grant only USAGE on main schemas for service account instead of ALL

public-convenience-ltd · Sep 21, 2024 · 5abf505 · 5abf505
1 parent 8e42981
commit 5abf505
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 10 deletions.
diff --git a/src/pages/explorer/loos/[id]/index.page.tsx b/src/pages/explorer/loos/[id]/index.page.tsx
@@ -81,7 +81,7 @@ const LooPage: CustomLooByIdComp = (props) => {
       message,
       router.isReady,
       setMapState,
-    ]
+    ],
   );
 
   // Find the diff between the current and previous report
@@ -117,7 +117,7 @@ const LooPage: CustomLooByIdComp = (props) => {
           // Otherwise, just return the current report.
           return [...accumulatedReports, currentReport];
         },
-        []
+        [],
       );
 
       const diffHistory = squashedSystemReports.map((report, i) => {
@@ -186,7 +186,7 @@ const LooPage: CustomLooByIdComp = (props) => {
   const onInitializePane: MonacoOnInitializePane = (
     monacoEditorRef,
     editorRef,
-    model
+    model,
   ) => {
     editorRef.current.setScrollTop(1);
     editorRef.current.setPosition({
@@ -428,15 +428,15 @@ export const getStaticProps: GetServerSideProps = async ({ params, req }) => {
         variables: { id: params.id as string },
         fetchPolicy: 'no-cache',
       },
-      { req }
+      { req },
     );
 
     const reportHistoryResponse = await ssrLooReportHistory.getServerPage(
       {
         variables: { id: params.id as string },
         fetchPolicy: 'no-cache',
       },
-      { req }
+      { req },
     );
 
     const problemFetchingLooData =

diff --git a/supabase/migrations/20240816164300_initial_database_setup.sql b/supabase/migrations/20240816164300_initial_database_setup.sql
@@ -284,11 +284,12 @@ CREATE TRIGGER loo_area_trigger_insert
     FOR EACH ROW
     EXECUTE FUNCTION public.determine_area_loo_is_within_on_upsert();
 
+-- Begin service Role PERMISSIONS / RLS setup ---
+GRANT USAGE ON SCHEMA public TO toiletmap_web;
+GRANT USAGE ON SCHEMA audit TO toiletmap_web;
+GRANT USAGE ON SCHEMA extensions TO toiletmap_web;
 
-GRANT ALL ON SCHEMA public TO toiletmap_web;
-GRANT ALL ON SCHEMA audit TO toiletmap_web;
-GRANT ALL ON SCHEMA extensions TO toiletmap_web;
-
+-- Grant permissions on extensions.spatial_ref_sys for correct PostGIS operation.
 GRANT SELECT ON TABLE extensions.spatial_ref_sys TO toiletmap_web;
 
 -- Grant permissions on public.toilets and modify RLS policies.
@@ -298,7 +299,6 @@ GRANT UPDATE ON TABLE public.toilets TO toiletmap_web;
 GRANT REFERENCES ON TABLE public.toilets TO toiletmap_web;
 GRANT TRIGGER ON TABLE public.toilets TO toiletmap_web;
 
-
 GRANT EXECUTE ON FUNCTION public.determine_area_loo_is_within_on_upsert() TO toiletmap_web;
 GRANT EXECUTE ON FUNCTION public.determine_area_loo_is_within_on_upsert() TO toiletmap_web;
 
@@ -345,3 +345,5 @@ CREATE POLICY update_policy ON audit.record_version
     FOR UPDATE
     TO toiletmap_web
     USING (true);  -- Allows all updates
+
+-- End service Role PERMISSIONS / RLS setup ---