Merge lp:~jcsackett/launchpad/alphabetize-security-settings into lp:launchpad
- alphabetize-security-settings
- Merge into devel
Status: | Merged |
---|---|
Approved by: | Robert Collins |
Approved revision: | no longer in the source branch. |
Merged at revision: | 12963 |
Proposed branch: | lp:~jcsackett/launchpad/alphabetize-security-settings |
Merge into: | lp:launchpad |
Diff against target: |
2889 lines (+847/-897) 4 files modified
database/schema/security.cfg (+646/-796) lib/lp/scripts/utilities/settingsauditor.py (+110/-0) lib/lp/scripts/utilities/tests/test_audit_security_settings.py (+80/-12) utilities/audit-security-settings.py (+11/-89) |
To merge this branch: | bzr merge lp:~jcsackett/launchpad/alphabetize-security-settings |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Robert Collins (community) | Approve | ||
Review via email: mp+58992@code.launchpad.net |
Commit message
[r=lifeless][bug=773591] Updates the settings auditor to alphabetize settings, so bzr merges stop introducing duplication errors.
Description of the change
Summary
=======
We removed a bunch of duplicate permissions from security.cfg, but they were introduced (mostly) by bad merges, and that can happen again. To make it easier for bzr to merge sensibly and to make it easier for developers to figure out if a setting already exists, each config block in security.cfg should be alphabetized, as we do with imports (for much the same reason).
Since we already had an audit utility to find dupes, expanding that to alphabetize seems sensible.
Preimplementation
=================
Spoke with Curtis Hovey
Implementation
==============
database/
-------
Alphabetized settings in each config block, and removed another duplicate introduced since dupes were removed last week. Added some comments in the header of the file to explain the permissions that are set to nothing. Comments within the blocks are lost, but per discussion with Curtis Hovey merge errors and so forth have largely rendered them out of data anyway.
lib/lp/
utilities/
-------
Broke out the settings auditor into its own file, and expanded it to process each config block separately, both alphabetizing the permission settings and reporting on duplicates it finds in the file. It still doesn't automatically remove the settings, as a human may still need to determine which setting should be kept.
lib/lp/
-------
Tests.
Tests
=====
bin/test -vvct test_audit
QA
==
qa-untestable
Lint
====
= Launchpad lint =
Checking for conflicts and issues in changed files.
Linting changed files:
= Launchpad lint =
Checking for conflicts and issues in changed files.
Linting changed files:
database/
lib/lp/
lib/lp/
utilities/
./database/
705: Line exceeds 78 characters.
706: Line exceeds 78 characters.
707: Line exceeds 78 characters.
734: Line exceeds 78 characters.
736: Line exceeds 78 characters.
789: Line exceeds 78 characters.
798: Line exceeds 78 characters.
803: Line exceeds 78 characters.
814: Line exceeds 78 characters.
837: Line exceeds 78 characters.
850: Line exceeds 78 characters.
851: Line exceeds 78 characters.
860: Line exceeds 78 characters.
881: Line exceeds 78 characters.
882: Line exceeds 78 characters.
890: Line exceeds 78 characters.
911: Line exceeds 78 characters.
986: Line exceeds 78 characters.
996: Line exceeds 78 characters.
997: Line exceeds 78 characters.
./utilities/
16: '_pythonpath' imported but unused
./database/
705: Line exceeds 78 characters.
706: Line exceeds 78 characters.
707: Line exceeds 78 characters.
734: Line exceeds 78 characters.
736: Line exceeds 78 characters.
789: Line exceeds 78 characters.
798: Line exceeds 78 characters.
803: Line exceeds 78 characters.
814: Line exceeds 78 characters.
837: Line exceeds 78 characters.
850: Line exceeds 78 characters.
851: Line exceeds 78 characters.
860: Line exceeds 78 characters.
881: Line exceeds 78 characters.
882: Line exceeds 78 characters.
890: Line exceeds 78 characters.
911: Line exceeds 78 characters.
986: Line exceeds 78 characters.
996: Line exceeds 78 characters.
997: Line exceeds 78 characters.
./utilities/
16: '_pythonpath' imported but unused
Preview Diff
1 | === modified file 'database/schema/security.cfg' |
2 | --- database/schema/security.cfg 2011-05-03 04:39:43 +0000 |
3 | +++ database/schema/security.cfg 2011-05-03 22:22:53 +0000 |
4 | @@ -7,106 +7,88 @@ |
5 | # creates new entries by first doing an insert (to get the id) and then |
6 | # issuing an update |
7 | [DEFAULT] |
8 | -# Objects in these schemas are publicly readable or executable. *not* writable |
9 | public_schemas=ts2 |
10 | |
11 | [public] |
12 | -# The public role is automatically granted to all users by PostgreSQL |
13 | -type=group |
14 | +public._killall_backends(text) = |
15 | public.activity() = EXECUTE |
16 | -public.person_sort_key(text, text) = EXECUTE |
17 | +public.add_test_openid_identifier(integer) = EXECUTE |
18 | +public.alllocks = |
19 | +public.assert_patch_applied(integer, integer, integer) = EXECUTE |
20 | +public.bug_update_latest_patch_uploaded(integer) = |
21 | +public.bugnotificationarchive = |
22 | public.calculate_bug_heat(integer) = EXECUTE |
23 | public.cursor_fetch(refcursor, integer) = EXECUTE |
24 | +public.databasediskutilization = |
25 | +public.debversion(character) = EXECUTE |
26 | +public.debversion_cmp(debversion, debversion) = EXECUTE |
27 | +public.debversion_eq(debversion, debversion) = EXECUTE |
28 | +public.debversion_ge(debversion, debversion) = EXECUTE |
29 | +public.debversion_gt(debversion, debversion) = EXECUTE |
30 | +public.debversion_hash(debversion) = EXECUTE |
31 | +public.debversion_larger(debversion, debversion) = EXECUTE |
32 | +public.debversion_le(debversion, debversion) = EXECUTE |
33 | +public.debversion_lt(debversion, debversion) = EXECUTE |
34 | +public.debversion_ne(debversion, debversion) = EXECUTE |
35 | +public.debversion_smaller(debversion, debversion) = EXECUTE |
36 | public.debversion_sort_key(text) = EXECUTE |
37 | -public.milestone_sort_key(timestamp without time zone, text) = EXECUTE |
38 | -public.version_sort_key(text) = EXECUTE |
39 | -public.null_count(anyarray) = EXECUTE |
40 | -public.valid_name(text) = EXECUTE |
41 | -public.valid_bug_name(text) = EXECUTE |
42 | -public.valid_branch_name(text) = EXECUTE |
43 | -public.valid_debian_version(text) = EXECUTE |
44 | -public.valid_cve(text) = EXECUTE |
45 | -public.valid_absolute_url(text) = EXECUTE |
46 | -public.valid_fingerprint(text) = EXECUTE |
47 | -public.valid_keyid(text) = EXECUTE |
48 | -public.valid_regexp(text) = EXECUTE |
49 | -public.sane_version(text) = EXECUTE |
50 | -public.sha1(text) = EXECUTE |
51 | +public.debversionin(cstring) = EXECUTE |
52 | +public.debversionout(debversion) = EXECUTE |
53 | +public.debversionrecv(internal) = EXECUTE |
54 | +public.debversionsend(debversion) = EXECUTE |
55 | +public.exclusivelocks = |
56 | +public.featureflag = SELECT |
57 | +public.fticache = |
58 | +public.generate_openid_identifier() = EXECUTE |
59 | +public.getlocalnodeid() = EXECUTE |
60 | public.is_blacklisted_name(text, integer) = EXECUTE |
61 | public.is_person(text) = EXECUTE |
62 | +public.is_printable_ascii(text) = EXECUTE |
63 | public.is_team(integer) = EXECUTE |
64 | public.is_team(text) = EXECUTE |
65 | -public.is_printable_ascii(text) = EXECUTE |
66 | +public.latestdatabasediskutilization = |
67 | public.launchpaddatabaserevision = SELECT |
68 | -public.name_blacklist_match(text, integer) = EXECUTE |
69 | -public.pillarname = SELECT |
70 | -public.ulower(text) = EXECUTE |
71 | -public.generate_openid_identifier() = EXECUTE |
72 | -public.getlocalnodeid() = EXECUTE |
73 | -public.replication_lag() = EXECUTE |
74 | -public.replication_lag(integer) = EXECUTE |
75 | -public.assert_patch_applied(integer, integer, integer) = EXECUTE |
76 | -# Explicitly state 'no permissions on these objects' to silence |
77 | -# security.py warnings. |
78 | -public.fticache = |
79 | -public.databasediskutilization = |
80 | -public.latestdatabasediskutilization = |
81 | -public.update_database_disk_utilization() = |
82 | -public._killall_backends(text) = |
83 | -public.exclusivelocks = |
84 | -public.alllocks = |
85 | -public.pgstattuple(oid) = |
86 | -public.pgstattuple(text) = |
87 | -public.bugnotificationarchive = |
88 | public.lp_account = |
89 | public.lp_openididentifier = |
90 | +public.lp_person = |
91 | public.lp_personlocation = |
92 | -public.lp_person = |
93 | public.lp_teamparticipation = |
94 | -public.bug_update_latest_patch_uploaded(integer) = |
95 | -# the currently active feature flags can be read by anyone |
96 | -public.featureflag = SELECT |
97 | -# Tests calling factory methods need to be able to create working |
98 | -# accounts. We don't directly grant access to the OpenIdIdentifier table |
99 | -# to the users these tests are running as we want to minimize the number |
100 | -# of database users that can subvert accounts. Instead, we use a stored |
101 | -# procedure. OpenId Identifiers created using this stored procedure are |
102 | -# only useable by the test suite. |
103 | -public.add_test_openid_identifier(integer) = EXECUTE |
104 | - |
105 | -# Functions introduced by the posgresql-debversion package. |
106 | -public.debversionin(cstring) = EXECUTE |
107 | -public.debversionout(debversion) = EXECUTE |
108 | -public.debversionrecv(internal) = EXECUTE |
109 | -public.debversionsend(debversion) = EXECUTE |
110 | -public.debversion(character) = EXECUTE |
111 | -public.debversion_cmp(debversion, debversion) = EXECUTE |
112 | -public.debversion_eq(debversion, debversion) = EXECUTE |
113 | -public.debversion_ne(debversion, debversion) = EXECUTE |
114 | -public.debversion_lt(debversion, debversion) = EXECUTE |
115 | -public.debversion_gt(debversion, debversion) = EXECUTE |
116 | -public.debversion_le(debversion, debversion) = EXECUTE |
117 | -public.debversion_ge(debversion, debversion) = EXECUTE |
118 | -public.debversion_hash(debversion) = EXECUTE |
119 | public.max(debversion) = EXECUTE |
120 | +public.milestone_sort_key(timestamp without time zone, text) = EXECUTE |
121 | public.min(debversion) = EXECUTE |
122 | -public.debversion_smaller(debversion, debversion) = EXECUTE |
123 | -public.debversion_larger(debversion, debversion) = EXECUTE |
124 | +public.name_blacklist_match(text, integer) = EXECUTE |
125 | +public.null_count(anyarray) = EXECUTE |
126 | +public.person_sort_key(text, text) = EXECUTE |
127 | +public.pgstattuple(oid) = |
128 | +public.pgstattuple(text) = |
129 | +public.pillarname = SELECT |
130 | +public.replication_lag() = EXECUTE |
131 | +public.replication_lag(integer) = EXECUTE |
132 | +public.sane_version(text) = EXECUTE |
133 | +public.sha1(text) = EXECUTE |
134 | +public.ulower(text) = EXECUTE |
135 | +public.update_database_disk_utilization() = |
136 | +public.valid_absolute_url(text) = EXECUTE |
137 | +public.valid_branch_name(text) = EXECUTE |
138 | +public.valid_bug_name(text) = EXECUTE |
139 | +public.valid_cve(text) = EXECUTE |
140 | +public.valid_debian_version(text) = EXECUTE |
141 | +public.valid_fingerprint(text) = EXECUTE |
142 | +public.valid_keyid(text) = EXECUTE |
143 | +public.valid_name(text) = EXECUTE |
144 | +public.valid_regexp(text) = EXECUTE |
145 | +public.version_sort_key(text) = EXECUTE |
146 | +type=group |
147 | |
148 | [ro] |
149 | -# A user with full readonly access to the database. Generally used for |
150 | -# interactive querying |
151 | -type=user |
152 | groups=read |
153 | +type=user |
154 | |
155 | [testadmin] |
156 | -# A user with full admin privileges used by the test suite |
157 | -type=user |
158 | groups=admin |
159 | +type=user |
160 | |
161 | [launchpad_main] |
162 | -# lpmain replication set access from the main Z3 application. |
163 | -type=user |
164 | groups=write,script |
165 | public.account = SELECT, INSERT, UPDATE, DELETE |
166 | public.accountpassword = SELECT, INSERT, UPDATE, DELETE |
167 | @@ -114,23 +96,23 @@ |
168 | public.answercontact = SELECT, INSERT, UPDATE, DELETE |
169 | public.apportjob = SELECT, INSERT, UPDATE, DELETE |
170 | public.archive = SELECT, INSERT, UPDATE |
171 | +public.archivearch = SELECT, INSERT, UPDATE, DELETE |
172 | public.archiveauthtoken = SELECT, INSERT, UPDATE |
173 | +public.archivedependency = SELECT, INSERT, DELETE |
174 | public.archivejob = SELECT, INSERT, UPDATE, DELETE |
175 | +public.archivepermission = SELECT, INSERT, UPDATE, DELETE |
176 | public.archivesubscriber = SELECT, INSERT, UPDATE |
177 | -public.archivearch = SELECT, INSERT, UPDATE, DELETE |
178 | -public.archivedependency = SELECT, INSERT, DELETE |
179 | -public.archivepermission = SELECT, INSERT, UPDATE, DELETE |
180 | public.authtoken = SELECT, INSERT, UPDATE, DELETE |
181 | public.binaryandsourcepackagenameview = SELECT |
182 | public.binarypackagepublishinghistory = SELECT |
183 | public.binarypackagereleasedownloadcount= SELECT, INSERT, UPDATE |
184 | public.bountysubscription = SELECT, INSERT, UPDATE, DELETE |
185 | -public.branchrevision = SELECT, INSERT, UPDATE, DELETE |
186 | public.branch = SELECT, INSERT, UPDATE, DELETE |
187 | public.branchjob = SELECT, INSERT, UPDATE, DELETE |
188 | public.branchmergeproposal = SELECT, INSERT, UPDATE, DELETE |
189 | public.branchmergeproposaljob = SELECT, INSERT, UPDATE, DELETE |
190 | public.branchmergequeue = SELECT, INSERT, UPDATE, DELETE |
191 | +public.branchrevision = SELECT, INSERT, UPDATE, DELETE |
192 | public.branchsubscription = SELECT, INSERT, UPDATE, DELETE |
193 | public.branchvisibilitypolicy = SELECT, INSERT, UPDATE, DELETE |
194 | public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
195 | @@ -140,14 +122,14 @@ |
196 | public.bugjob = SELECT, INSERT, UPDATE, DELETE |
197 | public.bugnomination = SELECT, UPDATE |
198 | public.bugnotification = SELECT, INSERT, UPDATE, DELETE |
199 | +public.bugnotificationattachment = SELECT, INSERT |
200 | public.bugnotificationfilter = SELECT, INSERT, UPDATE, DELETE |
201 | -public.bugnotificationattachment = SELECT, INSERT |
202 | public.bugnotificationrecipient = SELECT, INSERT, UPDATE, DELETE |
203 | public.bugnotificationrecipientarchive = SELECT, UPDATE |
204 | public.bugtag = SELECT, INSERT, DELETE |
205 | -public.bugtrackerperson = SELECT, UPDATE |
206 | public.bugtrackercomponent = SELECT, INSERT, UPDATE |
207 | public.bugtrackercomponentgroup = SELECT, INSERT, UPDATE |
208 | +public.bugtrackerperson = SELECT, UPDATE |
209 | public.bugwatchactivity = SELECT, INSERT, UPDATE |
210 | public.buildfarmjob = DELETE |
211 | public.codeimport = SELECT, INSERT, UPDATE, DELETE |
212 | @@ -160,9 +142,9 @@ |
213 | public.codereviewvote = SELECT, INSERT, UPDATE, DELETE |
214 | public.commercialsubscription = SELECT, INSERT, UPDATE, DELETE |
215 | public.continent = SELECT |
216 | +public.customlanguagecode = SELECT, INSERT, UPDATE, DELETE |
217 | +public.cve = SELECT, INSERT, UPDATE |
218 | public.cvereference = SELECT, INSERT |
219 | -public.cve = SELECT, INSERT, UPDATE |
220 | -public.customlanguagecode = SELECT, INSERT, UPDATE, DELETE |
221 | public.databasereplicationlag = SELECT |
222 | public.diff = SELECT, INSERT, UPDATE |
223 | public.distributionbounty = SELECT, INSERT, UPDATE |
224 | @@ -172,32 +154,33 @@ |
225 | public.distributionsourcepackagecache = SELECT |
226 | public.distroseriesdifference = SELECT, INSERT, UPDATE |
227 | public.distroseriesdifferencemessage = SELECT, INSERT, UPDATE |
228 | +public.distroserieslanguage = SELECT, INSERT, UPDATE |
229 | +public.distroseriespackagecache = SELECT |
230 | public.distroseriesparent = SELECT, INSERT, UPDATE, DELETE |
231 | -public.distroserieslanguage = SELECT, INSERT, UPDATE |
232 | -public.distroseriespackagecache = SELECT |
233 | public.emailaddress = SELECT, INSERT, UPDATE, DELETE |
