Commit4ee53e2

committed

prevent creation and modification of system users

1 parent3bbe40e commit4ee53e2Copy full SHA for 4ee53e2

File tree

+47

-0

lines changed

+47

-0

lines changed

Lines changed: 15 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,11 @@ DROP VIEW IF EXISTS workspace_prebuild_builds;`
`3`	`3`	`DROPVIEW IF EXISTS workspace_prebuilds;`
`4`	`4`	`DROPVIEW IF EXISTS workspace_latest_build;`
`5`	`5`
	`6`	`+-- Undo the restriction on deleting system users`
	`7`	`+DROPTRIGGER IF EXISTS prevent_system_user_updatesON users;`
	`8`	`+DROPTRIGGER IF EXISTS prevent_system_user_deletionsON users;`
	`9`	`+DROPFUNCTION IF EXISTS prevent_system_user_changes();`
	`10`	`+`
`6`	`11`	`-- Revert user operations`
`7`	`12`	`-- c42fdf75-3097-471c-8c33-fb52454d81c0 is the identifier for the system user responsible for prebuilds.`
`8`	`13`	`DELETEFROM user_status_changesWHERE user_id='c42fdf75-3097-471c-8c33-fb52454d81c0';`

Lines changed: 26 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,32 @@ INSERT INTO users (id, email, username, name, created_at, updated_at, status, rb`
`3`	`3`	`VALUES ('c42fdf75-3097-471c-8c33-fb52454d81c0','prebuilds@system','prebuilds','Prebuilds Owner', now(), now(),`
`4`	`4`	`'active','{}','none', true);`
`5`	`5`
	`6`	`+-- Create function to check system user modifications`
	`7`	`+CREATE OR REPLACEFUNCTIONprevent_system_user_changes()`
	`8`	`+RETURNS TRIGGERAS`
	`9`	`+$$`
	`10`	`+BEGIN`
	`11`	`+IFOLD.is_system= true THEN`
	`12`	`+RAISE EXCEPTION'Cannot modify or delete system users';`
	`13`	`+END IF;`
	`14`	`+RETURN OLD;`
	`15`	`+END;`
	`16`	`+$$ LANGUAGE plpgsql;`
	`17`	`+`
	`18`	`+-- Create trigger to prevent updates to system users`
	`19`	`+CREATETRIGGERprevent_system_user_updates`
	`20`	`+BEFOREUPDATEON users`
	`21`	`+FOR EACH ROW`
	`22`	`+WHEN (OLD.is_system= true)`
	`23`	`+EXECUTE FUNCTION prevent_system_user_changes();`
	`24`	`+`
	`25`	`+-- Create trigger to prevent deletion of system users`
	`26`	`+CREATETRIGGERprevent_system_user_deletions`
	`27`	`+BEFOREDELETEON users`
	`28`	`+FOR EACH ROW`
	`29`	`+WHEN (OLD.is_system= true)`
	`30`	`+EXECUTE FUNCTION prevent_system_user_changes();`
	`31`	`+`
`6`	`32`	`-- TODO: do we want to use the default org here? how do we handle multi-org?`
`7`	`33`	`WITH default_orgAS (SELECT id`
`8`	`34`	`FROM organizations`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -823,6 +823,7 @@ func TestGroup(t *testing.T) {`
`823`	`823`
`824`	`824`	`t.Run("everyoneGroupReturnsEmpty",func(t*testing.T) {`
`825`	`825`	`// TODO (sasswart): this test seems to have drifted from its original intention. evaluate and remove/fix`
	`826`	`+// "everyone group returns empty", but it returns 5 members?`
`826`	`827`	`t.Parallel()`
`827`	`828`
`828`	`829`	`// TODO: we should not be returning the prebuilds user in Group, and this is not returned in dbmem.`

Comments

(0)