Merge pull request #105 from fly-apps/user-perm-fix

Grant normal users access to the public schema
fly-apps · Feb 15, 2023 · 4cac855 · 4cac855
2 parents 03eeb7f + 93862b9
commit 4cac855
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 6 deletions.
diff --git a/internal/api/handle_databases.go b/internal/api/handle_databases.go
@@ -65,22 +65,31 @@ func handleCreateDatabase(w http.ResponseWriter, r *http.Request) {
 	}
 	defer close()
 
-	input := createDatabaseRequest{}
-	err = json.NewDecoder(r.Body).Decode(&input)
-	if err != nil {
+	var input createDatabaseRequest
+	if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
 		renderErr(w, err)
 		return
 	}
 	defer r.Body.Close()
 
-	err = admin.CreateDatabase(ctx, conn, input.Name)
+	if err := admin.CreateDatabase(ctx, conn, input.Name); err != nil {
+		renderErr(w, err)
+		return
+	}
+
+	dbConn, close, err := localConnection(ctx, input.Name)
 	if err != nil {
 		renderErr(w, err)
 		return
 	}
+	defer close()
 
-	res := &Response{Result: true}
+	if err := admin.GrantCreateOnPublic(ctx, dbConn); err != nil {
+		renderErr(w, err)
+		return
+	}
 
+	res := &Response{Result: true}
 	renderJSON(w, res, http.StatusOK)
 }
 

diff --git a/internal/flypg/admin/admin.go b/internal/flypg/admin/admin.go
@@ -11,7 +11,6 @@ import (
 
 func GrantAccess(ctx context.Context, pg *pgx.Conn, username string) error {
 	sql := fmt.Sprintf("GRANT pg_read_all_data, pg_write_all_data TO %q", username)
-
 	_, err := pg.Exec(ctx, sql)
 	return err
 }
@@ -66,6 +65,14 @@ func CreateDatabase(ctx context.Context, pg *pgx.Conn, name string) error {
 	return err
 }
 
+// GrantCreateOnPublic re-enables the public schema for normal users.
+// We should look into creating better isolation in the future.
+func GrantCreateOnPublic(ctx context.Context, pg *pgx.Conn) error {
+	sql := "GRANT CREATE on SCHEMA PUBLIC to PUBLIC;"
+	_, err := pg.Exec(ctx, sql)
+	return err
+}
+
 func DeleteDatabase(ctx context.Context, pg *pgx.Conn, name string) error {
 	sql := fmt.Sprintf("DROP DATABASE %s;", name)