/*** provide current user access to their own information ***/
create view s_users.v_associations_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not),
+ with this_user as (select id from v_users_self_locked_not),
allowed_groups as (select id from s_users.v_groups_self)
select id, id_manager, id_coordinator, id_group, id_sort, name_machine, name_human, is_approved, is_cancelled, is_denied, is_troubled, is_locked, date_created, date_changed, date_synced, date_approved, date_cancelled, date_denied, date_troubled, date_locked, field_affiliation, field_classification from s_tables.t_associations
where not is_deleted and (id_manager in (select * from this_user) or id_group in (select * from allowed_groups));
/*** provide current user access to associations who they are assigned as the manager of ***/
create view s_users.v_associations_manage with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id, id_creator, id_coordinator, id_group, id_sort, name_machine, name_human, is_approved, is_cancelled, is_denied, is_troubled, is_locked, date_created, date_changed, date_synced, date_approved, date_cancelled, date_denied, date_troubled, date_locked, field_affiliation, field_classification from s_tables.t_associations
where not is_deleted and id_manager in (select * from this_user);
/*** provide current user access to associations who they are assigned as the coordinator of ***/
create view s_users.v_associations_coordinate with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id, id_creator, id_manager, id_group, id_sort, name_machine, name_human, is_approved, is_cancelled, is_denied, is_troubled, is_locked, date_created, date_changed, date_synced, date_approved, date_cancelled, date_denied, date_troubled, date_locked, field_affiliation, field_classification from s_tables.t_associations
where not is_deleted and id_coordinator in (select * from this_user);
/** provide current user access to insert their own associations (with them as the manager) **/
create view s_users.v_associations_self_insert with (security_barrier=true) as
select id_manager, id_group, id_coordinator, name_machine, name_human, field_affiliation, field_classification from s_tables.t_associations
- where not is_deleted and id_manager in (select id from public.v_users_self_locked_not)
+ where not is_deleted and id_manager in (select id from v_users_self_locked_not)
with check option;
grant insert on s_users.v_associations_self_insert to r_reservation_requester, r_reservation_reviewer;
/** provide current user access to update associations they manager **/
create view s_users.v_associations_self_update with (security_barrier=true) as
select id_manager, id_group, id_coordinator, name_machine, name_human, date_changed, field_affiliation, field_classification from s_tables.t_associations
- where not is_deleted and id_manager in (select id from public.v_users_self_locked_not)
+ where not is_deleted and id_manager in (select id from v_users_self_locked_not)
with check option;
grant update on s_users.v_associations_self_update to r_reservation_requester, r_reservation_reviewer;
/*** provide group managers access to manage their groups ***/
create view s_users.v_groups_manage_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id, id_external, name_machine, name_human, is_locked, is_composite, is_user, can_manage_paths, settings from s_tables.t_groups
where not is_deleted and id_manager in (select * from this_user);
create view s_users.v_groups_manage_update with (security_barrier=true) as
select id, id_external, name_machine, name_human, is_locked, is_composite, is_user, can_manage_paths, settings from s_tables.t_groups
- where not is_deleted and id_manager in (select id from public.v_users_self_locked_not)
+ where not is_deleted and id_manager in (select id from v_users_self_locked_not)
with check option;
grant update on s_users.v_groups_manage_update to r_reservation, r_reservation_system;
/*** provide current user access to their own information ***/
create view s_users.v_groups_self with (security_barrier=true) as
- with allowed_groups as (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from public.v_users_self_locked_not))
+ with allowed_groups as (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from v_users_self_locked_not))
select id, id_external, id_manager, name_machine, name_human, is_locked, is_composite, date_created, date_changed, date_synced, can_manage_paths, settings from s_tables.t_groups
where not is_deleted and id in (select * from allowed_groups);
/*** provide group managers access to manage users assigned to their groups (any user id less than 1000 is reserved/special case, prohibit those). ***/
create view s_users.v_group_users_manage with (security_barrier=true) as
- with managed_groups as (select id from s_tables.t_groups where not is_deleted and id_manager in (select id from public.v_users_self_locked_not)),
+ with managed_groups as (select id from s_tables.t_groups where not is_deleted and id_manager in (select id from v_users_self_locked_not)),
available_users as (select id from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public)
select id_user, id_group, is_locked from s_tables.t_group_users
where not is_deleted and id_group in (select * from managed_groups) and id_user in (select * from available_users);
create view s_users.v_group_users_manage_insert with (security_barrier=true) as
select id_user, id_group from s_tables.t_group_users
