Added some new functions for managing credentials

cli/macrostrat/cli/cli.py

@@ -383,12 +383,15 @@ def state():
     app.console.print(app.state.get())
 
 
+# TODO: subsystem dependencies
+from .subsystems.core import core_schema
 from .subsystems.legend_api import legend_api
 from .subsystems.macrostrat_api import macrostrat_api
 
 # Add basic schema hunks
 from .subsystems.xdd import xdd_schema
 
+db_subsystem.schema_hunks.append(core_schema)
 db_subsystem.schema_hunks.append(xdd_schema)
 db_subsystem.schema_hunks.append(legend_api)
 db_subsystem.schema_hunks.append(macrostrat_api)

cli/macrostrat/cli/database/utils.py

@@ -155,13 +155,21 @@ def reassign_privileges(
     )
 
 
-def grant_schema_ownership(schema, owner):
-    """Higher-order function to grant ownership of a schema to a user"""
+def grant_permissions(schema, user, *_permissions, owner=False):
+    """Higher-order function to grant permissions on a schema to a user"""
 
     def setup_permissions(db):
         """Set permissions on tables in the knowledge graph subsystem"""
+        permissions = [p for p in _permissions]
+        if owner:
+            permissions = ["ALL"]
+
+        if len(permissions) == 0:
+            permissions = ["SELECT"]
+
+        _perms = ", ".join(permissions)
         print(
-            f"Granting ownership of schema [cyan bold]{schema}[/] to [cyan bold]{owner}[/]"
+            f"Grant {_perms} on  schema [cyan bold]{schema}[/] to [cyan bold]{user}[/]"
         )
 
         tables = db.run_query(
@@ -170,27 +178,34 @@ def setup_permissions(db):
         )
         stmts = [
             (
-                "GRANT ALL ON SCHEMA {schema} TO {owner}",
-                dict(schema=Identifier(schema), owner=Identifier(owner)),
+                "GRANT USAGE ON SCHEMA {schema} TO {user}",
+                dict(schema=Identifier(schema), user=Identifier(user)),
             )
         ]
         for table in tables.scalars():
-            params = dict(table=Identifier(schema, table), owner=Identifier(owner))
-            stmts.append(
-                (
-                    "ALTER TABLE {table} OWNER TO {owner}",
-                    params,
+            params = dict(table=Identifier(schema, table), user=Identifier(user))
+            if owner:
+                stmts.append(
+                    (
+                        "ALTER TABLE {table} OWNER TO {user}",
+                        params,
+                    )
                 )
-            )
-            stmts.append(
-                (
-                    "GRANT ALL ON {table} TO {owner}",
-                    params,
+            for perm in permissions:
+                stmts.append(
+                    (
+                        "GRANT " + perm + " ON {table} TO {user}",
+                        params,
+                    )
                 )
-            )
 
         for stmt in stmts:
             db.run_sql(*stmt)
             db.session.commit()
 
     return setup_permissions
+
+
+def grant_schema_ownership(schema, owner):
+    """Higher-order function to grant ownership of a schema to a user"""
+    return grant_permissions(schema, owner, owner=True)

cli/macrostrat/cli/subsystems/core/__init__.py

@@ -0,0 +1,16 @@
+from pathlib import Path
+
+from ...database import SubsystemSchemaDefinition
+from ...database.utils import grant_permissions
+
+__here__ = Path(__file__).parent
+
+core_schema = SubsystemSchemaDefinition(
+    name="core",
+    # All this does is grant usage of the macrostrat, maps, and carto_new schemas
+    # to the macrostrat role
+    fixtures=[
+        grant_permissions(schema, "macrostrat", "SELECT")
+        for schema in ["macrostrat", "maps", "carto_new"]
+    ],
+)