NAME

FusqlFS::Backend::PgSQL::Role::Acl - FusqlFS class to expose PostgreSQL artifact's permissions

SYNOPSIS

package FusqlFS::Backend::PgSQL::Tables;
use parent 'FusqlFS::Artifact';

use FusqlFS::Backend::PgSQL::Role::Acl;

sub init
{
    my $self = shift;

    # initialize class

    $self->{acl} = FusqlFS::Backend::PgSQL::Role::Acl->new('r');
}

sub get
{
    my $self = shift;
    my ($name) = @_;
    my $result = {};

    # load structures into $result

    $result->{acl} = $self->{acl};
    return $result;
}

DESCRIPTION

This class exposes PostgreSQL artifact's permissions (a.k.a. ACL) as a directory with subdirectories named after roles with marker files named after permissions. It is best used with plugged in FusqlFS::Backend::PgSQL::Roles module (see FusqlFS::Backend::Base for more info on plugging in different modules).

The class's new constructor accepts single char argument designating type of artifact the owner of which is to be exposed. Possible values can be seen in FusqlFS::Backend::PgSQL::Role::Base module.

EXPOSED STRUCTURE

First level of exposed files are subdirectories named after roles, e.g. if a table has perms granted to roles user1 and user2 this module will expose subdirectories ./user1 and ./user2.

Removing such subdirectory revokes all permissions from the role, creating subdirectory with some role's name grants all permission to the role.

Every such subdirectory has following structure:

./granter

Symlink to role in ../../../../roles which granted current role its permissions.

./role

Symlink to current role in ../../../../roles (i.e. the role with the name equal to current subdirectory's name).

./insert, ./update, ./delete, ./references, ./trigger, ./usage

Plain files to designated correspondent permission is granted. Remove some of the files to revoke the permission or create new file with one of the names (e.g. with touch ./insert) to grant such permission.