- where not is_deleted and id_group in (select id from s_users.v_groups_manage_self) and id_group in (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from public.v_users_self_locked_not)) and id_user in (select id from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public)
+ where not is_deleted and id_group in (select id from s_users.v_groups_manage_self) and id_group in (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from v_users_self_locked_not)) and id_user in (select id from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public)
with check option;
grant insert on s_users.v_group_users_manage_insert to r_reservation, r_reservation_system;
create view s_users.v_group_users_manage_update with (security_barrier=true) as
select id_user, id_group from s_tables.t_group_users
- where not is_deleted and id_group in (select id from s_users.v_groups_manage_self) and id_group in (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from public.v_users_self_locked_not)) and id_user in (select id from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public)
+ where not is_deleted and id_group in (select id from s_users.v_groups_manage_self) and id_group in (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from v_users_self_locked_not)) and id_user in (select id from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public)
with check option;
grant update on s_users.v_group_users_manage_update to r_reservation, r_reservation_system;
/*** provide current user access to their own information ***/
create view s_users.v_signatures_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id, id_type, id_request, date_created, field_fingerprint, field_signature from s_tables.t_signatures
where not is_deleted and id_creator in (select * from this_user);
/** provide current user access to insert their own associations **/
create view s_users.v_signatures_self_insert with (security_barrier=true) as
select id, id_type, id_creator, id_request, field_fingerprint, field_signature from s_tables.t_signatures
- where not is_deleted and id_creator in (select id from public.v_users_self_locked_not)
+ where not is_deleted and id_creator in (select id from v_users_self_locked_not)
with check option;
grant insert on s_users.v_signatures_self_insert to r_reservation, r_reservation_system;
/** only allow select and insert for users when user id is current user **/
create view s_users.v_log_groups_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id, id_user, id_group, log_type, log_type_sub, log_severity, log_facility, log_details, log_date from s_tables.t_log_groups
where id_user in (select * from this_user);
create view s_users.v_log_groups_self_insert with (security_barrier=true) as
select id_group, log_type, log_type_sub, log_severity, log_facility, log_details from s_tables.t_log_groups
- where id_user in (select id from public.v_users_self_locked_not) and id_group in (select id from s_users.v_groups_self where not is_locked)
+ where id_user in (select id from v_users_self_locked_not) and id_group in (select id from s_users.v_groups_self where not is_locked)
with check option;
grant insert on s_users.v_log_groups_self_insert to r_reservation, r_reservation_system;
/** only allow select and insert for users when user id is current user **/
create view s_users.v_log_group_users_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not),
+ with this_user as (select id from v_users_self_locked_not),
allowed_groups as (select id from s_users.v_groups_self where not is_locked)
select id, id_user, id_group, log_type, log_type_sub, log_severity, log_facility, log_date from s_tables.t_log_group_users
where id_user in (select * from this_user) or id_group in (select * from allowed_groups);
create view s_users.v_log_group_users_self_insert with (security_barrier=true) as
select id_group, log_type, log_type_sub, log_severity, log_facility from s_tables.t_log_group_users
- where id_user in (select id from public.v_users_self_locked_not) and id_group in (select id from s_users.v_groups_self where not is_locked)
+ where id_user in (select id from v_users_self_locked_not) and id_group in (select id from s_users.v_groups_self where not is_locked)
with check option;
grant insert on s_users.v_log_group_users_self_insert to r_reservation, r_reservation_system;
/** only allow select, insert, and delete for users when user id is current user **/
create view s_users.v_log_problems_users_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id_problem, date_created, date_changed, log_details from s_tables.t_log_problems_users
where id_user in (select * from this_user);
create view s_users.v_log_problems_users_self_insert with (security_barrier=true) as
select id_problem, date_changed, log_details from s_tables.t_log_problems_users
- where id_user in (select id from public.v_users_self_locked_not)
+ where id_user in (select id from v_users_self_locked_not)
with check option;
grant insert on s_users.v_log_problems_users_self_insert to r_reservation, r_reservation_system;
create view s_users.v_log_problems_users_self_delete with (security_barrier=true) as
select id_problem from s_tables.t_log_problems_users
- where id_user in (select id from public.v_users_self_locked_not)
+ where id_user in (select id from v_users_self_locked_not)
with check option;
grant delete on s_users.v_log_problems_users_self_delete to r_reservation, r_reservation_system;
/** only allow select and insert for users when user id is current user **/
create view s_users.v_log_users_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id, id_user, log_title, log_type, log_type_sub, log_severity, log_facility, log_details, log_date, request_client, response_code from s_tables.t_log_users
