-
Notifications
You must be signed in to change notification settings - Fork 53
Home
The CartoDB PostgreSQL extension is a module to load into each CartoDB user database to perform cartodb-specific security and functionality checks.
No user other than the superuser should be allowed to change statement_timeout
for the session (SET statement_timeout disallowed).
User tables need to match certain structure criteria (See https://github.com/CartoDB/cartodb/wiki/CartoDB-user-table) so the extension should provide a mean to enforce such structure everytime an attempt to change structure is encountered.
The events we want some function to be called upon are:
event | arguments to handler function | function duty | OK* |
---|---|---|---|
SET variable | name of variable | forbid changing some vars | |
RENAME table | old and new name + oid of the table | flush cache | |
ADD/DROP/ALTER column | oid of the table | flush cache, cartodbfy | Y |
DISABLE/DROP trigger | oid of table, name of trigger | cartodbfy or forbid | |
DROP table | oid of the table | flush cache and metadata | Y |
CREATE table | oid of the table | cartodby | Y |
GRANT | oid of table, privilege, role | flush cache, upd metadata | |
REVOKE | oid of table, privilege, role | flush cache, upd metadata |
- event available by installing https://bitbucket.org/malloclabs/pg_schema_triggers/overview
At this stage we don't need more than this, but the number of events and the number of arguments passed to the handler function may expand in the future, so the extension should be written in a way to easily allow that.
Some of the handler will need to act after the statement is completed (CREATE TABLE, for example).