From 13d8ad9b3d1a52dfb3be5a4ad0ee1bd3c86fc60c Mon Sep 17 00:00:00 2001
From: xbgmsharp <xbgmsharp@gmail.com>
Date: Sat, 4 Feb 2023 23:45:31 +0100
Subject: [PATCH] Allow api_anonymous to execute api.recover and api.reset
 functions

---
 initdb/02_6_signalk_roles.sql | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/initdb/02_6_signalk_roles.sql b/initdb/02_6_signalk_roles.sql
index fd439a8..d1ed00b 100644
--- a/initdb/02_6_signalk_roles.sql
+++ b/initdb/02_6_signalk_roles.sql
@@ -23,9 +23,11 @@ comment on role api_anonymous is
 -- Limit to 10 connections
 --alter user api_anonymous connection limit 10;
 grant usage on schema api to api_anonymous;
--- explicitly limit EXECUTE privileges to only signup and login functions
+-- explicitly limit EXECUTE privileges to only signup and login and reset functions
 grant execute on function api.login(text,text) to api_anonymous;
 grant execute on function api.signup(text,text,text,text) to api_anonymous;
+grant execute on function api.recover(text) to api_anonymous;
+grant execute on function api.reset(text,text,text) to api_anonymous;
 -- explicitly limit EXECUTE privileges to pgrest db-pre-request function
 grant execute on function public.check_jwt() to api_anonymous;
 -- explicitly limit EXECUTE privileges to only telegram bot auth function