From a18abec1f15813fc039bba68820d18fa92e71d62 Mon Sep 17 00:00:00 2001
From: xbgmsharp <xbgmsharp@gmail.com>
Date: Thu, 9 Feb 2023 16:47:02 +0100
Subject: [PATCH] Update views owner permission using security_invoker and
 security_barrier

---
 initdb/02_6_signalk_roles.sql | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/initdb/02_6_signalk_roles.sql b/initdb/02_6_signalk_roles.sql
index d1ed00b..50c47c3 100644
--- a/initdb/02_6_signalk_roles.sql
+++ b/initdb/02_6_signalk_roles.sql
@@ -91,24 +91,30 @@ GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA api TO user_role;
 -- TODO should not be need !! ??
 GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO user_role;
 
+-- pg15 feature security_invoker=true,security_barrier=true
+GRANT SELECT ON TABLE api.logs_view TO user_role;
+GRANT SELECT ON TABLE api.log_view TO user_role;
+GRANT SELECT ON TABLE api.stays_view TO user_role;
+GRANT SELECT ON TABLE api.stay_view TO user_role;
+GRANT SELECT ON TABLE api.monitoring_view TO user_role;
 -- Update ownership for security user_role as run by web user.
 -- Web listing
-ALTER VIEW api.stays_view OWNER TO user_role;
+--ALTER VIEW api.stays_view OWNER TO user_role;
 ALTER VIEW api.moorages_view OWNER TO user_role;
-ALTER VIEW api.logs_view OWNER TO user_role;
-ALTER VIEW api.vessel_p_view OWNER TO user_role;
-ALTER VIEW api.monitoring_view OWNER TO user_role;
+--ALTER VIEW api.logs_view OWNER TO user_role;
+--ALTER VIEW api.vessel_p_view OWNER TO user_role;
+--ALTER VIEW api.monitoring_view OWNER TO user_role;
 -- Remove all permissions except select
-REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.stays_view FROM user_role;
+--REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.stays_view FROM user_role;
 REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.moorages_view FROM user_role;
-REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.logs_view FROM user_role;
-REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.monitoring_view FROM user_role;
+--REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.logs_view FROM user_role;
+--REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.monitoring_view FROM user_role;
 
 -- Allow read and update on VIEWS
 -- Web detail view
-ALTER VIEW api.log_view OWNER TO user_role;
+--ALTER VIEW api.log_view OWNER TO user_role;
 -- Remove all permissions except select and update
-REVOKE TRUNCATE, DELETE, TRIGGER, INSERT ON TABLE api.log_view FROM user_role;
+--REVOKE TRUNCATE, DELETE, TRIGGER, INSERT ON TABLE api.log_view FROM user_role;
 
 ALTER VIEW api.vessels_view OWNER TO user_role;
 -- Remove all permissions except select and update