234 | public.entitlement = SELECT, INSERT, UPDATE, DELETE |
235 | public.faq = SELECT, INSERT, UPDATE, DELETE |
236 | +public.featuredproject = SELECT, INSERT, DELETE |
237 | public.featureflag = SELECT, INSERT, UPDATE, DELETE |
238 | public.featureflagchangelogentry = SELECT, INSERT, UPDATE |
239 | -public.featuredproject = SELECT, INSERT, DELETE |
240 | +public.flatpackagesetinclusion = SELECT, INSERT, UPDATE, DELETE |
241 | +public.hwdevice = SELECT |
242 | +public.hwdeviceclass = SELECT, INSERT, DELETE |
243 | public.hwdevicedriverlink = SELECT |
244 | public.hwdevicenamevariant = SELECT |
245 | -public.hwdevice = SELECT |
246 | -public.hwdeviceclass = SELECT, INSERT, DELETE |
247 | public.hwdriver = SELECT, INSERT |
248 | public.hwdrivernames = SELECT |
249 | public.hwdriverpackagenames = SELECT |
250 | -public.hwsubmissiondevice = SELECT |
251 | public.hwsubmission = SELECT, INSERT, UPDATE |
252 | public.hwsubmissionbug = SELECT, INSERT, UPDATE, DELETE |
253 | +public.hwsubmissiondevice = SELECT |
254 | public.hwsystemfingerprint = SELECT, INSERT |
255 | +public.hwtest = SELECT |
256 | +public.hwtestanswer = SELECT |
257 | public.hwtestanswerchoice = SELECT |
258 | +public.hwtestanswercount = SELECT |
259 | public.hwtestanswercountdevice = SELECT |
260 | -public.hwtestanswercount = SELECT |
261 | public.hwtestanswerdevice = SELECT |
262 | -public.hwtestanswer = SELECT |
263 | -public.hwtest = SELECT |
264 | public.hwvendorid = SELECT |
265 | public.hwvendorname = SELECT |
266 | public.incrementaldiff = SELECT, INSERT, UPDATE, DELETE |
267 | @@ -216,8 +199,8 @@ |
268 | public.mailinglistsubscription = SELECT, INSERT, UPDATE, DELETE |
269 | public.mentoringoffer = SELECT, INSERT, UPDATE, DELETE |
270 | public.mergedirectivejob = SELECT, INSERT, UPDATE, DELETE |
271 | -public.messagechunk = SELECT, INSERT |
272 | public.messageapproval = SELECT, INSERT, UPDATE, DELETE |
273 | +public.messagechunk = SELECT, INSERT |
274 | public.milestone = SELECT, INSERT, UPDATE, DELETE |
275 | public.mirrorcdimagedistroseries = SELECT, INSERT, DELETE |
276 | public.mirrordistroarchseries = SELECT, INSERT, DELETE, UPDATE |
277 | @@ -228,48 +211,46 @@ |
278 | public.oauthconsumer = SELECT, INSERT |
279 | public.oauthnonce = SELECT, INSERT |
280 | public.oauthrequesttoken = SELECT, INSERT, UPDATE, DELETE |
281 | +public.officialbugtag = SELECT, INSERT, UPDATE, DELETE |
282 | public.openidconsumerassociation = SELECT, INSERT, UPDATE, DELETE |
283 | public.openidconsumernonce = SELECT, INSERT, UPDATE |
284 | public.openididentifier = SELECT, INSERT, UPDATE, DELETE |
285 | -public.officialbugtag = SELECT, INSERT, UPDATE, DELETE |
286 | public.openidrpconfig = SELECT, INSERT, UPDATE, DELETE |
287 | public.packagebugsupervisor = SELECT, INSERT, UPDATE, DELETE |
288 | +public.packagebuild = DELETE |
289 | public.packagecopyrequest = SELECT, INSERT, UPDATE |
290 | -public.packagebuild = DELETE |
291 | public.packagediff = SELECT, INSERT, UPDATE, DELETE |
292 | public.packageset = SELECT, INSERT, UPDATE, DELETE |
293 | public.packagesetgroup = SELECT, INSERT, UPDATE, DELETE |
294 | +public.packagesetinclusion = SELECT, INSERT, UPDATE, DELETE |
295 | public.packagesetsources = SELECT, INSERT, UPDATE, DELETE |
296 | -public.packagesetinclusion = SELECT, INSERT, UPDATE, DELETE |
297 | -public.flatpackagesetinclusion = SELECT, INSERT, UPDATE, DELETE |
298 | public.packaging = SELECT, INSERT, UPDATE, DELETE |
299 | public.packagingjob = SELECT, INSERT, UPDATE |
300 | public.personlanguage = SELECT, INSERT, UPDATE, DELETE |
301 | public.personlocation = SELECT, INSERT, UPDATE, DELETE |
302 | +public.personnotification = SELECT, INSERT, UPDATE, DELETE |
303 | public.personsettings = SELECT, INSERT, UPDATE |
304 | public.persontransferjob = SELECT, INSERT, UPDATE, DELETE |
305 | -public.personnotification = SELECT, INSERT, UPDATE, DELETE |
306 | public.pillarname = SELECT, INSERT, DELETE |
307 | public.poexportrequest = SELECT, INSERT, UPDATE, DELETE |
308 | public.pofiletranslator = SELECT |
309 | +public.poll = SELECT, INSERT, UPDATE |
310 | public.polloption = SELECT, INSERT, UPDATE, DELETE |
311 | -public.poll = SELECT, INSERT, UPDATE |
312 | public.potexport = SELECT |
313 | public.previewdiff = SELECT, INSERT, UPDATE, DELETE |
314 | public.productbounty = SELECT, INSERT, UPDATE |
315 | public.productrelease = SELECT, INSERT, UPDATE, DELETE |
316 | public.productreleasefile = SELECT, INSERT, DELETE |
317 | public.productseriescodeimport = SELECT, INSERT, UPDATE |
318 | +public.project = SELECT |
319 | +public.projectbounty = SELECT, INSERT, UPDATE |
320 | public.publisherconfig = SELECT, INSERT, UPDATE, DELETE |
321 | -public.project = SELECT |
322 | -public.projectbounty = SELECT, INSERT, UPDATE |
323 | +public.question = SELECT, INSERT, UPDATE |
324 | public.questionbug = SELECT, INSERT, DELETE |
325 | public.questionjob = SELECT, INSERT, UPDATE, DELETE |
326 | public.questionmessage = SELECT, INSERT |
327 | public.questionreopening = SELECT, INSERT, UPDATE |
328 | -public.question = SELECT, INSERT, UPDATE |
329 | public.questionsubscription = SELECT, INSERT, UPDATE, DELETE |
330 | -public.translationrelicensingagreement = SELECT, INSERT, UPDATE |
331 | public.requestedcds = SELECT, INSERT, UPDATE, DELETE |
332 | public.revision = SELECT, INSERT, UPDATE |
333 | public.revisionauthor = SELECT, INSERT, UPDATE |
334 | @@ -277,70 +258,68 @@ |
335 | public.revisionnumber = SELECT, INSERT |
336 | public.revisionparent = SELECT, INSERT |
337 | public.scriptactivity = SELECT |
338 | +public.seriessourcepackagebranch = SELECT, INSERT, UPDATE, DELETE |
339 | public.shipitreport = SELECT, INSERT |
340 | public.shipitsurvey = SELECT, INSERT, UPDATE |
341 | +public.shipitsurveyanswer = SELECT, INSERT |
342 | public.shipitsurveyquestion = SELECT, INSERT |
343 | -public.shipitsurveyanswer = SELECT, INSERT |
344 | public.shipitsurveyresult = SELECT, INSERT |
345 | public.shipment = SELECT, INSERT, UPDATE |
346 | public.shippingrequest = SELECT, INSERT, UPDATE, DELETE |
347 | public.shippingrun = SELECT, INSERT, UPDATE |
348 | +public.sourcepackageformatselection = SELECT |
349 | public.sourcepackagepublishinghistory = SELECT |
350 | -public.seriessourcepackagebranch = SELECT, INSERT, UPDATE, DELETE |
351 | -public.sourcepackageformatselection = SELECT |
352 | public.sourcepackagerecipe = SELECT, INSERT, UPDATE, DELETE |
353 | public.sourcepackagerecipebuild = SELECT, INSERT, UPDATE, DELETE |
354 | public.sourcepackagerecipebuildjob = SELECT, INSERT, UPDATE, DELETE |
355 | public.sourcepackagerecipedata = SELECT, INSERT, UPDATE, DELETE |
356 | +public.sourcepackagerecipedatainstruction = SELECT, INSERT, UPDATE, DELETE |
357 | public.sourcepackagerecipedistroseries = SELECT, INSERT, DELETE |
358 | -public.sourcepackagerecipedatainstruction = SELECT, INSERT, UPDATE, DELETE |
359 | +public.specification = SELECT, INSERT, UPDATE |
360 | public.specificationbranch = SELECT, INSERT, UPDATE, DELETE |
361 | public.specificationbug = SELECT, INSERT, DELETE |
362 | public.specificationdependency = SELECT, INSERT, DELETE |
363 | public.specificationfeedback = SELECT, INSERT, UPDATE, DELETE |
364 | public.specificationmessage = SELECT, INSERT |
365 | -public.specification = SELECT, INSERT, UPDATE |
366 | public.specificationsubscription = SELECT, INSERT, UPDATE, DELETE |
367 | public.spokenin = SELECT, INSERT, DELETE |
368 | +public.sprint = SELECT, INSERT, UPDATE |
369 | public.sprintattendance = SELECT, INSERT, UPDATE, DELETE |
370 | -public.sprint = SELECT, INSERT, UPDATE |
371 | public.sprintspecification = SELECT, INSERT, UPDATE, DELETE |
372 | public.standardshipitrequest = SELECT, INSERT, UPDATE, DELETE |
373 | public.staticdiff = SELECT, INSERT, UPDATE |
374 | public.structuralsubscription = SELECT, INSERT, UPDATE, DELETE |
375 | +public.subunitstream = SELECT, INSERT, UPDATE, DELETE |
376 | public.suggestivepotemplate = SELECT, INSERT, DELETE |
377 | -public.subunitstream = SELECT, INSERT, UPDATE, DELETE |
378 | public.temporaryblobstorage = SELECT, INSERT, DELETE |
379 | public.translationgroup = SELECT, INSERT, UPDATE |
380 | public.translationimportqueueentry = SELECT, INSERT, UPDATE, DELETE |
381 | public.translationmessage = SELECT, INSERT, UPDATE, DELETE |
382 | +public.translationrelicensingagreement = SELECT, INSERT, UPDATE |
383 | public.translationtemplatesbuild = SELECT, INSERT, UPDATE, DELETE |
384 | public.translator = SELECT, INSERT, UPDATE, DELETE |
385 | +public.usertouseremail = SELECT, INSERT, UPDATE |
386 | public.validpersoncache = SELECT |
387 | public.validpersonorteamcache = SELECT |
388 | +public.vote = SELECT, INSERT, UPDATE |
389 | public.votecast = SELECT, INSERT |
390 | -public.vote = SELECT, INSERT, UPDATE |
391 | public.webserviceban = SELECT, INSERT, UPDATE, DELETE |
392 | public.wikiname = SELECT, INSERT, UPDATE, DELETE |
393 | -public.usertouseremail = SELECT, INSERT, UPDATE |
394 | +type=user |
395 | |
396 | [launchpad] |
397 | -# This user exists for backwards compatibility - it is an alias to |
398 | -# lanunchpad_main. There are a number of users in production that |
399 | -# have been assigned this role that I don't want to recreate just now. |
400 | -type=user |
401 | groups=launchpad_main |
402 | +type=user |
403 | |
404 | [script] |
405 | -# Permissions required by all scripts. |
406 | -type=group |
407 | public.scriptactivity = SELECT, INSERT |
408 | +type=group |
409 | |
410 | [statistician] |
411 | -type=user |
412 | groups=script |
413 | public.archive = SELECT, UPDATE |
414 | public.archivearch = SELECT, UPDATE |
415 | +public.binarypackagebuild = SELECT |
416 | public.binarypackagename = SELECT |
417 | public.binarypackagepublishinghistory = SELECT |
418 | public.binarypackagerelease = SELECT |
419 | @@ -349,8 +328,6 @@ |
420 | public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
421 | public.bugtask = SELECT |
422 | public.buildfarmjob = SELECT |
423 | -public.packagebuild = SELECT |
424 | -public.binarypackagebuild = SELECT |
425 | public.distribution = SELECT |
426 | public.distributionsourcepackagecache = SELECT, INSERT, UPDATE, DELETE |
427 | public.distroarchseries = SELECT, UPDATE |
428 | @@ -359,13 +336,12 @@ |
429 | public.distroseriespackagecache = SELECT, INSERT, UPDATE, DELETE |
430 | public.language = SELECT |
431 | public.launchpadstatistic = SELECT, INSERT, UPDATE, DELETE |
432 | +public.packagebuild = SELECT |
433 | public.person = SELECT |
434 | -public.validpersoncache = SELECT |
435 | -public.validpersonorteamcache = SELECT |
436 | -public.potemplate = SELECT |
437 | public.pofile = SELECT |
438 | public.pofiletranslator = SELECT |
439 | public.pomsgid = SELECT |
440 | +public.potemplate = SELECT |
441 | public.potmsgset = SELECT |
442 | public.product = SELECT |
443 | public.productseries = SELECT |
444 | @@ -377,46 +353,47 @@ |
445 | public.subunitstream = SELECT |
446 | public.translationmessage = SELECT, INSERT, UPDATE |
447 | public.translationtemplateitem = SELECT |
448 | +public.validpersoncache = SELECT |
449 | +public.validpersonorteamcache = SELECT |
450 | +type=user |
451 | |
452 | [librarian] |
453 | -type=user |
454 | public.libraryfilealias = SELECT, INSERT, UPDATE |
455 | public.libraryfilecontent = SELECT, INSERT |
456 | +type=user |
457 | |
458 | [librarianlogparser] |
459 | -type=user |
460 | groups=script |
461 | public.country = SELECT |
462 | public.libraryfilealias = SELECT, UPDATE |
463 | public.libraryfiledownloadcount = SELECT, INSERT, UPDATE |
464 | public.parsedapachelog = SELECT, INSERT, UPDATE |
465 | +type=user |
466 | |
467 | [librariangc] |
468 | -type=user |
469 | groups=script |
470 | public.apportjob = SELECT, DELETE |
471 | -public.job = SELECT, DELETE |
472 | -public.libraryfilealias = SELECT, UPDATE, DELETE |
473 | -public.libraryfilecontent = SELECT, UPDATE, DELETE |
474 | -# This user needs select on every table that references LibraryFileAlias |
475 | +public.binarypackagebuild = SELECT |
476 | public.binarypackagefile = SELECT |
477 | public.branchmergeproposal = SELECT |
478 | public.bugattachment = SELECT |
479 | public.buildfarmjob = SELECT |
480 | -public.packagebuild = SELECT |
481 | -public.binarypackagebuild = SELECT |
482 | public.codeimportresult = SELECT |
483 | public.diff = SELECT |
484 | public.distribution = SELECT |
485 | public.distributionmirror = SELECT |
486 | +public.hwsubmission = SELECT |
487 | +public.job = SELECT, DELETE |
488 | public.languagepack = SELECT |
489 | -public.hwsubmission = SELECT |
490 | +public.libraryfilealias = SELECT, UPDATE, DELETE |
491 | +public.libraryfilecontent = SELECT, UPDATE, DELETE |
492 | public.mergedirectivejob = SELECT |
493 | public.message = SELECT |
494 | +public.messageapproval = SELECT |
495 | public.messagechunk = SELECT |
496 | -public.messageapproval = SELECT |
497 | public.mirrorproberecord = SELECT |
498 | public.openidrpconfig = SELECT |
499 | +public.packagebuild = SELECT |
500 | public.packagediff = SELECT |
501 | public.packageupload = SELECT |
502 | public.packageuploadcustom = SELECT |
503 | @@ -427,37 +404,33 @@ |
504 | public.product = SELECT |
505 | public.productreleasefile = SELECT |
506 | public.project = SELECT |
507 | -public.subunitstream = SELECT |
508 | public.shipitreport = SELECT |
509 | public.shippingrun = SELECT |
510 | +public.sourcepackagerecipebuild = SELECT |
511 | +public.sourcepackagerelease = SELECT |
512 | +public.sourcepackagereleasefile = SELECT |
513 | public.sprint = SELECT |
514 | -public.sourcepackagerelease = SELECT |
515 | -public.sourcepackagereleasefile = SELECT |
516 | -public.sourcepackagerecipebuild = SELECT |
517 | +public.subunitstream = SELECT |
518 | public.temporaryblobstorage = SELECT, DELETE |
519 | public.translationimportqueueentry = SELECT |
520 | +type=user |
521 | |
522 | [productreleasefinder] |
523 | -# Dyson release import script |
524 | -type=user |
525 | groups=script |
526 | public.bug = SELECT |
527 | public.bugtask = SELECT, UPDATE |
528 | -public.product = SELECT |
529 | -public.productseries = SELECT |
530 | -public.productrelease = SELECT, INSERT, UPDATE |
531 | -public.productreleasefile = SELECT, INSERT, UPDATE |
532 | -# Needed only because SQLobject does things... |
533 | -public.person = SELECT |
534 | -# Needed to write to the librarian |
535 | public.libraryfilealias = SELECT, INSERT |
536 | public.libraryfilecontent = SELECT, INSERT |
537 | public.milestone = SELECT, INSERT |
538 | +public.person = SELECT |
539 | +public.product = SELECT |
540 | +public.productrelease = SELECT, INSERT, UPDATE |
541 | +public.productreleasefile = SELECT, INSERT, UPDATE |
542 | +public.productseries = SELECT |
543 | public.sourcepackagename = SELECT |
544 | +type=user |
545 | |
546 | [pofilestats] |
547 | -# Translations POFile statistics verification/update script |
548 | -type=user |
549 | groups=script |
550 | public.language = SELECT |
551 | public.pofile = SELECT, UPDATE |
552 | @@ -465,18 +438,15 @@ |
553 | public.potmsgset = SELECT |
554 | public.translationmessage = SELECT |
555 | public.translationtemplateitem = SELECT |
556 | +type=user |
557 | |
558 | [pofilestats_daily] |
559 | -# Daily POFile statistics verification/update script |
560 | -type=user |
561 | groups=pofilestats |
562 | +public.distroseries = SELECT |
563 | public.productseries = SELECT |
564 | -public.distroseries = SELECT |
565 | - |
566 | +type=user |
567 | |
568 | [poimport] |
569 | -# Rosetta import script |
570 | -type=user |
571 | groups=write,script |
572 | public.account = SELECT, INSERT |
573 | public.customlanguagecode = SELECT |
574 | @@ -487,14 +457,13 @@ |
575 | public.translator = SELECT |
576 | public.validpersoncache = SELECT |
577 | public.validpersonorteamcache = SELECT |
578 | +type=user |
579 | |
