diff options
Diffstat (limited to 'rt/etc/acl.Pg')
| -rwxr-xr-x | rt/etc/acl.Pg | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/rt/etc/acl.Pg b/rt/etc/acl.Pg new file mode 100755 index 000000000..8a0d4f28c --- /dev/null +++ b/rt/etc/acl.Pg @@ -0,0 +1,76 @@ + +sub acl { + my $dbh = shift; + + my @acls; + + my @tables = qw ( + attachments_id_seq + Attachments + Attributes + attributes_id_seq + queues_id_seq + Queues + links_id_seq + Links + principals_id_seq + Principals + groups_id_seq + Groups + scripconditions_id_seq + ScripConditions + transactions_id_seq + Transactions + scrips_id_seq + Scrips + acl_id_seq + ACL + groupmembers_id_seq + GroupMembers + cachedgroupmembers_id_seq + CachedGroupMembers + users_id_seq + Users + tickets_id_seq + Tickets + scripactions_id_seq + ScripActions + templates_id_seq + Templates + objectcustomfieldvalues_id_s + ObjectCustomFieldValues + customfields_id_seq + CustomFields + objectcustomfields_id_s + ObjectCustomFields + customfieldvalues_id_seq + CustomFieldValues + sessions + ); + + my $db_user = RT->Config->Get('DatabaseUser'); + my $db_pass = RT->Config->Get('DatabasePassword'); + + # if there's already an rt_user, use it. + my @row = $dbh->selectrow_array( "SELECT usename FROM pg_user WHERE usename = '$db_user'" ); + unless ( $row[0] ) { + push @acls, "CREATE USER \"$db_user\" WITH PASSWORD '$db_pass' NOCREATEDB NOCREATEUSER;"; + } + + my $sequence_right + = ( $dbh->{pg_server_version} >= 80200 ) + ? "USAGE, SELECT, UPDATE" + : "SELECT, UPDATE"; + foreach my $table (@tables) { + if ( $table =~ /^[a-z]/ && $table ne 'sessions' ) { +# table like objectcustomfields_id_s + push @acls, "GRANT $sequence_right ON $table TO \"$db_user\";" + } + else { + push @acls, "GRANT SELECT, INSERT, UPDATE, DELETE ON $table TO \"$db_user\";" + } + } + return (@acls); +} + +1; |