From 26a0b3706561f5ffeebaccbb27b1d1e0066eee4d Mon Sep 17 00:00:00 2001 From: Sean Murthy Date: Sun, 11 Aug 2019 22:31:37 -0400 Subject: [PATCH 1/3] Clarify comment on granting login privilege Fixes #280 --- src/db/core/addRoleBaseMgmtCore.sql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/db/core/addRoleBaseMgmtCore.sql b/src/db/core/addRoleBaseMgmtCore.sql index 51115d6..ebbc151 100644 --- a/src/db/core/addRoleBaseMgmtCore.sql +++ b/src/db/core/addRoleBaseMgmtCore.sql @@ -309,9 +309,9 @@ BEGIN ); END IF; - --give the server role LOGIN capability if it is a user - --do not remove LOGIN for a team, because instructors may have their reasons - -- to make a LOGIN server role a team + --in case a pre-existing server role is now registered, give that role LOGIN + -- capability if it is a user (in case that privilege was somehow removed); + -- but don'o't remove LOGIN from a team: instr. may have reason to let a team login IF NOT($3 OR ClassDB.canLogin($1)) THEN EXECUTE FORMAT('ALTER ROLE %s LOGIN', $1); END IF; From 796a379fca16ba76380ce61448b59e14558c2436 Mon Sep 17 00:00:00 2001 From: Sean Murthy Date: Sun, 11 Aug 2019 23:09:26 -0400 Subject: [PATCH 2/3] Permit and revoke db connection at role create and revoke Permit db connection when a login role is created; revoke db connection when a role name no longer has any ClassDB role. --- src/db/core/addRoleBaseMgmtCore.sql | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/db/core/addRoleBaseMgmtCore.sql b/src/db/core/addRoleBaseMgmtCore.sql index ebbc151..c04d163 100644 --- a/src/db/core/addRoleBaseMgmtCore.sql +++ b/src/db/core/addRoleBaseMgmtCore.sql @@ -316,6 +316,16 @@ BEGIN EXECUTE FORMAT('ALTER ROLE %s LOGIN', $1); END IF; + --permit the role to connect to this database + -- can remove this code segment if db-specific group roles are used (when + -- initializing the database) to address Issue #277 + --this code segment is intentionally not merge/optimize with the preceding + -- segment (which grants LOGIN to a user role) for clarity, and to make it + -- easier to remove/modify this code when Issue #277 is addressed + IF ClassDB.canLogin($1) THEN + EXECUTE FORMAT('GRANT CONNECT ON DATABASE %I TO %s', current_database(), $1); + END IF; + -------- schema management -------------------------------------- @@ -426,6 +436,15 @@ BEGIN --revoke the specified ClassDB role from the role EXECUTE FORMAT('REVOKE %s FROM %s', $2, $1); + --if rolename revoked has no more ClassDB roles, revoke connection to this DB + -- can remove this code segment if db-specific group roles are used (when + -- initializing the database) to address Issue #277 + IF (NOT ClassDB.hasClassDBRole($1)) THEN + EXECUTE FORMAT('REVOKE CONNECT ON DATABASE %I FROM %s', + current_database(), $1 + ); + END IF; + END; $$ LANGUAGE plpgsql SECURITY DEFINER; From 6400097760961efa063a48bff22b20ea22428c1b Mon Sep 17 00:00:00 2001 From: Sean Murthy Date: Sun, 11 Aug 2019 23:11:36 -0400 Subject: [PATCH 3/3] Remove automatic db connection to classdb group roles DB connection is now managed separately for each role with login. Fixes #278 --- src/db/core/initializeDBCore.sql | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/db/core/initializeDBCore.sql b/src/db/core/initializeDBCore.sql index 4ca7bae..797aa5a 100644 --- a/src/db/core/initializeDBCore.sql +++ b/src/db/core/initializeDBCore.sql @@ -78,10 +78,19 @@ BEGIN -- Postgres grants CONNECT to all by default EXECUTE format('REVOKE CONNECT ON DATABASE %I FROM PUBLIC', currentDB); + + --the comment and code segment within lined comments can be reinstated if + -- db-specific roles are used to address Issue #277 + -- at that time also look at related comments and code in functions createRole + -- and revokeClassDBRole + -- the purpose of the disabled code is to address Issue #278 before Issue #277 + +-------------------------------------------------------------------------------- --Let only app-specific roles connect to the DB -- no need for ClassDB to connect to the DB - EXECUTE format('GRANT CONNECT ON DATABASE %I TO ClassDB_Instructor, ' - 'ClassDB_Student, ClassDB_DBManager', currentDB); + --EXECUTE format('GRANT CONNECT ON DATABASE %I TO ClassDB_Instructor, ' + -- 'ClassDB_Student, ClassDB_DBManager', currentDB); +-------------------------------------------------------------------------------- --Allow ClassDB and ClassDB users to create schemas on the current database EXECUTE format('GRANT CREATE ON DATABASE %I TO ClassDB, ClassDB_Instructor,'