580 | [translations_distroseries_copy] |
581 | -type=user |
582 | groups=poimport |
583 | +type=user |
584 | |
585 | [translations_import_queue_gardener] |
586 | -# Translations import queue management |
587 | -type=user |
588 | groups=script,translations_approval |
589 | public.karma = SELECT, INSERT, UPDATE |
590 | public.karmaaction = SELECT |
591 | @@ -502,10 +471,9 @@ |
592 | public.translationimportqueueentry = SELECT, DELETE, UPDATE |
593 | public.translationmessage = SELECT, INSERT, UPDATE |
594 | public.validpersoncache = SELECT |
595 | +type=user |
596 | |
597 | [poexport] |
598 | -# Rosetta export script |
599 | -type=user |
600 | groups=script |
601 | public.distribution = SELECT |
602 | public.distroseries = SELECT |
603 | @@ -531,10 +499,9 @@ |
604 | public.translator = SELECT |
605 | public.validpersoncache = SELECT |
606 | public.validpersonorteamcache = SELECT |
607 | +type=user |
608 | |
609 | [langpack] |
610 | -# Language pack exporter script |
611 | -type=user |
612 | groups=script |
613 | public.distribution = SELECT |
614 | public.distroseries = SELECT, UPDATE |
615 | @@ -560,15 +527,14 @@ |
616 | public.translator = SELECT |
617 | public.validpersoncache = SELECT |
618 | public.validpersonorteamcache = SELECT |
619 | +type=user |
620 | |
621 | [checkwatches] |
622 | -# Malone bug watch script |
623 | -type=user |
624 | groups=script |
625 | public.account = SELECT, INSERT |
626 | public.accountpassword = SELECT, INSERT |
627 | +public.answercontact = SELECT |
628 | public.archive = SELECT |
629 | -public.answercontact = SELECT |
630 | public.binarypackagebuild = SELECT |
631 | public.binarypackagename = SELECT |
632 | public.binarypackagepublishinghistory = SELECT |
633 | @@ -585,8 +551,8 @@ |
634 | public.bugnotificationrecipient = SELECT, INSERT |
635 | public.bugsubscription = SELECT |
636 | public.bugsubscriptionfilter = SELECT |
637 | +public.bugsubscriptionfilterimportance = SELECT |
638 | public.bugsubscriptionfilterstatus = SELECT |
639 | -public.bugsubscriptionfilterimportance = SELECT |
640 | public.bugsubscriptionfiltertag = SELECT |
641 | public.bugtag = SELECT |
642 | public.bugtask = SELECT, INSERT, UPDATE |
643 | @@ -606,22 +572,22 @@ |
644 | public.language = SELECT |
645 | public.libraryfilealias = SELECT, INSERT |
646 | public.libraryfilecontent = SELECT, INSERT |
647 | +public.message = SELECT, INSERT |
648 | public.messagechunk = SELECT, INSERT |
649 | -public.message = SELECT, INSERT |
650 | public.milestone = SELECT |
651 | public.packagebugsupervisor = SELECT |
652 | public.person = SELECT, INSERT, UPDATE |
653 | +public.personlanguage = SELECT |
654 | public.personsettings = SELECT, INSERT |
655 | -public.personlanguage = SELECT |
656 | public.product = SELECT, UPDATE |
657 | public.productseries = SELECT |
658 | public.project = SELECT, UPDATE |
659 | +public.question = SELECT |
660 | public.questionbug = SELECT |
661 | -public.question = SELECT |
662 | public.questionsubscription = SELECT |
663 | public.section = SELECT |
664 | +public.sourcepackagename = SELECT |
665 | public.sourcepackagepublishinghistory = SELECT |
666 | -public.sourcepackagename = SELECT |
667 | public.sourcepackagerelease = SELECT |
668 | public.structuralsubscription = SELECT |
669 | public.teammembership = SELECT |
670 | @@ -629,9 +595,9 @@ |
671 | public.validpersoncache = SELECT |
672 | public.validpersonorteamcache = SELECT |
673 | public.wikiname = SELECT, INSERT |
674 | +type=user |
675 | |
676 | [branchscanner] |
677 | -type=user |
678 | groups=write, script |
679 | public.account = SELECT, INSERT |
680 | public.accountpassword = SELECT, INSERT |
681 | @@ -642,18 +608,31 @@ |
682 | public.branchrevision = SELECT, INSERT, UPDATE, DELETE |
683 | public.branchsubscription = SELECT |
684 | public.branchvisibilitypolicy = SELECT |
685 | +public.bugactivity = SELECT, INSERT |
686 | +public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
687 | public.bugbranch = SELECT, INSERT, UPDATE |
688 | +public.bugnotification = SELECT, INSERT |
689 | +public.bugnotificationfilter = SELECT, INSERT |
690 | +public.bugnotificationrecipient = SELECT, INSERT |
691 | +public.bugsubscription = SELECT |
692 | +public.bugsubscriptionfilter = SELECT |
693 | +public.bugsubscriptionfilterimportance = SELECT |
694 | +public.bugsubscriptionfilterstatus = SELECT |
695 | +public.bugsubscriptionfiltertag = SELECT |
696 | +public.bugtag = SELECT |
697 | +public.codereviewmessage = SELECT |
698 | +public.codereviewvote = SELECT |
699 | public.diff = SELECT, INSERT, DELETE |
700 | -public.distroseries = SELECT |
701 | public.distribution = SELECT |
702 | public.distributionsourcepackage = SELECT, UPDATE |
703 | +public.distroseries = SELECT |
704 | public.emailaddress = SELECT |
705 | public.incrementaldiff = SELECT |
706 | public.job = SELECT, INSERT, UPDATE, DELETE |
707 | -public.translationtemplatesbuild = SELECT, INSERT |
708 | -# Karma |
709 | public.karma = SELECT, INSERT |
710 | public.karmaaction = SELECT |
711 | +public.message = SELECT, INSERT |
712 | +public.messagechunk = SELECT, INSERT |
713 | public.person = SELECT |
714 | public.revision = SELECT, INSERT, UPDATE |
715 | public.revisionauthor = SELECT, INSERT, UPDATE |
716 | @@ -666,29 +645,13 @@ |
717 | public.sourcepackagerecipedata = SELECT |
718 | public.sourcepackagerecipedatainstruction = SELECT |
719 | public.staticdiff = SELECT, INSERT, DELETE |
720 | +public.structuralsubscription = SELECT |
721 | +public.translationtemplatesbuild = SELECT, INSERT |
722 | public.validpersoncache = SELECT |
723 | public.validpersonorteamcache = SELECT |
724 | -# Bug notifications |
725 | -public.bugactivity = SELECT, INSERT |
726 | -public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
727 | -public.bugsubscription = SELECT |
728 | -public.bugsubscriptionfilter = SELECT |
729 | -public.bugsubscriptionfilterstatus = SELECT |
730 | -public.bugsubscriptionfilterimportance = SELECT |
731 | -public.bugsubscriptionfiltertag = SELECT |
732 | -public.bugnotification = SELECT, INSERT |
733 | -public.bugnotificationfilter = SELECT, INSERT |
734 | -public.bugnotificationrecipient = SELECT, INSERT |
735 | -public.bugtag = SELECT |
736 | -public.structuralsubscription = SELECT |
737 | -public.message = SELECT, INSERT |
738 | -public.messagechunk = SELECT, INSERT |
739 | -# Merge notifications |
740 | -public.codereviewvote = SELECT |
741 | -public.codereviewmessage = SELECT |
742 | +type=user |
743 | |
744 | [branch-distro] |
745 | -type=user |
746 | public.branch = SELECT, INSERT, UPDATE |
747 | public.branchrevision = SELECT, INSERT |
748 | public.branchsubscription = SELECT, INSERT |
749 | @@ -703,38 +666,37 @@ |
750 | public.sourcepackagename = SELECT |
751 | public.teamparticipation = SELECT |
752 | public.validpersoncache = SELECT |
753 | - |
754 | +type=user |
755 | |
756 | [targetnamecacheupdater] |
757 | -type=user |
758 | groups=script |
759 | +public.binarypackagename = SELECT |
760 | public.bugtask = SELECT, UPDATE |
761 | -public.product = SELECT |
762 | -public.productseries = SELECT |
763 | public.distribution = SELECT |
764 | public.distroseries = SELECT |
765 | -public.sourcepackagename = SELECT |
766 | -public.binarypackagename = SELECT |
767 | public.potemplate = SELECT, UPDATE |
768 | +public.product = SELECT |
769 | +public.productseries = SELECT |
770 | +public.sourcepackagename = SELECT |
771 | +type=user |
772 | |
773 | [distributionmirror] |
774 | -type=user |
775 | groups=script |
776 | public.account = SELECT |
777 | public.archive = SELECT |
778 | public.archivearch = SELECT |
779 | +public.binarypackagebuild = SELECT |
780 | public.binarypackagefile = SELECT |
781 | public.binarypackagename = SELECT |
782 | +public.binarypackagepublishinghistory = SELECT |
783 | public.binarypackagerelease = SELECT |
784 | public.buildfarmjob = SELECT |
785 | -public.packagebuild = SELECT |
786 | -public.binarypackagebuild = SELECT |
787 | public.component = SELECT |
788 | public.componentselection = SELECT |
789 | public.distribution = SELECT |
790 | public.distributionmirror = SELECT, UPDATE |
791 | +public.distroarchseries = SELECT |
792 | public.distroseries = SELECT |
793 | -public.distroarchseries = SELECT |
794 | public.emailaddress = SELECT |
795 | public.libraryfilealias = SELECT, INSERT |
796 | public.libraryfilecontent = SELECT, INSERT |
797 | @@ -742,77 +704,74 @@ |
798 | public.mirrordistroarchseries = SELECT, UPDATE, DELETE, INSERT |
799 | public.mirrordistroseriessource = SELECT, UPDATE, DELETE, INSERT |
800 | public.mirrorproberecord = SELECT, INSERT |
801 | +public.packagebuild = SELECT |
802 | public.person = SELECT |
803 | public.processorfamily = SELECT |
804 | +public.sourcepackagename = SELECT |
805 | public.sourcepackagepublishinghistory = SELECT |
806 | -public.binarypackagepublishinghistory = SELECT |
807 | public.sourcepackagerelease = SELECT |
808 | public.sourcepackagereleasefile = SELECT |
809 | -public.sourcepackagename = SELECT |
810 | public.teammembership = SELECT |
811 | +type=user |
812 | |
813 | [teammembership] |
814 | -# Update the TeamMembership table setting expired members |
815 | -type=user |
816 | groups=script |
817 | +public.emailaddress = SELECT |
818 | +public.job = SELECT, INSERT |
819 | +public.person = SELECT |
820 | +public.persontransferjob = SELECT, INSERT |
821 | public.teammembership = SELECT, UPDATE |
822 | public.teamparticipation = SELECT, DELETE |
823 | -public.person = SELECT |
824 | -public.emailaddress = SELECT |
825 | -public.job = SELECT, INSERT |
826 | -public.persontransferjob = SELECT, INSERT |
827 | +type=user |
828 | |
829 | [karma] |
830 | -# Update the KarmaCache table |
831 | -type=user |
832 | groups=script |
833 | +public.emailaddress = SELECT |
834 | +public.karma = SELECT |
835 | +public.karmaaction = SELECT |
836 | public.karmacache = SELECT, INSERT, UPDATE, DELETE |
837 | -public.karma = SELECT |
838 | public.karmacategory = SELECT |
839 | -public.karmaaction = SELECT |
840 | public.karmatotalcache = SELECT, INSERT, UPDATE, DELETE |
841 | -public.emailaddress = SELECT |
842 | public.person = SELECT |
843 | public.product = SELECT |
844 | public.validpersoncache = SELECT |
845 | public.validpersonorteamcache = SELECT |
846 | +type=user |
847 | |
848 | [request-daily-builds] |
849 | -type=user |
850 | groups=script |
851 | public.archive = SELECT |
852 | public.archivepermission = SELECT |
853 | -public.buildqueue = SELECT, INSERT, UPDATE |
854 | public.branch = SELECT |
855 | public.buildfarmjob = SELECT, INSERT |
856 | +public.buildqueue = SELECT, INSERT, UPDATE |
857 | public.component = SELECT |
858 | public.distribution = SELECT |
859 | +public.distroarchseries = SELECT |
860 | public.distroseries = SELECT |
861 | -public.distroarchseries = SELECT |
862 | public.job = SELECT, INSERT |
863 | +public.packagebuild = SELECT, INSERT |
864 | public.person = SELECT |
865 | -public.packagebuild = SELECT, INSERT |
866 | public.processor = SELECT |
867 | public.processorfamily = SELECT |
868 | +public.sourcepackagename = SELECT |
869 | public.sourcepackagerecipe = SELECT, UPDATE |
870 | -public.sourcepackagename = SELECT |
871 | public.sourcepackagerecipebuild = SELECT, INSERT |
872 | public.sourcepackagerecipebuildjob = SELECT, INSERT |
873 | public.sourcepackagerecipedata = SELECT |
874 | public.sourcepackagerecipedistroseries = SELECT |
875 | public.teamparticipation = SELECT |
876 | +type=user |
877 | |
878 | [revisionkarma] |
879 | -# Allocate karma for revisions. |
880 | -type=user |
881 | groups=script |
882 | public.branch = SELECT |
883 | public.branchrevision = SELECT |
884 | public.distribution = SELECT |
885 | public.distroseries = SELECT |
886 | public.karma = SELECT, INSERT |
887 | +public.karmaaction = SELECT |
888 | public.karmacategory = SELECT |
889 | -public.karmaaction = SELECT |
890 | public.person = SELECT |
891 | public.product = SELECT |
892 | public.productseries = SELECT |
893 | @@ -820,163 +779,158 @@ |
894 | public.revisionauthor = SELECT |
895 | public.sourcepackagename = SELECT |
896 | public.validpersoncache = SELECT |
897 | +type=user |
898 | |
899 | [cve] |
900 | -type=user |
901 | groups=script |
902 | public.cve = SELECT, INSERT, UPDATE |
903 | public.cvereference = SELECT, INSERT, UPDATE, DELETE |
904 | - |
905 | +type=user |
906 | |
907 | [gina] |
908 | -# Unpack sourcepackages and extract metadata |
909 | -type=user |
910 | groups=write,script |
911 | public.account = SELECT, INSERT |
912 | public.accountpassword = SELECT, INSERT |
913 | public.archive = SELECT, UPDATE |
914 | public.archivearch = SELECT, UPDATE |
915 | +public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE |
916 | public.distribution = SELECT |
917 | public.distributionjob = SELECT, INSERT |
918 | public.distributionsourcepackage = SELECT, INSERT |
919 | public.packagediff = SELECT, INSERT, UPDATE |
920 | -public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE |
921 | public.sourcepackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE |
922 | +type=user |
923 | |
924 | [archivepublisher] |
925 | -type=user |
926 | groups=write,script |
927 | +public.answercontact = SELECT |
928 | public.archive = SELECT, UPDATE |
929 | public.archivearch = SELECT |
930 | public.archiveauthtoken = SELECT, UPDATE |
931 | public.archivepermission = SELECT, INSERT |
932 | public.archivesubscriber = SELECT, UPDATE |
933 | +public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE |
934 | +public.bug = SELECT, UPDATE |
935 | +public.bugactivity = SELECT, INSERT |
936 | +public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
937 | +public.bugcve = SELECT, INSERT |
938 | +public.bugmessage = SELECT, INSERT |
939 | +public.bugnomination = SELECT |
940 | +public.bugnotification = SELECT, INSERT |
941 | +public.bugnotificationfilter = SELECT, INSERT |
942 | +public.bugnotificationrecipient = SELECT, INSERT |
943 | +public.bugsubscription = SELECT |
944 | +public.bugsubscriptionfilter = SELECT |
945 | +public.bugsubscriptionfilterimportance = SELECT |
946 | +public.bugsubscriptionfilterstatus = SELECT |
947 | +public.bugsubscriptionfiltertag = SELECT |
948 | +public.bugtag = SELECT |
949 | +public.bugtask = SELECT, UPDATE |
950 | +public.bugtracker = SELECT, INSERT |
951 | +public.bugtrackeralias = SELECT, INSERT |
952 | +public.bugwatch = SELECT, INSERT |
953 | +public.cve = SELECT, INSERT |
954 | public.distributionjob = SELECT, INSERT, DELETE |
955 | +public.distributionsourcepackage = SELECT, INSERT, UPDATE |
956 | +public.flatpackagesetinclusion = SELECT, INSERT, UPDATE, DELETE |
957 | public.gpgkey = SELECT, INSERT, UPDATE |
958 | +public.karma = SELECT, INSERT |
959 | +public.karmaaction = SELECT |
960 | +public.language = SELECT |
961 | +public.message = SELECT, INSERT |
962 | +public.messagechunk = SELECT, INSERT |
963 | +public.milestone = SELECT |
964 | +public.packagebugsupervisor = SELECT |
965 | public.packagecopyrequest = SELECT, INSERT, UPDATE |
966 | public.packagediff = SELECT, INSERT, UPDATE |
967 | public.packageset = SELECT, INSERT |
968 | public.packagesetgroup = SELECT |
969 | +public.packagesetinclusion = SELECT, INSERT, UPDATE, DELETE |
970 | public.packagesetsources = SELECT, INSERT, UPDATE, DELETE |
971 | -public.packagesetinclusion = SELECT, INSERT, UPDATE, DELETE |
972 | -# INSERT for publisherconfig only required for the test suite. |
973 | +public.personlanguage = SELECT |
974 | +public.product = SELECT |
975 | +public.productseries = SELECT |
976 | +public.project = SELECT |
977 | public.publisherconfig = SELECT, INSERT |
978 | -public.flatpackagesetinclusion = SELECT, INSERT, UPDATE, DELETE |
979 | -public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE |
980 | +public.question = SELECT |
981 | +public.questionbug = SELECT |
982 | +public.questionsubscription = SELECT |
983 | public.sourcepackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE |
984 | -public.distributionsourcepackage = SELECT, INSERT, UPDATE |
985 | - |
986 | -# Closing bugs for publication copies. |
987 | -public.bug = SELECT, UPDATE |
988 | -public.bugactivity = SELECT, INSERT |
989 | -public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
990 | -public.bugsubscription = SELECT |
991 | -public.bugsubscriptionfilter = SELECT |
992 | -public.bugsubscriptionfilterstatus = SELECT |
993 | -public.bugsubscriptionfilterimportance = SELECT |
994 | -public.bugsubscriptionfiltertag = SELECT |
995 | -public.bugnotification = SELECT, INSERT |
996 | -public.bugnotificationfilter = SELECT, INSERT |
997 | -public.bugnotificationrecipient = SELECT, INSERT |
998 | -public.bugnomination = SELECT |
999 | -public.bugtag = SELECT |
1000 | -public.bugtask = SELECT, UPDATE |
1001 | -public.product = SELECT |
1002 | -public.project = SELECT |
1003 | -public.bugmessage = SELECT, INSERT |
1004 | -public.message = SELECT, INSERT |
1005 | -public.messagechunk = SELECT, INSERT |
1006 | -public.productseries = SELECT |
1007 | +public.structuralsubscription = SELECT |
1008 | public.validpersoncache = SELECT |
1009 | public.validpersonorteamcache = SELECT |
1010 | -public.karmaaction = SELECT |
1011 | -public.karma = SELECT, INSERT |
1012 | -public.questionbug = SELECT |
1013 | -public.question = SELECT |
1014 | -public.packagebugsupervisor = SELECT |
1015 | -public.milestone = SELECT |
1016 | -public.bugwatch = SELECT, INSERT |
1017 | -public.bugtracker = SELECT, INSERT |
1018 | -public.bugtrackeralias = SELECT, INSERT |
1019 | -public.cve = SELECT, INSERT |
1020 | -public.bugcve = SELECT, INSERT |
1021 | -public.language = SELECT |
1022 | -public.questionsubscription = SELECT |
1023 | -public.answercontact = SELECT |
1024 | -public.personlanguage = SELECT |
1025 | -public.structuralsubscription = SELECT |
1026 | +type=user |
1027 | |
1028 | [fiera] |
1029 | -type=user |
1030 | groups=script,translations_approval |
1031 | public.account = SELECT |
1032 | public.archive = SELECT, UPDATE |
1033 | public.archivearch = SELECT, UPDATE |
1034 | public.archivedependency = SELECT |
1035 | +public.binarypackagebuild = SELECT, INSERT, UPDATE |
1036 | +public.binarypackagefile = SELECT |
1037 | +public.binarypackagename = SELECT |
1038 | +public.binarypackagepublishinghistory = SELECT |
1039 | +public.binarypackagerelease = SELECT |
1040 | public.branch = SELECT |
1041 | public.branchjob = SELECT, DELETE |
1042 | -public.buildqueue = SELECT, INSERT, UPDATE, DELETE |
1043 | -public.job = SELECT, INSERT, UPDATE, DELETE |
1044 | -public.buildpackagejob = SELECT, INSERT, UPDATE, DELETE |
1045 | public.builder = SELECT, INSERT, UPDATE |
1046 | public.buildfarmjob = SELECT, INSERT, UPDATE |
1047 | -public.packagebuild = SELECT, INSERT, UPDATE |
1048 | -public.binarypackagebuild = SELECT, INSERT, UPDATE |
1049 | +public.buildpackagejob = SELECT, INSERT, UPDATE, DELETE |
1050 | +public.buildqueue = SELECT, INSERT, UPDATE, DELETE |
1051 | +public.component = SELECT |
1052 | public.distribution = SELECT, UPDATE |
1053 | -public.distroseries = SELECT, UPDATE |
1054 | public.distroarchseries = SELECT, UPDATE |
1055 | -public.sourcepackagepublishinghistory = SELECT |
1056 | -public.sourcepackagerelease = SELECT |
1057 | -public.sourcepackagereleasefile = SELECT |
1058 | -public.sourcepackagename = SELECT |
1059 | -public.binarypackagepublishinghistory = SELECT |
1060 | -public.binarypackagerelease = SELECT |
1061 | -public.binarypackagefile = SELECT |
1062 | -public.binarypackagename = SELECT |
1063 | +public.distroseries = SELECT, UPDATE |
1064 | +public.emailaddress = SELECT |
1065 | +public.flatpackagesetinclusion = SELECT |
1066 | +public.gpgkey = SELECT |
1067 | +public.job = SELECT, INSERT, UPDATE, DELETE |
1068 | public.libraryfilealias = SELECT, INSERT |
1069 | public.libraryfilecontent = SELECT, INSERT |
1070 | -public.processor = SELECT |
1071 | -public.processorfamily = SELECT |
1072 | +public.packagebuild = SELECT, INSERT, UPDATE |
1073 | +public.packageset = SELECT |
1074 | +public.packagesetgroup = SELECT |
1075 | +public.packagesetinclusion = SELECT |
1076 | +public.packagesetsources = SELECT |
1077 | +public.person = SELECT |
1078 | public.pocketchroot = SELECT, INSERT, UPDATE |
1079 | +public.processor = SELECT |
1080 | +public.processorfamily = SELECT |
1081 | public.product = SELECT |
1082 | public.productseries = SELECT |
1083 | +public.publisherconfig = SELECT |
1084 | +public.section = SELECT |
1085 | public.seriessourcepackagebranch = SELECT |
1086 | -public.component = SELECT |
1087 | -public.section = SELECT |
1088 | +public.sourcepackagename = SELECT |
1089 | +public.sourcepackagepublishinghistory = SELECT |
1090 | public.sourcepackagerecipe = SELECT |
1091 | public.sourcepackagerecipebuild = SELECT, UPDATE |
1092 | public.sourcepackagerecipebuildjob = SELECT, INSERT, UPDATE, DELETE |
1093 | public.sourcepackagerecipedata = SELECT |
1094 | public.sourcepackagerecipedatainstruction = SELECT |
1095 | -public.person = SELECT |
1096 | -public.emailaddress = SELECT |
1097 | +public.sourcepackagerelease = SELECT |
1098 | +public.sourcepackagereleasefile = SELECT |
1099 | public.teammembership = SELECT |
1100 | -public.gpgkey = SELECT |
1101 | -public.packageset = SELECT |
1102 | -public.packagesetgroup = SELECT |
1103 | -public.packagesetsources = SELECT |
1104 | -public.packagesetinclusion = SELECT |
1105 | -public.flatpackagesetinclusion = SELECT |
1106 | public.teamparticipation = SELECT |
1107 | public.translationimportqueueentry = SELECT, INSERT, UPDATE |
1108 | public.translationtemplatesbuild = SELECT, INSERT |
1109 | -public.publisherconfig = SELECT |
1110 | +type=user |
1111 | |
1112 | [ppa-apache-log-parser] |
1113 | -type=user |
1114 | groups=script |
1115 | -public.person = SELECT |
1116 | public.archive = SELECT |
1117 | +public.binarypackagefile = SELECT |
1118 | public.binarypackagepublishinghistory = SELECT |
1119 | public.binarypackagerelease = SELECT |
1120 | -public.binarypackagefile = SELECT |
1121 | -public.libraryfilealias = SELECT |
1122 | public.binarypackagereleasedownloadcount = SELECT, INSERT, UPDATE |
1123 | public.country = SELECT |
1124 | +public.libraryfilealias = SELECT |
1125 | public.parsedapachelog = SELECT, INSERT, UPDATE |
1126 | +public.person = SELECT |
1127 | +type=user |
1128 | |
1129 | [initialisedistroseries] |
1130 | -type=user |
1131 | groups=script |
1132 | public.archive = SELECT |
1133 | public.archivepermission = SELECT, INSERT |
1134 | @@ -1015,9 +969,9 @@ |
1135 | public.sourcepackagepublishinghistory = SELECT, INSERT |
1136 | public.sourcepackagerelease = SELECT |
1137 | public.sourcepackagereleasefile = SELECT |
1138 | +type=user |
1139 | |
1140 | [sync_packages] |
1141 | -type=user |
1142 | groups=script |
1143 | public.archive = SELECT |
1144 | public.archivepermission = SELECT, INSERT |
1145 | @@ -1058,9 +1012,9 @@ |
1146 | public.sourcepackagepublishinghistory = SELECT, INSERT |
1147 | public.sourcepackagerelease = SELECT |
1148 | public.sourcepackagereleasefile = SELECT, INSERT, UPDATE |
1149 | +type=user |
1150 | |
1151 | [distroseriesdifferencejob] |
1152 | -type=user |
1153 | groups=script |
1154 | public.archive = SELECT |
1155 | public.distribution = SELECT |
1156 | @@ -1075,21 +1029,20 @@ |
1157 | public.sourcepackagename = SELECT |
1158 | public.sourcepackagepublishinghistory = SELECT |
1159 | public.sourcepackagerelease = SELECT |
1160 | +type=user |
1161 | |
1162 | [write] |
1163 | -type=group |
1164 | -# Full access except for tables that are exclusively updated by |
1165 | -# certain processes, such as the librarian tables. This group is deprecated - |
1166 | -# access should be explicitly granted to users. |
1167 | public.account = SELECT, INSERT, UPDATE |
1168 | public.accountpassword = SELECT, INSERT |
1169 | public.archive = SELECT, INSERT, UPDATE |
1170 | +public.archivearch = SELECT, INSERT, UPDATE, DELETE |
1171 | public.archivejob = SELECT, INSERT |
1172 | -public.archivearch = SELECT, INSERT, UPDATE, DELETE |
1173 | -public.binarypackagerelease = SELECT, INSERT, UPDATE |
1174 | +public.binarypackagebuild = SELECT, INSERT, UPDATE |
1175 | public.binarypackagefile = SELECT, INSERT, UPDATE |
1176 | public.binarypackagefilepublishing = SELECT, INSERT, UPDATE |
1177 | public.binarypackagename = SELECT, INSERT, UPDATE |
1178 | +public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE |
1179 | +public.binarypackagerelease = SELECT, INSERT, UPDATE |
1180 | public.bounty = SELECT, INSERT, UPDATE |
1181 | public.bountymessage = SELECT, INSERT |
1182 | public.branch = SELECT, INSERT, UPDATE |
1183 | @@ -1103,36 +1056,30 @@ |
1184 | public.bugproductinfestation = SELECT, INSERT, UPDATE |
1185 | public.bugsubscription = SELECT, INSERT, UPDATE, DELETE |
1186 | public.bugsubscriptionfilter = SELECT, INSERT, UPDATE, DELETE |
1187 | +public.bugsubscriptionfilterimportance = SELECT, INSERT, UPDATE, DELETE |
1188 | public.bugsubscriptionfiltermute = SELECT, INSERT, UPDATE, DELETE |
1189 | public.bugsubscriptionfilterstatus = SELECT, INSERT, UPDATE, DELETE |
1190 | -public.bugsubscriptionfilterimportance = SELECT, INSERT, UPDATE, DELETE |
1191 | public.bugsubscriptionfiltertag = SELECT, INSERT, UPDATE, DELETE |
1192 | public.bugtask = SELECT, INSERT, UPDATE, DELETE |
1193 | public.bugtracker = SELECT, INSERT, UPDATE, DELETE |
1194 | public.bugtrackeralias = SELECT, INSERT, UPDATE, DELETE |
1195 | public.bugwatch = SELECT, INSERT, UPDATE, DELETE |
1196 | -public.buildfarmjob = SELECT, INSERT, UPDATE |
1197 | -public.packagebuild = SELECT, INSERT, UPDATE |
1198 | -public.binarypackagebuild = SELECT, INSERT, UPDATE |
1199 | public.builder = SELECT, INSERT, UPDATE |
1200 | +public.buildfarmjob = SELECT, INSERT, UPDATE |
1201 | +public.buildpackagejob = SELECT, INSERT, UPDATE, DELETE |
1202 | public.buildqueue = SELECT, INSERT, UPDATE, DELETE |
1203 | -public.job = SELECT, INSERT, UPDATE, DELETE |
1204 | -public.buildpackagejob = SELECT, INSERT, UPDATE, DELETE |
1205 | public.component = SELECT, INSERT, UPDATE |
1206 | public.componentselection = SELECT, INSERT, UPDATE |
1207 | public.country = SELECT, INSERT, UPDATE |
1208 | public.distribution = SELECT, INSERT, UPDATE |
1209 | public.distroarchseries = SELECT, INSERT, UPDATE |
1210 | +public.distrocomponentuploader = SELECT, INSERT, UPDATE |
1211 | public.distroseries = SELECT, INSERT, UPDATE |
1212 | -public.openidrpsummary = SELECT, INSERT, UPDATE |
1213 | -public.packageupload = SELECT, INSERT, UPDATE |
1214 | -public.packageuploadbuild = SELECT, INSERT, UPDATE |
1215 | -public.packageuploadsource = SELECT, INSERT, UPDATE |
1216 | -public.packageuploadcustom = SELECT, INSERT, UPDATE |
1217 | -public.distrocomponentuploader = SELECT, INSERT, UPDATE |
1218 | public.emailaddress = SELECT, INSERT, UPDATE |
1219 | +public.gpgkey = SELECT, INSERT, UPDATE, DELETE |
1220 | public.ircid = SELECT, INSERT, UPDATE, DELETE |
1221 | public.jabberid = SELECT, INSERT, UPDATE, DELETE |
1222 | +public.job = SELECT, INSERT, UPDATE, DELETE |
1223 | public.karma = SELECT, INSERT, UPDATE |
1224 | public.karmaaction = SELECT, INSERT, UPDATE |
1225 | public.language = SELECT, INSERT, UPDATE |
1226 | @@ -1140,18 +1087,22 @@ |
1227 | public.libraryfilealias = SELECT, INSERT |
1228 | public.libraryfilecontent = SELECT, INSERT |
1229 | public.logintoken = SELECT, INSERT, UPDATE |
1230 | +public.message = SELECT, INSERT, UPDATE |
1231 | +public.milestone = SELECT, INSERT, UPDATE |
1232 | public.mirror = SELECT, INSERT, UPDATE, DELETE |
1233 | public.mirrorcontent = SELECT, INSERT, UPDATE, DELETE |
1234 | public.mirrorsourcecontent = SELECT, INSERT, UPDATE, DELETE |
1235 | -public.teammembership = SELECT, INSERT, UPDATE, DELETE |
1236 | -public.message = SELECT, INSERT, UPDATE |
1237 | -public.milestone = SELECT, INSERT, UPDATE |
1238 | -public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE |
1239 | +public.openidrpsummary = SELECT, INSERT, UPDATE |
1240 | +public.packagebuild = SELECT, INSERT, UPDATE |
1241 | public.packageselection = SELECT, INSERT, UPDATE |
1242 | +public.packageupload = SELECT, INSERT, UPDATE |
1243 | +public.packageuploadbuild = SELECT, INSERT, UPDATE |
1244 | +public.packageuploadcustom = SELECT, INSERT, UPDATE |
1245 | +public.packageuploadsource = SELECT, INSERT, UPDATE |
1246 | public.packaging = SELECT, INSERT, UPDATE |
1247 | public.person = SELECT, INSERT, UPDATE |
1248 | -public.personsettings = SELECT, INSERT, UPDATE |
1249 | public.personlanguage = SELECT, INSERT, UPDATE |
1250 | +public.personsettings = SELECT, INSERT, UPDATE |
1251 | public.pocketchroot = SELECT, INSERT, UPDATE |
1252 | public.pocomment = SELECT, INSERT, UPDATE |
1253 | public.pofile = SELECT, INSERT, UPDATE |
1254 | @@ -1164,8 +1115,8 @@ |
1255 | public.processor = SELECT, INSERT, UPDATE |
1256 | public.processorfamily = SELECT, INSERT, UPDATE |
1257 | public.product = SELECT, INSERT, UPDATE |
1258 | +public.productcvsmodule = SELECT, INSERT, UPDATE |
1259 | public.productlicense = SELECT, INSERT, UPDATE, DELETE |
1260 | -public.productcvsmodule = SELECT, INSERT, UPDATE |
1261 | public.productrelease = SELECT, INSERT, UPDATE |
1262 | public.productreleasefile = SELECT, INSERT, UPDATE |
1263 | public.productseries = SELECT, INSERT, UPDATE |
1264 | @@ -1183,15 +1134,15 @@ |
1265 | public.sourcepackagerelease = SELECT, INSERT, UPDATE |
1266 | public.sourcepackagereleasefile = SELECT, INSERT, UPDATE |
1267 | public.spokenin = SELECT, INSERT, UPDATE |
1268 | -public.gpgkey = SELECT, INSERT, UPDATE, DELETE |
1269 | public.sshkey = SELECT, INSERT, UPDATE, DELETE |
1270 | +public.teammembership = SELECT, INSERT, UPDATE, DELETE |
1271 | public.teamparticipation = SELECT, INSERT, UPDATE, DELETE |
1272 | public.translationimportqueueentry = SELECT, INSERT, UPDATE, DELETE |
1273 | public.translationtemplateitem = SELECT, INSERT, UPDATE, DELETE |
1274 | public.wikiname = SELECT, INSERT, UPDATE, DELETE |
1275 | +type=group |
1276 | |
1277 | [shipit] |
1278 | -type=user |
1279 | groups=script |
1280 | public.account = SELECT |
1281 | public.continent = SELECT |
1282 | @@ -1209,10 +1160,9 @@ |
1283 | public.standardshipitrequest = SELECT |
1284 | public.validpersoncache = SELECT |
1285 | public.validpersonorteamcache = SELECT |
1286 | +type=user |
1287 | |
1288 | [standingupdater] |
1289 | -# For the personal standing updater cron script. |
1290 | -type=user |
1291 | groups=script |
1292 | public.emailaddress = SELECT |
1293 | public.mailinglist = SELECT |
1294 | @@ -1220,10 +1170,9 @@ |
1295 | public.messageapproval = SELECT |
1296 | public.person = SELECT, UPDATE |
1297 | public.teamparticipation = SELECT |
1298 | +type=user |
1299 | |
1300 | [answertracker] |
1301 | -# User running expire-questions.py |
1302 | -type=user |
1303 | groups=script |
1304 | public.account = SELECT, INSERT |
1305 | public.accountpassword = SELECT, INSERT |
1306 | @@ -1232,8 +1181,8 @@ |
1307 | public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
1308 | public.bugtask = SELECT |
1309 | public.distribution = SELECT |
1310 | +public.emailaddress = SELECT |
1311 | public.faq = SELECT |
1312 | -public.emailaddress = SELECT |
1313 | public.job = SELECT, UPDATE |
1314 | public.language = SELECT |
1315 | public.message = SELECT, INSERT |
1316 | @@ -1250,339 +1199,299 @@ |
1317 | public.teammembership = SELECT |
1318 | public.validpersoncache = SELECT |
1319 | public.validpersonorteamcache = SELECT |
1320 | +type=user |
1321 | |
1322 | [uploader] |
1323 | -type=user |
1324 | groups=script,uploading |
1325 | +type=user |
1326 | |
1327 | [uploading] |
1328 | -type=group |
1329 | -# Everything is keyed off an archive |
