Mercurial > ~dholland > hg > swallowtail > index.cgi
comparison database/schema/users.sql @ 55:40f64a96481f
Adjust database user arrangements and grant schema privs.
author | David A. Holland |
---|---|
date | Sun, 10 Apr 2022 19:36:29 -0400 |
parents | 12a4c9f88510 |
children |
comparison
equal
deleted
inserted
replaced
54:36d91dfe017f | 55:40f64a96481f |
---|---|
1 -- | 1 -- |
2 -- Users. | 2 -- Users. |
3 -- | |
4 -- (That is, Swallowtail-level users.) | |
3 -- | 5 -- |
4 -- Rather than trying to have different kinds of users (as in the last | 6 -- Rather than trying to have different kinds of users (as in the last |
5 -- rev of this stuff) I think we will just have user permissions. | 7 -- rev of this stuff) I think we will just have user permissions. |
6 -- Otherwise we end up in various kinds of trouble if users change | 8 -- Otherwise we end up in various kinds of trouble if users change |
7 -- type. This means we cannot use foreign key constraints to e.g. | 9 -- type. This means we cannot use foreign key constraints to e.g. |
71 | 73 |
72 -- Intended constraint: | 74 -- Intended constraint: |
73 -- (oldresponsible OR responsible OR editpr OR admin) | 75 -- (oldresponsible OR responsible OR editpr OR admin) |
74 -- implies username not null. | 76 -- implies username not null. |
75 | 77 |
78 -- Admins need to be able to adjust user data freely. | |
79 GRANT SELECT, INSERT, UPDATE, DELETE ON users TO swallowtail_admin; | |
80 GRANT SELECT, INSERT, UPDATE, DELETE ON mailaddresses TO swallowtail_admin; | |
81 GRANT SELECT ON usermail TO swallowtail_admin; | |
82 | |
83 -- Writers need to see the permission bits. | |
84 GRANT SELECT ON users TO swallowtail_writer; | |
85 | |
86 -- Readers only need to be able to print. | |
87 -- XXX: deny public access to emails? | |
88 GRANT SELECT ON usermail TO swallowtail_reader; | |
89 GRANT SELECT ON usermail TO swallowtail_public; | |
90 | |
91 -- The user operations interface needs to manage email addresses. | |
92 GRANT SELECT ON users TO swallowtail_uops; | |
93 GRANT UPDATE (realname) ON users TO swallowtail_uops; | |
94 GRANT SELECT, INSERT, UPDATE, DELETE on mailaddresses to swallowtail_uops; |