Mercurial > ~dholland > hg > swallowtail > index.cgi
diff database/schema/users.sql @ 55:40f64a96481f
Adjust database user arrangements and grant schema privs.
author | David A. Holland |
---|---|
date | Sun, 10 Apr 2022 19:36:29 -0400 |
parents | 12a4c9f88510 |
children |
line wrap: on
line diff
--- a/database/schema/users.sql Sun Apr 10 17:41:24 2022 -0400 +++ b/database/schema/users.sql Sun Apr 10 19:36:29 2022 -0400 @@ -1,6 +1,8 @@ -- -- Users. -- +-- (That is, Swallowtail-level users.) +-- -- Rather than trying to have different kinds of users (as in the last -- rev of this stuff) I think we will just have user permissions. -- Otherwise we end up in various kinds of trouble if users change @@ -73,3 +75,20 @@ -- (oldresponsible OR responsible OR editpr OR admin) -- implies username not null. +-- Admins need to be able to adjust user data freely. +GRANT SELECT, INSERT, UPDATE, DELETE ON users TO swallowtail_admin; +GRANT SELECT, INSERT, UPDATE, DELETE ON mailaddresses TO swallowtail_admin; +GRANT SELECT ON usermail TO swallowtail_admin; + +-- Writers need to see the permission bits. +GRANT SELECT ON users TO swallowtail_writer; + +-- Readers only need to be able to print. +-- XXX: deny public access to emails? +GRANT SELECT ON usermail TO swallowtail_reader; +GRANT SELECT ON usermail TO swallowtail_public; + +-- The user operations interface needs to manage email addresses. +GRANT SELECT ON users TO swallowtail_uops; +GRANT UPDATE (realname) ON users TO swallowtail_uops; +GRANT SELECT, INSERT, UPDATE, DELETE on mailaddresses to swallowtail_uops;