diff options
| author | Jeremy Kerr <jk@ozlabs.org> | 2008-10-09 22:49:18 +1100 |
|---|---|---|
| committer | Jeremy Kerr <jk@ozlabs.org> | 2008-10-09 22:49:18 +1100 |
| commit | 4a039197705f92ee1c362401a7f7bb834ecc9079 (patch) | |
| tree | 4d5ab43e19b9e0edb1c990a0baa92c4b63a1d79b /lib/sql/grant-all.postgres.sql | |
| parent | 65404776f7f0e975737a5c8c69dc0b2ae5fe93da (diff) | |
| download | patchwork-4a039197705f92ee1c362401a7f7bb834ecc9079.tar patchwork-4a039197705f92ee1c362401a7f7bb834ecc9079.tar.gz | |
[sql] use separate grant-all scripts for postgresql and mysql
Mysql doesn't support granting to multiple tables, and requires a
different username format.
Would be nice to code the permissions somewhere, then generate the
grant statements as required.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Diffstat (limited to 'lib/sql/grant-all.postgres.sql')
| -rw-r--r-- | lib/sql/grant-all.postgres.sql | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/lib/sql/grant-all.postgres.sql b/lib/sql/grant-all.postgres.sql new file mode 100644 index 0000000..72e1f31 --- /dev/null +++ b/lib/sql/grant-all.postgres.sql @@ -0,0 +1,69 @@ +BEGIN; +-- give necessary permissions to the web server. Becuase the admin is all +-- web-based, these need to be quite permissive +GRANT SELECT, UPDATE, INSERT, DELETE ON + auth_message, + django_session, + django_site, + django_admin_log, + django_content_type, + auth_group_permissions, + auth_user, + auth_user_groups, + auth_group, + auth_user_user_permissions, + auth_permission, + patchwork_userpersonconfirmation, + patchwork_state, + patchwork_comment, + patchwork_person, + patchwork_userprofile, + patchwork_userprofile_maintainer_projects, + patchwork_project, + patchwork_bundle, + patchwork_bundle_patches, + patchwork_patch, + registration_registrationprofile +TO "www-data"; +GRANT SELECT, UPDATE ON + auth_group_id_seq, + auth_group_permissions_id_seq, + auth_message_id_seq, + auth_permission_id_seq, + auth_user_groups_id_seq, + auth_user_id_seq, + auth_user_user_permissions_id_seq, + django_admin_log_id_seq, + django_content_type_id_seq, + django_site_id_seq, + patchwork_bundle_id_seq, + patchwork_bundle_patches_id_seq, + patchwork_comment_id_seq, + patchwork_patch_id_seq, + patchwork_person_id_seq, + patchwork_project_id_seq, + patchwork_state_id_seq, + patchwork_userpersonconfirmation_id_seq, + patchwork_userprofile_id_seq, + patchwork_userprofile_maintainer_projects_id_seq, + registration_registrationprofile_id_seq +TO "www-data"; + +-- allow the mail user (in this case, 'nobody') to add patches +GRANT INSERT, SELECT ON + patchwork_patch, + patchwork_comment, + patchwork_person +TO "nobody"; +GRANT SELECT ON + patchwork_project, + patchwork_state +TO "nobody"; +GRANT UPDATE, SELECT ON + patchwork_patch_id_seq, + patchwork_person_id_seq, + patchwork_comment_id_seq +TO "nobody"; + +COMMIT; + |