Merge pull request #39 from mdouchin/grant-write-access-to-postgresql…

…-group

Installation - Grant write access to the pgrouting schema tables to a given PostgreSQL user group

CHANGELOG.md

@@ -2,6 +2,16 @@
 
 ## Unreleased
 
+### Added
+
+* Trigger a Lizmap event `lizmapPgroutingWktGeometryExported` containing the generated WKT
+  to allow JavaScript scripts for LWC <= 3.6 to use the generated route geometry.
+
+### Changed
+
+* Installation - Grant the write access on the schema `pgrouting` and its content to the
+  given group (use installation parameter `user_group`)
+
 ## 1.0.0 - 2023-06-09
 
 ### Added

pgrouting/install/configure.php

@@ -17,16 +17,24 @@ public function getDefaultParameters()
     {
         return array(
             'srid' => 2154,
+            'postgresql_user_group' => null,
         );
     }
 
     public function configure(ConfigurationHelpers $helpers)
     {
+        // srid = projection of the target pgrouting tables
         $this->parameters['srid'] = $helpers->cli()->askInformation(
             'SRID your are using?',
             $this->parameters['srid']
         );
 
+        // user_group : to which group the write access should be granted on the schema pgrouting
+        $this->parameters['postgresql_user_group'] = $helpers->cli()->askInformation(
+            'PostgreSQL group of user to grant access on the schema pgrouting ?',
+            $this->parameters['postgresql_user_group']
+        );
+
         $helpers->copyDirectoryContent('../www/css', jApp::wwwPath('assets/pgrouting/css'));
         $helpers->copyDirectoryContent('../www/js/dist', jApp::wwwPath('assets/pgrouting/js'));
     }

pgrouting/install/install.php

@@ -42,5 +42,24 @@ public function install(Jelix\Installer\Module\API\InstallHelpers $helpers)
         }
 
         $db->exec($sql);
+
+        // Grant right to the given PostgreSQL group of users
+        $sql_file = $this->getPath() . 'install/sql/grant.pgsql.sql';
+        $template = jFile::read($sql_file);
+        $tpl = new jTpl();
+        $group = $this->getParameter('postgresql_user_group');
+        jLog::log('APPLICATION DES DROITS ' . json_encode($group));
+        $tpl->assign('userGroup', $group);
+        if (!empty($group)) {
+            $sql = $tpl->fetchFromString($template, $group);
+            // Try to grant access
+            try {
+                $db->exec($sql);
+            } catch (Exception $e) {
+                jLog::log('An error occured while grant access on the pgrouting schema to the given group: ' . $group, 'error');
+
+                throw new jException('pgrouting~db.query.grant.bad');
+            }
+        }
     }
 }

pgrouting/install/install_1_6.php

@@ -48,6 +48,24 @@ public function install()
             }
 
             $db->exec($sql);
+
+            // Grant right to the given PostgreSQL group of users
+            $sql_file = $this->path . 'install/sql/grant.pgsql.sql';
+            $template = jFile::read($sql_file);
+            $tpl = new jTpl();
+            $group = $this->getParameter('admin_group');
+            $tpl->assign('userGroup', $group);
+            if (!empty($group)) {
+                $sql = $tpl->fetchFromString($template, $group);
+                // Try to grant access
+                try {
+                    $db->exec($sql);
+                } catch (Exception $e) {
+                    jLog::log('An error occured while grant access on the pgrouting schema to the given group: ' . $group, 'error');
+
+                    throw new jException('pgrouting~db.query.grant.bad');
+                }
+            }
         }
     }
 }

pgrouting/install/sql/grant.pgsql.sql

@@ -0,0 +1,5 @@
+-- Grant
+GRANT USAGE ON SCHEMA "pgrouting" TO "{$userGroup}";
+GRANT ALL ON ALL TABLES IN SCHEMA "pgrouting" TO "{$userGroup}";
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA "pgrouting" TO "{$userGroup}";
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA "pgrouting" TO "{$userGroup}";

pgrouting/locales/en_US/db.UTF-8.properties

@@ -1 +1,2 @@
 query.ext.bad=Extension error, postgis or pgrouting is missing
+query.grant.bad=Grant access on the schema pgrouting to the given group failed

pgrouting/locales/fr_FR/db.UTF-8.properties

@@ -1 +1,2 @@
 query.ext.bad=Erreur d'extension, il manque postgis ou pgrouting
+query.grant.bad=Erreur lors de la configuration des droits d'accès sur le schéma pgrouting

tests/lizmap/etc/conf/localconfig.d/localconfig.ini.php

@@ -1,6 +1,6 @@
 [modules]
 pgrouting.access=2
-pgrouting.installparam="srid=2154"
+pgrouting.installparam="srid=2154;postgresql_user_group=gis_group"
 
 [jResponseHtml]
 plugins = debugbar

tests/lizmap/initdb.d/init.sh

@@ -1,11 +1,22 @@
 #!/bin/bash
 
+# Create user lizmap which will create and own the pgrouting database & schema
 psql --username postgres --no-password <<-EOSQL
     CREATE ROLE lizmap WITH LOGIN CREATEDB PASSWORD 'lizmap1234!';
     CREATE DATABASE lizmap WITH OWNER lizmap;
 EOSQL
 
+# Create extensions postgis & pgrouting
 psql --username postgres --no-password -d lizmap <<-EOSQL
     CREATE EXTENSION IF NOT EXISTS postgis SCHEMA public;
     CREATE EXTENSION IF NOT EXISTS pgrouting SCHEMA public;
 EOSQL
+
+# Create another test user and group which must be able to read & write
+# data inside the pgrouting schema
+psql --username postgres --no-password <<-EOSQL
+    CREATE ROLE "gis_user"  WITH LOGIN CREATEDB PASSWORD 'lizmap1234!';
+    CREATE ROLE "gis_group";
+    GRANT "gis_group" TO "gis_user";
+    GRANT CONNECT ON DATABASE "lizmap" TO "gis_user";
+EOSQL