| Message ID | 1503920358-26652-2-git-send-email-jk@ozlabs.org |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/2] tests: Run FuzzTest within a transaction | expand |
On Mon, 2017-08-28 at 19:39 +0800, Jeremy Kerr wrote: > Some tables are no longer present, and others that are used by the web > interface and mail parser need access permissions added. > > This change was required to get patchwork going on patchwork.ozlabs.org; > there may be other permissions required, that we haven't hit yet. So, > some review would be good here. > > Also: it's unlikely that we need DELETE for the mail parser, but I'm not > confident enough to remove that at the moment. > > Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Some small comments below but this looks good to me. I'll wait a bit for other comments before applying. Reviewed-by: Stephen Finucane <stephen@that.guru> > --- > lib/sql/grant-all.postgres.sql | 17 ++++++++--------- > 1 file changed, 8 insertions(+), 9 deletions(-) > > diff --git a/lib/sql/grant-all.postgres.sql b/lib/sql/grant-all.postgres.sql > index 405ba44..c709866 100644 > --- a/lib/sql/grant-all.postgres.sql > +++ b/lib/sql/grant-all.postgres.sql > @@ -12,6 +12,7 @@ GRANT SELECT, UPDATE, INSERT, DELETE ON > auth_group, > auth_user_user_permissions, > auth_permission, > + authtoken_token, Yup, forgot about that one. > patchwork_emailconfirmation, > patchwork_state, > patchwork_comment, > @@ -47,9 +48,7 @@ GRANT SELECT, UPDATE ON > patchwork_bundle_id_seq, > patchwork_bundlepatch_id_seq, > patchwork_comment_id_seq, > - patchwork_submission_id_seq, > patchwork_patch_id_seq, > - patchwork_coverletter_id_seq, So there's no id column now that these are JOINed with 'submission'? Make sense. > patchwork_series_id_seq, > patchwork_seriespatch_id_seq, > patchwork_seriesreference_id_seq, > @@ -69,16 +68,17 @@ TO "www-data"; > -- cover letters) and series > GRANT INSERT, SELECT ON > patchwork_submission, > - patchwork_patch, > patchwork_coverletter, > - patchwork_series, > patchwork_seriespatch, > patchwork_seriesreference, > patchwork_comment, > - patchwork_person > + patchwork_event > TO "nobody"; > GRANT INSERT, SELECT, UPDATE, DELETE ON As you say, I can't see why DELETE would be necessary for this, but I'm also not confident enough to remove this. > - patchwork_patchtag > + patchwork_patchtag, > + patchwork_patch, > + patchwork_series, > + patchwork_person I'm assuming the UPDATE permission is required due to how series work. Makes sense. > TO "nobody"; > GRANT SELECT ON > patchwork_project, > @@ -87,15 +87,14 @@ GRANT SELECT ON > patchwork_delegationrule > TO "nobody"; > GRANT UPDATE, SELECT ON > - patchwork_submission_id_seq, > patchwork_patch_id_seq, > - patchwork_coverletter_id_seq, > patchwork_series_id_seq, > patchwork_seriespatch_id_seq, > patchwork_seriesreference_id_seq, > patchwork_person_id_seq, > patchwork_comment_id_seq, > - patchwork_patchtag_id_seq > + patchwork_patchtag_id_seq, > + patchwork_event_id_seq > TO "nobody"; > > COMMIT;
diff --git a/lib/sql/grant-all.postgres.sql b/lib/sql/grant-all.postgres.sql index 405ba44..c709866 100644 --- a/lib/sql/grant-all.postgres.sql +++ b/lib/sql/grant-all.postgres.sql @@ -12,6 +12,7 @@ GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group, auth_user_user_permissions, auth_permission, + authtoken_token, patchwork_emailconfirmation, patchwork_state, patchwork_comment, @@ -47,9 +48,7 @@ GRANT SELECT, UPDATE ON patchwork_bundle_id_seq, patchwork_bundlepatch_id_seq, patchwork_comment_id_seq, - patchwork_submission_id_seq, patchwork_patch_id_seq, - patchwork_coverletter_id_seq, patchwork_series_id_seq, patchwork_seriespatch_id_seq, patchwork_seriesreference_id_seq, @@ -69,16 +68,17 @@ TO "www-data"; -- cover letters) and series GRANT INSERT, SELECT ON patchwork_submission, - patchwork_patch, patchwork_coverletter, - patchwork_series, patchwork_seriespatch, patchwork_seriesreference, patchwork_comment, - patchwork_person + patchwork_event TO "nobody"; GRANT INSERT, SELECT, UPDATE, DELETE ON - patchwork_patchtag + patchwork_patchtag, + patchwork_patch, + patchwork_series, + patchwork_person TO "nobody"; GRANT SELECT ON patchwork_project, @@ -87,15 +87,14 @@ GRANT SELECT ON patchwork_delegationrule TO "nobody"; GRANT UPDATE, SELECT ON - patchwork_submission_id_seq, patchwork_patch_id_seq, - patchwork_coverletter_id_seq, patchwork_series_id_seq, patchwork_seriespatch_id_seq, patchwork_seriesreference_id_seq, patchwork_person_id_seq, patchwork_comment_id_seq, - patchwork_patchtag_id_seq + patchwork_patchtag_id_seq, + patchwork_event_id_seq TO "nobody"; COMMIT;
Some tables are no longer present, and others that are used by the web interface and mail parser need access permissions added. This change was required to get patchwork going on patchwork.ozlabs.org; there may be other permissions required, that we haven't hit yet. So, some review would be good here. Also: it's unlikely that we need DELETE for the mail parser, but I'm not confident enough to remove that at the moment. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> --- lib/sql/grant-all.postgres.sql | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-)