3 files changed, 88 insertions, 62 deletions

diff --git a/rt/etc/acl.Oracle b/rt/etc/acl.Oracle
index c8667c0..9ca4122 100644
--- a/rt/etc/acl.Oracle
+++ b/rt/etc/acl.Oracle
@@ -1,10 +1,4 @@
-sub acl {
-return (
-"CREATE USER ${RT::DatabaseUser} identified by ${RT::DatabasePassword}".
-"temporary tablespace TEMP" .
-"default tablespace USERS" .
-"quota unlimited on USERS;" ,
-"grant connect, resource to ${RT::DatabaseUser};",
-"exit;");
-}
+
+sub acl { return () }
+
 1;
diff --git a/rt/etc/acl.Pg b/rt/etc/acl.Pg
index 16ea71b..8a0d4f2 100755
--- a/rt/etc/acl.Pg
+++ b/rt/etc/acl.Pg
@@ -1,63 +1,76 @@
+
 sub acl {
     my $dbh = shift;
 
     my @acls;
 
     my @tables = qw (
-
-      attachments_id_seq
-      Attachments
-      queues_id_seq
-      Queues
-      links_id_seq
-      Links
-      principals_id_seq
-      Principals
-      groups_id_seq
-      Groups
-      scripconditions_id_seq
-      ScripConditions
-      transactions_id_seq
-      Transactions
-      scrips_id_seq
-      Scrips
-      acl_id_seq
-      ACL
-      groupmembers_id_seq
-      GroupMembers
-      cachedgroupmembers_id_seq
-      CachedGroupMembers
-      users_id_seq
-      Users
-      tickets_id_seq
-      Tickets
-      scripactions_id_seq
-      ScripActions
-      templates_id_seq
-      Templates
-      ticketcustomfieldvalues_id_s
-      TicketCustomFieldValues
-      customfields_id_seq
-      CustomFields
-      customfieldvalues_id_seq
-      CustomFieldValues
-      sessions
+        attachments_id_seq
+        Attachments
+        Attributes
+        attributes_id_seq
+        queues_id_seq
+        Queues 
+        links_id_seq
+        Links 
+        principals_id_seq
+        Principals 
+        groups_id_seq
+        Groups 
+        scripconditions_id_seq
+        ScripConditions 
+        transactions_id_seq
+        Transactions 
+        scrips_id_seq
+        Scrips 
+        acl_id_seq
+        ACL 
+        groupmembers_id_seq
+        GroupMembers 
+        cachedgroupmembers_id_seq
+        CachedGroupMembers 
+        users_id_seq
+        Users 
+        tickets_id_seq
+        Tickets 
+        scripactions_id_seq
+        ScripActions 
+        templates_id_seq
+        Templates 
+        objectcustomfieldvalues_id_s
+        ObjectCustomFieldValues 
+        customfields_id_seq
+        CustomFields 
+        objectcustomfields_id_s
+        ObjectCustomFields 
+        customfieldvalues_id_seq
+        CustomFieldValues
+        sessions
     );
 
-    # if there's already an rt_user, drop it.
-    my @row =
-      $dbh->selectrow_array( "select usename from pg_user where usename = '" . $RT::DatabaseUser."'" );
-    if ( $row[0] ) {
-        push @acls, "drop user ${RT::DatabaseUser};",;
+    my $db_user = RT->Config->Get('DatabaseUser');
+    my $db_pass = RT->Config->Get('DatabasePassword');
+
+    # if there's already an rt_user, use it.
+    my @row = $dbh->selectrow_array( "SELECT usename FROM pg_user WHERE usename = '$db_user'" );
+    unless ( $row[0] ) {
+	 push @acls, "CREATE USER \"$db_user\" WITH PASSWORD '$db_pass' NOCREATEDB NOCREATEUSER;";
     }
 
-    push @acls, "create user ${RT::DatabaseUser} with password '${RT::DatabasePassword}' NOCREATEDB NOCREATEUSER;";
+    my $sequence_right
+        = ( $dbh->{pg_server_version} >= 80200 )
+        ? "USAGE, SELECT, UPDATE"
+        : "SELECT, UPDATE";
     foreach my $table (@tables) {
-        push @acls,
-          "GRANT SELECT, INSERT, UPDATE, DELETE ON $table to "
-          . $RT::DatabaseUser . ";";
-
+        if ( $table =~ /^[a-z]/ && $table ne 'sessions' ) {
+# table like objectcustomfields_id_s
+            push @acls, "GRANT $sequence_right ON $table TO \"$db_user\";"
+        }
+        else {
+            push @acls, "GRANT SELECT, INSERT, UPDATE, DELETE ON $table TO \"$db_user\";"
+        }
     }
     return (@acls);
 }
+
 1;
diff --git a/rt/etc/acl.mysql b/rt/etc/acl.mysql
index 0ecaa3b..0982ca2 100755
--- a/rt/etc/acl.mysql
+++ b/rt/etc/acl.mysql
@@ -1,8 +1,27 @@
+
 sub acl {
-return  (
-"USE mysql;",
-"DELETE FROM user WHERE user = '${RT::DatabaseUser}';",
-"DELETE FROM db where db = '${RT::DatabaseName}';",
-"GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE ON ${RT::DatabaseName}.* TO ${RT::DatabaseUser}\@${RT::DatabaseRTHost} IDENTIFIED BY '${RT::DatabasePassword}';");
+    my $db_name = RT->Config->Get('DatabaseName');
+    my $db_rthost = RT->Config->Get('DatabaseRTHost');
+    my $db_user = RT->Config->Get('DatabaseUser');
+    my $db_pass = RT->Config->Get('DatabasePassword');
+    unless ( $db_user ) {
+        print STDERR "DatabaseUser option is not defined or empty. Skipping...\n";
+        return;
+    }
+    if ( $db_user eq 'root' ) {
+        print STDERR "DatabaseUser is root. Skipping...\n";
+        return;
+    }
+    print "Granting access to $db_user\@'$db_rthost' on $db_name.\n";
+    return (
+        "USE mysql;",
+        "DELETE FROM user WHERE user = '$db_user';",
+        "DELETE FROM db where db = '$db_name';",
+        "GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE
+               ON $db_name.*
+               TO '$db_user'\@'$db_rthost'
+               IDENTIFIED BY '$db_pass';",
+    );
 }
+
 1;