-drop user !!DB_RT_USER!!;
-create user !!DB_RT_USER!! with password '!!DB_RT_PASS!!' NOCREATEDB NOCREATEUSER;
-grant select, insert, update, delete on Groups to !!DB_RT_USER!!;
-grant select, insert, update, delete on Groups_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on ACL to !!DB_RT_USER!!;
-grant select, insert, update, delete on ACL_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Watchers to !!DB_RT_USER!!;
-grant select, insert, update, delete on Watchers_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Links to !!DB_RT_USER!!;
-grant select, insert, update, delete on Links_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Users to !!DB_RT_USER!!;
-grant select, insert, update, delete on Users_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Tickets to !!DB_RT_USER!!;
-grant select, insert, update, delete on Tickets_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on GroupMembers to !!DB_RT_USER!!;
-grant select, insert, update, delete on GroupMembers_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Queues to !!DB_RT_USER!!;
-grant select, insert, update, delete on Queues_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Transactions to !!DB_RT_USER!!;
-grant select, insert, update, delete on Transactions_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on ScripActions to !!DB_RT_USER!!;
-grant select, insert, update, delete on ScripActions_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on ScripConditions to !!DB_RT_USER!!;
-grant select, insert, update, delete on ScripConditions_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Scrips to !!DB_RT_USER!!;
-grant select, insert, update, delete on Scrips_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Attachments to !!DB_RT_USER!!;
-grant select, insert, update, delete on Attachments_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Templates to !!DB_RT_USER!!;
-grant select, insert, update, delete on Templates_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Keywords to !!DB_RT_USER!!;
-grant select, insert, update, delete on Keywords_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on ObjectKeywords to !!DB_RT_USER!!;
-grant select, insert, update, delete on ObjectKeywords_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on KeywordSelects to !!DB_RT_USER!!;
-grant select, insert, update, delete on KeywordSelects_id_seq to !!DB_RT_USER!!;
+sub acl {
+ my $dbh = shift;
+ my @acls;
+ my @tables = qw (
+ attachments_id_seq
+ Attachments
+ Attributes
+ attributes_id_seq
+ queues_id_seq
+ Queues
+ links_id_seq
+ Links
+ principals_id_seq
+ Principals
+ groups_id_seq
+ Groups
+ scripconditions_id_seq
+ ScripConditions
+ transactions_id_seq
+ Transactions
+ scrips_id_seq
+ Scrips
+ objectscrips_id_seq
+ ObjectScrips
+ acl_id_seq
+ ACL
+ groupmembers_id_seq
+ GroupMembers
+ cachedgroupmembers_id_seq
+ CachedGroupMembers
+ users_id_seq
+ Users
+ tickets_id_seq
+ Tickets
+ scripactions_id_seq
+ ScripActions
+ templates_id_seq
+ Templates
+ objectcustomfieldvalues_id_s
+ ObjectCustomFieldValues
+ customfields_id_seq
+ CustomFields
+ objectcustomfields_id_s
+ ObjectCustomFields
+ customfieldvalues_id_seq
+ CustomFieldValues
+ sessions
+ classes_id_seq
+ Classes
+ articles_id_seq
+ Articles
+ topics_id_seq
+ Topics
+ objecttopics_id_seq
+ ObjectTopics
+ objectclasses_id_seq
+ ObjectClasses
+ );
+
+ my $db_user = RT->Config->Get('DatabaseUser');
+ my $db_pass = RT->Config->Get('DatabasePassword');
+
+ # if there's already an rt_user, use it.
+ my @row = $dbh->selectrow_array( "SELECT usename FROM pg_user WHERE usename = '$db_user'" );
+ unless ( $row[0] ) {
+ push @acls, "CREATE USER \"$db_user\" WITH PASSWORD '$db_pass' NOCREATEDB NOSUPERUSER;";
+ }
+
+ foreach my $table (@tables) {
+ if ( $table =~ /^[a-z]/ && $table ne 'sessions' ) {
+ # Sequences; not all end with _seq because
+ # objectcustomfieldvalues_id_s is too long
+ push @acls, "GRANT USAGE, SELECT, UPDATE ON $table TO \"$db_user\";"
+ }
+ else {
+ push @acls, "GRANT SELECT, INSERT, UPDATE, DELETE ON $table TO \"$db_user\";"
+ }
+ }
+ return (@acls);
+}
+
+1;