From 413376e363d63e781860ed2663d0d761bf1ecdb4 Mon Sep 17 00:00:00 2001 From: Jason Staack Date: Thu, 19 Mar 2026 17:46:23 -0500 Subject: [PATCH] fix(db): add missing GRANT statements to v9.7 migrations Migrations 030 (sites), 032 (device_interfaces), 033 (wireless_links), and 034 (sectors) were missing GRANT statements for app_user and poller_user. Without these, fresh deploys crash on site/sector CRUD with permission denied errors. Also added poller_user SELECT grants to migration 035 (site_alert_rules/events). Co-Authored-By: Claude Opus 4.6 (1M context) --- backend/alembic/versions/030_create_sites_table.py | 6 +++++- backend/alembic/versions/032_device_interfaces_table.py | 4 ++++ backend/alembic/versions/033_wireless_links_table.py | 4 ++++ backend/alembic/versions/034_create_sectors_table.py | 6 +++++- backend/alembic/versions/035_site_alert_rules_and_events.py | 2 ++ 5 files changed, 20 insertions(+), 2 deletions(-) diff --git a/backend/alembic/versions/030_create_sites_table.py b/backend/alembic/versions/030_create_sites_table.py index 7de742b..5c753de 100644 --- a/backend/alembic/versions/030_create_sites_table.py +++ b/backend/alembic/versions/030_create_sites_table.py @@ -70,7 +70,11 @@ def upgrade() -> None: """) ) - # 3. Add nullable site_id FK column to devices table + # 3. Grant app_user access + conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON sites TO app_user")) + conn.execute(sa.text("GRANT SELECT ON sites TO poller_user")) + + # 4. Add nullable site_id FK column to devices table op.add_column( "devices", sa.Column( diff --git a/backend/alembic/versions/032_device_interfaces_table.py b/backend/alembic/versions/032_device_interfaces_table.py index 6834c62..9a2cb70 100644 --- a/backend/alembic/versions/032_device_interfaces_table.py +++ b/backend/alembic/versions/032_device_interfaces_table.py @@ -73,6 +73,10 @@ def upgrade() -> None: """) ) + # Grant app_user and poller_user access + conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON device_interfaces TO app_user")) + conn.execute(sa.text("GRANT SELECT ON device_interfaces TO poller_user")) + def downgrade() -> None: conn = op.get_bind() diff --git a/backend/alembic/versions/033_wireless_links_table.py b/backend/alembic/versions/033_wireless_links_table.py index 16de483..4b951da 100644 --- a/backend/alembic/versions/033_wireless_links_table.py +++ b/backend/alembic/versions/033_wireless_links_table.py @@ -102,6 +102,10 @@ def upgrade() -> None: """) ) + # Grant app_user and poller_user access + conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON wireless_links TO app_user")) + conn.execute(sa.text("GRANT SELECT ON wireless_links TO poller_user")) + def downgrade() -> None: conn = op.get_bind() diff --git a/backend/alembic/versions/034_create_sectors_table.py b/backend/alembic/versions/034_create_sectors_table.py index 334a20f..4faf1a1 100644 --- a/backend/alembic/versions/034_create_sectors_table.py +++ b/backend/alembic/versions/034_create_sectors_table.py @@ -74,7 +74,11 @@ def upgrade() -> None: """) ) - # 3. Add nullable sector_id FK column to devices table + # 3. Grant app_user and poller_user access + conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON sectors TO app_user")) + conn.execute(sa.text("GRANT SELECT ON sectors TO poller_user")) + + # 4. Add nullable sector_id FK column to devices table op.add_column( "devices", sa.Column( diff --git a/backend/alembic/versions/035_site_alert_rules_and_events.py b/backend/alembic/versions/035_site_alert_rules_and_events.py index d507b93..4a29298 100644 --- a/backend/alembic/versions/035_site_alert_rules_and_events.py +++ b/backend/alembic/versions/035_site_alert_rules_and_events.py @@ -184,6 +184,7 @@ def upgrade() -> None: """) ) conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON site_alert_rules TO app_user")) + conn.execute(sa.text("GRANT SELECT ON site_alert_rules TO poller_user")) # site_alert_events RLS conn.execute(sa.text("ALTER TABLE site_alert_events ENABLE ROW LEVEL SECURITY")) @@ -202,6 +203,7 @@ def upgrade() -> None: """) ) conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON site_alert_events TO app_user")) + conn.execute(sa.text("GRANT SELECT ON site_alert_events TO poller_user")) def downgrade() -> None: