Merge pull request #65 from CartoDB/add_needed_security_changes_for_v2

Add needed security changes for v2
2016-01-26 13:06:04 +01:00
parent 5309a6eae5 2409d548b6
commit b4b1cd9592
2 changed files with 11 additions and 2 deletions
--- a/server/extension/cdb_geocoder_server--0.0.1--0.1.0.sql
+++ b/server/extension/cdb_geocoder_server--0.0.1--0.1.0.sql
@@ -47,6 +47,7 @@ RETURNS boolean AS $$
    }
    return True
 $$ LANGUAGE plpythonu;
+
 -- Get the Redis configuration from the _conf table --
 CREATE OR REPLACE FUNCTION cdb_geocoder_server._get_geocoder_config(username text, orgname text)
 RETURNS boolean AS $$
@@ -71,7 +72,8 @@ RETURNS boolean AS $$
    # --for this user session but...
    GD[cache_key] = geocoder_config
    return True
-$$ LANGUAGE plpythonu;
+$$ LANGUAGE plpythonu SECURITY DEFINER;
+
 -- Geocodes a street address given a searchtext and a state and/or country
 CREATE OR REPLACE FUNCTION cdb_geocoder_server.cdb_geocode_street_point_v2(username TEXT, orgname TEXT, searchtext TEXT, city TEXT DEFAULT NULL, state_province TEXT DEFAULT NULL, country TEXT DEFAULT NULL)
 RETURNS Geometry AS $$
@@ -130,3 +132,10 @@ RETURNS Geometry AS $$
    plpy.error('Google geocoder is not available yet')
    return None
 $$ LANGUAGE plpythonu;
+
+-- We apply again the grants to include the new functions
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA cdb_geocoder_server TO geocoder_api;
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO geocoder_api;
+GRANT USAGE ON SCHEMA cdb_geocoder_server TO geocoder_api;
+GRANT USAGE ON SCHEMA public TO geocoder_api;
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO geocoder_api;
--- a/server/extension/sql/0.1.0/15_config_helper.sql
+++ b/server/extension/sql/0.1.0/15_config_helper.sql
@@ -22,4 +22,4 @@ RETURNS boolean AS $$
    # --for this user session but...
    GD[cache_key] = geocoder_config
    return True
-$$ LANGUAGE plpythonu;
+$$ LANGUAGE plpythonu SECURITY DEFINER;