mirror of
https://github.com/pgadmin-org/pgadmin4.git
synced 2025-02-25 18:55:31 -06:00
Added BYPASSRLS|NOBYPASSRLS option while creating a Role. #6392
This commit is contained in:
Akshay Joshi
@@ -631,7 +631,6 @@ rolmembership:{
|
||||
|
||||
self.role = row['rolname']
|
||||
self.rolCanLogin = row['rolcanlogin']
|
||||
self.rolCatUpdate = row['rolcatupdate']
|
||||
self.rolSuper = row['rolsuper']
|
||||
|
||||
return False, ''
|
||||
@@ -677,7 +676,8 @@ rolmembership:{
|
||||
self.alterKeys = [
|
||||
'rolcanlogin', 'rolsuper', 'rolcreatedb',
|
||||
'rolcreaterole', 'rolinherit', 'rolreplication',
|
||||
'rolconnlimit', 'rolvaliduntil', 'rolpassword'
|
||||
'rolconnlimit', 'rolvaliduntil', 'rolpassword',
|
||||
'rolbypassrls'
|
||||
] if self.manager.version >= 90200 else [
|
||||
'rolcanlogin', 'rolsuper', 'rolcreatedb',
|
||||
'rolcreaterole', 'rolinherit', 'rolconnlimit',
|
||||
@@ -977,7 +977,6 @@ rolmembership:{
|
||||
conn=self.conn,
|
||||
role=self.role,
|
||||
rolCanLogin=self.rolCanLogin,
|
||||
rolCatUpdate=self.rolCatUpdate,
|
||||
rolSuper=self.rolSuper,
|
||||
alterKeys=self.alterKeys
|
||||
)
|
||||
@@ -1034,7 +1033,6 @@ rolmembership:{
|
||||
conn=self.conn,
|
||||
role=self.role,
|
||||
rolCanLogin=self.rolCanLogin,
|
||||
rolCatUpdate=self.rolCatUpdate,
|
||||
rolSuper=self.rolSuper,
|
||||
alterKeys=self.alterKeys
|
||||
).strip('\n')
|
||||
|
||||
@@ -25,7 +25,7 @@ define('pgadmin.node.role', [
|
||||
type: 'coll-role',
|
||||
columns: [
|
||||
'rolname', 'rolvaliduntil', 'rolconnlimit', 'rolcanlogin',
|
||||
'rolsuper', 'rolcreaterole', 'rolcreatedb', 'rolcatupdate',
|
||||
'rolsuper', 'rolcreaterole', 'rolcreatedb',
|
||||
'rolinherit', 'rolreplication',
|
||||
],
|
||||
canDrop: true,
|
||||
|
||||
@@ -24,13 +24,13 @@ export default class RoleSchema extends BaseUISchema {
|
||||
rolcreaterole: false,
|
||||
rolcreatedb: false,
|
||||
rolinherit: true,
|
||||
rolcatupdate: false,
|
||||
rolreplication: false,
|
||||
rolmembership: [],
|
||||
rolmembers: [],
|
||||
rolvaliduntil: null,
|
||||
seclabels: [],
|
||||
variables: [],
|
||||
rolbypassrls: false,
|
||||
});
|
||||
this.getVariableSchema = getVariableSchema;
|
||||
this.getMembershipSchema = getMembershipSchema;
|
||||
@@ -124,7 +124,7 @@ export default class RoleSchema extends BaseUISchema {
|
||||
type: 'switch',
|
||||
group: gettext('Privileges'),
|
||||
depChange: (state) => {
|
||||
state.rolcatupdate = state.rolcreaterole = state.rolcreatedb = state.rolsuper;
|
||||
state.rolcreaterole = state.rolcreatedb = state.rolbypassrls = state.rolsuper;
|
||||
},
|
||||
disabled: obj.readOnly,
|
||||
},
|
||||
@@ -140,18 +140,6 @@ export default class RoleSchema extends BaseUISchema {
|
||||
type: 'switch',
|
||||
disabled: obj.readOnly,
|
||||
},
|
||||
{
|
||||
id: 'rolcatupdate', label: gettext('Update catalog?'),
|
||||
max_version: 90400,
|
||||
group: gettext('Privileges'),
