monoadmin/the-other-dude
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
the-other-dude/backend/alembic/versions/030_create_sites_table.py
Jason Staack 413376e363 fix(db): add missing GRANT statements to v9.7 migrations 
Migrations 030 (sites), 032 (device_interfaces), 033 (wireless_links),
and 034 (sectors) were missing GRANT statements for app_user and
poller_user. Without these, fresh deploys crash on site/sector CRUD
with permission denied errors. Also added poller_user SELECT grants
to migration 035 (site_alert_rules/events).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 17:46:23 -05:00

99 lines
3.1 KiB
Python
Raw Permalink Blame History

"""Create sites table with RLS and add site_id FK to devices.
Revision ID: 030
Revises: 029
Create Date: 2026-03-19
"""
import sqlalchemy as sa
from alembic import op
revision = "030"
down_revision = "029"
branch_labels = None
depends_on = None
def upgrade() -> None:
# 1. Create sites table
op.create_table(
"sites",
sa.Column(
"id",
sa.dialects.postgresql.UUID(as_uuid=True),
primary_key=True,
server_default=sa.text("gen_random_uuid()"),
),
sa.Column(
"tenant_id",
sa.dialects.postgresql.UUID(as_uuid=True),
sa.ForeignKey("tenants.id", ondelete="CASCADE"),
nullable=False,
index=True,
),
sa.Column("name", sa.String(255), nullable=False),
sa.Column("latitude", sa.Float, nullable=True),
sa.Column("longitude", sa.Float, nullable=True),
sa.Column("address", sa.Text, nullable=True),
sa.Column("elevation", sa.Float, nullable=True),
sa.Column("notes", sa.Text, nullable=True),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.UniqueConstraint("tenant_id", "name", name="uq_sites_tenant_name"),
)
# 2. Enable RLS on sites table
conn = op.get_bind()
conn.execute(sa.text("ALTER TABLE sites ENABLE ROW LEVEL SECURITY"))
conn.execute(sa.text("ALTER TABLE sites FORCE ROW LEVEL SECURITY"))
conn.execute(
sa.text("""
CREATE POLICY tenant_isolation ON sites
USING (
tenant_id::text = current_setting('app.current_tenant', true)
OR current_setting('app.current_tenant', true) = 'super_admin'
)
WITH CHECK (
tenant_id::text = current_setting('app.current_tenant', true)
OR current_setting('app.current_tenant', true) = 'super_admin'
)
""")
)
# 3. Grant app_user access
conn.execute(sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON sites TO app_user"))
conn.execute(sa.text("GRANT SELECT ON sites TO poller_user"))
# 4. Add nullable site_id FK column to devices table
op.add_column(
"devices",
sa.Column(
"site_id",
sa.dialects.postgresql.UUID(as_uuid=True),
sa.ForeignKey("sites.id", ondelete="SET NULL"),
nullable=True,
),
)
op.create_index("ix_devices_site_id", "devices", ["site_id"])
def downgrade() -> None:
# Drop devices.site_id column (index drops automatically with column)
op.drop_index("ix_devices_site_id", table_name="devices")
op.drop_column("devices", "site_id")
# Drop RLS policy and sites table
conn = op.get_bind()
conn.execute(sa.text("DROP POLICY IF EXISTS tenant_isolation ON sites"))
op.drop_table("sites")
Reference in New Issue View Git Blame Copy Permalink