-- updated

CREATE OR REPLACE FUNCTION import_csv_file_to_temp_table(table_name text, file_name text, csvdelimiter text, geoserver_data_dir text)
        RETURNS VOID
        LANGUAGE plpgsql
        -- The magic ingredient: Anyone who can execute this can do so with superuser privileges,
        --	as long as the function was created while logged in as a superuser.
        SECURITY DEFINER
        AS $BODY$
		DECLARE
			-- These must be as restrictive as possible, for security reasons

			-- Hard-coded directory in which all CSV files to import will be placed
			-- file_path text := '/home/www/geoserver/data/data/000tmp/';
			-- file_path text := 'C:\Users\admin\Documents\Projekte\geosky\geoserver\data\data\000tmp\';
			file_path text := geoserver_data_dir || '/data/000tmp/';

			-- File names must contain only alphanumerics, dashes and underscores,
			--	and all must end in the extension .csv
			file_name_regex text := E'^[a-zA-Z0-9_-]+\\.csv$';

			-- Only allow imports to tables whose names begin 'temp_csv_',
			--	indicating that they are Temporary Tables created for the purpose
			table_name_regex text := '^temp_import_[a-z0-9_]+$';
		BEGIN
			-- Sanity check input
			IF
				table_name !~ table_name_regex
			THEN
				RAISE EXCEPTION 'Invalid temp table name (% doesn''t match %)', table_name, table_name_regex;
			END IF;

			IF
				file_name !~ file_name_regex
			THEN
				RAISE EXCEPTION 'Invalid data file name (% doesn''t match %)', file_name, file_name_regex;
			END IF;

			-- OK? Go!
			-- Make sure there's zero chance of SQL injection here
			EXECUTE '
				COPY
					' || quote_ident(table_name) || '
				FROM
					' || quote_literal(file_path || file_name) || '
				WITH (
					 DELIMITER ''|| csvdelimiter ||'', FORMAT CSV, HEADER
				);
			';
		END;
	$BODY$;

	-- Don't let just anyone do this privileged thing
	REVOKE ALL ON FUNCTION import_csv_file_to_temp_table( table_name text, file_name text, csvdelimiter text, geoserver_data_dir text)
		FROM PUBLIC;
	GRANT EXECUTE ON FUNCTION import_csv_file_to_temp_table( table_name text, file_name text, csvdelimiter text, geoserver_data_dir text)
		TO geosky_admin;
		
		

-- taken from http://rwec.co.uk/blog/2014/02/securely-importing-and-exporting-csv-with-postgresql/
CREATE OR REPLACE FUNCTION import_csv_file_to_temp_table(table_name text, file_name text, csvdelimiter text)
        RETURNS VOID
        LANGUAGE plpgsql
        -- The magic ingredient: Anyone who can execute this can do so with superuser privileges,
        --	as long as the function was created while logged in as a superuser.
        SECURITY DEFINER
        AS $BODY$
		DECLARE
			-- These must be as restrictive as possible, for security reasons

			-- Hard-coded directory in which all CSV files to import will be placed
			-- file_path text := '/home/www/geoserver/data/data/000tmp/';
			file_path text := 'C:\Users\admin\Documents\Projekte\geosky\geoserver\data\data\000tmp\';

			-- File names must contain only alphanumerics, dashes and underscores,
			--	and all must end in the extension .csv
			file_name_regex text := E'^[a-zA-Z0-9_-]+\\.csv$';

			-- Only allow imports to tables whose names begin 'temp_csv_',
			--	indicating that they are Temporary Tables created for the purpose
			table_name_regex text := '^temp_import_[a-z0-9_]+$';
		BEGIN
			-- Sanity check input
			IF
				table_name !~ table_name_regex
			THEN
				RAISE EXCEPTION 'Invalid temp table name (% doesn''t match %)', table_name, table_name_regex;
			END IF;

			IF
				file_name !~ file_name_regex
			THEN
				RAISE EXCEPTION 'Invalid data file name (% doesn''t match %)', file_name, file_name_regex;
			END IF;

			-- OK? Go!
			-- Make sure there's zero chance of SQL injection here
			EXECUTE '
				COPY
					' || quote_ident(table_name) || '
				FROM
					' || quote_literal(file_path || file_name) || '
				WITH (
					 DELIMITER ''|| csvdelimiter ||'', FORMAT CSV, HEADER
				);
			';
		END;
	$BODY$;