|
||||
type: 'switch',
|
||||
disabled: (state) => {
|
||||
return !state.rolsuper;
|
||||
},
|
||||
readonly: () => {
|
||||
return !(obj.user.is_superuser || obj.user.can_create_role);
|
||||
}
|
||||
},
|
||||
{
|
||||
id: 'rolinherit', group: gettext('Privileges'),
|
||||
label: gettext('Inherit rights from the parent roles?'),
|
||||
@@ -165,6 +153,12 @@ export default class RoleSchema extends BaseUISchema {
|
||||
min_version: 90100,
|
||||
disabled: obj.readOnly,
|
||||
},
|
||||
{
|
||||
id: 'rolbypassrls', group: gettext('Privileges'),
|
||||
label: gettext('Bypass RLS?'),
|
||||
type: 'switch',
|
||||
disabled: obj.readOnly,
|
||||
},
|
||||
{
|
||||
id: 'rolmembership', label: gettext('Member of'), group: gettext('Membership'),
|
||||
disabled: obj.readOnly,
|
||||
|
||||
@@ -24,7 +24,11 @@ CREATE ROLE {{ conn|qtIdent(data.rolname) }} WITH{% if data.rolcanlogin and data
|
||||
|
||||
REPLICATION{% else %}
|
||||
|
||||
NOREPLICATION{% endif %}{% if 'rolconnlimit' in data and data.rolconnlimit is number and data.rolconnlimit >= -1 %}
|
||||
NOREPLICATION{% endif %}{% if data.rolbypassrls %}
|
||||
|
||||
BYPASSRLS{% else %}
|
||||
|
||||
NOBYPASSRLS{% endif %}{% if 'rolconnlimit' in data and data.rolconnlimit is number and data.rolconnlimit >= -1 %}
|
||||
|
||||
CONNECTION LIMIT {{ data.rolconnlimit }}{% endif %}{% if data.rolvaliduntil and data.rolvaliduntil is not none %}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
SELECT
|
||||
rolname, rolcanlogin, rolsuper AS rolcatupdate, rolsuper
|
||||
rolname, rolcanlogin, rolsuper
|
||||
FROM
|
||||
pg_catalog.pg_roles
|
||||
WHERE oid = {{ rid }}::OID
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
SELECT
|
||||
r.oid, r.*, r.rolsuper as rolcatupdate,
|
||||
r.oid, r.*,
|
||||
pg_catalog.shobj_description(r.oid, 'pg_authid') AS description,
|
||||
ARRAY(
|
||||
SELECT
|
||||
|
||||
@@ -13,7 +13,8 @@ FROM
|
||||
CASE WHEN rolcreatedb THEN 'CREATEDB' ELSE 'NOCREATEDB' END || E'\n ' ||
|
||||
CASE WHEN rolcreaterole THEN 'CREATEROLE' ELSE 'NOCREATEROLE' END || E'\n ' ||
|
||||
-- PostgreSQL >= 9.1
|
||||
CASE WHEN rolreplication THEN 'REPLICATION' ELSE 'NOREPLICATION' END ||
|
||||
CASE WHEN rolreplication THEN 'REPLICATION' ELSE 'NOREPLICATION' END || E'\n ' ||
|
||||
CASE WHEN rolbypassrls THEN 'BYPASSRLS' ELSE 'NOBYPASSRLS' END ||
|
||||
CASE WHEN rolconnlimit > 0 THEN E'\n CONNECTION LIMIT ' || rolconnlimit ELSE '' END ||
|
||||
{% if show_password %}
|
||||
(SELECT CASE
|
||||
|
||||
@@ -33,7 +33,11 @@ ALTER ROLE {{ conn|qtIdent(rolname) }}{% if 'rolcanlogin' in data %}
|
||||
|
||||
{% if data.rolreplication %}
|
||||
REPLICATION{% else %}
|
||||
NOREPLICATION{% endif %}{% endif %}{% if 'rolconnlimit' in data and data.rolconnlimit is number and data.rolconnlimit >= -1 %}
|
||||
NOREPLICATION{% endif %}{% endif %}{% if 'rolbypassrls' in data %}
|
||||
|
||||
{% if data.rolbypassrls %}
