CREATE OR REPLACE FUNCTION admin_add_user_to_role(in_user TEXT, in_role TEXT) returns INT AS $$
declare
stmt TEXT;
a_role name;
a_user name;
BEGIN
-- Issue the grant
select rolname into a_role from pg_roles where rolname = in_role;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot grant permissions of a non-existant role.';
END IF;
select rolname into a_user from pg_roles where rolname = in_user;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot grant permissions to a non-existant user.';
END IF;
stmt := 'GRANT '|| in_role ||' to '|| in_user;
EXECUTE stmt;
return 1;
END;
$$ language 'plpgsql';
CREATE OR REPLACE FUNCTION admin_remove_user_from_role(in_user TEXT, in_role TEXT) returns INT AS $$
declare
stmt TEXT;
a_role name;
a_user name;
BEGIN
-- Issue the grant
select rolname into a_role from pg_roles where rolname = in_role;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot revoke permissions of a non-existant role.';
END IF;
select rolname into a_user from pg_roles where rolname = in_user;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot revoke permissions from a non-existant user.';
END IF;
stmt := 'REVOKE '|| in_role ||' FROM '|| in_user;
EXECUTE stmt;
return 1;
END;
$$ language 'plpgsql';
CREATE OR REPLACE FUNCTION admin_add_function_to_group(in_func TEXT, in_role TEXT) returns INT AS $$
declare
stmt TEXT;
a_role name;
a_user name;
BEGIN
-- Issue the grant
select rolname into a_role from pg_roles where rolname = in_role;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot grant permissions of a non-existant role.';
END IF;
select rolname into a_user from pg_roles where rolname = in_user;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot grant permissions to a non-existant user.';
END IF;
stmt := 'GRANT EXECUTE ON FUNCTION '|| in_func ||' to '|| in_role;
EXECUTE stmt;
return 1;
END;
$$ language 'plpgsql';
CREATE OR REPLACE FUNCTION admin_remove_function_from_group(in_func TEXT, in_role TEXT) returns INT AS $$
declare
stmt TEXT;
a_role name;
a_user name;
BEGIN
-- Issue the grant
select rolname into a_role from pg_roles where rolname = in_role;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot revoke permissions of a non-existant role.';
END IF;
select rolname into a_user from pg_roles where rolname = in_user;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot revoke permissions from a non-existant function.';
END IF;
stmt := 'REVOKE EXECUTE ON FUNCTION '|| in_func ||' FROM '|| in_role;
EXECUTE stmt;
return 1;
END;
$$ language 'plpgsql';
CREATE OR REPLACE FUNCTION admin_add_table_to_group(in_table TEXT, in_role TEXT, in_perm TEXT) returns INT AS $$
declare
stmt TEXT;
a_role name;
a_user name;
BEGIN
-- Issue the grant
select rolname into a_role from pg_roles where rolname = in_role;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot grant permissions of a non-existant role.';
END IF;
select table_name into a_table from information_schema.tables
where table_schema NOT IN ('information_schema','pg_catalog','pg_toast')
and table_type='BASE TABLE'
and table_name = in_table;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot grant permissions to a non-existant table.';
END IF;
if lower(in_perm) not in ('select','insert','update','delete') THEN
raise exception 'Cannot add unknown permission';
END IF;
stmt := 'GRANT '|| in_perm|| 'ON TABLE '|| in_table ||' to '|| in_role;
EXECUTE stmt;
return 1;
END;
$$ language 'plpgsql';
CREATE OR REPLACE FUNCTION admin_remove_table_from_group(in_table TEXT, in_role TEXT) returns INT AS $$
declare
stmt TEXT;
a_role name;
a_table text;
BEGIN
-- Issue the grant
select rolname into a_role from pg_roles where rolname = in_role;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot revoke permissions of a non-existant role.';
END IF;
SELECT table_schema, table_name from
select table_name into a_table from information_schema.tables
where table_schema NOT IN ('information_schema','pg_catalog','pg_toast')
and table_type='BASE TABLE'
and table_name = in_table;
IF NOT FOUND THEN
RAISE EXCEPTION 'Cannot revoke permissions from a non-existant table.';
END IF;
stmt := 'REVOKE '|| in_role ||' FROM '|| in_user;
EXECUTE stmt;
return 1;
END;
$$ language 'plpgsql';
create or replace function admin_get_user(in_user TEXT) returns setof user as $$
DECLARE
a_user user;
BEGIN
select * into a_user from user where username = in_user;
IF NOT FOUND THEN
RAISE EXCEPTION 'cannot find user %', in_user;
END IF;
return a_user;
END;
$$ language plpgsql;
create or replace function admin_get_roles_for_user(in_user TEXT) returns setof lsmb_roles as $$
declare
u_role lsmb_roles;
a_user user;
begin
select * into a_user from admin_get_user(in_user);
FOR u_role IN select * from lsmb_roles WHERE user = a_user.id LOOP
RETURN NEXT a_role;
END LOOP;
RETURN;
end;
$$ language 'plpgsql';
CREATE OR REPLACE FUNCTION admin_save_user(
in_id int,
in_username text,
in_password TEXT,
in_dbname TEXT,
in_host TEXT,
in_port TEXT
) returns int AS $$
DECLARE
a_user user;
v_entity_id int;
p_id int;
l_id int;
stmt text;
BEGIN
select * into a_user from user where id = in_id;
IF NOT FOUND THEN
-- Insert cycle
--- First, create an entity.
if admin_is_user(in_username) then
-- uhm, this is bad.
