/var/lib/gnumed/server/sql/gmAudit-dynamic.sql is in gnumed-server 16.17-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 | -- GNUmed auditing functionality
-- ===================================================================
-- license: GPL v2 or later
-- author: Karsten Hilbert
-- ===================================================================
-- force terminate + exit(3) on errors if non-interactive
\set ON_ERROR_STOP 1
-- ===================================================================
-- schema
grant usage on schema audit to group "gm-doctors";
-- ===================================================================
comment on table audit.audited_tables is
'All tables that need standard auditing must be
recorded in this table. Audit triggers will be
generated automatically for all tables recorded
here.';
comment on table audit.audit_fields is
'this table holds all the fields needed for auditing';
comment on column audit.audit_fields.row_version is
'the version of the row; mainly just a count';
comment on COLUMN audit.audit_fields.modified_when is
'when has this row been committed (created/modified)';
comment on COLUMN audit.audit_fields.modified_by is
'by whom has this row been committed (created/modified)';
comment on table audit.audit_trail is
'Each table that needs standard auditing must have a log table inheriting
from this table. Log tables have the same name with a prepended "log_".
However, log_* tables shall not have constraints.';
comment on column audit.audit_trail.orig_version is
'the version of this row in the original table previous to the modification';
comment on column audit.audit_trail.orig_when is
'previous modification date in the original table';
comment on column audit.audit_trail.orig_by is
'who committed the row to the original table';
comment on column audit.audit_trail.orig_tableoid is
'the table oid of the original table, use this to identify the source table';
comment on column audit.audit_trail.audit_action is
'either "update" or "delete"';
comment on column audit.audit_trail.audit_when is
'when committed to this table for auditing';
comment on column audit.audit_trail.audit_by is
'committed to this table for auditing by whom';
-- ===================================================================
create or replace function audit.add_table_for_audit(name, name)
returns unknown
language 'plpgsql'
security definer
as '
DECLARE
_relnamespace alias for $1;
_relname ALIAS FOR $2;
dummy RECORD;
tmp text;
BEGIN
-- does table exist ?
select relname into dummy from pg_class where
relname = _relname and
relnamespace = (select oid from pg_namespace where nspname = _relnamespace)
;
if not found then
tmp := _relnamespace || ''.'' || _relname;
raise exception ''audit.add_table_for_audit: Table [%] does not exist.'', tmp;
return false;
end if;
-- already queued for auditing ?
select 1 into dummy from audit.audited_tables where table_name = _relname and schema = _relnamespace;
if found then
return true;
end if;
-- add definition
insert into audit.audited_tables (
schema, table_name
) values (
_relnamespace, _relname
);
return true;
END;';
comment on function audit.add_table_for_audit (name, name) is
'sanity-checking convenience function for marking tables for auditing';
create or replace function audit.add_table_for_audit(name)
returns unknown
language SQL
security definer
as '
select audit.add_table_for_audit(''public'', $1);';
comment on function audit.add_table_for_audit(name) is
'sanity-checking convenience function for marking tables
for auditing, schema is always "public"';
-- ---------------------------------------------
-- protect from direct inserts/updates/deletes which the
-- inheritance system can't handle properly
\unset ON_ERROR_STOP
drop rule audit_fields_no_ins on audit.audit_fields cascade;
drop rule audit_fields_no_upd on audit.audit_fields cascade;
drop rule audit_fields_no_del on audit.audit_fields cascade;
\set ON_ERROR_STOP 1
-- FIXME: those should actually use PL/pgSQL and raise
-- an exception...
create rule audit_fields_no_ins as
on insert to audit.audit_fields
do instead nothing;
create rule audit_fields_no_upd as
on update to audit.audit_fields
do instead nothing;
create rule audit_fields_no_del as
on delete to audit.audit_fields
do instead nothing;
-- ---------------------------------------------
-- protect from direct inserts/updates/deletes which the
-- inheritance system can't handle properly
\unset ON_ERROR_STOP
drop rule audit_trail_no_ins on audit.audit_trail cascade;
drop rule audit_trail_no_upd on audit.audit_trail cascade;
drop rule audit_trail_no_del on audit.audit_trail cascade;
\set ON_ERROR_STOP 1
-- FIXME: those should actually use PL/pgSQL and raise
-- an exception...
create rule audit_trail_no_ins as
on insert to audit.audit_trail
do instead nothing;
create rule audit_trail_no_upd as
on update to audit.audit_trail
do instead nothing;
create rule audit_trail_no_del as
on delete to audit.audit_trail
do instead nothing;
-- ===================================================================
grant SELECT on
audit.audit_trail
, audit.audit_trail_pk_audit_seq
to group "gm-doctors";
grant SELECT, insert, update, delete on
audit.audit_fields
, audit.audit_fields_pk_audit_seq
to group "gm-doctors";
-- ===================================================================
-- do simple schema revision tracking
-- keep the "true" !
delete from gm_schema_revision where filename = '$RCSfile: gmAudit-dynamic.sql,v $';
insert into gm_schema_revision (filename, version) values ('$RCSfile: gmAudit-dynamic.sql,v $', '$Revision: 1.8 $');
-- ===================================================================
|