--- /dev/null
+BEGIN;
+-- give necessary permissions to the web server. Becuase the admin is all
+-- web-based, these need to be quite permissive
+GRANT SELECT, UPDATE, INSERT, DELETE ON
+ auth_message,
+ django_session,
+ django_site,
+ django_admin_log,
+ django_content_type,
+ auth_group_permissions,
+ auth_user,
+ auth_user_groups,
+ auth_group,
+ auth_user_user_permissions,
+ auth_permission,
+ patchwork_userpersonconfirmation,
+ patchwork_state,
+ patchwork_comment,
+ patchwork_person,
+ patchwork_userprofile,
+ patchwork_userprofile_maintainer_projects,
+ patchwork_project,
+ patchwork_bundle,
+ patchwork_bundle_patches,
+ patchwork_patch,
+ registration_registrationprofile
+TO "www-data";
+GRANT SELECT, UPDATE ON
+ auth_group_id_seq,
+ auth_group_permissions_id_seq,
+ auth_message_id_seq,
+ auth_permission_id_seq,
+ auth_user_groups_id_seq,
+ auth_user_id_seq,
+ auth_user_user_permissions_id_seq,
+ django_admin_log_id_seq,
+ django_content_type_id_seq,
+ django_site_id_seq,
+ patchwork_bundle_id_seq,
+ patchwork_bundle_patches_id_seq,
+ patchwork_comment_id_seq,
+ patchwork_patch_id_seq,
+ patchwork_person_id_seq,
+ patchwork_project_id_seq,
+ patchwork_state_id_seq,
+ patchwork_userpersonconfirmation_id_seq,
+ patchwork_userprofile_id_seq,
+ patchwork_userprofile_maintainer_projects_id_seq,
+ registration_registrationprofile_id_seq
+TO "www-data";
+
+-- allow the mail user (in this case, 'nobody') to add patches
+GRANT INSERT, SELECT ON
+ patchwork_patch,
+ patchwork_comment,
+ patchwork_person
+TO "nobody";
+GRANT SELECT ON
+ patchwork_project,
+ patchwork_state
+TO "nobody";
+GRANT UPDATE, SELECT ON
+ patchwork_patch_id_seq,
+ patchwork_person_id_seq,
+ patchwork_comment_id_seq
+TO "nobody";
+
+COMMIT;
+
projects / patchwork / blobdiff