From 58cae7059688ca7168ff9e4bf77de632997e8746 Mon Sep 17 00:00:00 2001 From: Itz-Agasta Date: Tue, 27 Jan 2026 17:54:10 +0530 Subject: [PATCH] Adds option to grant web user read-only DB access Introduces a command-line flag to grant read-only access to the web user for all tables, improving ease of permissions management during refresh operations. --- src/nominatim_db/clicmd/args.py | 1 + src/nominatim_db/clicmd/refresh.py | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/src/nominatim_db/clicmd/args.py b/src/nominatim_db/clicmd/args.py index ee9d8fec..a7072d9f 100644 --- a/src/nominatim_db/clicmd/args.py +++ b/src/nominatim_db/clicmd/args.py @@ -119,6 +119,7 @@ class NominatimArgs: enable_debug_statements: bool data_object: Sequence[Tuple[str, int]] data_area: Sequence[Tuple[str, int]] + ro_access: bool # Arguments to 'replication' init: bool diff --git a/src/nominatim_db/clicmd/refresh.py b/src/nominatim_db/clicmd/refresh.py index 1d1977d2..96646c1a 100644 --- a/src/nominatim_db/clicmd/refresh.py +++ b/src/nominatim_db/clicmd/refresh.py @@ -65,6 +65,8 @@ class UpdateRefresh: help='Update secondary importance raster data') group.add_argument('--importance', action='store_true', help='Recompute place importances (expensive!)') + group.add_argument('--ro-access', action='store_true', + help='Grant read-only access to web user for all tables') group.add_argument('--website', action='store_true', help='DEPRECATED. This function has no function anymore' ' and will be removed in a future version.') @@ -159,6 +161,11 @@ class UpdateRefresh: LOG.error('WARNING: Website setup is no longer required. ' 'This function will be removed in future version of Nominatim.') + if args.ro_access: + from ..tools import admin + LOG.warning('Grant read-only access to web user') + admin.grant_ro_access(args.config.get_libpq_dsn(), args.config) + if args.data_object or args.data_area: with connect(args.config.get_libpq_dsn()) as conn: for obj in args.data_object or []: