Updated postgresql permissions grants

davenquinn · davenquinn · commit df2a962884de · 2024-12-29T15:42:07.000-05:00
diff --git a/cli/macrostrat/cli/database/__init__.py b/cli/macrostrat/cli/database/__init__.py
@@ -4,26 +4,24 @@
 from typing import Any, Callable, Iterable
 
 import typer
-from pydantic import BaseModel
-from rich import print
-from sqlalchemy import make_url, text
-from typer import Argument, Option
-
-from macrostrat.core import MacrostratSubsystem, app
-from macrostrat.core.migrations import run_migrations
 from macrostrat.database import Database
 from macrostrat.database.transfer import pg_dump_to_file, pg_restore_from_file
 from macrostrat.database.transfer.utils import raw_database_url
 from macrostrat.database.utils import get_sql_files
 from macrostrat.utils import get_logger
 from macrostrat.utils.shell import run
+from pydantic import BaseModel
+from rich import print
+from sqlalchemy import make_url, text
+from typer import Argument, Option
 
+from macrostrat.core import MacrostratSubsystem, app
+from macrostrat.core.migrations import run_migrations
 from ._legacy import get_db
-
 # First, register all migrations
 # NOTE: right now, this is quite implicit.
 from .migrations import load_migrations
-from .utils import engine_for_db_name
+from .utils import engine_for_db_name, setup_postgrest_access
 
 log = get_logger(__name__)
 
@@ -398,6 +396,19 @@ def run_scripts(migration: str = Argument(None)):
 db_app.command(name="migrations", rich_help_panel="Schema management")(run_migrations)
 
 
+def update_permissions():
+    """Setup permissions for the PostgREST API.
+
+    NOTE: This is a stopgap until we have a better permssions system.
+    """
+    db = get_db()
+    setup_postgrest_access("macrostrat_api")(db)
+    db.run_sql("NOTIFY pgrst, 'reload schema';")
+
+
+db_app.command(name="permissions", rich_help_panel="Helpers")(update_permissions)
+
+
 ### Helpers
 
 
diff --git a/cli/macrostrat/cli/database/utils.py b/cli/macrostrat/cli/database/utils.py
@@ -2,15 +2,14 @@
 from typing import Optional
 from uuid import uuid4
 
+from macrostrat.database import Database
+from macrostrat.database.utils import run_query, run_sql
 from psycopg2.sql import Identifier
 from rich import print
 from sqlalchemy.engine import Engine, create_engine
 from sqlalchemy.engine.url import URL, make_url
 
 from macrostrat.core.config import settings
-from macrostrat.database import Database
-from macrostrat.database.utils import run_query, run_sql
-
 from ._legacy import get_db
 
 
@@ -336,3 +335,13 @@ def grant_schema_usage(
         """,
             params,
         )
+
+
+def setup_postgrest_access(schema: str):
+    """Run basic grant statements to allow PostgREST to access the schema"""
+
+    def run_updates(db):
+        grant_schema_usage(db, schema, "web_anon")
+        grant_schema_usage(db, schema, "web_user", tables=False, sequences=True)
+
+    return run_updates
diff --git a/cli/macrostrat/cli/subsystems/macrostrat_api/__init__.py b/cli/macrostrat/cli/subsystems/macrostrat_api/__init__.py
@@ -6,26 +6,15 @@
 from pathlib import Path
 
 from macrostrat.app_frame import compose
+
 from macrostrat.core import MacrostratSubsystem
 from macrostrat.core.migrations import Migration, view_exists
-
 from ...database import SubsystemSchemaDefinition, get_db
-from ...database.utils import grant_schema_usage
+from ...database.utils import setup_postgrest_access
 
 __here__ = Path(__file__).parent
 fixtures_dir = __here__ / "schema"
 
-
-def setup_postgrest_access(schema: str):
-    """Run basic grant statements to allow PostgREST to access the schema"""
-
-    def run_updates(db):
-        grant_schema_usage(db, schema, "web_anon")
-        grant_schema_usage(db, schema, "web_user", tables=False, sequences=True)
-
-    return run_updates
-
-
 macrostrat_api = SubsystemSchemaDefinition(
     name="macrostrat-api",
     fixtures=[fixtures_dir, setup_postgrest_access("macrostrat_api")],
diff --git a/core/macrostrat/core/database/__init__.py b/core/macrostrat/core/database/__init__.py
@@ -2,7 +2,7 @@
 
 from macrostrat.database import Database
 
-from .config import PG_DATABASE
+from ..config import PG_DATABASE
 
 db_ctx: ContextVar[Database | None] = ContextVar("db_ctx", default=None)
 
diff --git a/local-root/docker-compose.yaml b/local-root/docker-compose.yaml
@@ -73,7 +73,6 @@ services:
       - PGRST_DB_URI=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database:5432/${POSTGRES_DB}
       - PGRST_DB_SCHEMA=macrostrat_api
       - PGRST_DB_ANON_ROLE=web_anon
-      #- PGRST_SERVER_PROXY_URI=http://database:5432
       - PGRST_SERVER_PORT=3000
       - PGRST_SERVER_HOST=
   # Tileserver
