Merge remote-tracking branch 'sequelpro/master'

2 files changed, 41 insertions, 24 deletions

diff --git a/Source/SPUserManager.h b/Source/SPUserManager.h
index 6338145f..5ce1e6bc 100644
--- a/Source/SPUserManager.h
+++ b/Source/SPUserManager.h
@@ -127,7 +127,9 @@
 - (BOOL)updateUser:(SPUserMO *)user;
 - (BOOL)updateResourcesForUser:(SPUserMO *)user;
 - (BOOL)grantPrivilegesToUser:(SPUserMO *)user;
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke;
 - (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user;
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user skippingRevoke:(BOOL)skipRevoke;
 
 // External
 /**
diff --git a/Source/SPUserManager.m b/Source/SPUserManager.m
index 12da17fb..3fe37ae7 100644
--- a/Source/SPUserManager.m
+++ b/Source/SPUserManager.m
@@ -1128,22 +1128,27 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn";
 			}
 			// If we created the user with the GRANT statment (MySQL < 5), then revoke the
 			// privileges we gave the new user.
-			else {
+			if(![serverSupport supportsCreateUser]) {
 				[connection queryString:[NSString stringWithFormat:@"REVOKE SELECT ON mysql.* FROM %@@%@", [[[user parent] valueForKey:@"user"] tickQuotedString], host]];
 				
 				if (![self _checkAndDisplayMySqlError]) return NO;
 			}
 			
-			return [self grantPrivilegesToUser:user];
+			return [self grantPrivilegesToUser:user skippingRevoke:YES];
 		}
 	}
 	return NO;
 }
 
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
+{
+	return [self grantDbPrivilegesWithPrivilege:schemaPriv skippingRevoke:NO];
+}
+
 /**
  * Grant or revoke DB privileges for the supplied user.
  */
-- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv skippingRevoke:(BOOL)skipRevoke
 {
 	NSMutableArray *grantPrivileges = [NSMutableArray array];
 	NSMutableArray *revokePrivileges = [NSMutableArray array];
@@ -1151,17 +1156,15 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn";
 	NSString *dbName = [schemaPriv valueForKey:@"db"];
     dbName = [dbName stringByReplacingOccurrencesOfString:@"_" withString:@"\\_"];
 	
-	NSString *statement = [NSString stringWithFormat:@"SELECT USER, HOST FROM mysql.db WHERE USER = %@ AND HOST = %@ AND DB = %@",
-									  [[schemaPriv valueForKeyPath:@"user.parent.user"] tickQuotedString],
-									  [[schemaPriv valueForKeyPath:@"user.host"] tickQuotedString],
-									  [dbName tickQuotedString]];
-	
-	NSArray *matchingUsers = [connection getAllRowsFromQuery:statement];	
+	NSArray *changedKeys = [[schemaPriv changedValues] allKeys];
 	
 	for (NSString *key in [self privsSupportedByServer])
 	{
 		if (![key hasSuffix:@"_priv"]) continue;
 		
+		//ignore anything that we didn't change
+		if (![changedKeys containsObject:key]) continue;
+		
 		NSString *privilege = [key stringByReplacingOccurrencesOfString:@"_priv" withString:@""];
 		
 		NS_DURING
@@ -1169,9 +1172,7 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn";
 				[grantPrivileges addObject:[privilege replaceUnderscoreWithSpace]];
 			}
 			else {
-				if ([matchingUsers count] || [grantPrivileges count] > 0) {
-					[revokePrivileges addObject:[privilege replaceUnderscoreWithSpace]];
-				}
+				[revokePrivileges addObject:[privilege replaceUnderscoreWithSpace]];
 			}
 		NS_HANDLER
 		NS_ENDHANDLER
@@ -1184,11 +1185,13 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn";
 				   forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] 
 					  host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
 	
-	// Revoke privileges
-	if(![self _revokePrivileges:revokePrivileges
-				 onDatabase:dbName 
-					forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] 
-					   host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
+	if(!skipRevoke) {
+		// Revoke privileges
+		if(![self _revokePrivileges:revokePrivileges
+					 onDatabase:dbName 
+						forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] 
+						   host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
+	}
 	
 	return YES;
 }
@@ -1214,20 +1217,30 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn";
 	return YES;
 }
 
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user
+{
+	return [self grantPrivilegesToUser:user skippingRevoke:NO];
+}
+
 /**
  * Grant or revoke privileges for the supplied user.
  */
-- (BOOL)grantPrivilegesToUser:(SPUserMO *)user
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke
 {
 	if ([user valueForKey:@"parent"] != nil)
 	{
 		NSMutableArray *grantPrivileges = [NSMutableArray array];
 		NSMutableArray *revokePrivileges = [NSMutableArray array];
 		
+		NSArray *changedKeys = [[user changedValues] allKeys];
+		
 		for (NSString *key in [self privsSupportedByServer])
 		{
 			if (![key hasSuffix:@"_priv"]) continue;
 			
+			//ignore anything that we didn't change
+			if (![changedKeys containsObject:key]) continue;
+			
 			NSString *privilege = [key stringByReplacingOccurrencesOfString:@"_priv" withString:@""];
 			
 			// Check the value of the priv and assign to grant or revoke query as appropriate; do this
@@ -1249,16 +1262,18 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn";
 					   forUser:[[user parent] valueForKey:@"user"] 
 						  host:[user valueForKey:@"host"]]) return NO;
 
-		// Revoke privileges
-		if(![self _revokePrivileges:revokePrivileges
-					 onDatabase:nil 
-						forUser:[[user parent] valueForKey:@"user"] 
-						   host:[user valueForKey:@"host"]]) return NO;
+		if(!skipRevoke) {
+			// Revoke privileges
+			if(![self _revokePrivileges:revokePrivileges
+						 onDatabase:nil 
+							forUser:[[user parent] valueForKey:@"user"] 
+							   host:[user valueForKey:@"host"]]) return NO;
+		}
 	}
 	
 	for (SPPrivilegesMO *priv in [user valueForKey:@"schema_privileges"])
 	{
-		if(![self grantDbPrivilegesWithPrivilege:priv]) return NO;
+		if(![self grantDbPrivilegesWithPrivilege:priv skippingRevoke:skipRevoke]) return NO;
 	}
 	
 	return YES;