On Sat, Jun 14, 2003 at 02:37:01AM +0200, adeon wrote:
<snip>
> There is a table in the database, that has a user_id column.
> Every user is able to insert, update or delete a record from this table,
> but users are only allowed to execute those operations only on their own
> records (that ones that have right user_id). How should be user_id checking
> performed - in trigger or should I create a functions for every operation
> (insert, delete and update)??
perhaps you run better w/ an rule, which drops unauthorized access ?
CREATE RULE foo_update ON foo AS ON UPDATE TO foo
WHERE old.user_id <>
(SELECT usesysid FROM pg_user WHERE usename = current_user)
DO INSTEAD NOTHING;
CREATE RULE foo_delete ON foo AS ON DELETE TO foo
WHERE old.user_id <>
(SELECT usesysid FROM pg_user WHERE usename = current_user)
DO INSTEAD NOTHING;
i didnt test it, but something like this should work.
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux ITS
Webhosting ab 5 EUR/Monat. UUCP, rawIP und vieles mehr.
phone: +49 36207 519931 www: http://www.metux.de/
fax: +49 36207 519932 email: contact@metux.de
cellphone: +49 174 7066481 smsgate: sms.weigelt@metux.de
---------------------------------------------------------------------
Diese Mail wurde mit UUCP versandt. http://www.metux.de/uucp/
