fix(db): add missing GRANT statements to v9.7 migrations

Migrations 030 (sites), 032 (device_interfaces), 033 (wireless_links), and 034 (sectors) were missing GRANT statements for app_user and poller_user. Without these, fresh deploys crash on site/sector CRUD with permission denied errors. Also added poller_user SELECT grants to migration 035 (site_alert_rules/events). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 17:46:23 -05:00
parent dffea763f6
commit 413376e363
5 changed files with 20 additions and 2 deletions
--- a/backend/alembic/versions/030_create_sites_table.py
+++ b/backend/alembic/versions/030_create_sites_table.py
@@ -70,7 +70,11 @@ def upgrade() -> None:
        """)
    )

-    # 3. Add nullable site_id FK column to devices table
+    # 3. Grant app_user access
+    conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON sites TO app_user"))
+    conn.execute(sa.text("GRANT SELECT ON sites TO poller_user"))
+
+    # 4. Add nullable site_id FK column to devices table
    op.add_column(
        "devices",
        sa.Column(
--- a/backend/alembic/versions/032_device_interfaces_table.py
+++ b/backend/alembic/versions/032_device_interfaces_table.py
@@ -73,6 +73,10 @@ def upgrade() -> None:
        """)
    )

+    # Grant app_user and poller_user access
+    conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON device_interfaces TO app_user"))
+    conn.execute(sa.text("GRANT SELECT ON device_interfaces TO poller_user"))
+

 def downgrade() -> None:
    conn = op.get_bind()
--- a/backend/alembic/versions/033_wireless_links_table.py
+++ b/backend/alembic/versions/033_wireless_links_table.py
@@ -102,6 +102,10 @@ def upgrade() -> None:
        """)
    )

+    # Grant app_user and poller_user access
+    conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON wireless_links TO app_user"))
+    conn.execute(sa.text("GRANT SELECT ON wireless_links TO poller_user"))
+

 def downgrade() -> None:
    conn = op.get_bind()
--- a/backend/alembic/versions/034_create_sectors_table.py
+++ b/backend/alembic/versions/034_create_sectors_table.py
@@ -74,7 +74,11 @@ def upgrade() -> None:
        """)
    )

-    # 3. Add nullable sector_id FK column to devices table
+    # 3. Grant app_user and poller_user access
+    conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON sectors TO app_user"))
+    conn.execute(sa.text("GRANT SELECT ON sectors TO poller_user"))
+
+    # 4. Add nullable sector_id FK column to devices table
    op.add_column(
        "devices",
        sa.Column(
--- a/backend/alembic/versions/035_site_alert_rules_and_events.py
+++ b/backend/alembic/versions/035_site_alert_rules_and_events.py
@@ -184,6 +184,7 @@ def upgrade() -> None:
        """)
    )
    conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON site_alert_rules TO app_user"))
+    conn.execute(sa.text("GRANT SELECT ON site_alert_rules TO poller_user"))

    # site_alert_events RLS
    conn.execute(sa.text("ALTER TABLE site_alert_events ENABLE ROW LEVEL SECURITY"))
@@ -202,6 +203,7 @@ def upgrade() -> None:
        """)
    )
    conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON site_alert_events TO app_user"))
+    conn.execute(sa.text("GRANT SELECT ON site_alert_events TO poller_user"))


 def downgrade() -> None: