Mercurial > libervia-pubsub
annotate db/sat_pubsub_update_0_2.sql @ 330:82d1259b3e36
backend, pgsql storage: better items/notification handling, various fixes:
- replaced const.VAL_AMODEL_ROSTER by const.VAL_AMODEL_PUBLISHER_ROSTER to follow change in pgsql schema
- implemented whitelist access model
- fixed bad access check during items retrieval (access was checked on recipient instead of requestor/sender)
- getItemsData and notification filtering now use inline callbacks: this make these complexe workflows far mor easy to read, and clarity is imperative in these security critical sections.
- publisher-roster access model now need to have only one owner, else it will fail. The idea is to use this model only when owner=publisher, else there is ambiguity on the roster to use to check access
- replaced getNodeOwner by node.getOwners, as a node can have several owners
- notifications filtering has been fixed in a similar way
- psql: simplified withPEP method, pep_table argument is actually not needed
- removed error.NotInRoster: error.Forbidden is used instead
- notifications now notify all the owners, not only the first one
author | Goffi <goffi@goffi.org> |
---|---|
date | Sun, 26 Mar 2017 20:52:32 +0200 |
parents | 98409ef42c94 |
children |
rev | line source |
---|---|
329 | 1 /* roster access model was badly used, we rename it to publisher-roster */ |
2 | |
3 ALTER TABLE nodes DROP CONSTRAINT nodes_access_model_check; | |
4 UPDATE nodes SET access_model = 'publisher-roster' WHERE access_model = 'roster'; | |
5 ALTER TABLE nodes ADD CHECK (access_model IN ('open', 'publisher-roster', 'whitelist', 'publish-only', 'self-publisher')); | |
6 | |
7 ALTER TABLE items DROP CONSTRAINT items_access_model_check; | |
8 UPDATE items SET access_model = 'publisher-roster' WHERE access_model = 'roster'; | |
9 ALTER TABLE items ADD CHECK (access_model IN ('open', 'publisher-roster', 'whitelist')); | |
10 | |
11 ALTER TABLE affiliations DROP CONSTRAINT affiliations_affiliation_check; | |
12 ALTER TABLE affiliations ADD CHECK (affiliation IN ('outcast', 'member', 'publisher', 'owner')); | |
13 | |
14 CREATE TABLE item_jids_authorized ( | |
15 item_jids_authorized_id serial PRIMARY KEY, | |
16 item_id integer NOT NULL references items ON DELETE CASCADE, | |
17 jid text NOT NULL, | |
18 UNIQUE (item_id,jid) | |
19 ); | |
20 | |
21 CREATE TABLE item_languages ( | |
22 item_languages_id serial PRIMARY KEY, | |
23 item_id integer NOT NULL references items ON DELETE CASCADE, | |
24 language text NOT NULL, | |
25 UNIQUE (item_id,language) | |
26 ); | |
27 | |
28 UPDATE metadata SET value='2' WHERE key='version'; |