diff --git a/cli/macrostrat/cli/cli.py b/cli/macrostrat/cli/cli.py index 43a7250e..65d0e292 100644 --- a/cli/macrostrat/cli/cli.py +++ b/cli/macrostrat/cli/cli.py @@ -383,12 +383,15 @@ def state(): app.console.print(app.state.get()) +# TODO: subsystem dependencies +from .subsystems.core import core_schema from .subsystems.legend_api import legend_api from .subsystems.macrostrat_api import macrostrat_api # Add basic schema hunks from .subsystems.xdd import xdd_schema +db_subsystem.schema_hunks.append(core_schema) db_subsystem.schema_hunks.append(xdd_schema) db_subsystem.schema_hunks.append(legend_api) db_subsystem.schema_hunks.append(macrostrat_api) diff --git a/cli/macrostrat/cli/database/utils.py b/cli/macrostrat/cli/database/utils.py index 320dbec8..6303300f 100644 --- a/cli/macrostrat/cli/database/utils.py +++ b/cli/macrostrat/cli/database/utils.py @@ -155,13 +155,21 @@ def reassign_privileges( ) -def grant_schema_ownership(schema, owner): - """Higher-order function to grant ownership of a schema to a user""" +def grant_permissions(schema, user, *_permissions, owner=False): + """Higher-order function to grant permissions on a schema to a user""" def setup_permissions(db): """Set permissions on tables in the knowledge graph subsystem""" + permissions = [p for p in _permissions] + if owner: + permissions = ["ALL"] + + if len(permissions) == 0: + permissions = ["SELECT"] + + _perms = ", ".join(permissions) print( - f"Granting ownership of schema [cyan bold]{schema}[/] to [cyan bold]{owner}[/]" + f"Grant {_perms} on schema [cyan bold]{schema}[/] to [cyan bold]{user}[/]" ) tables = db.run_query( @@ -170,27 +178,34 @@ def setup_permissions(db): ) stmts = [ ( - "GRANT ALL ON SCHEMA {schema} TO {owner}", - dict(schema=Identifier(schema), owner=Identifier(owner)), + "GRANT USAGE ON SCHEMA {schema} TO {user}", + dict(schema=Identifier(schema), user=Identifier(user)), ) ] for table in tables.scalars(): - params = dict(table=Identifier(schema, table), owner=Identifier(owner)) - stmts.append( - ( - "ALTER TABLE {table} OWNER TO {owner}", - params, + params = dict(table=Identifier(schema, table), user=Identifier(user)) + if owner: + stmts.append( + ( + "ALTER TABLE {table} OWNER TO {user}", + params, + ) ) - ) - stmts.append( - ( - "GRANT ALL ON {table} TO {owner}", - params, + for perm in permissions: + stmts.append( + ( + "GRANT " + perm + " ON {table} TO {user}", + params, + ) ) - ) for stmt in stmts: db.run_sql(*stmt) db.session.commit() return setup_permissions + + +def grant_schema_ownership(schema, owner): + """Higher-order function to grant ownership of a schema to a user""" + return grant_permissions(schema, owner, owner=True) diff --git a/cli/macrostrat/cli/subsystems/core/__init__.py b/cli/macrostrat/cli/subsystems/core/__init__.py new file mode 100644 index 00000000..f095e6bb --- /dev/null +++ b/cli/macrostrat/cli/subsystems/core/__init__.py @@ -0,0 +1,16 @@ +from pathlib import Path + +from ...database import SubsystemSchemaDefinition +from ...database.utils import grant_permissions + +__here__ = Path(__file__).parent + +core_schema = SubsystemSchemaDefinition( + name="core", + # All this does is grant usage of the macrostrat, maps, and carto_new schemas + # to the macrostrat role + fixtures=[ + grant_permissions(schema, "macrostrat", "SELECT") + for schema in ["macrostrat", "maps", "carto_new"] + ], +)