5 Adding tables for key-based ACLs and blocks
7 @contact: Debian FTP Master <ftpmaster@debian.org>
8 @copyright: 2009 Mark Hymers <mhy@debian.org>
9 @license: GNU General Public License version 2 or later
12 # This program is free software; you can redistribute it and/or modify
13 # it under the terms of the GNU General Public License as published by
14 # the Free Software Foundation; either version 2 of the License, or
15 # (at your option) any later version.
17 # This program is distributed in the hope that it will be useful,
18 # but WITHOUT ANY WARRANTY; without even the implied warranty of
19 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 # GNU General Public License for more details.
22 # You should have received a copy of the GNU General Public License
23 # along with this program; if not, write to the Free Software
24 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 ################################################################################
29 ################################################################################
33 from daklib.dak_exceptions import DBUpdateError
35 ################################################################################
38 print "Adding tables for handling key-based ACLs and upload blocks"
43 # Fix up some older table permissions
44 c.execute("GRANT SELECT ON src_format TO public")
45 c.execute("GRANT ALL ON src_format TO ftpmaster")
46 c.execute("GRANT USAGE ON src_format_id_seq TO ftpmaster")
48 c.execute("GRANT SELECT ON suite_src_formats TO public")
49 c.execute("GRANT ALL ON suite_src_formats TO ftpmaster")
52 print "Source ACLs table"
54 CREATE TABLE source_acl (
55 id SERIAL PRIMARY KEY,
56 access_level TEXT UNIQUE NOT NULL
60 ## Can upload all packages
61 c.execute("INSERT INTO source_acl (id, access_level) VALUES (1, 'full')")
62 ## Can upload only packages marked as DM upload allowed
63 c.execute("INSERT INTO source_acl (id, access_level) VALUES (2, 'dm')")
65 c.execute("GRANT SELECT ON source_acl TO public")
66 c.execute("GRANT ALL ON source_acl TO ftpmaster")
67 c.execute("GRANT USAGE ON source_acl_id_seq TO ftpmaster")
70 print "Binary ACLs table"
72 CREATE TABLE binary_acl (
73 id SERIAL PRIMARY KEY,
74 access_level TEXT UNIQUE NOT NULL
78 ## Can upload any architectures of binary packages
79 c.execute("INSERT INTO binary_acl (id, access_level) VALUES (1, 'full')")
80 ## Can upload debs where architectures are based on the map table binary_acl_map
81 c.execute("INSERT INTO binary_acl (id, access_level) VALUES (2, 'map')")
83 c.execute("GRANT SELECT ON binary_acl TO public")
84 c.execute("GRANT ALL ON binary_acl TO ftpmaster")
85 c.execute("GRANT USAGE ON binary_acl_id_seq TO ftpmaster")
87 # This is only used if binary_acl is 2 for the fingerprint concerned
89 CREATE TABLE binary_acl_map (
90 id SERIAL PRIMARY KEY,
91 fingerprint_id INT4 REFERENCES fingerprint (id) NOT NULL,
92 architecture_id INT4 REFERENCES architecture (id) NOT NULL,
94 UNIQUE (fingerprint_id, architecture_id)
97 c.execute("GRANT SELECT ON binary_acl_map TO public")
98 c.execute("GRANT ALL ON binary_acl_map TO ftpmaster")
99 c.execute("GRANT USAGE ON binary_acl_map_id_seq TO ftpmaster")
101 ## NULL means no source upload access (i.e. any upload containing source
103 c.execute("ALTER TABLE fingerprint ADD COLUMN source_acl INT4 REFERENCES source_acl(id) DEFAULT NULL")
105 ## NULL means no binary upload access
106 c.execute("ALTER TABLE fingerprint ADD COLUMN binary_acl INT4 REFERENCES binary_acl(id) DEFAULT NULL")
108 # Blockage table (replaces the hard coded stuff we used to have in extensions)
109 print "Adding blockage table"
111 CREATE TABLE upload_blocks (
112 id SERIAL PRIMARY KEY,
113 source TEXT NOT NULL,
114 version TEXT DEFAULT NULL,
115 fingerprint_id INT4 REFERENCES fingerprint (id),
116 uid_id INT4 REFERENCES uid (id),
117 reason TEXT NOT NULL,
119 CHECK (fingerprint_id IS NOT NULL OR uid_id IS NOT NULL)
122 c.execute("GRANT SELECT ON upload_blocks TO public")
123 c.execute("GRANT ALL ON upload_blocks TO ftpmaster")
124 c.execute("GRANT USAGE ON upload_blocks_id_seq TO ftpmaster")
126 print "Updating config version"
127 c.execute("UPDATE config SET value = '16' WHERE name = 'db_revision'")
130 except psycopg2.ProgrammingError, msg:
132 raise DBUpdateError, "Unable to apply ACLs update (16), rollback issued. Error message : %s" % (str(msg))