNED_SQLSTATE, diff --git a/client/renderer/templates/30_plproxy_functions.erb b/client/renderer/templates/30_plproxy_functions.erb index 92d2469..7a7a230 100644 --- a/client/renderer/templates/30_plproxy_functions.erb +++ b/client/renderer/templates/30_plproxy_functions.erb @@ -1,9 +1,9 @@ -CREATE OR REPLACE FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %> (<%= params_with_type_and_default(true).join(', ') %>) +CREATE OR REPLACE FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %> (<%= params_with_type_and_default(_with_user_org=true).join(', ') %>) RETURNS <%= return_type %> AS $$ CONNECT <%= DATASERVICES_CLIENT_SCHEMA %>._server_conn_str(); <% if multi_field %> - SELECT * FROM <%= DATASERVICES_SERVER_SCHEMA %>.<%= name %> (<%= params(true).join(', ') %>); + SELECT * FROM <%= DATASERVICES_SERVER_SCHEMA %>.<%= name %> (<%= params(_with_user_org=true).join(', ') %>); <% else %> - SELECT <%= DATASERVICES_SERVER_SCHEMA %>.<%= name %> (<%= params(true).join(', ') %>); + SELECT <%= DATASERVICES_SERVER_SCHEMA %>.<%= name %> (<%= params(_with_user_org=true).join(', ') %>); <% end %> $$ LANGUAGE plproxy; diff --git a/client/renderer/templates/90_grant_execute.erb b/client/renderer/templates/90_grant_execute.erb index 924f495..1b8d7c8 100644 --- a/client/renderer/templates/90_grant_execute.erb +++ b/client/renderer/templates/90_grant_execute.erb @@ -1,4 +1,4 @@ -<% if public_function? %> +<% unless superuser_function? %> GRANT EXECUTE ON FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>.<%= name %>(<%= params_with_type.join(', ') %>) TO publicuser; GRANT EXECUTE ON FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>_exception_safe(<%= params_with_type.join(', ') %> ) TO publicuser; <% end %> \ No newline at end of file