1330 | +public.account = SELECT, INSERT |
1331 | +public.accountpassword = SELECT, INSERT |
1332 | +public.answercontact = SELECT |
1333 | public.archive = SELECT, INSERT, UPDATE |
1334 | public.archivearch = SELECT, INSERT, UPDATE |
1335 | -public.packageset = SELECT |
1336 | -public.packagesetgroup = SELECT |
1337 | -public.packagesetsources = SELECT |
1338 | -public.packagesetinclusion = SELECT |
1339 | -public.flatpackagesetinclusion = SELECT |
1340 | - |
1341 | -# This block is granted insert in order to be able to create maintainers |
1342 | -# on the fly when we encounter them. |
1343 | -public.account = SELECT, INSERT |
1344 | -public.accountpassword = SELECT, INSERT |
1345 | -public.person = SELECT, INSERT, UPDATE |
1346 | -public.personsettings = SELECT, INSERT |
1347 | -public.emailaddress = SELECT, INSERT, UPDATE |
1348 | -public.teamparticipation = SELECT, INSERT |
1349 | -public.teammembership = SELECT |
1350 | -public.wikiname = SELECT, INSERT |
1351 | -public.validpersoncache = SELECT |
1352 | -public.validpersonorteamcache = SELECT |
1353 | - |
1354 | -# I didn't want to give it INSERT and if someone can fix the gpg-coc story |
1355 | -# So that it works with my key in place then nascentupload.txt won't have |
1356 | -# to insert it. |
1357 | -public.gpgkey = SELECT, INSERT |
1358 | -public.signedcodeofconduct = SELECT |
1359 | -public.distribution = SELECT, UPDATE |
1360 | -public.distributionjob = SELECT, INSERT |
1361 | -public.distroseries = SELECT, UPDATE |
1362 | -public.distroarchseries = SELECT |
1363 | -public.sourcepackagepublishinghistory = SELECT, INSERT |
1364 | -public.distributionsourcepackage = SELECT, INSERT, UPDATE |
1365 | -public.sourcepackagefilepublishing = SELECT |
1366 | +public.archivepermission = SELECT |
1367 | +public.binarypackagebuild = SELECT, INSERT, UPDATE |
1368 | +public.binarypackagefile = SELECT, INSERT |
1369 | public.binarypackagefilepublishing = SELECT |
1370 | -public.binarypackagepublishinghistory = SELECT |
1371 | -public.component = SELECT, INSERT |
1372 | -public.section = SELECT, INSERT |
1373 | -public.componentselection = SELECT |
1374 | -public.sectionselection = SELECT |
1375 | -public.distrocomponentuploader = SELECT |
1376 | -public.archivepermission = SELECT |
1377 | -public.processor = SELECT |
1378 | -public.processorfamily = SELECT |
1379 | -public.sourcepackageformatselection = SELECT |
1380 | - |
1381 | -# Source and Binary packages and builds |
1382 | -public.sourcepackagename = SELECT, INSERT |
1383 | -public.sourcepackagerelease = SELECT, INSERT, UPDATE |
1384 | public.binarypackagename = SELECT, INSERT |
1385 | +public.binarypackagepublishinghistory = SELECT |
1386 | public.binarypackagerelease = SELECT, INSERT |
1387 | -public.sourcepackagereleasefile = SELECT, INSERT |
1388 | -public.binarypackagefile = SELECT, INSERT |
1389 | -public.pocketchroot = SELECT |
1390 | -public.buildfarmjob = SELECT, INSERT, UPDATE |
1391 | -public.packagebuild = SELECT, INSERT, UPDATE |
1392 | -public.binarypackagebuild = SELECT, INSERT, UPDATE |
1393 | -public.sourcepackagerecipebuild = SELECT, UPDATE |
1394 | -public.sourcepackagerecipebuildjob = SELECT, UPDATE |
1395 | -public.sourcepackagerecipe = SELECT, UPDATE |
1396 | -public.buildqueue = SELECT, INSERT, UPDATE |
1397 | +public.bug = SELECT, UPDATE |
1398 | +public.bugactivity = SELECT, INSERT |
1399 | +public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
1400 | +public.bugcve = SELECT, INSERT |
1401 | +public.bugjob = SELECT, INSERT |
1402 | +public.bugmessage = SELECT, INSERT |
1403 | +public.bugnomination = SELECT |
1404 | +public.bugnotification = SELECT, INSERT |
1405 | +public.bugnotificationfilter = SELECT, INSERT |
1406 | +public.bugnotificationrecipient = SELECT, INSERT |
1407 | +public.bugsubscription = SELECT |
1408 | +public.bugsubscriptionfilter = SELECT |
1409 | +public.bugsubscriptionfilterimportance = SELECT |
1410 | +public.bugsubscriptionfilterstatus = SELECT |
1411 | +public.bugsubscriptionfiltertag = SELECT |
1412 | +public.bugtag = SELECT |
1413 | +public.bugtask = SELECT, UPDATE |
1414 | +public.bugtracker = SELECT, INSERT |
1415 | +public.bugtrackeralias = SELECT, INSERT |
1416 | +public.bugwatch = SELECT, INSERT |
1417 | public.builder = SELECT |
1418 | +public.buildfarmjob = SELECT, INSERT, UPDATE |
1419 | +public.buildpackagejob = SELECT, INSERT, UPDATE |
1420 | +public.buildqueue = SELECT, INSERT, UPDATE |
1421 | +public.component = SELECT, INSERT |
1422 | +public.componentselection = SELECT |
1423 | +public.cve = SELECT, INSERT |
1424 | +public.distribution = SELECT, UPDATE |
1425 | +public.distributionjob = SELECT, INSERT |
1426 | +public.distributionsourcepackage = SELECT, INSERT, UPDATE |
1427 | +public.distroarchseries = SELECT |
1428 | +public.distrocomponentuploader = SELECT |
1429 | +public.distroseries = SELECT, UPDATE |
1430 | +public.emailaddress = SELECT, INSERT, UPDATE |
1431 | +public.flatpackagesetinclusion = SELECT |
1432 | +public.gpgkey = SELECT, INSERT |
1433 | public.job = SELECT, INSERT, UPDATE |
1434 | -public.buildpackagejob = SELECT, INSERT, UPDATE |
1435 | - |
1436 | -# Thusly the librarian |
1437 | +public.karma = SELECT, INSERT |
1438 | +public.karmaaction = SELECT |
1439 | +public.language = SELECT |
1440 | +public.libraryfilealias = SELECT, INSERT |
1441 | public.libraryfilecontent = SELECT, INSERT |
1442 | -public.libraryfilealias = SELECT, INSERT |
1443 | - |
1444 | -# The queue |
1445 | +public.message = SELECT, INSERT |
1446 | +public.messagechunk = SELECT, INSERT |
1447 | +public.milestone = SELECT |
1448 | +public.packagebugsupervisor = SELECT |
1449 | +public.packagebuild = SELECT, INSERT, UPDATE |
1450 | +public.packagediff = SELECT, INSERT, UPDATE, DELETE |
1451 | +public.packageset = SELECT |
1452 | +public.packagesetgroup = SELECT |
1453 | +public.packagesetinclusion = SELECT |
1454 | +public.packagesetsources = SELECT |
1455 | public.packageupload = SELECT, INSERT, UPDATE |
1456 | -public.packageuploadsource = SELECT, INSERT |
1457 | public.packageuploadbuild = SELECT, INSERT |
1458 | public.packageuploadcustom = SELECT, INSERT |
1459 | - |
1460 | -# Closing bugs for premature source-only publication |
1461 | -public.bug = SELECT, UPDATE |
1462 | -public.bugactivity = SELECT, INSERT |
1463 | -public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
1464 | -public.bugjob = SELECT, INSERT |
1465 | -public.bugsubscription = SELECT |
1466 | -public.bugsubscriptionfilter = SELECT |
1467 | -public.bugsubscriptionfilterstatus = SELECT |
1468 | -public.bugsubscriptionfilterimportance = SELECT |
1469 | -public.bugsubscriptionfiltertag = SELECT |
1470 | -public.bugnotification = SELECT, INSERT |
1471 | -public.bugnotificationfilter = SELECT, INSERT |
1472 | -public.bugnotificationrecipient = SELECT, INSERT |
1473 | -public.bugnomination = SELECT |
1474 | -public.bugtag = SELECT |
1475 | -public.bugtask = SELECT, UPDATE |
1476 | +public.packageuploadsource = SELECT, INSERT |
1477 | +public.person = SELECT, INSERT, UPDATE |
1478 | +public.personlanguage = SELECT |
1479 | +public.personsettings = SELECT, INSERT |
1480 | +public.pocketchroot = SELECT |
1481 | +public.processor = SELECT |
1482 | +public.processorfamily = SELECT |
1483 | public.product = SELECT, UPDATE |
1484 | +public.productseries = SELECT |
1485 | public.project = SELECT, UPDATE |
1486 | -public.bugmessage = SELECT, INSERT |
1487 | -public.message = SELECT, INSERT |
1488 | -public.messagechunk = SELECT, INSERT |
1489 | -public.productseries = SELECT |
1490 | -public.karmaaction = SELECT |
1491 | -public.karma = SELECT, INSERT |
1492 | +public.question = SELECT |
1493 | public.questionbug = SELECT |
1494 | -public.question = SELECT |
1495 | -public.packagebugsupervisor = SELECT |
1496 | -public.milestone = SELECT |
1497 | -public.bugwatch = SELECT, INSERT |
1498 | -public.bugtracker = SELECT, INSERT |
1499 | -public.bugtrackeralias = SELECT, INSERT |
1500 | -public.cve = SELECT, INSERT |
1501 | -public.bugcve = SELECT, INSERT |
1502 | -public.language = SELECT |
1503 | public.questionsubscription = SELECT |
1504 | -public.answercontact = SELECT |
1505 | -public.personlanguage = SELECT |
1506 | +public.section = SELECT, INSERT |
1507 | +public.sectionselection = SELECT |
1508 | +public.signedcodeofconduct = SELECT |
1509 | +public.sourcepackagefilepublishing = SELECT |
1510 | +public.sourcepackageformatselection = SELECT |
1511 | +public.sourcepackagename = SELECT, INSERT |
1512 | +public.sourcepackagepublishinghistory = SELECT, INSERT |
1513 | +public.sourcepackagerecipe = SELECT, UPDATE |
1514 | +public.sourcepackagerecipebuild = SELECT, UPDATE |
1515 | +public.sourcepackagerecipebuildjob = SELECT, UPDATE |
1516 | +public.sourcepackagerelease = SELECT, INSERT, UPDATE |
1517 | +public.sourcepackagereleasefile = SELECT, INSERT |
1518 | public.structuralsubscription = SELECT |
1519 | - |
1520 | -# Diffing against ancestry and maintenance tasks. |
1521 | -public.packagediff = SELECT, INSERT, UPDATE, DELETE |
1522 | +public.teammembership = SELECT |
1523 | +public.teamparticipation = SELECT, INSERT |
1524 | +public.validpersoncache = SELECT |
1525 | +public.validpersonorteamcache = SELECT |
1526 | +public.wikiname = SELECT, INSERT |
1527 | +type=group |
1528 | |
1529 | [queued] |
1530 | -type=user |
1531 | groups=script |
1532 | -# Announce handling |
1533 | public.account = SELECT, INSERT |
1534 | +public.answercontact = SELECT |
1535 | +public.archive = SELECT, UPDATE |
1536 | +public.archivearch = SELECT, UPDATE |
1537 | +public.archivepermission = SELECT |
1538 | +public.binarypackagebuild = SELECT, INSERT, UPDATE |
1539 | +public.binarypackagefile = SELECT, UPDATE |
1540 | +public.binarypackagefilepublishing = SELECT |
1541 | +public.binarypackagename = SELECT |
1542 | +public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE |
1543 | +public.binarypackagerelease = SELECT, UPDATE |
1544 | +public.bug = SELECT, UPDATE |
1545 | +public.bugactivity = SELECT, INSERT |
1546 | +public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
1547 | +public.bugcve = SELECT, INSERT |
1548 | +public.bugjob = SELECT, INSERT |
1549 | +public.bugmessage = SELECT, INSERT |
1550 | +public.bugnomination = SELECT |
1551 | +public.bugnotification = SELECT, INSERT |
1552 | +public.bugnotificationfilter = SELECT, INSERT |
1553 | +public.bugnotificationrecipient = SELECT, INSERT |
1554 | +public.bugsubscription = SELECT |
1555 | +public.bugsubscriptionfilter = SELECT |
1556 | +public.bugsubscriptionfilterimportance = SELECT |
1557 | +public.bugsubscriptionfilterstatus = SELECT |
1558 | +public.bugsubscriptionfiltertag = SELECT |
1559 | +public.bugtag = SELECT |
1560 | +public.bugtask = SELECT, UPDATE |
1561 | +public.bugtracker = SELECT, INSERT |
1562 | +public.bugtrackeralias = SELECT, INSERT |
1563 | +public.bugwatch = SELECT, INSERT |
1564 | +public.buildfarmjob = SELECT, INSERT, UPDATE |
1565 | +public.buildpackagejob = SELECT, INSERT, UPDATE |
1566 | +public.buildqueue = SELECT, INSERT, UPDATE |
1567 | +public.component = SELECT |
1568 | +public.componentselection = SELECT |
1569 | +public.cve = SELECT, INSERT |
1570 | +public.distribution = SELECT, UPDATE |
1571 | public.distributionjob = SELECT, INSERT |
1572 | -public.person = SELECT, INSERT |
1573 | -public.personsettings = SELECT, INSERT |
1574 | +public.distributionsourcepackage = SELECT, INSERT, UPDATE |
1575 | +public.distroarchseries = SELECT |
1576 | +public.distrocomponentuploader = SELECT |
1577 | +public.distroseries = SELECT |
1578 | public.emailaddress = SELECT, INSERT, UPDATE |
1579 | -public.teamparticipation = SELECT, INSERT |
1580 | -public.teammembership = SELECT |
1581 | +public.flatpackagesetinclusion = SELECT |
1582 | public.gpgkey = SELECT |
1583 | - |
1584 | -# The Queue |
1585 | +public.job = SELECT, INSERT, UPDATE |
1586 | +public.karma = SELECT, INSERT |
1587 | +public.karmaaction = SELECT |
1588 | +public.language = SELECT |
1589 | +public.libraryfilealias = SELECT, INSERT |
1590 | +public.libraryfilecontent = SELECT, INSERT |
1591 | +public.message = SELECT, INSERT |
1592 | +public.messagechunk = SELECT, INSERT |
1593 | +public.milestone = SELECT |
1594 | +public.packagebugsupervisor = SELECT |
1595 | +public.packagebuild = SELECT, INSERT, UPDATE |
1596 | +public.packagediff = SELECT, UPDATE |
1597 | +public.packageset = SELECT |
1598 | +public.packagesetgroup = SELECT |
1599 | +public.packagesetinclusion = SELECT |
1600 | +public.packagesetsources = SELECT |
1601 | public.packageupload = SELECT, UPDATE |
1602 | -public.packageuploadsource = SELECT |
1603 | public.packageuploadbuild = SELECT |
1604 | public.packageuploadcustom = SELECT, UPDATE |
1605 | - |
1606 | -# Distribution/Publishing stuff |
1607 | -public.archive = SELECT, UPDATE |
1608 | -public.archivearch = SELECT, UPDATE |
1609 | -public.archivepermission = SELECT |
1610 | -public.distribution = SELECT, UPDATE |
1611 | -public.distroseries = SELECT |
1612 | -public.distroarchseries = SELECT |
1613 | +public.packageuploadsource = SELECT |
1614 | +public.packaging = SELECT |
1615 | +public.person = SELECT, INSERT |
1616 | +public.personlanguage = SELECT |
1617 | +public.personsettings = SELECT, INSERT |
1618 | +public.pocketchroot = SELECT |
1619 | +public.pofile = SELECT |
1620 | +public.potemplate = SELECT |
1621 | public.processor = SELECT |
1622 | public.processorfamily = SELECT |
1623 | -public.distrocomponentuploader = SELECT |
1624 | -public.buildfarmjob = SELECT, INSERT, UPDATE |
1625 | -public.packagebuild = SELECT, INSERT, UPDATE |
1626 | -public.binarypackagebuild = SELECT, INSERT, UPDATE |
1627 | -public.buildqueue = SELECT, INSERT, UPDATE |
1628 | -public.job = SELECT, INSERT, UPDATE |
1629 | -public.buildpackagejob = SELECT, INSERT, UPDATE |
1630 | -public.pocketchroot = SELECT |
1631 | +public.product = SELECT, UPDATE |
1632 | +public.productseries = SELECT |
1633 | +public.project = SELECT, UPDATE |
1634 | +public.publisherconfig = SELECT |
1635 | +public.question = SELECT |
1636 | +public.questionbug = SELECT |
1637 | +public.questionsubscription = SELECT |
1638 | +public.section = SELECT |
1639 | +public.sectionselection = SELECT |
1640 | +public.sourcepackagefilepublishing = SELECT |
1641 | +public.sourcepackagename = SELECT |
1642 | +public.sourcepackagepublishinghistory = SELECT, INSERT, UPDATE |
1643 | +public.sourcepackagerecipebuild = SELECT |
1644 | +public.sourcepackagerecipebuildjob = SELECT, INSERT, UPDATE |
1645 | public.sourcepackagerelease = SELECT, UPDATE |
1646 | -public.binarypackagerelease = SELECT, UPDATE |
1647 | public.sourcepackagereleasefile = SELECT, UPDATE |
1648 | -public.binarypackagefile = SELECT, UPDATE |
1649 | -public.sourcepackagename = SELECT |
1650 | -public.binarypackagename = SELECT |
1651 | -public.sourcepackagefilepublishing = SELECT |
1652 | -public.binarypackagefilepublishing = SELECT |
1653 | -public.sourcepackagepublishinghistory = SELECT, INSERT, UPDATE |
1654 | -public.distributionsourcepackage = SELECT, INSERT, UPDATE |
1655 | -public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE |
1656 | -public.sourcepackagerecipebuild = SELECT |
1657 | -public.sourcepackagerecipebuildjob = SELECT, INSERT, UPDATE |
1658 | -public.component = SELECT |
1659 | -public.componentselection = SELECT |
1660 | -public.sectionselection = SELECT |
1661 | -public.packagediff = SELECT, UPDATE |
1662 | -public.publisherconfig = SELECT |
1663 | - |
1664 | -# Librarian stuff |
1665 | -public.libraryfilealias = SELECT, INSERT |
1666 | -public.libraryfilecontent = SELECT, INSERT |
1667 | - |
1668 | -# rosetta auto imports |
1669 | -public.packaging = SELECT |
1670 | -public.pofile = SELECT |
1671 | -public.potemplate = SELECT |
