Skip to content

Commit

Permalink
fix row level security readme per https://github.com/begriffs/postgre… (
Browse files Browse the repository at this point in the history 
#579)

* fix row level security readme per #554

* handle anonymous access to posts / comments tables

* address insertion use case in row-level security readme
  • Loading branch information
@opensrcken @begriffs
opensrcken authored and begriffs committed May 8, 2016
1 parent d9205bd commit 0dc33db
Showing 1 changed file with 36 additions and 5 deletions.
41 changes: 36 additions & 5 deletions docs/examples/blog.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,21 +71,52 @@ security](http://www.postgresql.org/docs/9.5/static/ddl-rowsecurity.html).
Note that it requires PostgreSQL 9.5 or later.

```sql
grant select on posts, comments to anon;

ALTER TABLE posts ENABLE ROW LEVEL SECURITY;
ALTER TABLE comments ENABLE ROW LEVEL SECURITY;

drop policy if exists posts_select_unsecure on posts;
create policy posts_select_unsecure on posts for select
using (true);

drop policy if exists comments_select_unsecure on comments;
create policy comments_select_unsecure on comments for select
using (true);

drop policy if exists authors_eigencreate on posts;
create policy authors_eigencreate on posts for insert
with check (
author = basic_auth.current_email()
);

drop policy if exists authors_eigencreate on comments;
create policy authors_eigencreate on comments for insert
with check (
author = basic_auth.current_email()
);

drop policy if exists authors_eigenedit on posts;
create policy authors_eigenedit on posts
using (true)
create policy authors_eigenedit on posts for update
using (author = basic_auth.current_email())
with check (
author = basic_auth.current_email()
);

ALTER TABLE comments ENABLE ROW LEVEL SECURITY;
drop policy if exists authors_eigenedit on comments;
create policy authors_eigenedit on comments
using (true)
create policy authors_eigenedit on comments for update
using (author = basic_auth.current_email())
with check (
author = basic_auth.current_email()
);

drop policy if exists authors_eigendelete on posts;
create policy authors_eigendelete on posts for delete
using (author = basic_auth.current_email());

drop policy if exists authors_eigendelete on comments;
create policy authors_eigendelete on comments for delete
using (author = basic_auth.current_email());
```

Finally we need to modify the `users` view from the previous example.
Expand Down

0 comments on commit 0dc33db

Please sign in to comment.