where id_user in (select * from this_user);
create view s_users.v_log_users_self_insert with (security_barrier=true) as
select log_title, log_type, log_type_sub, log_severity, log_facility, log_details, request_client, response_code from s_tables.t_log_users
- where id_user in (select id from public.v_users_self_locked_not)
+ where id_user in (select id from v_users_self_locked_not)
with check option;
grant insert on s_users.v_log_users_self_insert to r_reservation, r_reservation_system;
/** only allow select and insert for users when user id is current user **/
create view s_users.v_log_user_activity_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id, id_user, request_path, request_arguments, request_date, request_client, request_headers, response_headers, response_code from s_tables.t_log_user_activity
where id_user in (select * from this_user);
create view s_users.v_log_user_activity_self_insert with (security_barrier=true) as
select request_path, request_arguments, request_client, request_headers, response_headers, response_code from s_tables.t_log_user_activity
- where id_user in (select id from public.v_users_self_locked_not)
+ where id_user in (select id from v_users_self_locked_not)
with check option;
grant insert on s_users.v_log_user_activity_self_insert to r_reservation, r_reservation_system;
/** public users should be able to insert, but should never be able to view the logs that they insert. **/
create view public.v_log_user_activity_self_insert with (security_barrier=true) as
select request_path, request_arguments, request_client, request_headers, response_headers, response_code from s_tables.t_log_user_activity
- where id_user in (select id from public.v_users_self_locked_not)
+ where id_user in (select id from v_users_self_locked_not)
with check option;
grant insert on public.v_log_user_activity_self_insert to r_reservation_public;
/*** provide group managers access to manage their groups ***/
create view s_users.v_groups_manage_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id, id_external, name_machine, name_human, is_locked, is_composite, is_user, can_manage_paths, settings from s_tables.t_groups
where not is_deleted and id_manager in (select * from this_user);
create view s_users.v_groups_manage_update with (security_barrier=true) as
select id, id_external, name_machine, name_human, is_locked, is_composite, is_user, can_manage_paths, settings from s_tables.t_groups
- where not is_deleted and id_manager in (select id from public.v_users_self_locked_not)
+ where not is_deleted and id_manager in (select id from v_users_self_locked_not)
with check option;
grant update on s_users.v_groups_manage_update to r_standard, r_standard_system;
/*** provide current user access to their own information ***/
create view s_users.v_groups_self with (security_barrier=true) as
- with allowed_groups as (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from public.v_users_self_locked_not))
+ with allowed_groups as (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from v_users_self_locked_not))
select id, id_external, id_manager, name_machine, name_human, is_locked, is_composite, date_created, date_changed, date_synced, can_manage_paths, settings from s_tables.t_groups
where not is_deleted and id in (select * from allowed_groups);
/*** provide group managers access to manage users assigned to their groups (any user id less than 1000 is reserved/special case, prohibit those). ***/
create view s_users.v_group_users_manage with (security_barrier=true) as
- with managed_groups as (select id from s_tables.t_groups where not is_deleted and id_manager in (select id from public.v_users_self_locked_not)),
+ with managed_groups as (select id from s_tables.t_groups where not is_deleted and id_manager in (select id from v_users_self_locked_not)),
available_users as (select id from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public)
select id_user, id_group, is_locked from s_tables.t_group_users
where not is_deleted and id_group in (select * from managed_groups) and id_user in (select * from available_users);
create view s_users.v_group_users_manage_insert with (security_barrier=true) as
select id_user, id_group from s_tables.t_group_users
- where not is_deleted and id_group in (select id from s_users.v_groups_manage_self) and id_group in (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from public.v_users_self_locked_not)) and id_user in (select id from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public)
+ where not is_deleted and id_group in (select id from s_users.v_groups_manage_self) and id_group in (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from v_users_self_locked_not)) and id_user in (select id from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public)
with check option;
grant insert on s_users.v_group_users_manage_insert to r_standard, r_standard_system;
create view s_users.v_group_users_manage_update with (security_barrier=true) as
select id_user, id_group from s_tables.t_group_users
- where not is_deleted and id_group in (select id from s_users.v_groups_manage_self) and id_group in (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from public.v_users_self_locked_not)) and id_user in (select id from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public)
+ where not is_deleted and id_group in (select id from s_users.v_groups_manage_self) and id_group in (select id_group from s_tables.t_group_users where not is_deleted and not is_locked and id_user in (select id from v_users_self_locked_not)) and id_user in (select id from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public)