1672 | +public.structuralsubscription = SELECT |
1673 | +public.teammembership = SELECT |
1674 | +public.teamparticipation = SELECT, INSERT |
1675 | public.translationgroup = SELECT |
1676 | public.translationimportqueueentry = SELECT, INSERT, UPDATE |
1677 | - |
1678 | -# Closing bugs. |
1679 | -public.bug = SELECT, UPDATE |
1680 | -public.bugactivity = SELECT, INSERT |
1681 | -public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
1682 | -public.bugjob = SELECT, INSERT |
1683 | -public.bugsubscription = SELECT |
1684 | -public.bugsubscriptionfilter = SELECT |
1685 | -public.bugsubscriptionfilterstatus = SELECT |
1686 | -public.bugsubscriptionfilterimportance = SELECT |
1687 | -public.bugsubscriptionfiltertag = SELECT |
1688 | -public.bugnotification = SELECT, INSERT |
1689 | -public.bugnotificationfilter = SELECT, INSERT |
1690 | -public.bugnotificationrecipient = SELECT, INSERT |
1691 | -public.bugnomination = SELECT |
1692 | -public.bugtag = SELECT |
1693 | -public.bugtask = SELECT, UPDATE |
1694 | -public.product = SELECT, UPDATE |
1695 | -public.project = SELECT, UPDATE |
1696 | -public.bugmessage = SELECT, INSERT |
1697 | -public.message = SELECT, INSERT |
1698 | -public.messagechunk = SELECT, INSERT |
1699 | -public.productseries = SELECT |
1700 | public.validpersoncache = SELECT |
1701 | public.validpersonorteamcache = SELECT |
1702 | -public.karmaaction = SELECT |
1703 | -public.karma = SELECT, INSERT |
1704 | -public.questionbug = SELECT |
1705 | -public.question = SELECT |
1706 | -public.packagebugsupervisor = SELECT |
1707 | -public.milestone = SELECT |
1708 | -public.bugwatch = SELECT, INSERT |
1709 | -public.bugtracker = SELECT, INSERT |
1710 | -public.bugtrackeralias = SELECT, INSERT |
1711 | -public.cve = SELECT, INSERT |
1712 | -public.bugcve = SELECT, INSERT |
1713 | -public.language = SELECT |
1714 | -public.questionsubscription = SELECT |
1715 | -public.answercontact = SELECT |
1716 | -public.personlanguage = SELECT |
1717 | -public.section = SELECT |
1718 | -public.structuralsubscription = SELECT |
1719 | -public.packageset = SELECT |
1720 | -public.packagesetgroup = SELECT |
1721 | -public.packagesetsources = SELECT |
1722 | -public.packagesetinclusion = SELECT |
1723 | -public.flatpackagesetinclusion = SELECT |
1724 | - |
1725 | +type=user |
1726 | |
1727 | [ppad] |
1728 | -type=user |
1729 | groups=script |
1730 | public.archive = SELECT |
1731 | public.archivearch = SELECT |
1732 | public.person = SELECT |
1733 | +type=user |
1734 | |
1735 | [session] |
1736 | -# This user doesn't have access to any tables in the main launchpad |
1737 | -# database - it has permissions on the seperate session database only, |
1738 | -# which are not maintained by this script. User is just here so it gets |
1739 | -# created if necessary. |
1740 | type=user |
1741 | |
1742 | [bugnotification] |
1743 | -# Sends bug notifications. |
1744 | -# XXX: BjornT 2006-03-31: |
1745 | -# All the INSERT permissions, and the UPDATE permission for the bug |
1746 | -# table are necessary only because the test that test |
1747 | -# send-bug-notifications.py needs them. They should be removed |
1748 | -# when bug 37456 is fixed. |
1749 | -type=user |
1750 | groups=script |
1751 | public.account = SELECT |
1752 | public.answercontact = SELECT |
1753 | public.archive = SELECT |
1754 | public.archivearch = SELECT |
1755 | +public.bug = SELECT, INSERT, UPDATE |
1756 | +public.bugactivity = SELECT, INSERT |
1757 | +public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
1758 | public.bugattachment = SELECT |
1759 | +public.bugjob = SELECT, INSERT |
1760 | +public.bugmessage = SELECT, INSERT |
1761 | +public.bugnomination = SELECT |
1762 | public.bugnotification = SELECT, INSERT, UPDATE |
1763 | public.bugnotificationfilter = SELECT, INSERT |
1764 | public.bugnotificationrecipient = SELECT, INSERT, UPDATE |
1765 | public.bugsubscription = SELECT, INSERT |
1766 | public.bugsubscriptionfilter = SELECT, INSERT |
1767 | +public.bugsubscriptionfilterimportance = SELECT, INSERT |
1768 | public.bugsubscriptionfiltermute = SELECT, INSERT |
1769 | public.bugsubscriptionfilterstatus = SELECT, INSERT |
1770 | -public.bugsubscriptionfilterimportance = SELECT, INSERT |
1771 | public.bugsubscriptionfiltertag = SELECT, INSERT |
1772 | -public.bugnomination = SELECT |
1773 | -public.bug = SELECT, INSERT, UPDATE |
1774 | -public.bugactivity = SELECT, INSERT |
1775 | -public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
1776 | -public.bugjob = SELECT, INSERT |
1777 | -public.bugmessage = SELECT, INSERT |
1778 | public.bugtag = SELECT |
1779 | public.bugtask = SELECT, INSERT, UPDATE |
1780 | public.bugwatch = SELECT |
1781 | +public.component = SELECT |
1782 | public.distribution = SELECT, UPDATE |
1783 | +public.distributionsourcepackage = SELECT, INSERT, UPDATE |
1784 | +public.distroseries = SELECT |
1785 | +public.emailaddress = SELECT |
1786 | public.job = SELECT, INSERT, UPDATE |
1787 | -public.component = SELECT |
1788 | +public.language = SELECT |
1789 | +public.libraryfilealias = SELECT |
1790 | +public.libraryfilecontent = SELECT |
1791 | +public.message = SELECT, INSERT |
1792 | +public.messagechunk = SELECT, INSERT |
1793 | +public.milestone = SELECT |
1794 | public.packagebugsupervisor = SELECT |
1795 | public.person = SELECT |
1796 | +public.personlanguage = SELECT |
1797 | public.personsettings = SELECT |
1798 | -public.personlanguage = SELECT |
1799 | public.product = SELECT, UPDATE |
1800 | +public.productseries = SELECT |
1801 | public.project = SELECT, UPDATE |
1802 | -public.productseries = SELECT |
1803 | public.question = SELECT |
1804 | public.questionbug = SELECT |
1805 | public.questionsubscription = SELECT |
1806 | -public.distributionsourcepackage = SELECT, INSERT, UPDATE |
1807 | -public.distroseries = SELECT |
1808 | public.section = SELECT |
1809 | public.sourcepackagename = SELECT |
1810 | +public.sourcepackagepublishinghistory = SELECT |
1811 | public.sourcepackagerelease = SELECT |
1812 | -public.sourcepackagepublishinghistory = SELECT |
1813 | -public.emailaddress = SELECT |
1814 | -public.libraryfilealias = SELECT |
1815 | -public.libraryfilecontent = SELECT |
1816 | -public.message = SELECT, INSERT |
1817 | -public.messagechunk = SELECT, INSERT |
1818 | -public.milestone = SELECT |
1819 | public.structuralsubscription = SELECT |
1820 | public.teammembership = SELECT |
1821 | public.teamparticipation = SELECT |
1822 | public.validpersoncache = SELECT |
1823 | public.validpersonorteamcache = SELECT |
1824 | -public.language = SELECT |
1825 | +type=user |
1826 | |
1827 | [personnotification] |
1828 | -type=user |
1829 | groups=script |
1830 | +public.emailaddress = SELECT |
1831 | +public.libraryfilealias = SELECT |
1832 | +public.libraryfilecontent = SELECT |
1833 | +public.message = SELECT |
1834 | +public.messagechunk = SELECT |
1835 | +public.person = SELECT |
1836 | public.personnotification = SELECT, UPDATE, DELETE |
1837 | -public.person = SELECT |
1838 | -public.emailaddress = SELECT |
1839 | -public.libraryfilealias = SELECT |
1840 | -public.libraryfilecontent = SELECT |
1841 | -public.message = SELECT |
1842 | -public.messagechunk = SELECT |
1843 | public.teammembership = SELECT |
1844 | public.teamparticipation = SELECT |
1845 | public.validpersoncache = SELECT |
1846 | public.validpersonorteamcache = SELECT |
1847 | +type=user |
1848 | |
1849 | [rosettaadmin] |
1850 | -type=user |
1851 | groups=script |
1852 | public.customlanguagecode = SELECT, INSERT, UPDATE, DELETE |
1853 | public.distribution = SELECT |
1854 | @@ -1611,12 +1520,11 @@ |
1855 | public.translationmessage = SELECT, INSERT, UPDATE, DELETE |
1856 | public.translationrelicensingagreement = SELECT |
1857 | public.translationtemplateitem = SELECT, INSERT, UPDATE, DELETE |
1858 | +public.translator = SELECT |
1859 | public.validpersoncache = SELECT |
1860 | -public.translator = SELECT |
1861 | +type=user |
1862 | |
1863 | -# Any script that approves translation uploads. |
1864 | [translations_approval] |
1865 | -type=group |
1866 | public.customlanguagecode = SELECT |
1867 | public.distribution = SELECT |
1868 | public.distroseries = SELECT |
1869 | @@ -1638,14 +1546,14 @@ |
1870 | public.translationrelicensingagreement = SELECT |
1871 | public.translationtemplateitem = SELECT |
1872 | public.translator = SELECT |
1873 | +type=group |
1874 | |
1875 | [translationsbranchscanner] |
1876 | -type=user |
1877 | groups=branchscanner,translations_approval |
1878 | public.translationtemplatesbuild = SELECT, INSERT |
1879 | +type=user |
1880 | |
1881 | [translationstobranch] |
1882 | -type=user |
1883 | groups=script |
1884 | public.account = SELECT |
1885 | public.branch = SELECT, UPDATE |
1886 | @@ -1666,166 +1574,124 @@ |
1887 | public.teammembership = SELECT |
1888 | public.translationmessage = SELECT |
1889 | public.translationtemplateitem = SELECT |
1890 | +type=user |
1891 | |
1892 | [oopsprune] |
1893 | -type=user |
1894 | groups=script |
1895 | public.bug = SELECT |
1896 | public.bugtask = SELECT |
1897 | public.message = SELECT |
1898 | public.messagechunk = SELECT |
1899 | public.question = SELECT |
1900 | +type=user |
1901 | |
1902 | [listteammembers] |
1903 | -type=user |
1904 | public.emailaddress = SELECT |
1905 | public.person = SELECT |
1906 | public.signedcodeofconduct = SELECT |
1907 | public.sshkey = SELECT |
1908 | public.teamparticipation = SELECT |
1909 | - |
1910 | -# This group is now created automatically |
1911 | -# Readonly access to everything |
1912 | -#[read] |
1913 | -#type=group |
1914 | - |
1915 | -# This group is now created automatically |
1916 | -# Full access to everything. |
1917 | -# [admin] |
1918 | -# type=group |
1919 | +type=user |
1920 | |
1921 | [processmail] |
1922 | -type=user |
1923 | groups=script |
1924 | - |
1925 | -# Incoming emails are stored in the librarian |
1926 | -public.libraryfilealias = SELECT, INSERT |
1927 | -public.libraryfilecontent = SELECT, INSERT |
1928 | - |
1929 | -# Access to people |
1930 | public.account = SELECT, INSERT |
1931 | public.accountpassword = SELECT, INSERT |
1932 | -public.emailaddress = SELECT |
1933 | -public.gpgkey = SELECT |
1934 | -public.language = SELECT |
1935 | -public.person = SELECT, UPDATE |
1936 | -public.personlanguage = SELECT |
1937 | -public.personsettings = SELECT |
1938 | -public.teammembership = SELECT |
1939 | -public.teamparticipation = SELECT |
1940 | -public.validpersoncache = SELECT |
1941 | -public.validpersonorteamcache = SELECT |
1942 | - |
1943 | -# Access to BugTargets, QuestionTarget and SpecTarget |
1944 | +public.answercontact = SELECT |
1945 | public.archive = SELECT |
1946 | public.archivearch = SELECT |
1947 | -public.component = SELECT |
1948 | -public.distribution = SELECT, UPDATE |
1949 | -public.distributionsourcepackage = SELECT, INSERT, UPDATE |
1950 | -public.distrocomponentuploader = SELECT |
1951 | public.archivepermission = SELECT |
1952 | -public.distroseries = SELECT |
1953 | -public.project = SELECT, UPDATE |
1954 | -public.product = SELECT, UPDATE |
1955 | -public.productseries = SELECT |
1956 | -public.packagebugsupervisor = SELECT |
1957 | -public.sourcepackagename = SELECT |
1958 | -public.sourcepackagerelease = SELECT |
1959 | -public.sourcepackagepublishinghistory = SELECT |
1960 | -public.structuralsubscription = SELECT |
1961 | -public.section = SELECT |
1962 | - |
1963 | -# Karma |
1964 | -public.karma = SELECT, INSERT |
1965 | -public.karmaaction = SELECT |
1966 | - |
1967 | -# Creation of messages (bug & question comments) |
1968 | -public.message = SELECT, INSERT |
1969 | -public.messagechunk = SELECT, INSERT |
1970 | - |
1971 | -# Bug update |
1972 | +public.binarypackagebuild = SELECT |
1973 | +public.binarypackagename = SELECT |
1974 | +public.binarypackagepublishinghistory = SELECT |
1975 | +public.binarypackagerelease = SELECT |
1976 | +public.branch = SELECT, INSERT, UPDATE |
1977 | +public.branchmergeproposal = SELECT, INSERT, UPDATE |
1978 | +public.branchmergeproposaljob = SELECT, INSERT |
1979 | +public.branchsubscription = SELECT, INSERT |
1980 | +public.branchvisibilitypolicy = SELECT |
1981 | public.bug = SELECT, INSERT, UPDATE |
1982 | public.bugactivity = SELECT, INSERT |
1983 | public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
1984 | +public.bugattachment = SELECT, INSERT |
1985 | +public.bugbranch = SELECT |
1986 | +public.bugcve = SELECT, INSERT |
1987 | public.bugjob = SELECT, INSERT |
1988 | -public.bugsubscription = SELECT, INSERT |
1989 | -public.bugsubscriptionfilter = SELECT, INSERT, UPDATE, DELETE |
1990 | -public.bugsubscriptionfilterstatus = SELECT, INSERT, UPDATE, DELETE |
1991 | -public.bugsubscriptionfilterimportance = SELECT, INSERT, UPDATE, DELETE |
1992 | -public.bugsubscriptionfiltertag = SELECT, INSERT, UPDATE, DELETE |
1993 | +public.bugmessage = SELECT, INSERT |
1994 | +public.bugnomination = SELECT, INSERT, UPDATE |
1995 | public.bugnotification = SELECT, INSERT |
1996 | -public.bugnotificationfilter = SELECT, INSERT |
1997 | public.bugnotificationattachment = SELECT |
1998 | +public.bugnotificationfilter = SELECT, INSERT |
1999 | public.bugnotificationrecipient = SELECT, INSERT |
2000 | -public.bugnomination = SELECT, INSERT, UPDATE |
2001 | +public.bugsubscription = SELECT, INSERT, UPDATE, DELETE |
2002 | +public.bugsubscriptionfilter = SELECT, INSERT, UPDATE, DELETE |
2003 | +public.bugsubscriptionfilterimportance = SELECT, INSERT, UPDATE, DELETE |
2004 | +public.bugsubscriptionfilterstatus = SELECT, INSERT, UPDATE, DELETE |
2005 | +public.bugsubscriptionfiltertag = SELECT, INSERT, UPDATE, DELETE |
2006 | public.bugtag = SELECT, INSERT, DELETE |
2007 | public.bugtask = SELECT, INSERT, UPDATE |
2008 | -public.bugmessage = SELECT, INSERT |
2009 | -public.bugsubscription = SELECT, INSERT, UPDATE, DELETE |
2010 | public.bugtracker = SELECT, INSERT |
2011 | public.bugtrackeralias = SELECT, INSERT |
2012 | public.bugwatch = SELECT, INSERT |
2013 | -public.milestone = SELECT |
2014 | - |
2015 | -# Creating a new bugtask - checking for duplicates |
2016 | -public.binarypackagebuild = SELECT |
2017 | -public.binarypackagename = SELECT |
2018 | -public.binarypackagepublishinghistory = SELECT |
2019 | -public.binarypackagerelease = SELECT |
2020 | -public.distroarchseries = SELECT |
2021 | - |
2022 | -# CVE updates |
2023 | -public.cve = SELECT, INSERT |
2024 | -public.bugcve = SELECT, INSERT |
2025 | - |
2026 | -# Adding comment to question |
2027 | -public.faq = SELECT |
2028 | -public.question = SELECT, UPDATE |
2029 | -public.questionmessage = SELECT, INSERT |
2030 | -public.questionbug = SELECT |
2031 | - |
2032 | -# Question notifications |
2033 | -public.answercontact = SELECT |
2034 | -public.questionsubscription = SELECT |
2035 | - |
2036 | -# Specification notifications |
2037 | -public.specification = SELECT |
2038 | -public.specificationsubscription = SELECT |
2039 | - |
2040 | -# Emails may have files attached. |
2041 | -public.bugattachment = SELECT, INSERT |
2042 | - |
2043 | -# Emails for code reviews. |
2044 | -public.branch = SELECT, INSERT, UPDATE |
2045 | -public.branchmergeproposal = SELECT, INSERT, UPDATE |
2046 | -public.branchmergeproposaljob = SELECT, INSERT |
2047 | -public.branchsubscription = SELECT, INSERT |
2048 | -public.branchvisibilitypolicy = SELECT |
2049 | -public.bugbranch = SELECT |
2050 | public.codeimport = SELECT |
2051 | public.codereviewmessage = SELECT, INSERT |
2052 | public.codereviewvote = SELECT, INSERT, UPDATE |
2053 | +public.component = SELECT |
2054 | +public.cve = SELECT, INSERT |
2055 | public.diff = SELECT, INSERT, UPDATE |
2056 | +public.distribution = SELECT, UPDATE |
2057 | +public.distributionsourcepackage = SELECT, INSERT, UPDATE |
2058 | +public.distroarchseries = SELECT |
