Merge pull request #3949 from Itz-Agasta/try

Feat: Add admin function for granting access to read-only user
2026-02-02 09:53:24 +01:00
parent c882718355 45972811e3
commit cc9c8963f3
8 changed files with 69 additions and 19 deletions
--- a/src/nominatim_db/clicmd/args.py
+++ b/src/nominatim_db/clicmd/args.py
@@ -119,6 +119,7 @@ class NominatimArgs:
    enable_debug_statements: bool
    data_object: Sequence[Tuple[str, int]]
    data_area: Sequence[Tuple[str, int]]
+    ro_access: bool

    # Arguments to 'replication'
    init: bool
--- a/src/nominatim_db/clicmd/refresh.py
+++ b/src/nominatim_db/clicmd/refresh.py
@@ -65,6 +65,8 @@ class UpdateRefresh:
                           help='Update secondary importance raster data')
        group.add_argument('--importance', action='store_true',
                           help='Recompute place importances (expensive!)')
+        group.add_argument('--ro-access', action='store_true',
+                           help='Grant read-only access to web user for all tables')
        group.add_argument('--website', action='store_true',
                           help='DEPRECATED. This function has no function anymore'
                                ' and will be removed in a future version.')
@@ -159,6 +161,11 @@ class UpdateRefresh:
            LOG.error('WARNING: Website setup is no longer required. '
                      'This function will be removed in future version of Nominatim.')

+        if args.ro_access:
+            from ..tools import admin
+            LOG.warning('Grant read-only access to web user')
+            admin.grant_ro_access(args.config.get_libpq_dsn(), args.config)
+
        if args.data_object or args.data_area:
            with connect(args.config.get_libpq_dsn()) as conn:
                for obj in args.data_object or []:
--- a/src/nominatim_db/tools/admin.py
+++ b/src/nominatim_db/tools/admin.py
@@ -16,6 +16,7 @@ from psycopg.types.json import Json
 from ..typing import DictCursorResult
 from ..config import Configuration
 from ..db.connection import connect, Cursor, register_hstore
+from ..db.sql_preprocessor import SQLPreprocessor
 from ..errors import UsageError
 from ..tokenizer import factory as tokenizer_factory
 from ..data.place_info import PlaceInfo
@@ -105,3 +106,12 @@ def clean_deleted_relations(config: Configuration, age: str) -> None:
            except psycopg.DataError as exc:
                raise UsageError('Invalid PostgreSQL time interval format') from exc
        conn.commit()
+
+
+def grant_ro_access(dsn: str, config: Configuration) -> None:
+    """ Grant read-only access to the web user for all Nominatim tables.
+        This can be used to grant access to a different user after import.
+    """
+    with connect(dsn) as conn:
+        sql = SQLPreprocessor(conn, config)
+        sql.run_sql_file(conn, 'grants.sql')
--- a/src/nominatim_db/tools/database_import.py
+++ b/src/nominatim_db/tools/database_import.py
@@ -157,6 +157,8 @@ def create_tables(conn: Connection, config: Configuration, reverse_only: bool =

    sql.run_sql_file(conn, 'tables.sql')

+    sql.run_sql_file(conn, 'grants.sql')
+

 def create_table_triggers(conn: Connection, config: Configuration) -> None:
    """ Create the triggers for the tables. The trigger functions must already
--- a/src/nominatim_db/tools/freeze.py
+++ b/src/nominatim_db/tools/freeze.py
@@ -18,7 +18,6 @@ UPDATE_TABLES = [
    'address_levels',
    'gb_postcode',
    'import_osmosis_log',
-    'import_polygon_%',
    'location_area%',
    'location_road%',
    'place',