|
||||
BYPASSRLS{% else %}
|
||||
NOBYPASSRLS{% endif %}{% endif %}{% if 'rolconnlimit' in data and data.rolconnlimit is number and data.rolconnlimit >= -1 %}
|
||||
|
||||
CONNECTION LIMIT {{ data.rolconnlimit }}
|
||||
{% endif %}{% if 'rolvaliduntil' in data %}
|
||||
|
||||
@@ -7,6 +7,7 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
||||
INHERIT
|
||||
CREATEDB
|
||||
CREATEROLE
|
||||
REPLICATION;
|
||||
REPLICATION
|
||||
BYPASSRLS;
|
||||
|
||||
COMMENT ON ROLE "Role1_$%{}[]()&*^!@""'`\/#" IS 'This is detailed description';
|
||||
|
||||
@@ -7,6 +7,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
||||
INHERIT
|
||||
CREATEDB
|
||||
CREATEROLE
|
||||
REPLICATION;
|
||||
REPLICATION
|
||||
BYPASSRLS;
|
||||
|
||||
COMMENT ON ROLE "Role2_$%{}[]()&*^!@""'`\/#" IS 'This is detailed description';
|
||||
|
||||
@@ -2,10 +2,11 @@ ALTER ROLE "Role2_$%{}[]()&*^!@""'`\/#"
|
||||
NOSUPERUSER
|
||||
NOCREATEDB
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
|
||||
VALID UNTIL '2050-01-01T00:00:00+05:30'
|
||||
PASSWORD 'xxxxxx';
|
||||
|
||||
ALTER ROLE "Role2_$%{}[]()&*^!@""'`\/#" IN DATABASE postgres
|
||||
SET application_name TO 'pg4';
|
||||
SET application_name TO 'pg4';
|
||||
|
||||
@@ -8,6 +8,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
||||
NOCREATEDB
|
||||
CREATEROLE
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
ENCRYPTED PASSWORD '<PASSWORD>'
|
||||
VALID UNTIL '<TIMESTAMPTZ_1>';
|
||||
|
||||
@@ -7,6 +7,7 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
||||
INHERIT
|
||||
NOCREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION;
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS;
|
||||
|
||||
COMMENT ON ROLE "Role1_$%{}[]()&*^!@""'`\/#" IS 'This is detailed description';
|
||||
|
||||
@@ -7,6 +7,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
||||
INHERIT
|
||||
NOCREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION;
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS;
|
||||
|
||||
COMMENT ON ROLE "Role2_$%{}[]()&*^!@""'`\/#" IS 'This is detailed description';
|
||||
|
||||
@@ -8,6 +8,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
||||
CREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
ENCRYPTED PASSWORD '<PASSWORD>'
|
||||
VALID UNTIL '<TIMESTAMPTZ_1>';
|
||||
|
||||
@@ -8,6 +8,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
||||
CREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
ENCRYPTED PASSWORD '<PASSWORD>'
|
||||
VALID UNTIL '2050-01-01 00:00:00+05:30';
|
||||
|
||||
@@ -8,6 +8,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
||||
CREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
ENCRYPTED PASSWORD '<PASSWORD>'
|
||||
VALID UNTIL '2050-01-01 00:00:00+05:30';
|
||||
|
||||
@@ -8,6 +8,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
||||
CREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
ENCRYPTED PASSWORD '<PASSWORD>'
|
||||
VALID UNTIL '2050-01-01 00:00:00+05:30';
|
||||
|
||||
@@ -5,5 +5,6 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
||||
CREATEROLE
|
||||
INHERIT
|
||||
REPLICATION
|
||||
BYPASSRLS
|
||||
CONNECTION LIMIT -1
|
||||
PASSWORD 'xxxxxx';
|
||||
PASSWORD 'xxxxxx';
|
||||
|
||||
@@ -7,4 +7,5 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
||||
INHERIT
|
||||
CREATEDB
|
||||
CREATEROLE
|
||||
REPLICATION;
|
||||
REPLICATION
|
||||
BYPASSRLS;
|
||||
|
||||
@@ -5,5 +5,6 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
||||
NOCREATEROLE
|
||||
INHERIT
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT -1
|
||||
PASSWORD 'xxxxxx';
|
||||
PASSWORD 'xxxxxx';
|
||||
|
||||
@@ -7,4 +7,5 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
||||
INHERIT
|
||||
NOCREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION;
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS;
|
||||
|
||||
@@ -14,7 +14,6 @@
|
||||
"rolcreaterole": false,
|
||||
"rolcreatedb": false,
|
||||
"rolinherit": true,
|
||||
"rolcatupdate": false,
|
||||
"rolreplication": false,
|
||||
"rolmembership": [],
|
||||
"seclabels": [],
|
||||
@@ -36,7 +35,6 @@
|
||||
"rolcreaterole": false,
|
||||
"rolcreatedb": false,
|
||||
"rolinherit": true,
|
||||
"rolcatupdate": false,
|
||||
"rolreplication": false,
|
||||
"rolmembership": [],
|
||||
"seclabels": [],
|
||||
@@ -59,7 +57,6 @@
|
||||
"rolcreaterole": false,
|
||||
"rolcreatedb": false,
|
||||
"rolinherit": true,
|
||||
"rolcatupdate": false,
|
||||
"rolreplication": false,
|
||||
"rolmembership": [],
|
||||
"seclabels": [],
|
||||
@@ -189,8 +186,8 @@
|
||||
"rolcreaterole": true,
|
||||
"rolcreatedb": true,
|
||||
"rolinherit": true,
|
||||
"rolcatupdate": true,
|
||||
"rolreplication": true,
|
||||
"rolbypassrls": true,
|
||||
"rolmembership": [],
|
||||
"seclabels": [],
|
||||
"variables": []
|
||||
@@ -232,6 +229,7 @@
|
||||
"rolsuper": false,
|
||||
"rolcreatedb": false,
|
||||
"rolreplication": false,
|
||||
"rolbypassrls": false,
|
||||
"rolpassword": "abc123",
|
||||
"rolconnlimit": 100,
|
||||
"rolvaliduntil": "2050-01-01 00:00:00 +05:30",
|
||||
|
||||
@@ -78,6 +78,7 @@ def get_role_data(lr_pwd):
|
||||
"rolconnlimit": -1,
|
||||
"rolcreaterole": "true",
|
||||
"rolinherit": "true",
|
||||
"rolbypassrls": "true",
|
||||
"rolmembership": [],
|
||||
"rolname": "test_role_%s" % str(uuid.uuid4())[1:8],
|
||||
"rolpassword": lr_pwd,
|
||||
|
||||
@@ -808,7 +808,7 @@ define('pgadmin.browser.node', [
|
||||
id: panelId,
|
||||
title: panelTitle,
|
||||
manualClose: true,
|
||||
icon: `dialog-node-icon ${evalFunc(this, this.node_image, dialogProps.itemNodeData) ?? ('icon-' + this.type)}`,
|
||||
icon: `dialog-node-icon ${evalFunc(this, this.node_image, dialogProps.nodeData) ?? ('icon-' + this.type)}`,
|
||||
content: (
|
||||
<ErrorBoundary>
|
||||
<ObjectNodeProperties
|
||||
|
||||
Reference in New Issue
Block a user