Merge lp:~jtv/launchpad/bug-878115 into lp:launchpad

Missing DELETE privilege for poimport on TranslationMessage.

= Summary =

See bug 878115 for a description of the problem.

== Proposed fix ==

Let's not complicate this. Add the missing privilege.

== Pre-implementation notes ==

Discussed with Stuart and with Julian: we really ought to get rid of these fine-grained database privileges for anything that's not in any way sensitive. Far more trouble than it's worth.

For keeping track of who accesses what, we should monitor accesses, not create an endless stream of critical bugs.

== Implementation details ==

I thought this had to go to db-devel in our current process, but William says it should go to devel.

== Tests ==

You got me there. I didn't add any.

Why? Well the _reason_ is that I'm at the same time lazy and eager to get this problem fixed. My _justifications_ are:
 * This is a policy change, not a mechanism change. No point in testing that each security.cfg entry does what it's supposed to.
 * The code path that fails is relatively obscure. I can change the unit-tests to run with "realistic" database privileges, at the cost of extra test time, but then the question becomes whether I missed any roles that might do the same thing.
 * The problem is unlikely to recur in its exact same form. How do you test for not having missed anything in testing, such as a different database role that also executes the same code?
 * Actually, if I test this under the poimport DB role, I _know_ I will be ignoring a realistic case: the appserver goes through the same code paths, but it already has the privileges it needs.

What if I got the diagnosis wrong? Then I fixed a different critical bug than what caused this one. Still worthwhile.

== Demo and Q/A ==

The problem should not recur on the launchpad-errors-reports list.

= Launchpad lint =

Checking for conflicts and issues in changed files.

Linting changed files:
  database/schema/security.cfg