lib: Grant SELECT on auth_user

If a mail arrives with the 'X-Patchwork-Delegate' hint header, the
'patchwork.parser' script will need to index the users table to find the
appropriate user. This should be okay from a security perspective since
passwords are hashed and salted and the rest of the information is
mostly accessible publicly via the web UI and REST API.

Signed-off-by: Stephen Finucane <[email protected]>
Suggested-by: Ali Alnubani <[email protected]>
Closes: #365

Author: stephenfin

lib/sql/grant-all.mysql.sql

@@ -46,6 +46,7 @@ GRANT INSERT, SELECT ON patchwork_person TO 'nobody'@localhost;
 GRANT INSERT, SELECT ON patchwork_series TO 'nobody'@localhost;
 GRANT INSERT, SELECT ON patchwork_seriesreference TO 'nobody'@localhost;
 GRANT INSERT, SELECT, UPDATE, DELETE ON patchwork_patchtag TO 'nobody'@localhost;
+GRANT SELECT ON auth_user TO 'nobody'@localhost;
 GRANT SELECT ON patchwork_delegationrule TO 'nobody'@localhost;
 GRANT SELECT ON patchwork_project TO 'nobody'@localhost;
 GRANT SELECT ON patchwork_state TO 'nobody'@localhost;

lib/sql/grant-all.postgres.sql

@@ -85,6 +85,7 @@ GRANT INSERT, SELECT, UPDATE, DELETE ON
 	patchwork_series
 TO "nobody";
 GRANT SELECT ON
+	auth_user,
 	patchwork_delegationrule,
 	patchwork_project,
 	patchwork_state,