[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SF.net SVN: ledger-smb:[3686] trunk/sql

Subject: SF.net SVN: ledger-smb:[3686] trunk/sql
From: ..hidden..
Date: Fri, 26 Aug 2011 22:00:00 +0000

Revision: 3686
          http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=3686&view=rev
Author:   einhverfr
Date:     2011-08-26 21:59:59 +0000 (Fri, 26 Aug 2011)
Log Message:
-----------
batch_post now security definer function

Modified Paths:
--------------
    trunk/sql/modules/Roles.sql
    trunk/sql/modules/Voucher.sql

Added Paths:
-----------
    trunk/sql/upgrade/3686-batch_post.sql

Modified: trunk/sql/modules/Roles.sql
===================================================================
--- trunk/sql/modules/Roles.sql	2011-08-25 23:13:59 UTC (rev 3685)
+++ trunk/sql/modules/Roles.sql	2011-08-26 21:59:59 UTC (rev 3686)
@@ -197,11 +197,7 @@
 CREATE ROLE "lsmb_<?lsmb dbname ?>__batch_post"
 WITH INHERIT NOLOGIN;
 
-GRANT UPDATE ON ar TO "lsmb_<?lsmb dbname ?>__batch_post";
-GRANT UPDATE ON ap TO "lsmb_<?lsmb dbname ?>__batch_post";
-GRANT UPDATE ON acc_trans TO "lsmb_<?lsmb dbname ?>__batch_post";
-GRANT UPDATE ON batch TO "lsmb_<?lsmb dbname ?>__batch_post";
-GRANT UPDATE ON gl TO "lsmb_<?lsmb dbname ?>__batch_post";
+GRANT EXECUTE ON FUNCTION batch_post(int) TO "lsmb_<?lsmb dbname ?>__batch_post";
 
 INSERT INTO menu_acl (node_id, acl_type, role_name) 
 values (206, 'allow', 'lsmb_<?lsmb dbname ?>__contact_create');

Modified: trunk/sql/modules/Voucher.sql
===================================================================
--- trunk/sql/modules/Voucher.sql	2011-08-25 23:13:59 UTC (rev 3685)
+++ trunk/sql/modules/Voucher.sql	2011-08-26 21:59:59 UTC (rev 3686)
@@ -352,8 +352,10 @@
 
 	RETURN now()::date;
 END;
-$$ LANGUAGE PLPGSQL;
+$$ LANGUAGE PLPGSQL SECURITY DEFINER;
 
+REVOKE EXECUTE ON FUNCTION batch_post(in_batch_id INTEGER) FROM public;
+
 COMMENT ON FUNCTION batch_post(in_batch_id INTEGER) is
 $$ Posts the specified batch to the books.  Only posted batches should show up
 on standard financial reports.$$;

Added: trunk/sql/upgrade/3686-batch_post.sql
===================================================================
--- trunk/sql/upgrade/3686-batch_post.sql	                        (rev 0)
+++ trunk/sql/upgrade/3686-batch_post.sql	2011-08-26 21:59:59 UTC (rev 3686)
@@ -0,0 +1,3 @@
+ALTER FUNCTION batch_post(int) SECURITY DEFINER;
+REVOKE EXECUTE ON FUNCTION batch_post(int) FROM public;
+\echo you will need to GRANT execute on function batch_post to lsmb_[dbname]__batch_post

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Prev by Date: SF.net SVN: ledger-smb:[3685] trunk/scripts/setup.pl
Next by Date: SF.net SVN: ledger-smb:[3687] tags/1.2.24/
Previous by thread: SF.net SVN: ledger-smb:[3685] trunk/scripts/setup.pl
Next by thread: SF.net SVN: ledger-smb:[3687] tags/1.2.24/
Index(es):
- Date
- Thread