Mercurial > gemma

diff schema/auth.sql @ 307:750a9c9cd965

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use SQL UPDATE to update users This implies it's not a database error anymore to try to update a non-existent user. Thus, handle this as a HTTP-404 in the backend, which is in line with what GET does. Using UPDATE here will allow to GRANT column-wise privileges. The password has become part of the view to be updatable as well.
author Tom Gottfried <tom@intevation.de>
date Wed, 01 Aug 2018 15:49:38 +0200
parents 72062ca52746
children 0745b4d336c4
line wrap: on
line diff
--- a/schema/auth.sql	Wed Aug 01 15:18:26 2018 +0200
+++ b/schema/auth.sql	Wed Aug 01 15:49:38 2018 +0200
@@ -25,7 +25,7 @@
 -- Extended privileges for sys_admin
 --
 GRANT INSERT, UPDATE, DELETE
-    ON users.responsibility_areas TO sys_admin;
+    ON users.list_users, users.responsibility_areas TO sys_admin;
 GRANT USAGE ON SCHEMA sys_admin TO sys_admin;
 GRANT SELECT ON ALL TABLES IN SCHEMA sys_admin TO sys_admin;
 GRANT UPDATE ON sys_admin.system_config TO sys_admin;