	-- Don't let just anyone do this privileged thing
	REVOKE ALL ON FUNCTION import_csv_file_to_temp_table( table_name text, file_name text, csvdelimiter text )
		FROM PUBLIC;
	GRANT EXECUTE ON FUNCTION import_csv_file_to_temp_table( table_name text, file_name text, csvdelimiter text )
		TO geosky_admin;
		
		
		
-- from postgres installation:
-- Function: import_csv_file_to_temp_table(text, text, text)

-- DROP FUNCTION import_csv_file_to_temp_table(text, text, text);

CREATE OR REPLACE FUNCTION import_csv_file_to_temp_table(table_name text, file_name text, csvdelimiter text)
  RETURNS void AS
$BODY$
		DECLARE
			-- These must be as restrictive as possible, for security reasons

			-- Hard-coded directory in which all CSV files to import will be placed
			-- file_path text := '/home/www/geoserver/data/data/000tmp/';
			file_path text := 'C:\Users\admin\Documents\Projekte\geosky\geoserver\data\data\000tmp\';

			-- File names must contain only alphanumerics, dashes and underscores,
			--	and all must end in the extension .csv
			file_name_regex text := E'^[a-zA-Z0-9_-]+\\.csv$';

			-- Only allow imports to tables whose names begin 'temp_csv_',
			--	indicating that they are Temporary Tables created for the purpose
			table_name_regex text := '^temp_import_[a-z0-9_]+$';
		BEGIN
			-- Sanity check input
			IF
				table_name !~ table_name_regex
			THEN
				RAISE EXCEPTION 'Invalid temp table name (% doesn''t match %)', table_name, table_name_regex;
			END IF;

			IF
				file_name !~ file_name_regex
			THEN
				RAISE EXCEPTION 'Invalid data file name (% doesn''t match %)', file_name, file_name_regex;
			END IF;

			-- OK? Go!
			-- Make sure there's zero chance of SQL injection here
			EXECUTE '
				COPY
					' || quote_ident(table_name) || '
				FROM
					' || quote_literal(file_path || file_name) || '
				WITH (
					 DELIMITER '';'', FORMAT CSV, HEADER
				);
			';
		END;
	$BODY$
  LANGUAGE plpgsql VOLATILE SECURITY DEFINER
  COST 100;
ALTER FUNCTION import_csv_file_to_temp_table(text, text, text)
  OWNER TO postgres;
GRANT EXECUTE ON FUNCTION import_csv_file_to_temp_table(text, text, text) TO postgres;
GRANT EXECUTE ON FUNCTION import_csv_file_to_temp_table(text, text, text) TO geosky_admin;
REVOKE ALL ON FUNCTION import_csv_file_to_temp_table(text, text, text) FROM public;


--for console
--CREATE OR REPLACE FUNCTION import_csv_file_to_temp_table(table_name text, file_name text, csvdelimiter text)        RETURNS VOID        LANGUAGE plpgsql        SECURITY DEFINER        AS $BODY$		DECLARE			file_path text := '/home/www/geoserver/data/data/000tmp/';			file_name_regex text := E'^[a-zA-Z0-9_-]+\\.csv$';			table_name_regex text := '^temp_import_[a-z0-9_]+$';		BEGIN			IF				table_name !~ table_name_regex			THEN				RAISE EXCEPTION 'Invalid temp table name (% doesn''t match %)', table_name, table_name_regex;			END IF;			IF				file_name !~ file_name_regex			THEN				RAISE EXCEPTION 'Invalid data file name (% doesn''t match %)', file_name, file_name_regex;			END IF;			EXECUTE '				COPY					' || quote_ident(table_name) || '				FROM					' || quote_literal(file_path || file_name) || '				WITH (					 DELIMITER ''|| csvdelimiter ||'', FORMAT CSV, HEADER				);			';		END;	$BODY$;	REVOKE ALL ON FUNCTION import_csv_file_to_temp_table( table_name text, file_name text, csvdelimiter text )		FROM PUBLIC;	GRANT EXECUTE ON FUNCTION import_csv_file_to_temp_table( table_name text, file_name text, csvdelimiter text )		TO geosky_admin;
