aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/sql/grant-all.mysql.sql50
-rw-r--r--lib/sql/grant-all.postgres.sql73
2 files changed, 61 insertions, 62 deletions
diff --git a/lib/sql/grant-all.mysql.sql b/lib/sql/grant-all.mysql.sql
index 5a297b8..3397409 100644
--- a/lib/sql/grant-all.mysql.sql
+++ b/lib/sql/grant-all.mysql.sql
@@ -1,52 +1,52 @@
BEGIN;
-- give necessary permissions to the web server. Because the admin is all
-- web-based, these need to be quite permissive
-GRANT SELECT, UPDATE, INSERT, DELETE ON django_session TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON django_site TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON django_admin_log TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON django_content_type TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group_permissions TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_permission TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_groups TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_user_permissions TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON auth_permission TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_emailconfirmation TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_state TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_comment TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_person TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile_maintainer_projects TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_project TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_admin_log TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_content_type TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_session TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_site TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundle TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundlepatch TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_submission TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patch TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_check TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_comment TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_coverletter TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_delegationrule TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_emailconfirmation TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_emailoptout TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patch TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patchchangenotification TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patchtag TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_person TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_project TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_series TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_seriespatch TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_seriesreference TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_emailoptout TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patchchangenotification TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_state TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_submission TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_tag TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patchtag TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_check TO 'www-data'@localhost;
-GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_delegationrule TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile_maintainer_projects TO 'www-data'@localhost;
-- allow the mail user (in this case, 'nobody') to add submissions (patches,
-- cover letters) and series
-GRANT INSERT, SELECT ON patchwork_submission TO 'nobody'@localhost;
-GRANT INSERT, SELECT ON patchwork_patch TO 'nobody'@localhost;
+GRANT INSERT, SELECT ON patchwork_comment TO 'nobody'@localhost;
GRANT INSERT, SELECT ON patchwork_coverletter TO 'nobody'@localhost;
+GRANT INSERT, SELECT ON patchwork_patch TO 'nobody'@localhost;
+GRANT INSERT, SELECT ON patchwork_person TO 'nobody'@localhost;
GRANT INSERT, SELECT ON patchwork_series TO 'nobody'@localhost;
GRANT INSERT, SELECT ON patchwork_seriespatch TO 'nobody'@localhost;
GRANT INSERT, SELECT ON patchwork_seriesreference TO 'nobody'@localhost;
-GRANT INSERT, SELECT ON patchwork_comment TO 'nobody'@localhost;
-GRANT INSERT, SELECT ON patchwork_person TO 'nobody'@localhost;
+GRANT INSERT, SELECT ON patchwork_submission TO 'nobody'@localhost;
GRANT INSERT, SELECT, UPDATE, DELETE ON patchwork_patchtag TO 'nobody'@localhost;
+GRANT SELECT ON patchwork_delegationrule TO 'nobody'@localhost;
GRANT SELECT ON patchwork_project TO 'nobody'@localhost;
GRANT SELECT ON patchwork_state TO 'nobody'@localhost;
GRANT SELECT ON patchwork_tag TO 'nobody'@localhost;
-GRANT SELECT ON patchwork_delegationrule TO 'nobody'@localhost;
COMMIT;
diff --git a/lib/sql/grant-all.postgres.sql b/lib/sql/grant-all.postgres.sql
index c709866..27f55c9 100644
--- a/lib/sql/grant-all.postgres.sql
+++ b/lib/sql/grant-all.postgres.sql
@@ -2,38 +2,38 @@ BEGIN;
-- give necessary permissions to the web server. Because the admin is all
-- web-based, these need to be quite permissive
GRANT SELECT, UPDATE, INSERT, DELETE ON
- django_session,
- django_site,
- django_admin_log,
- django_content_type,
+ auth_group,
auth_group_permissions,
auth_user,
auth_user_groups,
- auth_group,
auth_user_user_permissions,
auth_permission,
authtoken_token,
- patchwork_emailconfirmation,
- patchwork_state,
- patchwork_comment,
- patchwork_person,
- patchwork_userprofile,
- patchwork_userprofile_maintainer_projects,
- patchwork_project,
+ django_admin_log,
+ django_content_type,
+ django_session,
+ django_site,
patchwork_bundle,
patchwork_bundlepatch,
- patchwork_submission,
- patchwork_patch,
+ patchwork_check,
+ patchwork_comment,
patchwork_coverletter,
+ patchwork_delegationrule
+ patchwork_emailconfirmation,
+ patchwork_emailoptout,
+ patchwork_patch,
+ patchwork_patchchangenotification,
+ patchwork_patchtag,
+ patchwork_person,
+ patchwork_project,
patchwork_series,
patchwork_seriespatch,
patchwork_seriesreference,
- patchwork_emailoptout,
- patchwork_patchchangenotification,
+ patchwork_state,
+ patchwork_submission,
patchwork_tag,
- patchwork_patchtag,
- patchwork_check,
- patchwork_delegationrule
+ patchwork_userprofile,
+ patchwork_userprofile_maintainer_projects,
TO "www-data";
GRANT SELECT, UPDATE ON
auth_group_id_seq,
@@ -47,55 +47,54 @@ GRANT SELECT, UPDATE ON
django_site_id_seq,
patchwork_bundle_id_seq,
patchwork_bundlepatch_id_seq,
+ patchwork_check_id_seq,
patchwork_comment_id_seq,
+ patchwork_delegationrule_id_seq
+ patchwork_emailconfirmation_id_seq,
patchwork_patch_id_seq,
+ patchwork_patchtag_id_seq,
+ patchwork_person_id_seq,
+ patchwork_project_id_seq,
patchwork_series_id_seq,
patchwork_seriespatch_id_seq,
patchwork_seriesreference_id_seq,
- patchwork_person_id_seq,
- patchwork_project_id_seq,
patchwork_state_id_seq,
- patchwork_emailconfirmation_id_seq,
+ patchwork_tag_id_seq,
patchwork_userprofile_id_seq,
patchwork_userprofile_maintainer_projects_id_seq,
- patchwork_tag_id_seq,
- patchwork_patchtag_id_seq,
- patchwork_check_id_seq,
- patchwork_delegationrule_id_seq
TO "www-data";
-- allow the mail user (in this case, 'nobody') to add submissions (patches,
-- cover letters) and series
GRANT INSERT, SELECT ON
- patchwork_submission,
+ patchwork_comment,
patchwork_coverletter,
+ patchwork_event
patchwork_seriespatch,
patchwork_seriesreference,
- patchwork_comment,
- patchwork_event
+ patchwork_submission,
TO "nobody";
GRANT INSERT, SELECT, UPDATE, DELETE ON
- patchwork_patchtag,
patchwork_patch,
- patchwork_series,
+ patchwork_patchtag,
patchwork_person
+ patchwork_series,
TO "nobody";
GRANT SELECT ON
+ patchwork_delegationrule
patchwork_project,
patchwork_state,
patchwork_tag,
- patchwork_delegationrule
TO "nobody";
GRANT UPDATE, SELECT ON
+ patchwork_comment_id_seq,
+ patchwork_event_id_seq
patchwork_patch_id_seq,
+ patchwork_patchtag_id_seq,
+ patchwork_person_id_seq,
patchwork_series_id_seq,
patchwork_seriespatch_id_seq,
patchwork_seriesreference_id_seq,
- patchwork_person_id_seq,
- patchwork_comment_id_seq,
- patchwork_patchtag_id_seq,
- patchwork_event_id_seq
TO "nobody";
COMMIT;
-