safety-screen/Nominatim
1
0
Fork 0
forked from hans/Nominatim
Code Pull Requests Activity

Moves db grant statements to dedicated script

Browse Source 
Centralizes all read-only access grants into a single SQL script, ensuring permissions are managed in one place.
This commit is contained in:
Itz-Agasta
2026-01-27 17:49:51 +05:30
parent 67ecf5f6a0
commit ff1f1b06d9
5 changed files with 50 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/nominatim_db/tokenizer/icu_tokenizer.py
View File

@@ -144,10 +144,6 @@ class ICUTokenizer(AbstractTokenizer):
with conn.cursor() as cur:
cur.execute('SET max_parallel_workers_per_gather TO 0')
sqlp = SQLPreprocessor(conn, config)
sqlp.run_string(conn,
'GRANT SELECT ON tmp_word TO "{{config.DATABASE_WEBUSER}}"')
conn.commit()
self._create_base_indices(config, 'tmp_word')
self._create_lookup_indices(config, 'tmp_word')
self._move_temporary_word_table('tmp_word')
@@ -245,11 +241,9 @@ class ICUTokenizer(AbstractTokenizer):
word text,
info jsonb
) {{db.tablespace.search_data}};
GRANT SELECT ON word TO "{{config.DATABASE_WEBUSER}}";
DROP SEQUENCE IF EXISTS seq_word;
CREATE SEQUENCE seq_word start 1;
GRANT SELECT ON seq_word to "{{config.DATABASE_WEBUSER}}";
""")
conn.commit()

3
src/nominatim_db/tools/migration.py
View File

@@ -137,7 +137,6 @@ def create_placex_entrance_table(conn: Connection, config: Configuration, **_: A
);
CREATE UNIQUE INDEX idx_placex_entrance_place_id_osm_id ON placex_entrance
USING BTREE (place_id, osm_id) {{db.tablespace.search_index}};
GRANT SELECT ON placex_entrance TO "{{config.DATABASE_WEBUSER}}" ;
""")
@@ -250,8 +249,6 @@ def create_place_postcode_table(conn: Connection, config: Configuration, **_: An
geometry Geometry(Geometry, 4326) NOT NULL
)
""")
sqlp.run_string(conn,
'GRANT SELECT ON location_postcodes TO "{{config.DATABASE_WEBUSER}}"')
# remove postcodes from the various auxillary tables
cur.execute(
"""