forked from pgadmin-org/pgadmin4
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added security_invoker option while creating a view. pgadmin-org#6371
- Loading branch information
1 parent
b8377be
commit 1556270
Showing
68 changed files
with
2,016 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
32 changes: 32 additions & 0 deletions
32
...r/server_groups/servers/databases/schemas/views/templates/views/pg/15_plus/sql/create.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
{#============================Create new view=========================#} | ||
{% if display_comments %} | ||
-- View: {{ data.schema }}.{{ data.name }} | ||
|
||
-- DROP VIEW {{ conn|qtIdent(data.schema, data.name) }}; | ||
|
||
{% endif %} | ||
{% if data.name and data.schema and data.definition %} | ||
CREATE{% if add_replace_clause %} OR REPLACE{% endif %} VIEW {{ conn|qtIdent(data.schema, data.name) }} | ||
{% if ((data.check_option and data.check_option.lower() != 'no') or data.security_barrier or data.security_invoker)%} | ||
WITH ( | ||
{% if data.check_option and data.check_option.lower() != 'no' %} | ||
check_option={{ data.check_option }}{% if data.check_option and data.check_option.lower() != 'no' and (data.security_barrier or data.security_invoker) %}, | ||
{% endif %}{% endif %} | ||
{% if data.security_barrier %} | ||
security_barrier={{ data.security_barrier|lower }}{% if data.security_barrier and data.security_invoker %}, | ||
{% endif %}{% endif %} | ||
{% if data.security_invoker %} | ||
security_invoker={{ data.security_invoker|lower }}{% endif %} | ||
|
||
){% endif %} AS | ||
{{ data.definition.rstrip(';') }}; | ||
{% if data.owner and data.m_view is undefined %} | ||
|
||
ALTER TABLE {{ conn|qtIdent(data.schema, data.name) }} | ||
OWNER TO {{ conn|qtIdent(data.owner) }}; | ||
{% endif %} | ||
{% if data.comment %} | ||
COMMENT ON VIEW {{ conn|qtIdent(data.schema, data.name) }} | ||
IS {{ data.comment|qtLiteral(conn) }}; | ||
{% endif %} | ||
{% endif %} |
73 changes: 73 additions & 0 deletions
73
...rver_groups/servers/databases/schemas/views/templates/views/pg/15_plus/sql/properties.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
{# ========================== Fetch View Properties ========================= #} | ||
{% if (vid and datlastsysoid) or scid %} | ||
SELECT | ||
c.oid, | ||
c.xmin, | ||
c.relkind, | ||
description AS comment, | ||
(CASE WHEN length(spc.spcname::text) > 0 THEN spc.spcname ELSE 'pg_default' END) as spcname, | ||
c.relname AS name, | ||
c.reltablespace AS spcoid, | ||
nsp.nspname AS schema, | ||
c.relispopulated AS ispopulated, | ||
pg_catalog.pg_get_userbyid(c.relowner) AS owner, | ||
pg_catalog.array_to_string(c.relacl::text[], ', ') AS acl, | ||
pg_catalog.pg_get_viewdef(c.oid, true) AS definition, | ||
{# ===== Checks if it is system view ===== #} | ||
{% if vid and datlastsysoid %} | ||
CASE WHEN {{vid}} <= {{datlastsysoid}} THEN True ELSE False END AS system_view, | ||
{% endif %} | ||
(SELECT | ||
pg_catalog.array_agg(provider || '=' || label) | ||
FROM | ||
pg_catalog.pg_seclabels sl1 | ||
WHERE | ||
sl1.objoid=c.oid AND sl1.objsubid=0 | ||
) AS seclabels, | ||
substring(pg_catalog.array_to_string(c.reloptions, ',') | ||
FROM 'check_option=([a-z]*)') AS check_option, | ||
(substring(pg_catalog.array_to_string(c.reloptions, ',') | ||
FROM 'security_barrier=([a-z|0-9]*)'))::boolean AS security_barrier, | ||
(substring(pg_catalog.array_to_string(c.reloptions, ',') | ||
FROM 'security_invoker=([a-z|0-9]*)'))::boolean AS security_invoker | ||
FROM pg_catalog.pg_class c | ||
LEFT OUTER JOIN pg_catalog.pg_namespace nsp on nsp.oid = c.relnamespace | ||
