rt/etc/acl.Pg

   1
   2 sub acl {
   3     my $dbh = shift;
   4
   5     my @acls;
   6
   7     my @tables = qw (
   8         attachments_id_seq
   9         Attachments
  10         Attributes
  11         attributes_id_seq
  12         queues_id_seq
  13         Queues
  14         links_id_seq
  15         Links
  16         principals_id_seq
  17         Principals
  18         groups_id_seq
  19         Groups
  20         scripconditions_id_seq
  21         ScripConditions
  22         transactions_id_seq
  23         Transactions
  24         scrips_id_seq
  25         Scrips
  26         objectscrips_id_seq
  27         ObjectScrips
  28         acl_id_seq
  29         ACL
  30         groupmembers_id_seq
  31         GroupMembers
  32         cachedgroupmembers_id_seq
  33         CachedGroupMembers
  34         users_id_seq
  35         Users
  36         tickets_id_seq
  37         Tickets
  38         scripactions_id_seq
  39         ScripActions
  40         templates_id_seq
  41         Templates
  42         objectcustomfieldvalues_id_s
  43         ObjectCustomFieldValues
  44         customfields_id_seq
  45         CustomFields
  46         objectcustomfields_id_s
  47         ObjectCustomFields
  48         customfieldvalues_id_seq
  49         CustomFieldValues
  50         sessions
  51         classes_id_seq
  52         Classes
  53         articles_id_seq
  54         Articles
  55         topics_id_seq
  56         Topics
  57         objecttopics_id_seq
  58         ObjectTopics
  59         objectclasses_id_seq
  60         ObjectClasses
  61     );
  62
  63     my $db_user = RT->Config->Get('DatabaseUser');
  64     my $db_pass = RT->Config->Get('DatabasePassword');
  65
  66     # if there's already an rt_user, use it.
  67     my @row = $dbh->selectrow_array( "SELECT usename FROM pg_user WHERE usename = '$db_user'" );
  68     unless ( $row[0] ) {
  69          push @acls, "CREATE USER \"$db_user\" WITH PASSWORD '$db_pass' NOCREATEDB NOSUPERUSER;";
  70     }
  71
  72     foreach my $table (@tables) {
  73         if ( $table =~ /^[a-z]/ && $table ne 'sessions' ) {
  74             # Sequences; not all end with _seq because
  75             # objectcustomfieldvalues_id_s is too long
  76             push @acls, "GRANT USAGE, SELECT, UPDATE ON $table TO \"$db_user\";"
  77         }
  78         else {
  79             push @acls, "GRANT SELECT, INSERT, UPDATE, DELETE ON $table TO \"$db_user\";"
  80         }
  81     }
  82     return (@acls);
  83 }
  84
  85 1;