RAISE EXCEPTION
"Fatal exception: Username already exists in Postgres; not
a valid lsmb user.";
end if;
v_entity_id := nextval('entity_id_seq');
INSERT INTO entity (id, name, entity_class) VALUES (
v_entity_id,
in_first_name || ' ' || in_last_name,
3
);
-- create an actual user
insert into users (name, entity_id) VALUES (
in_username,
v_entity_id
);
insert into user_connection (entity_id, database, host, port)
VALUES (
v_entity_id,
in_database,
in_host,
in_port
);
-- Finally, issue the create user statement
stmt := $$CREATE USER $$||in_username||$$WITH ENCRYPTED PASSWORD '$$||in_password||$$;'$$;
execute stmt;
return v_entity_id;
ELSIF FOUND THEN
-- update cycle
-- Only update if it's changed. Wewt.
UPDATE entity SET name = in_first_name || ' ' || in_last_name
WHERE entity_id = a_user.entity_id and
name <> in_first_name || ' ' || in_last_name;
stmt := $$ alter user $$ || in_username || $$ with encrypted password $1$$$ || in_password || $$$1$ $$;
execute stmt;
update user_connection set database = in_database, host = in_host, port = in_port
where database <> in_database
OR host <> in_host
OR port <> in_port;
return a_user.id;
END IF;
END;
$$ language 'plpgsql';
create view role_view as
select * from pg_auth_members m join pg_authid a ON (m.roleid = a.oid);
create or replace function admin_is_group(in_group_name text) returns bool as $$
DECLARE
existant_role role_view;
stmt text;
BEGIN
select * into role_view from role_view where rolname = in_group_name;
if not found then
return 'f'::bool;
else
return 't'::bool;
end if;
END;
$$ language 'plpgsql';
CREATE OR REPLACE FUNCTION admin_create_group(in_group_name TEXT, in_dbname TEXT) RETURNS int as $$
DECLARE
stmt text;
BEGIN
stmt := 'create role '||in_dbname||'_lsmb_$$' || in_group_name || '$$;';
execute stmt;
return 1;
END;
$$ language 'plpgsql';
CREATE OR REPLACE FUNCTION admin_delete_user(in_username TEXT) returns INT as $$
DECLARE
stmt text;
a_user user;
BEGIN
select * into a_user from users where username = in_username;
IF NOT FOUND THEN
raise exception "User not found.";
ELSIF FOUND THEN
stmt := $$ drop user $$ || a_user.username ||;
execute stmt;
-- also gets user_connection
delete from users where id = a_user.id;
delete from entity where id = a_user.entity_id;
END IF;
END;
$$ language 'plpgsql';
comment on function admin_delete_user(text) is $$
Drops the provided user, as well as deletes the entity and user configuration data.
$$;
CREATE OR REPLACE FUNCTION admin_delete_group (in_group_name TEXT) returns bool as $$
DECLARE
stmt text;
a_role role_view;
BEGIN
select * into a_role from role_view where rolname = in_group_name;
if not found then
return 'f'::bool;
else
stmt := 'drop role $dbname_lsmb_$$' || in_group_name || '$$;';
execute stmt;
return 't'::bool;
end if;
END;
$$ language 'plpgsql';
comment on function admin_delete_group(text) IS $$
Deletes the input group from the database. Not designed to be used to
remove a login-capable user.
$$;
CREATE OR REPLACE FUNCTION admin_list_roles(in_username text)
RETURNS SETOF text AS
$$
DECLARE out_rolename RECORD;
BEGIN
FOR out_rolename IN
SELECT rolname FROM pg_authid
WHERE oid IN (SELECT id FROM connectby(
'(SELECT m.member, m.roleid, r.oid FROM pg_authid r
LEFT JOIN pg_auth_members m ON (r.oid = m.roleid)) a',
'oid', 'member', 'oid', '320461', '0', ','
) c(id integer, parent integer, "level" integer,
path text, list_order integer)
)
LOOP
RETURN NEXT out_rolename.rolname;
END LOOP;
END;
$$ LANGUAGE PLPGSQL;
-- TODO: Add admin user
CREATE OR REPLACE FUNCTION admin_audit_log () returns int as $$
$$ language plpgsql;