[usit-rt.git] / etc / acl.Pg


sub acl {
    my $dbh = shift;

    my @acls;

    my @tables = qw (
        attachments_id_seq
        Attachments
        Attributes
        attributes_id_seq
        queues_id_seq
        Queues 
        links_id_seq
        Links 
        principals_id_seq
        Principals 
        groups_id_seq
        Groups 
        scripconditions_id_seq
        ScripConditions 
        transactions_id_seq
        Transactions 
        scrips_id_seq
        Scrips 
        acl_id_seq
        ACL 
        groupmembers_id_seq
        GroupMembers 
        cachedgroupmembers_id_seq
        CachedGroupMembers 
        users_id_seq
        Users 
        tickets_id_seq
        Tickets 
        scripactions_id_seq
        ScripActions 
        templates_id_seq
        Templates 
        objectcustomfieldvalues_id_s
        ObjectCustomFieldValues 
        customfields_id_seq
        CustomFields 
        objectcustomfields_id_s
        ObjectCustomFields 
        customfieldvalues_id_seq
        CustomFieldValues
        sessions
        classes_id_seq
        Classes
        articles_id_seq
        Articles
        topics_id_seq
        Topics
        objecttopics_id_seq
        ObjectTopics
        objectclasses_id_seq
        ObjectClasses
    );

    my $db_user = RT->Config->Get('DatabaseUser');
    my $db_pass = RT->Config->Get('DatabasePassword');

    # if there's already an rt_user, use it.
    my @row = $dbh->selectrow_array( "SELECT usename FROM pg_user WHERE usename = '$db_user'" );
    unless ( $row[0] ) {
	 push @acls, "CREATE USER \"$db_user\" WITH PASSWORD '$db_pass' NOCREATEDB NOCREATEUSER;";
    }

    my $sequence_right
        = ( $dbh->{pg_server_version} >= 80200 )
        ? "USAGE, SELECT, UPDATE"
        : "SELECT, UPDATE";
    foreach my $table (@tables) {
        if ( $table =~ /^[a-z]/ && $table ne 'sessions' ) {
# table like objectcustomfields_id_s
            push @acls, "GRANT $sequence_right ON $table TO \"$db_user\";"
        }
        else {
            push @acls, "GRANT SELECT, INSERT, UPDATE, DELETE ON $table TO \"$db_user\";"
        }
    }
    return (@acls);
}

1;
Commit	Line	Data
	1
	2	sub acl {
	3	my $dbh = shift;
	4
	5	my @acls;
	6
	7	my @tables = qw (
	8	attachments_id_seq
	9	Attachments
	10	Attributes
	11	attributes_id_seq
	12	queues_id_seq
	13	Queues
	14	links_id_seq
	15	Links
	16	principals_id_seq
	17	Principals
	18	groups_id_seq
	19	Groups
	20	scripconditions_id_seq
	21	ScripConditions
	22	transactions_id_seq
	23	Transactions
	24	scrips_id_seq
	25	Scrips
	26	acl_id_seq
	27	ACL
	28	groupmembers_id_seq
	29	GroupMembers
	30	cachedgroupmembers_id_seq
	31	CachedGroupMembers
	32	users_id_seq
	33	Users
	34	tickets_id_seq
	35	Tickets
	36	scripactions_id_seq
	37	ScripActions
	38	templates_id_seq
	39	Templates
	40	objectcustomfieldvalues_id_s
	41	ObjectCustomFieldValues
	42	customfields_id_seq
	43	CustomFields
	44	objectcustomfields_id_s
	45	ObjectCustomFields
	46	customfieldvalues_id_seq
	47	CustomFieldValues
	48	sessions
	49	classes_id_seq
	50	Classes
	51	articles_id_seq
	52	Articles
	53	topics_id_seq
	54	Topics
	55	objecttopics_id_seq
	56	ObjectTopics
	57	objectclasses_id_seq
	58	ObjectClasses
	59	);
	60
	61	my $db_user = RT->Config->Get('DatabaseUser');
	62	my $db_pass = RT->Config->Get('DatabasePassword');
	63
	64	# if there's already an rt_user, use it.
	65	my @row = $dbh->selectrow_array( "SELECT usename FROM pg_user WHERE usename = '$db_user'" );
	66	unless ( $row[0] ) {
	67	push @acls, "CREATE USER \"$db_user\" WITH PASSWORD '$db_pass' NOCREATEDB NOCREATEUSER;";
	68	}
	69
	70	my $sequence_right
	71	= ( $dbh->{pg_server_version} >= 80200 )
	72	? "USAGE, SELECT, UPDATE"
	73	: "SELECT, UPDATE";
	74	foreach my $table (@tables) {
	75	if ( $table =~ /^[a-z]/ && $table ne 'sessions' ) {
	76	# table like objectcustomfields_id_s
	77	push @acls, "GRANT $sequence_right ON $table TO \"$db_user\";"
	78	}
	79	else {
	80	push @acls, "GRANT SELECT, INSERT, UPDATE, DELETE ON $table TO \"$db_user\";"
	81	}
	82	}
	83	return (@acls);
	84	}
	85
	86	1;