From 9484ba91f856609fefe36c0f58d37c920949e488 Mon Sep 17 00:00:00 2001 From: Zaid Marzguioui Date: Wed, 1 Apr 2026 13:32:32 +0200 Subject: [PATCH] fix(db): add explicit GRANT permissions for all CMS module tables The REVOKE+GRANT pattern in migrations can fail if a previous migration run partially succeeded. Adding explicit GRANTs to dev-bootstrap.sh ensures all tables have correct permissions on every deploy. Fixes 500 error on Sitzungsprotokolle (meeting_protocol_items permission denied). --- docker/db/dev-bootstrap.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docker/db/dev-bootstrap.sh b/docker/db/dev-bootstrap.sh index 18f7a9d6c..dbc33fd1f 100755 --- a/docker/db/dev-bootstrap.sh +++ b/docker/db/dev-bootstrap.sh @@ -48,4 +48,26 @@ END \$\$;" 2>&1 || true $PSQL -c "GRANT SELECT ON public.events TO anon;" 2>&1 || true $PSQL -c "GRANT SELECT ON public.courses TO anon;" 2>&1 || true +echo "🔐 Ensuring table permissions for all CMS modules..." +$PSQL -c " + GRANT SELECT, INSERT, UPDATE, DELETE ON public.meeting_protocols TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.meeting_protocol_items TO authenticated; + GRANT ALL ON public.meeting_protocols TO service_role; + GRANT ALL ON public.meeting_protocol_items TO service_role; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.waters TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.fish_species TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.fish_stocking TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.fishing_leases TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.catch_books TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.catch_entries TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.fishing_permits TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.fishing_competitions TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.member_clubs TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_contacts TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_roles TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.association_types TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_fee_types TO authenticated; + GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_fees TO authenticated; +" 2>&1 || true + echo "✅ Dev bootstrap complete."