LEFT OUTER JOIN pg_catalog.pg_tablespace spc on spc.oid=c.reltablespace | ||
LEFT OUTER JOIN pg_catalog.pg_description des ON (des.objoid=c.oid and des.objsubid=0 AND des.classoid='pg_class'::regclass) | ||
WHERE ((c.relhasrules AND (EXISTS ( | ||
SELECT | ||
r.rulename | ||
FROM | ||
pg_catalog.pg_rewrite r | ||
WHERE | ||
((r.ev_class = c.oid) | ||
AND (bpchar(r.ev_type) = '1'::bpchar)) ))) | ||
AND (c.relkind = 'v'::char) | ||
) | ||
{% if (vid and datlastsysoid) %} | ||
AND c.oid = {{vid}}::oid | ||
{% elif scid %} | ||
AND c.relnamespace = {{scid}}::oid | ||
ORDER BY | ||
c.relname | ||
{% endif %} | ||
|
||
{% elif type == 'roles' %} | ||
SELECT | ||
pr.rolname | ||
FROM | ||
pg_catalog.pg_roles pr | ||
WHERE | ||
pr.rolcanlogin | ||
ORDER BY | ||
pr.rolname | ||
|
||
{% elif type == 'schemas' %} | ||
SELECT | ||
nsp.nspname | ||
FROM | ||
pg_catalog.pg_namespace nsp | ||
WHERE | ||
(nsp.nspname NOT LIKE E'pg\\_%' | ||
AND nsp.nspname != 'information_schema') | ||
{% endif %} |
106 changes: 106 additions & 0 deletions
106
...r/server_groups/servers/databases/schemas/views/templates/views/pg/15_plus/sql/update.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
{# ============================ Update View ========================= #} | ||
{% import 'macros/schemas/security.macros' as SECLABEL %} | ||
{% import 'macros/schemas/privilege.macros' as PRIVILEGE %} | ||
{% if data %} | ||
{% set view_name = data.name if data.name else o_data.name %} | ||
{% set view_schema = data.schema if data.schema else o_data.schema %} | ||
{% set def = data.definition.rstrip(';') if data.definition %} | ||
{% if data.name and data.name != o_data.name %} | ||
ALTER VIEW IF EXISTS {{ conn|qtIdent(o_data.schema, o_data.name) }} | ||
RENAME TO {{ conn|qtIdent(data.name) }}; | ||
{% endif %} | ||
{% if data.schema and data.schema != o_data.schema %} | ||
ALTER VIEW IF EXISTS {{ conn|qtIdent(o_data.schema, view_name ) }} | ||
SET SCHEMA {{ conn|qtIdent(data.schema) }}; | ||
{% endif %} | ||
{% if def and def != o_data.definition.rstrip(';') %} | ||
{% if data.del_sql %} | ||
DROP VIEW {{ conn|qtIdent(view_schema, view_name) }}; | ||
|
||
{% endif %} | ||
CREATE OR REPLACE VIEW {{ conn|qtIdent(view_schema, view_name) }} | ||
{% if ((data.check_option and data.check_option.lower() != 'no') or data.security_barrier or data.security_invoker) %} | ||
WITH ({% if (data.check_option or o_data.check_option) %}check_option={{ data.check_option if data.check_option else o_data.check_option }}{{', ' }}{% endif %}security_barrier={{ data.security_barrier|lower if data.security_barrier is defined else o_data.security_barrier|default('false', 'true')|lower }}{{', ' }}security_invoker={{ data.security_invoker|lower if data.security_invoker is defined else o_data.security_invoker|default('false', 'true')|lower }}) | ||
{% endif %} | ||
AS | ||
{{ def }}; | ||
{% if data.del_sql and data.owner is not defined %} | ||
|
||
ALTER TABLE {{ conn|qtIdent(view_schema, view_name) }} | ||
OWNER TO {{ conn|qtIdent(o_data.owner) }}; | ||
{% endif %} | ||
{% else %} | ||
{% if (data.security_barrier is defined and data.security_barrier|lower != o_data.security_barrier|lower) %} | ||
ALTER VIEW IF EXISTS {{ conn|qtIdent(view_schema, view_name) }} | ||
SET (security_barrier={{ data.security_barrier|lower }}); | ||
{% endif %} | ||
{% if (data.security_invoker is defined and data.security_invoker|lower != o_data.security_invoker|lower) %} | ||
ALTER VIEW IF EXISTS {{ conn|qtIdent(view_schema, view_name) }} | ||
SET (security_invoker={{ data.security_invoker|lower }}); | ||
{% endif %} | ||
{% if (data.check_option and data.check_option != o_data.check_option and data.check_option != 'no') %} | ||
