#!/usr/bin/perl
#
# Build the SQL for setting up the permissions on the SCASS database.
# Handles three types of users:
#  - FES users, usually only the user for SCASS.fes, which only 
#    get SELECT privileges on all tables,
#  - BES users, usually the users for the SCASS.bes modules
#    which get SELECT privileges on all tables and limited MODIFY privileges
#    on some tables,
#  - regular users, which operate SCASS via SCASS.fes, those get SELECT on
#    all tables and limited MODIFY privileges on some tables
#
# MODIFY means some out of INSERT/DELETE/UPDATE
#
# This script asks interactively for the users and generates the SQL for
# setting up the privileges into the file table_perms.sql
#
# Reads tableperms to load the permission patterns for each table from.
#
# version: $Id: build_permissions_sql,v 1.2 2002/09/10 02:02:32 als Exp $
#
# author: Alexander Schreiber <als@thangorodrim.de>
#

# load table permission patterns

open(PERMS, "<tableperms") or die "cannot open tableperms for reading";

while ( $line = <PERMS> ) {
    chomp($line);
    unless ( $line =~ /^#/ ) { # ignore comment lines
        @elements = split(/\s+/, $line);
        $table = shift(@elements);
        while ( $perms = shift(@elements) ) {
            ($who, $what) = split(/\s*=\s*/, $perms);
            $tableperms{$table}{$who} = $what;
        }
        push(@tables, $table);
    }
}

close (PERMS);

@types = ("BES", "FES", "USER", "DBADMIN");

# set standard permissions

foreach $table ( @tables ) {
    foreach $type ( @types ) {
        $what = $tableperms{$table}{$type};
        unless ( $what =~ /SELECT/ ) {
            if ( $what eq '' ) {
                $what = 'SELECT';
            } else {
                $what .= ',SELECT';
            }
            $tableperms{$table}{$type} = $what;
        }
    }
    $tableperms{$table}{'DBADMIN'} = 'ALL';
}

foreach $type ( @types ) {

    print "enter comma-separated list of users for type $type: ";
    $userlist = <>;
    chomp($userlist);
    @userslist = split(/\s*,\s*/, $userlist);
    $users{$type} = [ @userslist ];
}

print "\nbuilding SQL ... ";
open(SQL, ">table_perms.sql") or die "cannot open table_perms.sql";
print SQL "\n-- permissions for SCASS, autogenerated by ";
print SQL "build_permissions_sql\n\n";

foreach $table ( @tables ) {
    foreach $type ( keys(%users) ) {
        @userlist = @{ $users{$type} };
        foreach $user ( @userlist ) {
            if ( defined($tableperms{$table}{$type}) ) {
                $cur_perms = $tableperms{$table}{$type};
                $sql  = "GRANT $tableperms{$table}{$type} ON $table ";
                $sql .= "to $user;\n";
                if ( ( $cur_perms =~ /INSERT/i ) or
                     ( $cur_perms =~ /DELETE/i ) or
                     ( $cur_perms =~ /UPDATE/i ) ) {
                $sql .= "GRANT $tableperms{$table}{$type} ON $table";
                $sql .= "_id_seq to $user;\n";
                }
                print SQL $sql; 
            }
        }
    }
}

print "\n";

close(SQL);
