README.md
postgresql-acl
acl
Library
acl
parses
PostgreSQL's ACL syntax
and returns a usable structure. Library documentation is available at
https://godoc.org/github.com/sean-/postgresql-acl.
package main
import (
"fmt"
"github.com/sean-/postgresql-acl"
)
func structToString() acl.ACL {
return acl.ACL{
Role: "foo",
GrantedBy: "bar",
Privileges: acl.Usage | acl.Create,
GrantOptions: acl.Create,
}
}
func stringToStruct() acl.Schema {
// Parse an aclitem string
aclitem, err := acl.Parse("foo=C*U/bar")
if err != nil {
panic(fmt.Sprintf("bad: %v", err))
}
// Verify that ACL permissions are appropriate for a schema type
schema, err := acl.NewSchema(aclitem)
if err != nil {
panic(fmt.Sprintf("bad: %v", err))
}
return schema
}
func main() {
fmt.Printf("ACL Struct to String: %+q\n", structToString().String())
fmt.Printf("ACL String to Struct: %#v\n", stringToStruct().String())
}
ACL Struct to String: "foo=UC*/bar"
ACL String to Struct: "foo=UC*/bar"
Supported PostgreSQL aclitem
Types
- column permissions
- database
- domain
- foreign data wrappers
- foreign server
- function
- language
- large object
- schema
- sequences
- table
- table space
- type
Notes
The output from String()
should match the ordering of characters in aclitem
.
The target of each of these ACLs (e.g. schema name, table name, etc) is not
contained within PostgreSQLs aclitem
and it is expected this value is managed
elsewhere in your object model.
Arrays of aclitem
are supposed to be iterated over by the caller. For
example:
const schema = "public"
var name, owner string
var acls []string
err := conn.QueryRow("SELECT n.nspname, pg_catalog.pg_get_userbyid(n.nspowner), COALESCE(n.nspacl, '{}'::aclitem[])::TEXT[] FROM pg_catalog.pg_namespace n WHERE n.nspname = $1", schema).Scan(&name, &owner, pq.Array(&acls))
if err == nil {
for _, acl := range acls {
acl, err = pgacl.NewSchema(acl)
if err != nil {
return err
}
// ...
}
}