X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Fetc%2Facl.Pg;h=a659d8e9909f304c42c684d8271e3479c02d2c80;hb=7903b3fb9ae73fc5fb46f98575141fbe9713f880;hp=13ac41dcf55564fa25887ef3e28d561c21eab7ea;hpb=c0567c688084e89fcd11bf82348b6c418f1254ac;p=freeside.git

diff --git a/rt/etc/acl.Pg b/rt/etc/acl.Pg
index 13ac41dcf..a659d8e99 100755
--- a/rt/etc/acl.Pg
+++ b/rt/etc/acl.Pg
@@ -1,39 +1,85 @@
-drop user !!DB_RT_USER!!;
-create user !!DB_RT_USER!! with password '!!DB_RT_PASS!!' NOCREATEDB NOCREATEUSER;
 
-grant select, insert, update, delete on Groups to !!DB_RT_USER!!;
-grant select, insert, update, delete on Groups_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on ACL to !!DB_RT_USER!!;
-grant select, insert, update, delete on ACL_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Watchers to !!DB_RT_USER!!;
-grant select, insert, update, delete on Watchers_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Links to !!DB_RT_USER!!;
-grant select, insert, update, delete on Links_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Users to !!DB_RT_USER!!;
-grant select, insert, update, delete on Users_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Tickets to !!DB_RT_USER!!;
-grant select, insert, update, delete on Tickets_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on GroupMembers to !!DB_RT_USER!!;
-grant select, insert, update, delete on GroupMembers_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Queues to !!DB_RT_USER!!;
-grant select, insert, update, delete on Queues_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Transactions to !!DB_RT_USER!!;
-grant select, insert, update, delete on Transactions_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on ScripActions to !!DB_RT_USER!!;
-grant select, insert, update, delete on ScripActions_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on ScripConditions to !!DB_RT_USER!!;
-grant select, insert, update, delete on ScripConditions_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Scrips to !!DB_RT_USER!!;
-grant select, insert, update, delete on Scrips_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Attachments to !!DB_RT_USER!!;
-grant select, insert, update, delete on Attachments_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Templates to !!DB_RT_USER!!;
-grant select, insert, update, delete on Templates_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on Keywords to !!DB_RT_USER!!;
-grant select, insert, update, delete on Keywords_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on ObjectKeywords to !!DB_RT_USER!!;
-grant select, insert, update, delete on ObjectKeywords_id_seq to !!DB_RT_USER!!;
-grant select, insert, update, delete on KeywordSelects to !!DB_RT_USER!!;
-grant select, insert, update, delete on KeywordSelects_id_seq to !!DB_RT_USER!!;
+sub acl {
+    my $dbh = shift;
 
+    my @acls;
 
+    my @tables = qw (
+        attachments_id_seq
+        Attachments
+        Attributes
+        attributes_id_seq
+        queues_id_seq
+        Queues 
+        links_id_seq
+        Links 
+        principals_id_seq
+        Principals 
+        groups_id_seq
+        Groups 
+        scripconditions_id_seq
+        ScripConditions 
+        transactions_id_seq
+        Transactions 
+        scrips_id_seq
+        Scrips 
+        objectscrips_id_seq
+        ObjectScrips
+        acl_id_seq
+        ACL 
+        groupmembers_id_seq
+        GroupMembers 
+        cachedgroupmembers_id_seq
+        CachedGroupMembers 
+        users_id_seq
+        Users 
+        tickets_id_seq
+        Tickets 
+        scripactions_id_seq
+        ScripActions 
+        templates_id_seq
+        Templates 
+        objectcustomfieldvalues_id_s
+        ObjectCustomFieldValues 
+        customfields_id_seq
+        CustomFields 
+        objectcustomfields_id_s
+        ObjectCustomFields 
+        customfieldvalues_id_seq
+        CustomFieldValues
+        sessions
+        classes_id_seq
+        Classes
+        articles_id_seq
+        Articles
+        topics_id_seq
+        Topics
+        objecttopics_id_seq
+        ObjectTopics
+        objectclasses_id_seq
+        ObjectClasses
+    );
+
+    my $db_user = RT->Config->Get('DatabaseUser');
+    my $db_pass = RT->Config->Get('DatabasePassword');
+
+    # if there's already an rt_user, use it.
+    my @row = $dbh->selectrow_array( "SELECT usename FROM pg_user WHERE usename = '$db_user'" );
+    unless ( $row[0] ) {
+         push @acls, "CREATE USER \"$db_user\" WITH PASSWORD '$db_pass' NOCREATEDB NOCREATEUSER;";
+    }
+
+    foreach my $table (@tables) {
+        if ( $table =~ /^[a-z]/ && $table ne 'sessions' ) {
+            # Sequences; not all end with _seq because
+            # objectcustomfieldvalues_id_s is too long
+            push @acls, "GRANT USAGE, SELECT, UPDATE ON $table TO \"$db_user\";"
+        }
+        else {
+            push @acls, "GRANT SELECT, INSERT, UPDATE, DELETE ON $table TO \"$db_user\";"
+        }
+    }
+    return (@acls);
+}
+
+1;