with check option;
grant update on s_users.v_group_users_manage_update to r_standard, r_standard_system;
/** only allow select and insert for users when user id is current user **/
create view s_users.v_log_groups_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id, id_user, id_group, log_type, log_type_sub, log_severity, log_facility, log_details, log_date from s_tables.t_log_groups
where id_user in (select * from this_user);
create view s_users.v_log_groups_self_insert with (security_barrier=true) as
select id_group, log_type, log_type_sub, log_severity, log_facility, log_details from s_tables.t_log_groups
- where id_user in (select id from public.v_users_self_locked_not) and id_group in (select id from s_users.v_groups_self where not is_locked)
+ where id_user in (select id from v_users_self_locked_not) and id_group in (select id from s_users.v_groups_self where not is_locked)
with check option;
grant insert on s_users.v_log_groups_self_insert to r_standard, r_standard_system;
/** only allow select and insert for users when user id is current user **/
create view s_users.v_log_group_users_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not),
+ with this_user as (select id from v_users_self_locked_not),
allowed_groups as (select id from s_users.v_groups_self where not is_locked)
select id, id_user, id_group, log_type, log_type_sub, log_severity, log_facility, log_date from s_tables.t_log_group_users
where id_user in (select * from this_user) or id_group in (select * from allowed_groups);
create view s_users.v_log_group_users_self_insert with (security_barrier=true) as
select id_group, log_type, log_type_sub, log_severity, log_facility from s_tables.t_log_group_users
- where id_user in (select id from public.v_users_self_locked_not) and id_group in (select id from s_users.v_groups_self where not is_locked)
+ where id_user in (select id from v_users_self_locked_not) and id_group in (select id from s_users.v_groups_self where not is_locked)
with check option;
grant insert on s_users.v_log_group_users_self_insert to r_standard, r_standard_system;
/** only allow select, insert, and delete for users when user id is current user **/
create view s_users.v_log_problems_users_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id_problem, date_created, date_changed, log_details from s_tables.t_log_problems_users
where id_user in (select * from this_user);
create view s_users.v_log_problems_users_self_insert with (security_barrier=true) as
select id_problem, date_changed, log_details from s_tables.t_log_problems_users
- where id_user in (select id from public.v_users_self_locked_not)
+ where id_user in (select id from v_users_self_locked_not)
with check option;
grant insert on s_users.v_log_problems_users_self_insert to r_standard, r_standard_system;
create view s_users.v_log_problems_users_self_delete with (security_barrier=true) as
select id_problem from s_tables.t_log_problems_users
- where id_user in (select id from public.v_users_self_locked_not)
+ where id_user in (select id from v_users_self_locked_not)
with check option;
grant delete on s_users.v_log_problems_users_self_delete to r_standard, r_standard_system;
/** only allow select and insert for users when user id is current user **/
create view s_users.v_log_users_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id, id_user, log_title, log_type, log_type_sub, log_severity, log_facility, log_details, log_date, request_client, response_code from s_tables.t_log_users
where id_user in (select * from this_user);
create view s_users.v_log_users_self_insert with (security_barrier=true) as
select log_title, log_type, log_type_sub, log_severity, log_facility, log_details, request_client, response_code from s_tables.t_log_users
- where id_user in (select id from public.v_users_self_locked_not)
+ where id_user in (select id from v_users_self_locked_not)
with check option;
grant insert on s_users.v_log_users_self_insert to r_standard, r_standard_system;
/** only allow select and insert for users when user id is current user **/
create view s_users.v_log_user_activity_self with (security_barrier=true) as
- with this_user as (select id from public.v_users_self_locked_not)
+ with this_user as (select id from v_users_self_locked_not)
select id, id_user, request_path, request_arguments, request_date, request_client, request_headers, response_headers, response_code from s_tables.t_log_user_activity
where id_user in (select * from this_user);
create view s_users.v_log_user_activity_self_insert with (security_barrier=true) as
select request_path, request_arguments, request_client, request_headers, response_headers, response_code from s_tables.t_log_user_activity
- where id_user in (select id from public.v_users_self_locked_not)
+ where id_user in (select id from v_users_self_locked_not)
with check option;
grant insert on s_users.v_log_user_activity_self_insert to r_standard, r_standard_system;
/** public users should be able to insert, but should never be able to view the logs that they insert. **/
create view public.v_log_user_activity_self_insert with (security_barrier=true) as
select request_path, request_arguments, request_client, request_headers, response_headers, response_code from s_tables.t_log_user_activity
- where id_user in (select id from public.v_users_self_locked_not)
+ where id_user in (select id from v_users_self_locked_not)
with check option;
grant insert on public.v_log_user_activity_self_insert to r_standard_public;
projects / koopa / commitdiff