colouring-montreal/migrations/README.md

# Database setup

Initial setup, on first connection (replacing hostname, username, port, dbname as required):

```bash
$ psql "host={hostname} user={username} port={port} sslmode=require dbname=postgres"
> create database colouringlondon;
> \c colouringlondon
> create extension postgis;
> create extension pgcrypto;
> \q
```

To run all up migrations:

```bash
$ ls ./*.up.sql 2>/dev/null | while read -r migration; do psql < $migration; done;
```

Or all down migrations in reverse order:

```bash
$ ls -r ./*.down.sql 2>/dev/null | while read -r migration; do psql < $migration; done;
```

Create an app user:

```sql
-- role for server-side of front end (HTTP POST)
CREATE ROLE appusername WITH LOGIN;
-- create/update, authenticate and authorise users
GRANT SELECT, UPDATE, INSERT, DELETE ON TABLE users, user_sessions TO appusername;
-- join users against categories and access levels
GRANT SELECT ON TABLE user_access_levels, user_categories TO appusername;
-- read/write building data
GRANT SELECT, UPDATE ON TABLE buildings TO appusername;
GRANT SELECT, INSERT, DELETE ON TABLE building_user_likes TO appusername;
GRANT SELECT ON TABLE building_properties TO appusername;
-- read geometry data
GRANT SELECT ON TABLE geometries TO appusername;
-- read/append to logs
GRANT SELECT, INSERT ON TABLE logs to appusername;
-- use id sequences
GRANT USAGE ON ALL SEQUENCES IN SCHEMA public to appusername;
-- use postgis/pgcrypto functions
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO appusername;
-- read map search locations
GRANT SELECT ON TABLE search_locations to appusername;
```

Set or update passwords:

```bash
psql -c "ALTER USER appusername WITH PASSWORD 'longsecurerandompassword';"
```
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`# Database setup`
Notes on database provision 2018-08-01 09:17:20 -04:00
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`Initial setup, on first connection (replacing hostname, username, port, dbname as required):`
Notes on database provision 2018-08-01 09:17:20 -04:00
			```bash
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`$ psql "host={hostname} user={username} port={port} sslmode=require dbname=postgres"`
Notes on database provision 2018-08-01 09:17:20 -04:00			`> create database colouringlondon;`
			`> \c colouringlondon`
			`> create extension postgis;`
			`> create extension pgcrypto;`
			`> \q`
Update migration-running docs 2018-09-29 13:14:21 -04:00			```

			`To run all up migrations:`

			```bash
			`$ ls ./*.up.sql 2>/dev/null \| while read -r migration; do psql < $migration; done;`
			```

			`Or all down migrations in reverse order:`

			```bash
			`$ ls -r ./*.down.sql 2>/dev/null \| while read -r migration; do psql < $migration; done;`
Notes on database provision 2018-08-01 09:17:20 -04:00			```
Limit database user capabilities per app 2018-08-08 04:05:58 -04:00
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`Create an app user:`
Limit database user capabilities per app 2018-08-08 04:05:58 -04:00
			```sql
			`-- role for server-side of front end (HTTP POST)`
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`CREATE ROLE appusername WITH LOGIN;`
Limit database user capabilities per app 2018-08-08 04:05:58 -04:00			`-- create/update, authenticate and authorise users`
Typo in sql permissions 2018-10-21 15:47:44 -04:00			`GRANT SELECT, UPDATE, INSERT, DELETE ON TABLE users, user_sessions TO appusername;`
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`-- join users against categories and access levels`
			`GRANT SELECT ON TABLE user_access_levels, user_categories TO appusername;`
Limit database user capabilities per app 2018-08-08 04:05:58 -04:00			`-- read/write building data`
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`GRANT SELECT, UPDATE ON TABLE buildings TO appusername;`
Update migration-running docs 2018-09-29 13:14:21 -04:00			`GRANT SELECT, INSERT, DELETE ON TABLE building_user_likes TO appusername;`
Grant select building_properties to app db user 2018-10-25 09:43:37 -04:00			`GRANT SELECT ON TABLE building_properties TO appusername;`
Limit database user capabilities per app 2018-08-08 04:05:58 -04:00			`-- read geometry data`
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`GRANT SELECT ON TABLE geometries TO appusername;`
Limit database user capabilities per app 2018-08-08 04:05:58 -04:00			`-- read/append to logs`
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`GRANT SELECT, INSERT ON TABLE logs to appusername;`
Limit database user capabilities per app 2018-08-08 04:05:58 -04:00			`-- use id sequences`
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`GRANT USAGE ON ALL SEQUENCES IN SCHEMA public to appusername;`
Limit database user capabilities per app 2018-08-08 04:05:58 -04:00			`-- use postgis/pgcrypto functions`
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO appusername;`
Grant search table permissions 2019-02-11 04:30:22 -05:00			`-- read map search locations`
			`GRANT SELECT ON TABLE search_locations to appusername;`
Limit database user capabilities per app 2018-08-08 04:05:58 -04:00			```

Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`Set or update passwords:`
Limit database user capabilities per app 2018-08-08 04:05:58 -04:00
			```bash
Update database notes (single app user required) 2018-09-25 15:46:05 -04:00			`psql -c "ALTER USER appusername WITH PASSWORD 'longsecurerandompassword';"`
Limit database user capabilities per app 2018-08-08 04:05:58 -04:00			```