etc/acl.Pg

   1
   2 sub acl {
   3     my $dbh = shift;
   4
   5     my @acls;
   6
   7     my @tables = qw (
   8         attachments_id_seq
   9         Attachments
  10         Attributes
  11         attributes_id_seq
  12         queues_id_seq
  13         Queues
  14         links_id_seq
  15         Links
  16         principals_id_seq
  17         Principals
  18         groups_id_seq
  19         Groups
  20         scripconditions_id_seq
  21         ScripConditions
  22         transactions_id_seq
  23         Transactions
  24         scrips_id_seq
  25         Scrips
  26         acl_id_seq
  27         ACL
  28         groupmembers_id_seq
  29         GroupMembers
  30         cachedgroupmembers_id_seq
  31         CachedGroupMembers
  32         users_id_seq
  33         Users
  34         tickets_id_seq
  35         Tickets
  36         scripactions_id_seq
  37         ScripActions
  38         templates_id_seq
  39         Templates
  40         objectcustomfieldvalues_id_s
  41         ObjectCustomFieldValues
  42         customfields_id_seq
  43         CustomFields
  44         objectcustomfields_id_s
  45         ObjectCustomFields
  46         customfieldvalues_id_seq
  47         CustomFieldValues
  48         sessions
  49         classes_id_seq
  50         Classes
  51         articles_id_seq
  52         Articles
  53         topics_id_seq
  54         Topics
  55         objecttopics_id_seq
  56         ObjectTopics
  57         objectclasses_id_seq
  58         ObjectClasses
  59     );
  60
  61     my $db_user = RT->Config->Get('DatabaseUser');
  62     my $db_pass = RT->Config->Get('DatabasePassword');
  63
  64     # if there's already an rt_user, use it.
  65     my @row = $dbh->selectrow_array( "SELECT usename FROM pg_user WHERE usename = '$db_user'" );
  66     unless ( $row[0] ) {
  67          push @acls, "CREATE USER \"$db_user\" WITH PASSWORD '$db_pass' NOCREATEDB NOCREATEUSER;";
  68     }
  69
  70     my $sequence_right
  71         = ( $dbh->{pg_server_version} >= 80200 )
  72         ? "USAGE, SELECT, UPDATE"
  73         : "SELECT, UPDATE";
  74     foreach my $table (@tables) {
  75         if ( $table =~ /^[a-z]/ && $table ne 'sessions' ) {
  76 # table like objectcustomfields_id_s
  77             push @acls, "GRANT $sequence_right ON $table TO \"$db_user\";"
  78         }
  79         else {
  80             push @acls, "GRANT SELECT, INSERT, UPDATE, DELETE ON $table TO \"$db_user\";"
  81         }
  82     }
  83     return (@acls);
  84 }
  85
  86 1;