lib/posgra/driver.rb in posgra-0.1.4 vs lib/posgra/driver.rb in posgra-0.1.5
- old
+ new
@@ -3,10 +3,14 @@
include Posgra::Utils::Helper
DEFAULT_ACL_PRIVS = ENV['POSGRA_DEFAULT_ACL_PRIVS'] || 'arwdDxt'
DEFAULT_ACL = "{%s=#{DEFAULT_ACL_PRIVS}/%s}"
+ DEFAULT_ACL_BY_KIND = {
+ 'S' => '{%s=rwU/%s}'
+ }
+
PRIVILEGE_TYPES = {
'a' => 'INSERT',
'r' => 'SELECT',
'w' => 'UPDATE',
'd' => 'DELETE',
@@ -281,11 +285,12 @@
rs = @client.exec <<-SQL
SELECT
pg_class.relname,
pg_namespace.nspname,
pg_class.relacl,
- pg_user.usename
+ pg_user.usename,
+ pg_class.relkind
FROM
pg_class
INNER JOIN pg_namespace ON pg_class.relnamespace = pg_namespace.oid
INNER JOIN pg_user ON pg_class.relowner = pg_user.usesysid
WHERE
@@ -296,15 +301,16 @@
rs.each do |row|
relname = row.fetch('relname')
nspname = row.fetch('nspname')
relacl = row.fetch('relacl')
usename = row.fetch('usename')
+ relkind = row.fetch('relkind')
next unless matched?(relname, @options[:include_object], @options[:exclude_object])
next unless matched?(nspname, @options[:include_schema], @options[:exclude_schema])
- parse_aclitems(relacl, usename).each do |aclitem|
+ parse_aclitems(relacl, usename, relkind).each do |aclitem|
role = aclitem.fetch('grantee')
privs = aclitem.fetch('privileges')
next unless matched?(role, @options[:include_role], @options[:exclude_role])
grants_by_role[role] ||= {}
grants_by_role[role][nspname] ||= {}
@@ -315,11 +321,12 @@
grants_by_role
end
private
- def parse_aclitems(aclitems, owner)
- aclitems ||= DEFAULT_ACL % [owner, owner]
+ def parse_aclitems(aclitems, owner, relkind)
+ aclitems_fmt = DEFAULT_ACL_BY_KIND.fetch(relkind, DEFAULT_ACL)
+ aclitems ||= aclitems_fmt % [owner, owner]
aclitems = aclitems[1..-2].split(',')
aclitems.map do |aclitem|
grantee, privileges_grantor = aclitem.split('=', 2)
privileges, grantor = privileges_grantor.split('/', 2)