Updated permissions

Author: davenquinn

.idea/sqldialects.xml

@@ -4,22 +4,20 @@
 from typing import Any, Callable, Iterable
 
 import typer
-from pydantic import BaseModel
-from rich import print
-from sqlalchemy import make_url, text
-from typer import Argument, Option
-
-from macrostrat.core import MacrostratSubsystem, app
-from macrostrat.core.migrations import run_migrations
 from macrostrat.database import Database
 from macrostrat.database.transfer import pg_dump_to_file, pg_restore_from_file
 from macrostrat.database.transfer.utils import raw_database_url
 from macrostrat.database.utils import get_sql_files
 from macrostrat.utils import get_logger
 from macrostrat.utils.shell import run
+from pydantic import BaseModel
+from rich import print
+from sqlalchemy import make_url, text
+from typer import Argument, Option
 
+from macrostrat.core import MacrostratSubsystem, app
+from macrostrat.core.migrations import run_migrations
 from ._legacy import get_db
-
 # First, register all migrations
 # NOTE: right now, this is quite implicit.
 from .migrations import load_migrations
@@ -57,7 +55,7 @@ def apply(self, db, match: str = None):
         for f in self.fixtures:
             if callable(f):
                 f(db)
-                return
+                continue
             # This does the same as the upstream "Apply fixtures" function
             # but it has support for a 'match' parameter
             files = _match_paths(get_sql_files(f), match)

cli/macrostrat/cli/database/__init__.py

@@ -181,7 +181,9 @@ def get_table_permissions(db, schema, table, user) -> set[Permission]:
     return {Permission(p) for p in perms.scalars()}
 
 
-def grant_permissions(schema, user, *_permissions, owner=False):
+def grant_permissions(
+    schema, user, *_permissions, owner=False, tables: list[str] = None
+):
     """Higher-order function to grant permissions on a schema to a user"""
 
     def setup_permissions(db):
@@ -198,10 +200,11 @@ def setup_permissions(db):
             f"Grant {_perms} on  schema [cyan bold]{schema}[/] to [cyan bold]{user}[/]"
         )
 
-        tables = db.run_query(
-            "SELECT table_name FROM information_schema.tables WHERE table_schema = :schema",
-            dict(schema=schema),
-        )
+        if tables is None:
+            tables = db.run_query(
+                "SELECT table_name FROM information_schema.tables WHERE table_schema = :schema",
+                dict(schema=schema),
+            )
         stmts = [
             (
                 "GRANT USAGE ON SCHEMA {schema} TO {user}",

cli/macrostrat/cli/database/utils.py

@@ -5,9 +5,9 @@
 from rich import print
 from typer import Typer
 
+from ..macrostrat_api import setup_postgrest_access
 from ...database import SubsystemSchemaDefinition, get_db
 from ...database.utils import grant_permissions, grant_schema_ownership
-from ..macrostrat_api import setup_postgrest_access
 
 __here__ = Path(__file__).parent
 fixtures_dir = __here__ / "fixtures"
@@ -19,6 +19,9 @@
         fixtures_dir / "kg-views.sql",
         setup_postgrest_access("macrostrat_xdd"),
         grant_schema_ownership("macrostrat_xdd", "xdd-writer"),
+        grant_permissions(
+            "macrostrat_xdd", "web_admin", ["SELECT", "UPDATE"], tables=["source_text"]
+        ),
     ],
 )
 

cli/macrostrat/cli/subsystems/xdd/__init__.py

@@ -305,3 +305,5 @@ RETURNS integer AS $$
   )
   SELECT id FROM next_run;
 $$ LANGUAGE SQL;
+
+GRANT web_admin TO "macrostrat_admin";