-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: make certification_url_policies case insensitive
- Loading branch information
Showing
6 changed files
with
108 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
35 changes: 35 additions & 0 deletions
35
schema/deploy/policies/certification_url_policies@v1.5.0.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| -- Deploy ggircs-portal:policies/certification_url_policies to pg | ||
| -- requires: tables/certification_url | ||
|
|
||
| begin; | ||
|
|
||
| do | ||
| $policy$ | ||
| declare | ||
| industry_user_statement text; | ||
| certifier_user_statement text; | ||
| begin | ||
| -- ciip_administrator RLS | ||
| perform ggircs_portal_private.upsert_policy('ciip_administrator_select_certification_url', 'certification_url', 'select', 'ciip_administrator', 'true'); | ||
| perform ggircs_portal_private.upsert_policy('ciip_administrator_insert_certification_url', 'certification_url', 'insert', 'ciip_administrator', 'true'); | ||
|
|
||
| -- ciip_analyst RLS | ||
| perform ggircs_portal_private.upsert_policy('ciip_analyst_select_certification_url', 'certification_url', 'select', 'ciip_analyst', 'true'); | ||
|
|
||
| -- statement for select using & insert with check | ||
| industry_user_statement := 'application_id in (select ggircs_portal_private.get_valid_applications_for_reporter())'; | ||
| certifier_user_statement := 'certifier_email = ((select email_address from ggircs_portal.ciip_user where ciip_user.uuid = (select sub from ggircs_portal.session())))'; | ||
|
|
||
| -- ciip_industry_user RLS | ||
| perform ggircs_portal_private.upsert_policy('ciip_industry_user_select_certification_url', 'certification_url', 'select', 'ciip_industry_user', industry_user_statement); | ||
| perform ggircs_portal_private.upsert_policy('ciip_industry_user_insert_certification_url', 'certification_url', 'insert', 'ciip_industry_user', industry_user_statement); | ||
| perform ggircs_portal_private.upsert_policy('ciip_industry_user_update_certification_url', 'certification_url', 'update', 'ciip_industry_user', industry_user_statement); | ||
|
|
||
| -- ciip_industry_user (certifier) RLS | ||
| perform ggircs_portal_private.upsert_policy('certifier_select_certification_url', 'certification_url', 'select', 'ciip_industry_user', certifier_user_statement); | ||
| perform ggircs_portal_private.upsert_policy('certifier_update_certification_url', 'certification_url', 'update', 'ciip_industry_user', certifier_user_statement); | ||
|
|
||
| end | ||
| $policy$; | ||
|
|
||
| commit; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,21 +1,35 @@ | ||
| -- Revert ggircs-portal:policies/certification_url_policies from pg | ||
| -- Deploy ggircs-portal:policies/certification_url_policies to pg | ||
| -- requires: tables/certification_url | ||
|
|
||
| begin; | ||
|
|
||
| -- ciip_administrator Policies | ||
| drop policy ciip_administrator_select_certification_url on ggircs_portal.certification_url; | ||
| drop policy ciip_administrator_insert_certification_url on ggircs_portal.certification_url; | ||
| do | ||
| $policy$ | ||
| declare | ||
| industry_user_statement text; | ||
| certifier_user_statement text; | ||
| begin | ||
| -- ciip_administrator RLS | ||
| perform ggircs_portal_private.upsert_policy('ciip_administrator_select_certification_url', 'certification_url', 'select', 'ciip_administrator', 'true'); | ||
| perform ggircs_portal_private.upsert_policy('ciip_administrator_insert_certification_url', 'certification_url', 'insert', 'ciip_administrator', 'true'); | ||
|
|
||
| -- ciip_analyst Policies | ||
| drop policy ciip_analyst_select_certification_url on ggircs_portal.certification_url; | ||
| -- ciip_analyst RLS | ||
| perform ggircs_portal_private.upsert_policy('ciip_analyst_select_certification_url', 'certification_url', 'select', 'ciip_analyst', 'true'); | ||
|
|
||
| -- ciip_industry_user Policies | ||
| drop policy ciip_industry_user_select_certification_url on ggircs_portal.certification_url; | ||
| drop policy ciip_industry_user_insert_certification_url on ggircs_portal.certification_url; | ||
| drop policy ciip_industry_user_update_certification_url on ggircs_portal.certification_url; | ||
| -- statement for select using & insert with check | ||
| industry_user_statement := 'application_id in (select ggircs_portal_private.get_valid_applications_for_reporter())'; | ||
