diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/sql/grant-all.mysql.sql | 50 | ||||
-rw-r--r-- | lib/sql/grant-all.postgres.sql | 73 |
2 files changed, 61 insertions, 62 deletions
diff --git a/lib/sql/grant-all.mysql.sql b/lib/sql/grant-all.mysql.sql index 5a297b8..3397409 100644 --- a/lib/sql/grant-all.mysql.sql +++ b/lib/sql/grant-all.mysql.sql @@ -1,52 +1,52 @@ BEGIN; -- give necessary permissions to the web server. Because the admin is all -- web-based, these need to be quite permissive -GRANT SELECT, UPDATE, INSERT, DELETE ON django_session TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON django_site TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON django_admin_log TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON django_content_type TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group TO 'www-data'@localhost; GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group_permissions TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON auth_permission TO 'www-data'@localhost; GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user TO 'www-data'@localhost; GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_groups TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group TO 'www-data'@localhost; GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_user_permissions TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON auth_permission TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_emailconfirmation TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_state TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_comment TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_person TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile_maintainer_projects TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_project TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON django_admin_log TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON django_content_type TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON django_session TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON django_site TO 'www-data'@localhost; GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundle TO 'www-data'@localhost; GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundlepatch TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_submission TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patch TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_check TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_comment TO 'www-data'@localhost; GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_coverletter TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_delegationrule TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_emailconfirmation TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_emailoptout TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patch TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patchchangenotification TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patchtag TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_person TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_project TO 'www-data'@localhost; GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_series TO 'www-data'@localhost; GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_seriespatch TO 'www-data'@localhost; GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_seriesreference TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_emailoptout TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patchchangenotification TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_state TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_submission TO 'www-data'@localhost; GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_tag TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patchtag TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_check TO 'www-data'@localhost; -GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_delegationrule TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile_maintainer_projects TO 'www-data'@localhost; -- allow the mail user (in this case, 'nobody') to add submissions (patches, -- cover letters) and series -GRANT INSERT, SELECT ON patchwork_submission TO 'nobody'@localhost; -GRANT INSERT, SELECT ON patchwork_patch TO 'nobody'@localhost; +GRANT INSERT, SELECT ON patchwork_comment TO 'nobody'@localhost; GRANT INSERT, SELECT ON patchwork_coverletter TO 'nobody'@localhost; +GRANT INSERT, SELECT ON patchwork_patch TO 'nobody'@localhost; +GRANT INSERT, SELECT ON patchwork_person TO 'nobody'@localhost; GRANT INSERT, SELECT ON patchwork_series TO 'nobody'@localhost; GRANT INSERT, SELECT ON patchwork_seriespatch TO 'nobody'@localhost; GRANT INSERT, SELECT ON patchwork_seriesreference TO 'nobody'@localhost; -GRANT INSERT, SELECT ON patchwork_comment TO 'nobody'@localhost; -GRANT INSERT, SELECT ON patchwork_person TO 'nobody'@localhost; +GRANT INSERT, SELECT ON patchwork_submission TO 'nobody'@localhost; GRANT INSERT, SELECT, UPDATE, DELETE ON patchwork_patchtag TO 'nobody'@localhost; +GRANT SELECT ON patchwork_delegationrule TO 'nobody'@localhost; GRANT SELECT ON patchwork_project TO 'nobody'@localhost; GRANT SELECT ON patchwork_state TO 'nobody'@localhost; GRANT SELECT ON patchwork_tag TO 'nobody'@localhost; -GRANT SELECT ON patchwork_delegationrule TO 'nobody'@localhost; COMMIT; diff --git a/lib/sql/grant-all.postgres.sql b/lib/sql/grant-all.postgres.sql index c709866..27f55c9 100644 --- a/lib/sql/grant-all.postgres.sql +++ b/lib/sql/grant-all.postgres.sql @@ -2,38 +2,38 @@ BEGIN; -- give necessary permissions to the web server. Because the admin is all -- web-based, these need to be quite permissive GRANT SELECT, UPDATE, INSERT, DELETE ON - django_session, - django_site, - django_admin_log, - django_content_type, + auth_group, auth_group_permissions, auth_user, auth_user_groups, - auth_group, auth_user_user_permissions, auth_permission, authtoken_token, - patchwork_emailconfirmation, - patchwork_state, - patchwork_comment, - patchwork_person, - patchwork_userprofile, - patchwork_userprofile_maintainer_projects, - patchwork_project, + django_admin_log, + django_content_type, + django_session, + django_site, patchwork_bundle, patchwork_bundlepatch, - patchwork_submission, - patchwork_patch, + patchwork_check, + patchwork_comment, patchwork_coverletter, + patchwork_delegationrule + patchwork_emailconfirmation, + patchwork_emailoptout, + patchwork_patch, + patchwork_patchchangenotification, + patchwork_patchtag, + patchwork_person, + patchwork_project, patchwork_series, patchwork_seriespatch, patchwork_seriesreference, - patchwork_emailoptout, - patchwork_patchchangenotification, + patchwork_state, + patchwork_submission, patchwork_tag, - patchwork_patchtag, - patchwork_check, - patchwork_delegationrule + patchwork_userprofile, + patchwork_userprofile_maintainer_projects, TO "www-data"; GRANT SELECT, UPDATE ON auth_group_id_seq, @@ -47,55 +47,54 @@ GRANT SELECT, UPDATE ON django_site_id_seq, patchwork_bundle_id_seq, patchwork_bundlepatch_id_seq, + patchwork_check_id_seq, patchwork_comment_id_seq, + patchwork_delegationrule_id_seq + patchwork_emailconfirmation_id_seq, patchwork_patch_id_seq, + patchwork_patchtag_id_seq, + patchwork_person_id_seq, + patchwork_project_id_seq, patchwork_series_id_seq, patchwork_seriespatch_id_seq, patchwork_seriesreference_id_seq, - patchwork_person_id_seq, - patchwork_project_id_seq, patchwork_state_id_seq, - patchwork_emailconfirmation_id_seq, + patchwork_tag_id_seq, patchwork_userprofile_id_seq, patchwork_userprofile_maintainer_projects_id_seq, - patchwork_tag_id_seq, - patchwork_patchtag_id_seq, - patchwork_check_id_seq, - patchwork_delegationrule_id_seq TO "www-data"; -- allow the mail user (in this case, 'nobody') to add submissions (patches, -- cover letters) and series GRANT INSERT, SELECT ON - patchwork_submission, + patchwork_comment, patchwork_coverletter, + patchwork_event patchwork_seriespatch, patchwork_seriesreference, - patchwork_comment, - patchwork_event + patchwork_submission, TO "nobody"; GRANT INSERT, SELECT, UPDATE, DELETE ON - patchwork_patchtag, patchwork_patch, - patchwork_series, + patchwork_patchtag, patchwork_person + patchwork_series, TO "nobody"; GRANT SELECT ON + patchwork_delegationrule patchwork_project, patchwork_state, patchwork_tag, - patchwork_delegationrule TO "nobody"; GRANT UPDATE, SELECT ON + patchwork_comment_id_seq, + patchwork_event_id_seq patchwork_patch_id_seq, + patchwork_patchtag_id_seq, + patchwork_person_id_seq, patchwork_series_id_seq, patchwork_seriespatch_id_seq, patchwork_seriesreference_id_seq, - patchwork_person_id_seq, - patchwork_comment_id_seq, - patchwork_patchtag_id_seq, - patchwork_event_id_seq TO "nobody"; COMMIT; - |