2059 | +public.distrocomponentuploader = SELECT |
2060 | public.distroseries = SELECT |
2061 | +public.emailaddress = SELECT |
2062 | +public.faq = SELECT |
2063 | +public.gpgkey = SELECT |
2064 | public.job = SELECT, INSERT, UPDATE |
2065 | +public.karma = SELECT, INSERT |
2066 | +public.karmaaction = SELECT |
2067 | +public.language = SELECT |
2068 | +public.libraryfilealias = SELECT, INSERT |
2069 | +public.libraryfilecontent = SELECT, INSERT |
2070 | public.mergedirectivejob = SELECT, INSERT |
2071 | +public.message = SELECT, INSERT |
2072 | +public.messagechunk = SELECT, INSERT |
2073 | +public.milestone = SELECT |
2074 | +public.packagebugsupervisor = SELECT |
2075 | +public.person = SELECT, UPDATE |
2076 | +public.personlanguage = SELECT |
2077 | +public.personsettings = SELECT |
2078 | public.previewdiff = SELECT |
2079 | +public.product = SELECT, UPDATE |
2080 | +public.productseries = SELECT |
2081 | +public.project = SELECT, UPDATE |
2082 | +public.question = SELECT, UPDATE |
2083 | +public.questionbug = SELECT |
2084 | +public.questionmessage = SELECT, INSERT |
2085 | +public.questionsubscription = SELECT |
2086 | +public.section = SELECT |
2087 | +public.seriessourcepackagebranch = SELECT |
2088 | +public.sourcepackagename = SELECT |
2089 | +public.sourcepackagepublishinghistory = SELECT |
2090 | +public.sourcepackagerelease = SELECT |
2091 | +public.specification = SELECT |
2092 | +public.specificationsubscription = SELECT |
2093 | public.staticdiff = SELECT, INSERT, UPDATE |
2094 | -public.sourcepackagename = SELECT |
2095 | -public.seriessourcepackagebranch = SELECT |
2096 | - |
2097 | +public.structuralsubscription = SELECT |
2098 | +public.teammembership = SELECT |
2099 | +public.teamparticipation = SELECT |
2100 | +public.validpersoncache = SELECT |
2101 | +public.validpersonorteamcache = SELECT |
2102 | +type=user |
2103 | |
2104 | [mlist-sync] |
2105 | -# The mailing list sync user |
2106 | -type=user |
2107 | groups=script |
2108 | +public.emailaddress = SELECT, UPDATE |
2109 | public.mailinglist = SELECT |
2110 | public.person = SELECT |
2111 | -public.emailaddress = SELECT, UPDATE |
2112 | +type=user |
2113 | |
2114 | [mlist-import] |
2115 | -# The mailing list import user |
2116 | -type=user |
2117 | public.emailaddress = SELECT, INSERT, UPDATE |
2118 | public.mailinglist = SELECT, INSERT, UPDATE |
2119 | public.mailinglistsubscription = SELECT, INSERT, UPDATE |
2120 | @@ -1833,56 +1699,53 @@ |
2121 | public.personsettings = SELECT, INSERT |
2122 | public.teammembership = SELECT, INSERT, UPDATE |
2123 | public.teamparticipation = SELECT, INSERT, UPDATE |
2124 | +type=user |
2125 | |
2126 | [hwdb-submission-processor] |
2127 | -# The user that updates the HWDB with data from new submissions |
2128 | -type=user |
2129 | groups=script |
2130 | -public.person = SELECT |
2131 | +public.hwdevice = SELECT, INSERT |
2132 | +public.hwdeviceclass = SELECT, INSERT |
2133 | public.hwdevicedriverlink = SELECT, INSERT |
2134 | public.hwdevicenamevariant = SELECT, INSERT |
2135 | -public.hwdevice = SELECT, INSERT |
2136 | -public.hwdeviceclass = SELECT, INSERT |
2137 | +public.hwdmihandle = SELECT, INSERT |
2138 | public.hwdmivalue = SELECT, INSERT |
2139 | -public.hwdmihandle = SELECT, INSERT |
2140 | public.hwdriver = SELECT, INSERT |
2141 | +public.hwsubmission = SELECT, UPDATE |
2142 | public.hwsubmissiondevice = SELECT, INSERT |
2143 | -public.hwsubmission = SELECT, UPDATE |
2144 | +public.hwtest = SELECT |
2145 | +public.hwtestanswer = SELECT |
2146 | public.hwtestanswerchoice = SELECT |
2147 | +public.hwtestanswercount = SELECT |
2148 | public.hwtestanswercountdevice = SELECT |
2149 | -public.hwtestanswercount = SELECT |
2150 | public.hwtestanswerdevice = SELECT |
2151 | -public.hwtestanswer = SELECT |
2152 | -public.hwtest = SELECT |
2153 | public.hwvendorid = SELECT, INSERT |
2154 | public.hwvendorname = SELECT, INSERT |
2155 | public.libraryfilealias = SELECT |
2156 | public.libraryfilecontent = SELECT |
2157 | +public.person = SELECT |
2158 | public.teamparticipation = SELECT |
2159 | +type=user |
2160 | |
2161 | [builddcontroller] |
2162 | -# The user than runs the buildd controller. |
2163 | +public.builder = SELECT, UPDATE |
2164 | +public.processor = SELECT |
2165 | type=user |
2166 | -public.processor = SELECT |
2167 | -public.builder = SELECT, UPDATE |
2168 | |
2169 | [binaryfile-expire] |
2170 | -# The user that expires binary files from the librarian. |
2171 | -type=user |
2172 | groups=script |
2173 | public.archive = SELECT |
2174 | public.binarypackagefile = SELECT |
2175 | public.binarypackagepublishinghistory = SELECT |
2176 | public.binarypackagerelease = SELECT |
2177 | public.distribution = SELECT |
2178 | +public.libraryfilealias = SELECT, UPDATE |
2179 | public.person = SELECT |
2180 | -public.libraryfilealias = SELECT, UPDATE |
2181 | -public.sourcepackagereleasefile = SELECT |
2182 | public.sourcepackagepublishinghistory = SELECT |
2183 | public.sourcepackagerelease = SELECT |
2184 | +public.sourcepackagereleasefile = SELECT |
2185 | +type=user |
2186 | |
2187 | [create-merge-proposals] |
2188 | -type=user |
2189 | groups=script |
2190 | public.account = SELECT |
2191 | public.accountpassword = SELECT |
2192 | @@ -1900,8 +1763,8 @@ |
2193 | public.emailaddress = SELECT |
2194 | public.gpgkey = SELECT |
2195 | public.job = SELECT, INSERT, UPDATE |
2196 | +public.karma = SELECT, INSERT |
2197 | public.karmaaction = SELECT |
2198 | -public.karma = SELECT, INSERT |
2199 | public.libraryfilealias = SELECT, INSERT |
2200 | public.libraryfilecontent = SELECT, INSERT |
2201 | public.mergedirectivejob = SELECT |
2202 | @@ -1916,9 +1779,9 @@ |
2203 | public.staticdiff = SELECT, INSERT |
2204 | public.teamparticipation = SELECT |
2205 | public.validpersoncache = SELECT |
2206 | +type=user |
2207 | |
2208 | [merge-proposal-jobs] |
2209 | -type=user |
2210 | groups=script |
2211 | public.account = SELECT |
2212 | public.accountpassword = SELECT |
2213 | @@ -1939,8 +1802,8 @@ |
2214 | public.emailaddress = SELECT |
2215 | public.incrementaldiff = SELECT, INSERT |
2216 | public.job = SELECT, INSERT, UPDATE |
2217 | +public.karma = SELECT, INSERT |
2218 | public.karmaaction = SELECT |
2219 | -public.karma = SELECT, INSERT |
2220 | public.libraryfilealias = SELECT, INSERT |
2221 | public.libraryfilecontent = SELECT, INSERT |
2222 | public.mergedirectivejob = SELECT |
2223 | @@ -1957,16 +1820,16 @@ |
2224 | public.teammembership = SELECT |
2225 | public.teamparticipation = SELECT |
2226 | public.validpersoncache = SELECT |
2227 | +type=user |
2228 | |
2229 | [upgrade-branches] |
2230 | -type=user |
2231 | groups=script |
2232 | public.branch = SELECT, UPDATE |
2233 | public.branchjob = SELECT, INSERT |
2234 | public.job = SELECT, INSERT, UPDATE |
2235 | +type=user |
2236 | |
2237 | [send-branch-mail] |
2238 | -type=user |
2239 | groups=script |
2240 | public.account = SELECT |
2241 | public.accountpassword = SELECT |
2242 | @@ -1974,8 +1837,8 @@ |
2243 | public.branchjob = SELECT |
2244 | public.branchmergeproposal = SELECT, INSERT, UPDATE |
2245 | public.branchmergeproposaljob = SELECT, INSERT |
2246 | -public.branchsubscription = SELECT |
2247 | public.branchrevision = SELECT |
2248 | +public.branchsubscription = SELECT |
2249 | public.codereviewmessage = SELECT, INSERT |
2250 | public.codereviewvote = SELECT, INSERT |
2251 | public.diff = SELECT, INSERT |
2252 | @@ -1983,8 +1846,8 @@ |
2253 | public.distroseries = SELECT |
2254 | public.emailaddress = SELECT |
2255 | public.job = SELECT, INSERT, UPDATE |
2256 | +public.karma = SELECT, INSERT |
2257 | public.karmaaction = SELECT |
2258 | -public.karma = SELECT, INSERT |
2259 | public.libraryfilealias = SELECT, INSERT |
2260 | public.libraryfilecontent = SELECT, INSERT |
2261 | public.mergedirectivejob = SELECT |
2262 | @@ -2001,69 +1864,65 @@ |
2263 | public.teammembership = SELECT |
2264 | public.teamparticipation = SELECT |
2265 | public.validpersoncache = SELECT |
2266 | +type=user |
2267 | |
2268 | [reclaim-branch-space] |
2269 | -type=user |
2270 | groups=script |
2271 | public.branchjob = SELECT |
2272 | public.job = SELECT, UPDATE |
2273 | +type=user |
2274 | |
2275 | [updateremoteproduct] |
2276 | -# Updates Product.remote_product using bug watch information. |
2277 | -type=user |
2278 | groups=script |
2279 | public.account = SELECT, INSERT, UPDATE |
2280 | +public.accountpassword = SELECT, INSERT |
2281 | +public.bug = SELECT, INSERT, UPDATE |
2282 | +public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
2283 | +public.bugjob = SELECT, INSERT |
2284 | +public.bugmessage = SELECT, INSERT |
2285 | +public.bugsubscription = SELECT, INSERT |
2286 | +public.bugsubscriptionfilter = SELECT, INSERT |
2287 | +public.bugsubscriptionfilterimportance = SELECT, INSERT |
2288 | +public.bugsubscriptionfilterstatus = SELECT, INSERT |
2289 | +public.bugsubscriptionfiltertag = SELECT, INSERT |
2290 | +public.bugtag = SELECT |
2291 | +public.bugtask = SELECT, INSERT, UPDATE |
2292 | +public.bugtracker = SELECT, INSERT |
2293 | +public.bugtrackeralias = SELECT |
2294 | +public.bugwatch = SELECT, INSERT |
2295 | +public.emailaddress = SELECT, INSERT, UPDATE |
2296 | +public.hwsubmission = SELECT |
2297 | +public.job = SELECT, INSERT, UPDATE |
2298 | +public.message = SELECT, INSERT |
2299 | +public.messagechunk = SELECT, INSERT |
2300 | public.person = SELECT, INSERT |
2301 | public.personsettings = SELECT, INSERT |
2302 | public.product = SELECT, INSERT, UPDATE |
2303 | +public.productlicense = SELECT, INSERT |
2304 | public.productseries = SELECT, INSERT |
2305 | -public.productlicense = SELECT, INSERT |
2306 | -public.bugtracker = SELECT, INSERT |
2307 | -public.bugwatch = SELECT, INSERT |
2308 | -public.bug = SELECT, INSERT, UPDATE |
2309 | -public.bugjob = SELECT, INSERT |
2310 | -public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE |
2311 | -public.bugtag = SELECT |
2312 | -public.bugtask = SELECT, INSERT, UPDATE |
2313 | -public.accountpassword = SELECT, INSERT |
2314 | -public.teamparticipation = SELECT, INSERT |
2315 | -public.emailaddress = SELECT, INSERT, UPDATE |
2316 | -public.hwsubmission = SELECT |
2317 | public.revisionauthor = SELECT |
2318 | -public.bugtrackeralias = SELECT |
2319 | -public.message = SELECT, INSERT |
2320 | -public.messagechunk = SELECT, INSERT |
2321 | -public.bugsubscription = SELECT, INSERT |
2322 | -public.bugsubscriptionfilter = SELECT, INSERT |
2323 | -public.bugsubscriptionfilterstatus = SELECT, INSERT |
2324 | -public.bugsubscriptionfilterimportance = SELECT, INSERT |
2325 | -public.bugsubscriptionfiltertag = SELECT, INSERT |
2326 | -public.bugmessage = SELECT, INSERT |
2327 | public.sourcepackagename = SELECT |
2328 | -public.job = SELECT, INSERT, UPDATE |
2329 | +public.teamparticipation = SELECT, INSERT |
2330 | +type=user |
2331 | |
2332 | [updatesourceforgeremoteproduct] |
2333 | -# Updates Product.remote_product using SourceForge project data. |
2334 | -type=user |
2335 | groups=script |
2336 | -public.product = SELECT, UPDATE |
2337 | public.bugtracker = SELECT |
2338 | +public.product = SELECT, UPDATE |
2339 | +type=user |
2340 | |
2341 | [updatebugzillaremotecomponents] |
2342 | -# Retrieves/updates BugTracker component info from Bugzillas |
2343 | -type=user |
2344 | groups=script |
2345 | public.bugtracker = SELECT, UPDATE |
2346 | public.bugtrackercomponent = SELECT, INSERT, UPDATE, DELETE |
2347 | public.bugtrackercomponentgroup = SELECT, INSERT, UPDATE, DELETE |
2348 | +type=user |
2349 | |
2350 | [process-job-source-groups] |
2351 | -# Does not need access to tables. |
2352 | +groups=script |
2353 | type=user |
2354 | -groups=script |
2355 | |
2356 | [person-transfer-job] |
2357 | -type=user |
2358 | groups=script |
2359 | public.account = SELECT |
2360 | public.emailaddress = SELECT |
2361 | @@ -2071,9 +1930,9 @@ |
2362 | public.person = SELECT |
2363 | public.persontransferjob = SELECT |
2364 | public.teammembership = SELECT |
2365 | +type=user |
2366 | |
2367 | [person-merge-job] |
2368 | -type=user |
2369 | groups=script |
2370 | public.account = SELECT, UPDATE |
2371 | public.announcement = SELECT, UPDATE |
2372 | @@ -2198,66 +2057,60 @@ |
2373 | public.votecast = SELECT, UPDATE |
2374 | public.webserviceban = SELECT, UPDATE, DELETE |
2375 | public.wikiname = SELECT, UPDATE |
2376 | +type=user |
2377 | |
2378 | [weblogstats] |
2379 | -# For the script that parses our Apache/Squid logfiles and updates statistics |
2380 | -type=user |
2381 | public.libraryfilealias = SELECT |
2382 | public.libraryfiledownloadcount = SELECT, INSERT, UPDATE, DELETE |
2383 | +type=user |
2384 | |
2385 | [garbo] |
2386 | -# garbo_hourly and garbo_daily script permissions. We define the |
2387 | -# permissions here in this group instead of in the users, so tasks can |
2388 | -# be shuffled around between the daily and hourly sections without |
2389 | -# changing DB permissions. |
2390 | -type=user |
2391 | groups=script,read |
2392 | +public.branchjob = SELECT, DELETE |
2393 | public.bug = SELECT, UPDATE |
2394 | +public.bugaffectsperson = SELECT |
2395 | public.bugattachment = SELECT, DELETE |
2396 | -public.bugsubscription = SELECT |
2397 | -public.bugsubscriptionfilter = SELECT |
2398 | -public.bugsubscriptionfilterstatus = SELECT |
2399 | -public.bugsubscriptionfilterimportance = SELECT |
2400 | -public.bugsubscriptionfiltertag = SELECT |
2401 | -public.bugaffectsperson = SELECT |
2402 | +public.bugjob = SELECT, INSERT |
2403 | public.bugmessage = SELECT, UPDATE |
2404 | public.bugnotification = SELECT, DELETE |
2405 | public.bugnotificationfilter = SELECT, DELETE |
2406 | public.bugnotificationrecipientarchive = SELECT |
2407 | +public.bugsubscription = SELECT |
2408 | +public.bugsubscriptionfilter = SELECT |
2409 | +public.bugsubscriptionfilterimportance = SELECT |
2410 | +public.bugsubscriptionfilterstatus = SELECT |
2411 | +public.bugsubscriptionfiltertag = SELECT |
2412 | public.bugtag = SELECT |
2413 | public.bugwatch = SELECT, UPDATE |
2414 | public.bugwatchactivity = SELECT, DELETE |
2415 | public.codeimportevent = SELECT, DELETE |
2416 | public.codeimporteventdata = SELECT, DELETE |
2417 | public.codeimportresult = SELECT, DELETE |
2418 | +public.emailaddress = SELECT, UPDATE |
2419 | +public.hwsubmission = SELECT, UPDATE |
2420 | +public.job = SELECT, INSERT, DELETE |
2421 | +public.mailinglistsubscription = SELECT, DELETE |
2422 | public.oauthnonce = SELECT, DELETE |
2423 | public.openidassociation = SELECT, DELETE |
2424 | public.openidconsumerassociation = SELECT, DELETE |
2425 | public.openidconsumernonce = SELECT, DELETE |
2426 | +public.person = SELECT, DELETE |
2427 | public.potranslation = SELECT, DELETE |
2428 | +public.revisionauthor = SELECT, UPDATE |
2429 | public.revisioncache = SELECT, DELETE |
2430 | -public.person = SELECT, DELETE |
2431 | -public.revisionauthor = SELECT, UPDATE |
2432 | -public.hwsubmission = SELECT, UPDATE |
2433 | -public.mailinglistsubscription = SELECT, DELETE |
2434 | public.suggestivepotemplate = INSERT, DELETE |
2435 | public.teamparticipation = SELECT, DELETE |
2436 | -public.emailaddress = SELECT, UPDATE |
2437 | -public.job = SELECT, INSERT, DELETE |
2438 | -public.branchjob = SELECT, DELETE |
2439 | -public.bugjob = SELECT, INSERT |
2440 | +type=user |
2441 | |
2442 | [garbo_daily] |
2443 | +groups=garbo |
2444 | type=user |
2445 | -groups=garbo |
2446 | |
2447 | [garbo_hourly] |
2448 | +groups=garbo |
2449 | type=user |
2450 | -groups=garbo |
2451 | |
2452 | [generateppahtaccess] |
2453 | -# For the generate_ppa_htaccess.py cronscript. |
2454 | -type=user |
2455 | groups=script |
2456 | public.archive = SELECT |
2457 | public.archiveauthtoken = SELECT, UPDATE |
2458 | @@ -2270,70 +2123,67 @@ |
