#!/usr/bin/env python2 # vim: et ts=4 sw=4 fileencoding=utf-8 """ Give non-admin rights to the database app user. """ CONFFILE = "/etc/mailman-migration.conf" import site import re import yaml import psycopg2 def give_rights(dbhost, dbuser, dbpasswd, dbname, dbreguser=None): if dbreguser is None: dbreguser = dbname + "app" conn = psycopg2.connect(host=dbhost, user=dbuser, password=dbpasswd, database=dbname) cur = conn.cursor() # Database permissions dbrightsquery = "GRANT CONNECT,TEMP ON DATABASE %s TO %s;" % (dbname, dbreguser) print dbrightsquery cur.execute(dbrightsquery) # Table permissions cur.execute(""" SELECT 'GRANT SELECT,INSERT,UPDATE,DELETE,TRUNCATE ON "' || relname || '" TO %s;' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind IN ('r', 'v'); """ % dbreguser) queries = [ q[0] for q in cur ] for query in queries: print query cur.execute(query) # Sequence permissions cur.execute(""" SELECT 'GRANT USAGE,SELECT,UPDATE ON ' || relname || ' TO %s;' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind = 'S'; """ % dbreguser) queries = [ q[0] for q in cur ] for query in queries: print query cur.execute(query) conn.commit() cur.close() conn.close() def main(): with open(CONFFILE) as conffile: conf = yaml.safe_load(conffile) site.addsitedir(conf["confdir"]) import settings_admin ## KittyStore #dbspec = re.match(""" # postgresql:// # (?P[a-z]+) # : # (?P[^@]+) # @ # (?P[^/]+) # / # (?P[^/?]+) # """, settings_admin.KITTYSTORE_URL, re.X) #give_rights(dbspec.group("host"), # dbspec.group("user"), # dbspec.group("password"), # dbspec.group("database") # ) # HyperKitty give_rights( settings_admin.DATABASES["default"]["HOST"], settings_admin.DATABASES["default"]["USER"], settings_admin.DATABASES["default"]["PASSWORD"], settings_admin.DATABASES["default"]["NAME"], ) if __name__ == "__main__": main()