| certifier_user_statement := 'certifier_email = ((select email_address from ggircs_portal.ciip_user where ciip_user.uuid = (select sub from ggircs_portal.session())))'; | ||
|
|
||
| -- ciip_industry_user (certifier) Policies | ||
| drop policy certifier_select_certification_url on ggircs_portal.certification_url; | ||
| drop policy certifier_update_certification_url on ggircs_portal.certification_url; | ||
| -- ciip_industry_user RLS | ||
| perform ggircs_portal_private.upsert_policy('ciip_industry_user_select_certification_url', 'certification_url', 'select', 'ciip_industry_user', industry_user_statement); | ||
| perform ggircs_portal_private.upsert_policy('ciip_industry_user_insert_certification_url', 'certification_url', 'insert', 'ciip_industry_user', industry_user_statement); | ||
| perform ggircs_portal_private.upsert_policy('ciip_industry_user_update_certification_url', 'certification_url', 'update', 'ciip_industry_user', industry_user_statement); | ||
|
|
||
| -- ciip_industry_user (certifier) RLS | ||
| perform ggircs_portal_private.upsert_policy('certifier_select_certification_url', 'certification_url', 'select', 'ciip_industry_user', certifier_user_statement); | ||
| perform ggircs_portal_private.upsert_policy('certifier_update_certification_url', 'certification_url', 'update', 'ciip_industry_user', certifier_user_statement); | ||
|
|
||
| end | ||
| $policy$; | ||
|
|
||
| commit; |
21 changes: 21 additions & 0 deletions
21
schema/revert/policies/certification_url_policies@v1.5.0.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| -- Revert ggircs-portal:policies/certification_url_policies from pg | ||
|
|
||
| begin; | ||
|
|
||
| -- ciip_administrator Policies | ||
| drop policy ciip_administrator_select_certification_url on ggircs_portal.certification_url; | ||
| drop policy ciip_administrator_insert_certification_url on ggircs_portal.certification_url; | ||
|
|
||
| -- ciip_analyst Policies | ||
| drop policy ciip_analyst_select_certification_url on ggircs_portal.certification_url; | ||
|
|
||
| -- ciip_industry_user Policies | ||
| drop policy ciip_industry_user_select_certification_url on ggircs_portal.certification_url; | ||
| drop policy ciip_industry_user_insert_certification_url on ggircs_portal.certification_url; | ||
| drop policy ciip_industry_user_update_certification_url on ggircs_portal.certification_url; | ||
|
|
||
| -- ciip_industry_user (certifier) Policies | ||
| drop policy certifier_select_certification_url on ggircs_portal.certification_url; | ||
| drop policy certifier_update_certification_url on ggircs_portal.certification_url; | ||
|
|
||
| commit; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
23 changes: 23 additions & 0 deletions
23
schema/verify/policies/certification_url_policies@v1.5.0.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| -- Verify ggircs-portal:policies/certification_url_policies on pg | ||
|
|
||
| begin; | ||
|
|
||
| -- ciip_administrator Policies | ||
| select ggircs_portal_private.verify_policy('select', 'ciip_administrator_select_certification_url', 'certification_url', 'ciip_administrator'); | ||
| select ggircs_portal_private.verify_policy('insert', 'ciip_administrator_insert_certification_url', 'certification_url', 'ciip_administrator'); | ||
|
|
||
| -- ciip_analyst Policies | ||
| select ggircs_portal_private.verify_policy('select', 'ciip_analyst_select_certification_url', 'certification_url', 'ciip_analyst'); | ||
|
|
||
| -- ciip_industry_user Policies | ||
| select ggircs_portal_private.verify_policy('select', 'ciip_industry_user_select_certification_url', 'certification_url', 'ciip_industry_user'); | ||
| select ggircs_portal_private.verify_policy('insert', 'ciip_industry_user_insert_certification_url', 'certification_url', 'ciip_industry_user'); | ||
| select ggircs_portal_private.verify_policy('update', 'ciip_industry_user_update_certification_url', 'certification_url', 'ciip_industry_user'); | ||
|
|
||
| -- ciip_industry_user (certifier) Policies | ||
| select ggircs_portal_private.verify_policy('select', 'certifier_select_certification_url', 'certification_url', 'ciip_industry_user'); | ||
| select ggircs_portal_private.verify_policy('update', 'certifier_update_certification_url', 'certification_url', 'ciip_industry_user'); | ||
|
|
||
| -- ciip_guest Policies | ||
|
|
||
| rollback; |