ALTER VIEW IF EXISTS {{ conn|qtIdent(view_schema, view_name) }} | ||
SET (check_option={{ data.check_option }}); | ||
{% elif (data.check_option and data.check_option != o_data.check_option and data.check_option == 'no') %} | ||
ALTER VIEW IF EXISTS {{ conn|qtIdent(view_schema, view_name) }} RESET (check_option); | ||
{% endif %} | ||
{% endif %} | ||
{% if data.owner and data.owner != o_data.owner %} | ||
ALTER TABLE IF EXISTS {{ conn|qtIdent(view_schema, view_name) }} | ||
OWNER TO {{ conn|qtIdent(data.owner) }}; | ||
{% endif %} | ||
{% set old_comment = o_data.comment|default('', true) %} | ||
{% if (data.comment is defined and (data.comment != old_comment)) %} | ||
|
||
COMMENT ON VIEW {{ conn|qtIdent(view_schema, view_name) }} | ||
IS {{ data.comment|qtLiteral(conn) }}; | ||
{% elif data.del_sql == True and old_comment != '' %} | ||
COMMENT ON VIEW {{ conn|qtIdent(view_schema, view_name) }} | ||
IS {{ old_comment|qtLiteral(conn) }}; | ||
{% endif %} | ||
{# The SQL generated below will change privileges #} | ||
{% if o_data.acl_sql and o_data.acl_sql != '' %} | ||
{{o_data['acl_sql']}} | ||
{% endif %} | ||
{% if data.datacl %} | ||
{% if 'deleted' in data.datacl %} | ||
{% for priv in data.datacl.deleted %} | ||
{{ PRIVILEGE.UNSETALL(conn, 'TABLE', priv.grantee, data.name, data.schema) }} | ||
{% endfor %} | ||
{% endif %} | ||
{% if 'changed' in data.datacl %} | ||
{% for priv in data.datacl.changed %} | ||
{% if priv.grantee != priv.old_grantee %} | ||
{{ PRIVILEGE.UNSETALL(conn, 'TABLE', priv.old_grantee, data.name, data.schema) }} | ||
{% else %} | ||
{{ PRIVILEGE.UNSETALL(conn, 'TABLE', priv.grantee, data.name, data.schema) }} | ||
{% endif %} | ||
{{ PRIVILEGE.SET(conn, 'TABLE', priv.grantee, data.name, priv.without_grant, priv.with_grant, data.schema) }} | ||
{% endfor %} | ||
{% endif %} | ||
{% if 'added' in data.datacl %} | ||
{% for priv in data.datacl.added %} | ||
{{ PRIVILEGE.SET(conn, 'TABLE', priv.grantee, data.name, priv.without_grant, priv.with_grant, data.schema) }} | ||
{% endfor %} | ||
{% endif %} | ||
{% endif %} | ||
{# The SQL generated below will change Security Label #} | ||
{% if data.seclabels is not none and data.seclabels|length > 0 %} | ||
{% set seclabels = data.seclabels %} | ||
{% if 'deleted' in seclabels and seclabels.deleted|length > 0 %} | ||
{% for r in seclabels.deleted %} | ||
{{ SECLABEL.UNSET(conn, 'VIEW', data.name, r.provider, data.schema) }} | ||
{% endfor %} | ||
{% endif %} | ||
{% if 'added' in seclabels and seclabels.added|length > 0 %} | ||
{% for r in seclabels.added %} | ||
{{ SECLABEL.SET(conn, 'VIEW', data.name, r.provider, r.label, data.schema) }} | ||
{% endfor %} | ||
{% endif %} | ||
{% if 'changed' in seclabels and seclabels.changed|length > 0 %} | ||
{% for r in seclabels.changed %} | ||
{{ SECLABEL.SET(conn, 'VIEW', data.name, r.provider, r.label, data.schema) }} | ||
{% endfor %} | ||
{% endif %} | ||
{% endif %} | ||
{% endif %} |
32 changes: 32 additions & 0 deletions
32
...server_groups/servers/databases/schemas/views/templates/views/ppas/15_plus/sql/create.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
{#============================Create new view=========================#} | ||
{% if display_comments %} | ||
-- View: {{ data.schema }}.{{ data.name }} | ||
|
||
-- DROP VIEW {{ conn|qtIdent(data.schema, data.name) }}; | ||
|
||
{% endif %} | ||
{% if data.name and data.schema and data.definition %} | ||
CREATE{% if add_replace_clause %} OR REPLACE{% endif %} VIEW {{ conn|qtIdent(data.schema, data.name) }} | ||
{% if ((data.check_option and data.check_option.lower() != 'no') or data.security_barrier or data.security_invoker) %} | ||