2459 | public.publisherconfig = SELECT |
2460 | public.teammembership = SELECT |
2461 | public.teamparticipation = SELECT |
2462 | +type=user |
2463 | |
2464 | [branch-rewrite] |
2465 | +public.branch = SELECT |
2466 | type=user |
2467 | -public.branch = SELECT |
2468 | |
2469 | [nagios] |
2470 | -type=user |
2471 | public.archive = SELECT |
2472 | +public.binarypackagebuild = SELECT |
2473 | +public.branch = SELECT |
2474 | public.buildfarmjob = SELECT |
2475 | -public.databasereplicationlag = SELECT |
2476 | -public.packagebuild = SELECT |
2477 | -public.binarypackagebuild = SELECT |
2478 | +public.buildpackagejob = SELECT |
2479 | public.buildqueue = SELECT |
2480 | -public.buildpackagejob = SELECT |
2481 | +public.databasereplicationlag = SELECT |
2482 | public.job = SELECT |
2483 | public.libraryfilecontent = SELECT |
2484 | public.openidrpconfig = SELECT |
2485 | -public.branch = SELECT |
2486 | +public.packagebuild = SELECT |
2487 | +type=user |
2488 | |
2489 | [modified-branches] |
2490 | +public.branch = SELECT |
2491 | type=user |
2492 | -public.branch = SELECT |
2493 | |
2494 | [calculate-bug-heat] |
2495 | -type=user |
2496 | groups=script,read |
2497 | public.bug = SELECT, UPDATE |
2498 | -public.job = SELECT, UPDATE, DELETE |
2499 | public.bugjob = SELECT, DELETE |
2500 | public.distribution = SELECT, UPDATE |
2501 | public.distributionsourcepackage = SELECT, INSERT, UPDATE |
2502 | public.distroseries = SELECT |
2503 | +public.job = SELECT, UPDATE, DELETE |
2504 | public.product = SELECT, UPDATE |
2505 | public.productseries = SELECT |
2506 | public.project = SELECT, UPDATE |
2507 | - |
2508 | +type=user |
2509 | |
2510 | [lagmon] |
2511 | -# cache-database-replication-lag.py |
2512 | -type=user |
2513 | public.update_replication_lag_cache() = EXECUTE |
2514 | +type=user |
2515 | |
2516 | [process-apport-blobs] |
2517 | -type=user |
2518 | groups=script,read |
2519 | +public.apportjob = SELECT, INSERT, UPDATE, DELETE |
2520 | public.job = SELECT, UPDATE, DELETE |
2521 | -public.apportjob = SELECT, INSERT, UPDATE, DELETE |
2522 | public.libraryfilealias = SELECT, INSERT, UPDATE |
2523 | public.libraryfilecontent = SELECT, INSERT, UPDATE |
2524 | +type=user |
2525 | |
2526 | [update-pkg-cache] |
2527 | -# update-pkg-cache.py split off from the statistician user so that it's easier |
2528 | -# to see its activity separate from update-stats.py |
2529 | -type=user |
2530 | groups=statistician |
2531 | +type=user |
2532 | |
2533 | [database_stats_update] |
2534 | -type=user |
2535 | groups=script |
2536 | public.update_database_stats() = EXECUTE |
2537 | +type=user |
2538 | |
2539 | [database_stats_report] |
2540 | -type=user |
2541 | groups=script |
2542 | -public.databasetablestats = SELECT |
2543 | public.databasecpustats = SELECT |
2544 | public.databasediskutilization = SELECT |
2545 | +public.databasetablestats = SELECT |
2546 | +type=user |
2547 | |
2548 | === added file 'lib/lp/scripts/utilities/settingsauditor.py' |
2549 | --- lib/lp/scripts/utilities/settingsauditor.py 1970-01-01 00:00:00 +0000 |
2550 | +++ lib/lp/scripts/utilities/settingsauditor.py 2011-05-03 22:22:53 +0000 |
2551 | @@ -0,0 +1,110 @@ |
2552 | +# Copyright 2011 Canonical Ltd. This software is licensed under the |
2553 | +# GNU Affero General Public License version 3 (see the file LICENSE). |
2554 | + |
2555 | +"""Contains the seting auditor used to clean up security.cfg.""" |
2556 | + |
2557 | +__metaclass__ = type |
2558 | + |
2559 | +__all__ = [ |
2560 | + "SettingsAuditor", |
2561 | + ] |
2562 | + |
2563 | +from collections import defaultdict |
2564 | +import re |
2565 | + |
2566 | + |
2567 | +class SettingsAuditor: |
2568 | + """Reads the security.cfg file and collects errors. |
2569 | + |
2570 | + We can't just use ConfigParser for this case, as we're doing our own |
2571 | + specialized parsing--not interpreting the settings, but verifying.""" |
2572 | + |
2573 | + header_regex = re.compile(r'.*?(?=\[)', re.MULTILINE|re.DOTALL) |
2574 | + section_regex = re.compile( |
2575 | + r'\[.*?\].*?(?=(\[)|($\Z))', re.MULTILINE|re.DOTALL) |
2576 | + section_label_regex = re.compile(r'\[.*\]') |
2577 | + |
2578 | + def __init__(self, data): |
2579 | + self.data = data |
2580 | + self.errors = {} |
2581 | + self.current_section = '' |
2582 | + self.observed_settings = defaultdict(lambda: 0) |
2583 | + |
2584 | + def _getHeader(self): |
2585 | + """Removes the header comments from the security file. |
2586 | + |
2587 | + The comments at the start of the file aren't something we |
2588 | + want to kill. |
2589 | + """ |
2590 | + header = self.header_regex.match(self.data) |
2591 | + if header is not None: |
2592 | + header = header.group() |
2593 | + self.data = self.data.replace(header, '') |
2594 | + return header |
2595 | + |
2596 | + def _strip(self, data): |
2597 | + data = data.split('\n') |
2598 | + data = [d.strip() for d in data] |
2599 | + return '\n'.join(d for d in data if not (d.startswith('#') or d == '')) |
2600 | + |
2601 | + def _getSectionName(self, line): |
2602 | + if line.strip().startswith('['): |
2603 | + return self.section_regex.match(line).group() |
2604 | + else: |
2605 | + return None |
2606 | + |
2607 | + def _separateConfigBlocks(self): |
2608 | + # We keep the copy of config_labels so we can keep them in order. |
2609 | + self.config_blocks = {} |
2610 | + self.config_labels = [] |
2611 | + self.data = self._strip(self.data) |
2612 | + while self.data != '': |
2613 | + section = self.section_regex.match(self.data) |
2614 | + section = section.group() |
2615 | + self.data = self.data.replace(section, '') |
2616 | + label = self.section_label_regex.match(section).group() |
2617 | + self.config_labels.append(label) |
2618 | + self.config_blocks[label] = section |
2619 | + |
2620 | + def _processBlocks(self): |
2621 | + for block in self.config_labels: |
2622 | + data = set(self.config_blocks[block].split('\n')[1:]) |
2623 | + data.discard('') |
2624 | + data = [line for line in sorted(data) |
2625 | + if line.strip() != '' and |
2626 | + not line.strip().startswith('#')] |
2627 | + self._checkForDupes(data, block) |
2628 | + data = '\n'.join([block] + data) |
2629 | + self.config_blocks[block] = data |
2630 | + |
2631 | + def _checkForDupes(self, data, label): |
2632 | + settings = defaultdict(lambda: 0) |
2633 | + for line in data: |
2634 | + settings[self._getSetting(line)] += 1 |
2635 | + dupe_settings = [setting for setting in settings.keys() |
2636 | + if settings[setting] > 1] |
2637 | + if dupe_settings != []: |
2638 | + self.errors[label] = dupe_settings |
2639 | + |
2640 | + def _getSetting(self, line): |
2641 | + return line.split()[0] |
2642 | + |
2643 | + def audit(self): |
2644 | + header = self._getHeader() |
2645 | + self._separateConfigBlocks() |
2646 | + self._processBlocks() |
2647 | + data = [] |
2648 | + for label in self.config_labels: |
2649 | + data.append(self.config_blocks[label]) |
2650 | + return '%s%s' % (header, '\n\n'.join(data)) |
2651 | + |
2652 | + @property |
2653 | + def error_data(self): |
2654 | + error_data = [] |
2655 | + error_data.append("The following errors were found in security.cfg") |
2656 | + error_data.append("-----------------------------------------------") |
2657 | + for section in self.errors.keys(): |
2658 | + error_data.append("In section: %s" % section) |
2659 | + for setting in self.errors[section]: |
2660 | + error_data.append('\tDuplicate setting found: %s' % setting) |
2661 | + return '\n'.join(error_data) |
2662 | |
2663 | === modified file 'lib/lp/scripts/utilities/tests/test_audit_security_settings.py' |
2664 | --- lib/lp/scripts/utilities/tests/test_audit_security_settings.py 2011-04-20 16:14:10 +0000 |
2665 | +++ lib/lp/scripts/utilities/tests/test_audit_security_settings.py 2011-05-03 22:22:53 +0000 |
2666 | @@ -1,4 +1,3 @@ |
2667 | - |
2668 | # Copyright 2011 Canonical Ltd. This software is licensed under the |
2669 | # GNU Affero General Public License version 3 (see the file LICENSE). |
2670 | |
2671 | @@ -6,21 +5,90 @@ |
2672 | |
2673 | __metaclass__ = type |
2674 | |
2675 | -import os |
2676 | - |
2677 | -from canonical.config import config |
2678 | from canonical.testing.layers import BaseLayer |
2679 | +from lp.scripts.utilities.settingsauditor import SettingsAuditor |
2680 | from lp.testing import TestCase |
2681 | |
2682 | |
2683 | -class TestAuditSecuitySettings(TestCase): |
2684 | +class TestAuditSecuritySettings(TestCase): |
2685 | |
2686 | layer = BaseLayer |
2687 | |
2688 | - def test_duplicate_parsing(self): |
2689 | - utility = os.path.join( |
2690 | - config.root, 'utilities', 'audit-security-settings.py') |
2691 | - cmd = '%s smoketest' % utility |
2692 | - error_msg = os.popen(cmd).read() |
2693 | - expected = '[bad]\n\tDuplicate setting found: public.bar\n' |
2694 | - self.assertTrue(expected in error_msg) |
2695 | + def setUp(self): |
2696 | + super(TestAuditSecuritySettings, self).setUp() |
2697 | + self.test_settings = ( |
2698 | + '# This is the header.\n' |
2699 | + '[good]\n' |
2700 | + 'public.foo = SELECT\n' |
2701 | + 'public.bar = SELECT, INSERT\n' |
2702 | + 'public.baz = SELECT\n' |
2703 | + '\n' |
2704 | + '[bad]\n' |
2705 | + 'public.foo = SELECT\n' |
2706 | + 'public.bar = SELECT, INSERT\n' |
2707 | + 'public.bar = SELECT\n' |
2708 | + 'public.baz = SELECT') |
2709 | + |
2710 | + def test_getHeader(self): |
2711 | + sa = SettingsAuditor(self.test_settings) |
2712 | + header = sa._getHeader() |
2713 | + self.assertEqual( |
2714 | + header, |
2715 | + '# This is the header.\n') |
2716 | + |
2717 | + def test_extract_config_blocks(self): |
2718 | + test_settings = self.test_settings.replace( |
2719 | + '# This is the header.\n', '') |
2720 | + sa = SettingsAuditor(test_settings) |
2721 | + sa._separateConfigBlocks() |
2722 | + self.assertContentEqual( |
2723 | + ['[good]', '[bad]'], |
2724 | + sa.config_blocks.keys()) |
2725 | + |
2726 | + def test_audit_block(self): |
2727 | + sa = SettingsAuditor('') |
2728 | + test_block = ( |
2729 | + '[bad]\n' |
2730 | + 'public.foo = SELECT\n' |
2731 | + 'public.bar = SELECT, INSERT\n' |
2732 | + 'public.bar = SELECT\n' |
2733 | + 'public.baz = SELECT\n') |
2734 | + sa.config_blocks = {'[bad]': test_block} |
2735 | + sa.config_labels = ['[bad]'] |
2736 | + sa._processBlocks() |
2737 | + expected = ( |
2738 | + '[bad]\n' |
2739 | + 'public.bar = SELECT\n' |
2740 | + 'public.bar = SELECT, INSERT\n' |
2741 | + 'public.baz = SELECT\n' |
2742 | + 'public.foo = SELECT') |
2743 | + self.assertEqual(expected, sa.config_blocks['[bad]']) |
2744 | + expected_error = '[bad]\n\tDuplicate setting found: public.bar' |
2745 | + self.assertTrue(expected_error in sa.error_data) |
2746 | + |
2747 | + def test_audit(self): |
2748 | + sa = SettingsAuditor(self.test_settings) |
2749 | + new_settings = sa.audit() |
2750 | + expected_settings = ( |
2751 | + '# This is the header.\n' |
2752 | + '[good]\n' |
2753 | + 'public.bar = SELECT, INSERT\n' |
2754 | + 'public.baz = SELECT\n' |
2755 | + 'public.foo = SELECT\n' |
2756 | + '\n' |
2757 | + '[bad]\n' |
2758 | + 'public.bar = SELECT\n' |
2759 | + 'public.bar = SELECT, INSERT\n' |
2760 | + 'public.baz = SELECT\n' |
2761 | + 'public.foo = SELECT') |
2762 | + self.assertEqual(expected_settings, new_settings) |
2763 | + |
2764 | + def test_comments_stipped(self): |
2765 | + sa = SettingsAuditor('') |
2766 | + test_data = ( |
2767 | + '#[foo]\n' |
2768 | + '#public.foo = SELECT\n') |
2769 | + data = sa._strip(test_data) |
2770 | + self.assertEqual('', data) |
2771 | + |
2772 | + |
2773 | |
2774 | === modified file 'utilities/audit-security-settings.py' |
2775 | --- utilities/audit-security-settings.py 2011-04-19 15:27:55 +0000 |
2776 | +++ utilities/audit-security-settings.py 2011-05-03 22:22:53 +0000 |
2777 | @@ -12,23 +12,10 @@ |
2778 | __metatype__ = type |
2779 | |
2780 | import os |
2781 | -import sys |
2782 | -import re |
2783 | - |
2784 | -from collections import defaultdict |
2785 | - |
2786 | -TEST_DATA = """ |
2787 | -[good] |
2788 | -public.foo = SELECT |
2789 | -public.bar = SELECT, INSERT |
2790 | -public.baz = SELECT |
2791 | - |
2792 | -[bad] |
2793 | -public.foo = SELECT |
2794 | -public.bar = SELECT, INSERT |
2795 | -public.bar = SELECT |
2796 | -public.baz = SELECT |
2797 | -""" |
2798 | + |
2799 | +import _pythonpath |
2800 | +from lp.scripts.utilities.settingsauditor import SettingsAuditor |
2801 | + |
2802 | |
2803 | BRANCH_ROOT = os.path.split( |
2804 | os.path.dirname(os.path.abspath(__file__)))[0] |
2805 | @@ -36,77 +23,12 @@ |
2806 | BRANCH_ROOT, 'database', 'schema', 'security.cfg') |
2807 | |
2808 | |
2809 | -def strip(data): |
2810 | - data = [d.strip() for d in data] |
2811 | - return [d for d in data if not (d.startswith('#') or d == '')] |
2812 | - |
2813 | - |
2814 | -class SettingsAuditor: |
2815 | - """Reads the security.cfg file and collects errors. |
2816 | - |
2817 | - We can't just use ConfigParser for this case, as we're doing our own |
2818 | - specialized parsing--not interpreting the settings, but verifying.""" |
2819 | - |
2820 | - section_regex = re.compile(r'\[.*\]') |
2821 | - |
2822 | - def __init__(self): |
2823 | - self.errors = {} |
2824 | - self.current_section = '' |
2825 | - self.observed_settings = defaultdict(lambda: 0) |
2826 | - |
2827 | - def _get_section_name(self, line): |
2828 | - if line.strip().startswith('['): |
2829 | - return self.section_regex.match(line).group() |
2830 | - else: |
2831 | - return None |
2832 | - |
2833 | - def _get_setting(self, line): |
2834 | - return line.split()[0] |
2835 | - |
2836 | - def start_new_section(self, new_section): |
2837 | - for k in self.observed_settings.keys(): |
2838 | - if self.observed_settings[k] == 1: |
2839 | - self.observed_settings.pop(k) |
2840 | - duplicated_settings = self.observed_settings.keys() |
2841 | - if len(duplicated_settings) > 0: |
2842 | - self.errors[self.current_section] = self.observed_settings.keys() |
2843 | - self.observed_settings = defaultdict(lambda: 0) |
2844 | - self.current_section = new_section |
2845 | - |
2846 | - def readline(self, line): |
2847 | - new_section = self._get_section_name(line) |
2848 | - if new_section is not None: |
2849 | - self.start_new_section(new_section) |
2850 | - else: |
2851 | - setting = self._get_setting(line) |
2852 | - self.observed_settings[setting] += 1 |
2853 | - |
2854 | - def print_error_data(self): |
2855 | - print "The following errors were found in security.cfg" |
2856 | - print "-----------------------------------------------" |
2857 | - for section in self.errors.keys(): |
2858 | - print "In section: %s" % section |
2859 | - for setting in self.errors[section]: |
2860 | - print '\tDuplicate setting found: %s' % setting |
2861 | - |
2862 | - |
2863 | -def main(test=False): |
2864 | - # This is a cheap hack to allow testing in the testrunner. |
2865 | - if test: |
2866 | - data = TEST_DATA.split('\n') |
2867 | - else: |
2868 | - data = file(SECURITY_PATH).readlines() |
2869 | - data = strip(data) |
2870 | - auditor = SettingsAuditor() |
2871 | - for line in data: |
2872 | - auditor.readline(line) |
2873 | - auditor.start_new_section('') |
2874 | - auditor.print_error_data() |
2875 | +def main(): |
2876 | + data = file(SECURITY_PATH).read() |
2877 | + auditor = SettingsAuditor(data) |
2878 | + settings = auditor.audit() |
2879 | + file(SECURITY_PATH, 'w').write(settings) |
2880 | + print auditor.error_data |
2881 | |
2882 | if __name__ == '__main__': |
2883 | - # smoketest check is a cheap hack to test the utility in the testrunner. |
2884 | - try: |
2885 | - test = sys.argv[1] == 'smoketest' |
2886 | - except IndexError: |
2887 | - test = False |
2888 | - main(test=test) |
2889 | + main() |
It might be nice to run this in lint.sh/