From 062321ba1be4db25149d7a482bf59c6a34ba23b0 Mon Sep 17 00:00:00 2001 From: Andrew Vaccaro Date: Mon, 29 Aug 2022 12:06:45 -0400 Subject: [PATCH] grant access to payments_rides for non-agency users (#1714) * grant access to payments_rides for non-agency users * just use calitp domain and add a couple other users --- warehouse/macros/create_row_access_policy.sql | 4 ++++ warehouse/models/payments_views/payments_rides.sql | 14 ++++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/warehouse/macros/create_row_access_policy.sql b/warehouse/macros/create_row_access_policy.sql index 955e44334b..d60b3aa3c4 100644 --- a/warehouse/macros/create_row_access_policy.sql +++ b/warehouse/macros/create_row_access_policy.sql @@ -10,6 +10,10 @@ grant to ( {% endfor %} ) filter using ( + {% if not filter_column and not filter_value %} + 1 = 1 + {% else %} {{ filter_column }} = '{{ filter_value }}' + {% endif %} ) {% endmacro %} diff --git a/warehouse/models/payments_views/payments_rides.sql b/warehouse/models/payments_views/payments_rides.sql index 5fb829a692..dc676689fb 100644 --- a/warehouse/models/payments_views/payments_rides.sql +++ b/warehouse/models/payments_views/payments_rides.sql @@ -1,5 +1,6 @@ {{ config( - post_hook=[" {{ create_row_access_policy( + post_hook=[ +" {{ create_row_access_policy( filter_column = 'participant_id', filter_value = 'mst', principals = ['serviceAccount:mst-payments-user@cal-itp-data-infra.iam.gserviceaccount.com'] @@ -18,7 +19,16 @@ filter_column = 'participant_id', filter_value = 'clean-air-express', principals = ['serviceAccount:clean-air-payments-user@cal-itp-data-infra.iam.gserviceaccount.com'] -) }}" +) }}", +" {{ create_row_access_policy( + principals = ['serviceAccount:metabase@cal-itp-data-infra.iam.gserviceaccount.com', + 'group:cal-itp@jarv.us', + 'domain:calitp.org', + 'user:angela@compiler.la', + 'user:easall@gmail.com', + 'user:jeremyscottowades@gmail.com', + ] +) }}", ] ) }}