WITH ( | ||
{% if data.check_option and data.check_option.lower() != 'no' %} | ||
check_option={{ data.check_option }}{% if data.check_option and data.check_option.lower() != 'no' and (data.security_barrier or data.security_invoker) %}, | ||
{% endif %}{% endif %} | ||
{% if data.security_barrier %} | ||
security_barrier={{ data.security_barrier|lower }}{% if data.security_barrier and data.security_invoker %}, | ||
{% endif %}{% endif %} | ||
{% if data.security_invoker %} | ||
security_invoker={{ data.security_invoker|lower }}{% endif %} | ||
|
||
){% endif %} AS | ||
{{ data.definition.rstrip(';') }}; | ||
{% if data.owner and data.m_view is undefined %} | ||
|
||
ALTER TABLE IF EXISTS {{ conn|qtIdent(data.schema, data.name) }} | ||
OWNER TO {{ conn|qtIdent(data.owner) }}; | ||
{% endif %} | ||
{% if data.comment %} | ||
COMMENT ON VIEW {{ conn|qtIdent(data.schema, data.name) }} | ||
IS {{ data.comment|qtLiteral(conn) }}; | ||
{% endif %} | ||
{% endif %} |
73 changes: 73 additions & 0 deletions
73
...er_groups/servers/databases/schemas/views/templates/views/ppas/15_plus/sql/properties.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
{# ========================== Fetch View Properties ========================= #} | ||
{% if (vid and datlastsysoid) or scid %} | ||
SELECT | ||
c.oid, | ||
c.xmin, | ||
c.relkind, | ||
description AS comment, | ||
(CASE WHEN length(spc.spcname::text) > 0 THEN spc.spcname ELSE 'pg_default' END) as spcname, | ||
c.relname AS name, | ||
c.reltablespace AS spcoid, | ||
nsp.nspname AS schema, | ||
c.relispopulated AS ispopulated, | ||
pg_catalog.pg_get_userbyid(c.relowner) AS owner, | ||
pg_catalog.array_to_string(c.relacl::text[], ', ') AS acl, | ||
pg_catalog.pg_get_viewdef(c.oid) AS definition, | ||
{# ===== Checks if it is system view ===== #} | ||
{% if vid and datlastsysoid %} | ||
CASE WHEN {{vid}} <= {{datlastsysoid}} THEN True ELSE False END AS system_view, | ||
{% endif %} | ||
(SELECT | ||
pg_catalog.array_agg(provider || '=' || label) | ||
FROM | ||
pg_catalog.pg_seclabels sl1 | ||
WHERE | ||
sl1.objoid=c.oid AND sl1.objsubid=0 | ||
) AS seclabels, | ||
substring(pg_catalog.array_to_string(c.reloptions, ',') | ||
FROM 'check_option=([a-z]*)') AS check_option, | ||
(substring(pg_catalog.array_to_string(c.reloptions, ',') | ||
FROM 'security_barrier=([a-z|0-9]*)'))::boolean AS security_barrier, | ||
(substring(pg_catalog.array_to_string(c.reloptions, ',') | ||
FROM 'security_invoker=([a-z|0-9]*)'))::boolean AS security_invoker | ||
FROM pg_catalog.pg_class c | ||
LEFT OUTER JOIN pg_catalog.pg_namespace nsp on nsp.oid = c.relnamespace | ||
LEFT OUTER JOIN pg_catalog.pg_tablespace spc on spc.oid=c.reltablespace | ||
LEFT OUTER JOIN pg_catalog.pg_description des ON (des.objoid=c.oid and des.objsubid=0 AND des.classoid='pg_class'::regclass) | ||
WHERE ((c.relhasrules AND (EXISTS ( | ||
SELECT | ||
r.rulename | ||
FROM | ||
pg_catalog.pg_rewrite r | ||
WHERE | ||
((r.ev_class = c.oid) | ||
AND (pg_catalog.bpchar(r.ev_type) = '1'::bpchar)) ))) | ||
AND (c.relkind = 'v'::char) | ||
) | ||
{% if (vid and datlastsysoid) %} | ||
AND c.oid = {{vid}}::oid | ||
{% elif scid %} | ||
AND c.relnamespace = {{scid}}::oid | ||
ORDER BY | ||
c.relname | ||
{% endif %} | ||
|
||
{% elif type == 'roles' %} | ||
SELECT | ||
pr.rolname | ||
FROM | ||
pg_catalog.pg_roles pr | ||
WHERE | ||
pr.rolcanlogin | ||
ORDER BY | ||
pr.rolname | ||
|
||
{% elif type == 'schemas' %} | ||
SELECT | ||
nsp.nspname | ||
FROM | ||
pg_catalog.pg_namespace nsp | ||
WHERE | ||
(nsp.nspname NOT LIKE E'pg\\_%' | ||
AND nsp.nspname != 'information_schema') | ||
{% endif %} |
Oops, something went wrong.