80 lines
4.5 KiB
Plaintext
80 lines
4.5 KiB
Plaintext
-- ============================================================================
|
|
-- PERMISSION FIX & VERIFICATION SCRIPT
|
|
-- ============================================================================
|
|
-- Purpose:
|
|
-- This script first resets the default privileges on the public schema to fix
|
|
-- "permission denied" errors. It then runs a series of tests to VERIFY that
|
|
-- the permissions have been correctly applied, providing clear feedback.
|
|
--
|
|
-- Usage:
|
|
-- RUN THIS SCRIPT FIRST. If it completes successfully, you can then run
|
|
-- the main schema.sql.txt script.
|
|
|
|
-- ============================================================================
|
|
-- STEP 1: APPLY PERMISSION FIXES
|
|
-- ============================================================================
|
|
|
|
-- Grant usage on the schema to the key roles.
|
|
GRANT USAGE ON SCHEMA public TO postgres, anon, authenticated, service_role;
|
|
|
|
-- Grant ALL privileges on EXISTING tables, sequences, and functions to the key roles.
|
|
-- This is a "catch-all" for any existing objects that may have wrong permissions.
|
|
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO postgres, anon, authenticated, service_role;
|
|
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO postgres, anon, authenticated, service_role;
|
|
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO postgres, anon, authenticated, service_role;
|
|
|
|
-- Grant ALL privileges on FUTURE tables, sequences, and functions to the key roles.
|
|
-- This is the most important part: it ensures new objects get the right permissions.
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO postgres, anon, authenticated, service_role;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO postgres, anon, authenticated, service_role;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON FUNCTIONS TO postgres, anon, authenticated, service_role;
|
|
|
|
|
|
-- ============================================================================
|
|
-- STEP 2: VERIFY PERMISSIONS HAVE BEEN APPLIED
|
|
-- ============================================================================
|
|
-- This block performs live tests to confirm the fixes worked. If any test
|
|
-- fails, it will raise an error and stop the script.
|
|
|
|
DO $$
|
|
BEGIN
|
|
RAISE NOTICE '--- Starting Permission Verification Tests ---';
|
|
|
|
-- TEST 1: Check if the 'postgres' user (you) can CREATE in the public schema.
|
|
-- This directly tests the original "permission denied" error.
|
|
IF NOT has_schema_privilege('postgres', 'public', 'CREATE') THEN
|
|
RAISE EXCEPTION 'TEST FAILED: The "postgres" role still does not have CREATE permission on the public schema. The script cannot proceed.';
|
|
END IF;
|
|
RAISE NOTICE '✅ TEST PASSED: "postgres" role has CREATE permission on public schema.';
|
|
|
|
-- TEST 2: Create a temporary table to check default privileges.
|
|
-- This confirms that the ALTER DEFAULT PRIVILEGES command worked.
|
|
CREATE TABLE public.permission_test_table (id int);
|
|
RAISE NOTICE ' -> Created temporary table "permission_test_table".';
|
|
|
|
-- TEST 3: Check if the 'authenticated' role has full rights on the NEW table.
|
|
-- This is crucial for your application's logged-in users.
|
|
IF NOT has_table_privilege('authenticated', 'public.permission_test_table', 'SELECT, INSERT, UPDATE, DELETE') THEN
|
|
DROP TABLE public.permission_test_table;
|
|
RAISE EXCEPTION 'TEST FAILED: The "authenticated" role did not automatically get full permissions on a newly created table. Default privileges are incorrect.';
|
|
END IF;
|
|
RAISE NOTICE '✅ TEST PASSED: "authenticated" role has full CRUD permissions on the new test table.';
|
|
|
|
-- TEST 4: Check if the 'anon' role also has full rights on the NEW table.
|
|
-- This is important for RLS policies that might allow anonymous access for specific queries.
|
|
IF NOT has_table_privilege('anon', 'public.permission_test_table', 'SELECT, INSERT, UPDATE, DELETE') THEN
|
|
DROP TABLE public.permission_test_table;
|
|
RAISE EXCEPTION 'TEST FAILED: The "anon" role did not automatically get full permissions on a newly created table. Default privileges are incorrect.';
|
|
END IF;
|
|
RAISE NOTICE '✅ TEST PASSED: "anon" role has full CRUD permissions on the new test table.';
|
|
|
|
|
|
-- Cleanup: Drop the temporary table.
|
|
DROP TABLE public.permission_test_table;
|
|
RAISE NOTICE ' -> Cleaned up temporary table.';
|
|
|
|
RAISE NOTICE '--- ALL PERMISSION TESTS PASSED SUCCESSFULLY ---';
|
|
RAISE NOTICE 'You should now be able to run the main schema.sql.txt script without permission errors.';
|
|
END;
|
|
$$;
|