rt/etc/acl.Pg

   1
   2 sub acl {
   3     my $dbh = shift;
   4
   5     my @acls;
   6
   7     my @tables = qw (
   8         attachments_id_seq
   9         Attachments
  10         Attributes
  11         attributes_id_seq
  12         queues_id_seq
  13         Queues
  14         links_id_seq
  15         Links
  16         principals_id_seq
  17         Principals
  18         groups_id_seq
  19         Groups
  20         scripconditions_id_seq
  21         ScripConditions
  22         transactions_id_seq
  23         Transactions
  24         scrips_id_seq
  25         Scrips
  26         acl_id_seq
  27         ACL
  28         groupmembers_id_seq
  29         GroupMembers
  30         cachedgroupmembers_id_seq
  31         CachedGroupMembers
  32         users_id_seq
  33         Users
  34         tickets_id_seq
  35         Tickets
  36         scripactions_id_seq
  37         ScripActions
  38         templates_id_seq
  39         Templates
  40         objectcustomfieldvalues_id_s
  41         ObjectCustomFieldValues
  42         customfields_id_seq
  43         CustomFields
  44         objectcustomfields_id_s
  45         ObjectCustomFields
  46         customfieldvalues_id_seq
  47         CustomFieldValues
  48         sessions
  49     );
  50
  51     my $db_user = RT->Config->Get('DatabaseUser');
  52     my $db_pass = RT->Config->Get('DatabasePassword');
  53
  54     # if there's already an rt_user, use it.
  55     my @row = $dbh->selectrow_array( "SELECT usename FROM pg_user WHERE usename = '$db_user'" );
  56     unless ( $row[0] ) {
  57          push @acls, "CREATE USER \"$db_user\" WITH PASSWORD '$db_pass' NOCREATEDB NOCREATEUSER;";
  58     }
  59
  60     my $sequence_right
  61         = ( $dbh->{pg_server_version} >= 80200 )
  62         ? "USAGE, SELECT, UPDATE"
  63         : "SELECT, UPDATE";
  64     foreach my $table (@tables) {
  65         if ( $table =~ /^[a-z]/ && $table ne 'sessions' ) {
  66 # table like objectcustomfields_id_s
  67             push @acls, "GRANT $sequence_right ON $table TO \"$db_user\";"
  68         }
  69         else {
  70             push @acls, "GRANT SELECT, INSERT, UPDATE, DELETE ON $table TO \"$db_user\";"
  71         }
  72     }
  73     return (@acls);
  74 }
  75
  76 1;