Skip to content

Commit b0fd7e9

Browse files
laurenzlaurenz
committed
Improve the check constraint
1 parent 8c948a3 commit b0fd7e9

File tree

1 file changed

+16
-4
lines changed

1 file changed

+16
-4
lines changed

pg_permissions--1.0.sql

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ SELECT obj_type 'TABLE' AS object_type,
4040
has_table_privilege(r.oid, t.oid, p.perm) AS granted
4141
FROM pg_catalog.pg_class AS t
4242
CROSS JOIN pg_catalog.pg_roles AS r
43-
CROSS JOIN (VALUES (TEXT 'INSERT'), ('UPDATE'), ('DELETE'), ('TRUNCATE'), ('REFERENCES'), ('TRIGGER')) AS p(perm)
43+
CROSS JOIN (VALUES (TEXT 'SELECT'), ('INSERT'), ('UPDATE'), ('DELETE'), ('TRUNCATE'), ('REFERENCES'), ('TRIGGER')) AS p(perm)
4444
WHERE t.relnamespace::regnamespace::name <> 'information_schema'
4545
AND t.relnamespace::regnamespace::name NOT LIKE 'pg_%'
4646
AND t.relkind = 'r'
@@ -58,7 +58,7 @@ SELECT obj_type 'VIEW' AS object_type,
5858
has_table_privilege(r.oid, t.oid, p.perm) AS granted
5959
FROM pg_catalog.pg_class AS t
6060
CROSS JOIN pg_catalog.pg_roles AS r
61-
CROSS JOIN (VALUES ('INSERT'), ('UPDATE'), ('DELETE'), ('TRIGGER')) AS p(perm)
61+
CROSS JOIN (VALUES (TEXT 'SELECT'), ('INSERT'), ('UPDATE'), ('DELETE'), ('TRUNCATE'), ('REFERENCES'), ('TRIGGER')) AS p(perm)
6262
WHERE t.relnamespace::regnamespace::name <> 'information_schema'
6363
AND t.relnamespace::regnamespace::name NOT LIKE 'pg_%'
6464
AND t.relkind = 'v'
@@ -77,7 +77,7 @@ SELECT obj_type 'COLUMN' AS object_type,
7777
FROM pg_catalog.pg_class AS t
7878
JOIN pg_catalog.pg_attribute AS c ON t.oid = c.attrelid
7979
CROSS JOIN pg_catalog.pg_roles AS r
80-
CROSS JOIN (VALUES ('INSERT'), ('UPDATE'), ('SELECT'), ('REFERENCES')) AS p(perm)
80+
CROSS JOIN (VALUES ('SELECT'), ('INSERT'), ('UPDATE'), ('REFERENCES')) AS p(perm)
8181
WHERE t.relnamespace::regnamespace::name <> 'information_schema'
8282
AND t.relnamespace::regnamespace::name NOT LIKE 'pg_%'
8383
AND c.attnum > 0 AND NOT c.attisdropped
@@ -182,12 +182,24 @@ CREATE TABLE permission_target (
182182
schema_name name,
183183
object_name text,
184184
column_name name,
185+
CONSTRAINT permission_target_valid
185186
CHECK (CASE WHEN object_type = 'DATABASE'
186187
THEN schema_name IS NULL AND object_name IS NULL AND column_name IS NULL
188+
AND ARRAY['CONNECT','CREATE','TEMPORARY']::perm_type[] @> permissions
187189
WHEN object_type = 'SCHEMA'
188190
THEN object_name IS NULL AND column_name IS NULL
189-
WHEN object_type IN ('TABLE', 'VIEW', 'SEQUENCE', 'FUNCTION')
191+
AND ARRAY['CREATE','USAGE']::perm_type[] @> permissions
192+
WHEN object_type IN ('TABLE', 'VIEW')
190193
THEN column_name IS NULL
194+
AND ARRAY['SELECT','INSERT','UPDATE','DELETE','TRUNCATE','REFERENCES','TRIGGER']::perm_type[] @> permissions
195+
WHEN object_type = 'SEQUENCE'
196+
THEN column_name IS NULL
197+
AND ARRAY['SELECT','USAGE','UPDATE']::perm_type[] @> permissions
198+
WHEN object_type = 'FUNCTION'
199+
THEN column_name IS NULL
200+
AND ARRAY['EXECUTE']::perm_type[] @> permissions
201+
WHEN object_type = 'COLUMN'
202+
THEN ARRAY['SELECT','INSERT','UPDATE','REFERENCES']::perm_type[] @> permissions
191203
END)
192204
);
193205

0 commit comments

Comments
 (0)