Konstantin Stepanov


FusqlFS::Backend::PgSQL::Role::Acl - FusqlFS class to expose PostgreSQL artifact's permissions


    package FusqlFS::Backend::PgSQL::Tables;
    use parent 'FusqlFS::Artifact';

    use FusqlFS::Backend::PgSQL::Role::Acl;

    sub init
        my $self = shift;

        # initialize class

        $self->{acl} = FusqlFS::Backend::PgSQL::Role::Acl->new('r');

    sub get
        my $self = shift;
        my ($name) = @_;
        my $result = {};

        # load structures into $result

        $result->{acl} = $self->{acl};
        return $result;


This class exposes PostgreSQL artifact's permissions (a.k.a. ACL) as a directory with subdirectories named after roles with marker files named after permissions. It is best used with plugged in FusqlFS::Backend::PgSQL::Roles module (see FusqlFS::Backend::Base for more info on plugging in different modules).

The class's new constructor accepts single char argument designating type of artifact the owner of which is to be exposed. Possible values can be seen in FusqlFS::Backend::PgSQL::Role::Base module.


First level of exposed files are subdirectories named after roles, e.g. if a table has perms granted to roles user1 and user2 this module will expose subdirectories ./user1 and ./user2.

Removing such subdirectory revokes all permissions from the role, creating subdirectory with some role's name grants all permission to the role.

Every such subdirectory has following structure:


Symlink to role in ../../../../roles which granted current role its permissions.


Symlink to current role in ../../../../roles (i.e. the role with the name equal to current subdirectory's name).

./insert, ./update, ./delete, ./references, ./trigger, ./usage

Plain files to designated correspondent permission is granted. Remove some of the files to revoke the permission or create new file with one of the names (e.g. with touch ./insert) to grant such permission.