From 4a039197705f92ee1c362401a7f7bb834ecc9079 Mon Sep 17 00:00:00 2001
From: Jeremy Kerr <jk@ozlabs.org>
Date: Thu, 9 Oct 2008 22:49:18 +1100
Subject: [sql] use separate grant-all scripts for postgresql and mysql

Mysql doesn't support granting to multiple tables, and requires a
different username format.

Would be nice to code the permissions somewhere, then generate the
grant statements as required.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
---
 lib/sql/grant-all.mysql.sql    | 35 +++++++++++++++++++++
 lib/sql/grant-all.postgres.sql | 69 ++++++++++++++++++++++++++++++++++++++++++
 lib/sql/grant-all.sql          | 69 ------------------------------------------
 3 files changed, 104 insertions(+), 69 deletions(-)
 create mode 100644 lib/sql/grant-all.mysql.sql
 create mode 100644 lib/sql/grant-all.postgres.sql
 delete mode 100644 lib/sql/grant-all.sql

(limited to 'lib/sql')

diff --git a/lib/sql/grant-all.mysql.sql b/lib/sql/grant-all.mysql.sql
new file mode 100644
index 0000000..4dd6efb
--- /dev/null
+++ b/lib/sql/grant-all.mysql.sql
@@ -0,0 +1,35 @@
+BEGIN;
+-- give necessary permissions to the web server. Becuase the admin is all
+-- web-based, these need to be quite permissive
+GRANT SELECT, UPDATE, INSERT, DELETE ON	auth_message TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_session TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_site TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_admin_log TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_content_type TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group_permissions TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_groups TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_user_permissions TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_permission TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userpersonconfirmation TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_state TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_comment TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_person TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile_maintainer_projects TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_project TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundle TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundle_patches TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patch TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON registration_registrationprofile TO 'www-data'@localhost;
+
+-- allow the mail user (in this case, 'nobody') to add patches
+GRANT INSERT, SELECT ON patchwork_patch TO 'nobody'@localhost;
+GRANT INSERT, SELECT ON patchwork_comment TO 'nobody'@localhost;
+GRANT INSERT, SELECT ON patchwork_person TO 'nobody'@localhost;
+GRANT SELECT ON	patchwork_project TO 'nobody'@localhost;
+GRANT SELECT ON patchwork_state TO 'nobody'@localhost;
+
+COMMIT;
+
diff --git a/lib/sql/grant-all.postgres.sql b/lib/sql/grant-all.postgres.sql
new file mode 100644
index 0000000..72e1f31
--- /dev/null
+++ b/lib/sql/grant-all.postgres.sql
@@ -0,0 +1,69 @@
+BEGIN;
+-- give necessary permissions to the web server. Becuase the admin is all
+-- web-based, these need to be quite permissive
+GRANT SELECT, UPDATE, INSERT, DELETE ON
+	auth_message,
+	django_session,
+	django_site,
+	django_admin_log,
+	django_content_type,
+	auth_group_permissions,
+	auth_user,
+	auth_user_groups,
+	auth_group,
+	auth_user_user_permissions,
+	auth_permission,
+	patchwork_userpersonconfirmation,
+	patchwork_state,
+	patchwork_comment,
+	patchwork_person,
+	patchwork_userprofile,
+	patchwork_userprofile_maintainer_projects,
+	patchwork_project,
+	patchwork_bundle,
+	patchwork_bundle_patches,
+	patchwork_patch,
+	registration_registrationprofile
+TO "www-data";
+GRANT SELECT, UPDATE ON
+	auth_group_id_seq,
+	auth_group_permissions_id_seq,
+	auth_message_id_seq,
+	auth_permission_id_seq,
+	auth_user_groups_id_seq,
+	auth_user_id_seq,
+	auth_user_user_permissions_id_seq,
+	django_admin_log_id_seq,
+	django_content_type_id_seq,
+	django_site_id_seq,
+	patchwork_bundle_id_seq,
+	patchwork_bundle_patches_id_seq,
+	patchwork_comment_id_seq,
+	patchwork_patch_id_seq,
+	patchwork_person_id_seq,
+	patchwork_project_id_seq,
+	patchwork_state_id_seq,
+	patchwork_userpersonconfirmation_id_seq,
+	patchwork_userprofile_id_seq,
+	patchwork_userprofile_maintainer_projects_id_seq,
+	registration_registrationprofile_id_seq
+TO "www-data";
+
+-- allow the mail user (in this case, 'nobody') to add patches
+GRANT INSERT, SELECT ON
+	patchwork_patch,
+	patchwork_comment,
+	patchwork_person
+TO "nobody";
+GRANT SELECT ON
+	patchwork_project,
+	patchwork_state
+TO "nobody";
+GRANT UPDATE, SELECT ON
+	patchwork_patch_id_seq,
+	patchwork_person_id_seq,
+	patchwork_comment_id_seq
+TO "nobody";
+
+COMMIT;
+
diff --git a/lib/sql/grant-all.sql b/lib/sql/grant-all.sql
deleted file mode 100644
index 72e1f31..0000000
--- a/lib/sql/grant-all.sql
+++ /dev/null
@@ -1,69 +0,0 @@
-BEGIN;
--- give necessary permissions to the web server. Becuase the admin is all
--- web-based, these need to be quite permissive
-GRANT SELECT, UPDATE, INSERT, DELETE ON
-	auth_message,
-	django_session,
-	django_site,
-	django_admin_log,
-	django_content_type,
-	auth_group_permissions,
-	auth_user,
-	auth_user_groups,
-	auth_group,
-	auth_user_user_permissions,
-	auth_permission,
-	patchwork_userpersonconfirmation,
-	patchwork_state,
-	patchwork_comment,
-	patchwork_person,
-	patchwork_userprofile,
-	patchwork_userprofile_maintainer_projects,
-	patchwork_project,
-	patchwork_bundle,
-	patchwork_bundle_patches,
-	patchwork_patch,
-	registration_registrationprofile
-TO "www-data";
-GRANT SELECT, UPDATE ON
-	auth_group_id_seq,
-	auth_group_permissions_id_seq,
-	auth_message_id_seq,
-	auth_permission_id_seq,
-	auth_user_groups_id_seq,
-	auth_user_id_seq,
-	auth_user_user_permissions_id_seq,
-	django_admin_log_id_seq,
-	django_content_type_id_seq,
-	django_site_id_seq,
-	patchwork_bundle_id_seq,
-	patchwork_bundle_patches_id_seq,
-	patchwork_comment_id_seq,
-	patchwork_patch_id_seq,
-	patchwork_person_id_seq,
-	patchwork_project_id_seq,
-	patchwork_state_id_seq,
-	patchwork_userpersonconfirmation_id_seq,
-	patchwork_userprofile_id_seq,
-	patchwork_userprofile_maintainer_projects_id_seq,
-	registration_registrationprofile_id_seq
-TO "www-data";
-
--- allow the mail user (in this case, 'nobody') to add patches
-GRANT INSERT, SELECT ON
-	patchwork_patch,
-	patchwork_comment,
-	patchwork_person
-TO "nobody";
-GRANT SELECT ON
-	patchwork_project,
-	patchwork_state
-TO "nobody";
-GRANT UPDATE, SELECT ON
-	patchwork_patch_id_seq,
-	patchwork_person_id_seq,
-	patchwork_comment_id_seq
-TO "nobody";
-
-COMMIT;
-
-- 
cgit v1.2.3