diff options
| -rw-r--r-- | Source/SPUserManager.h | 2 | ||||
| -rw-r--r-- | Source/SPUserManager.m | 63 |
2 files changed, 41 insertions, 24 deletions
diff --git a/Source/SPUserManager.h b/Source/SPUserManager.h index 6338145f..5ce1e6bc 100644 --- a/Source/SPUserManager.h +++ b/Source/SPUserManager.h @@ -127,7 +127,9 @@ - (BOOL)updateUser:(SPUserMO *)user; - (BOOL)updateResourcesForUser:(SPUserMO *)user; - (BOOL)grantPrivilegesToUser:(SPUserMO *)user; +- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke; - (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user; +- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user skippingRevoke:(BOOL)skipRevoke; // External /** diff --git a/Source/SPUserManager.m b/Source/SPUserManager.m index 12da17fb..3fe37ae7 100644 --- a/Source/SPUserManager.m +++ b/Source/SPUserManager.m @@ -1128,22 +1128,27 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; } // If we created the user with the GRANT statment (MySQL < 5), then revoke the // privileges we gave the new user. - else { + if(![serverSupport supportsCreateUser]) { [connection queryString:[NSString stringWithFormat:@"REVOKE SELECT ON mysql.* FROM %@@%@", [[[user parent] valueForKey:@"user"] tickQuotedString], host]]; if (![self _checkAndDisplayMySqlError]) return NO; } - return [self grantPrivilegesToUser:user]; + return [self grantPrivilegesToUser:user skippingRevoke:YES]; } } return NO; } +- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv +{ + return [self grantDbPrivilegesWithPrivilege:schemaPriv skippingRevoke:NO]; +} + /** * Grant or revoke DB privileges for the supplied user. */ -- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv +- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv skippingRevoke:(BOOL)skipRevoke { NSMutableArray *grantPrivileges = [NSMutableArray array]; NSMutableArray *revokePrivileges = [NSMutableArray array]; @@ -1151,17 +1156,15 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; NSString *dbName = [schemaPriv valueForKey:@"db"]; dbName = [dbName stringByReplacingOccurrencesOfString:@"_" withString:@"\\_"]; - NSString *statement = [NSString stringWithFormat:@"SELECT USER, HOST FROM mysql.db WHERE USER = %@ AND HOST = %@ AND DB = %@", - [[schemaPriv valueForKeyPath:@"user.parent.user"] tickQuotedString], - [[schemaPriv valueForKeyPath:@"user.host"] tickQuotedString], - [dbName tickQuotedString]]; - - NSArray *matchingUsers = [connection getAllRowsFromQuery:statement]; + NSArray *changedKeys = [[schemaPriv changedValues] allKeys]; for (NSString *key in [self privsSupportedByServer]) { if (![key hasSuffix:@"_priv"]) continue; + //ignore anything that we didn't change + if (![changedKeys containsObject:key]) continue; + NSString *privilege = [key stringByReplacingOccurrencesOfString:@"_priv" withString:@""]; NS_DURING @@ -1169,9 +1172,7 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; [grantPrivileges addObject:[privilege replaceUnderscoreWithSpace]]; } else { - if ([matchingUsers count] || [grantPrivileges count] > 0) { - [revokePrivileges addObject:[privilege replaceUnderscoreWithSpace]]; - } + [revokePrivileges addObject:[privilege replaceUnderscoreWithSpace]]; } NS_HANDLER NS_ENDHANDLER @@ -1184,11 +1185,13 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO; - // Revoke privileges - if(![self _revokePrivileges:revokePrivileges - onDatabase:dbName - forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] - host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO; + if(!skipRevoke) { + // Revoke privileges + if(![self _revokePrivileges:revokePrivileges + onDatabase:dbName + forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] + host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO; + } return YES; } @@ -1214,20 +1217,30 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; return YES; } +- (BOOL)grantPrivilegesToUser:(SPUserMO *)user +{ + return [self grantPrivilegesToUser:user skippingRevoke:NO]; +} + /** * Grant or revoke privileges for the supplied user. */ -- (BOOL)grantPrivilegesToUser:(SPUserMO *)user +- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke { if ([user valueForKey:@"parent"] != nil) { NSMutableArray *grantPrivileges = [NSMutableArray array]; NSMutableArray *revokePrivileges = [NSMutableArray array]; + NSArray *changedKeys = [[user changedValues] allKeys]; + for (NSString *key in [self privsSupportedByServer]) { if (![key hasSuffix:@"_priv"]) continue; + //ignore anything that we didn't change + if (![changedKeys containsObject:key]) continue; + NSString *privilege = [key stringByReplacingOccurrencesOfString:@"_priv" withString:@""]; // Check the value of the priv and assign to grant or revoke query as appropriate; do this @@ -1249,16 +1262,18 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; forUser:[[user parent] valueForKey:@"user"] host:[user valueForKey:@"host"]]) return NO; - // Revoke privileges - if(![self _revokePrivileges:revokePrivileges - onDatabase:nil - forUser:[[user parent] valueForKey:@"user"] - host:[user valueForKey:@"host"]]) return NO; + if(!skipRevoke) { + // Revoke privileges + if(![self _revokePrivileges:revokePrivileges + onDatabase:nil + forUser:[[user parent] valueForKey:@"user"] + host:[user valueForKey:@"host"]]) return NO; + } } for (SPPrivilegesMO *priv in [user valueForKey:@"schema_privileges"]) { - if(![self grantDbPrivilegesWithPrivilege:priv]) return NO; + if(![self grantDbPrivilegesWithPrivilege:priv skippingRevoke:skipRevoke]) return NO; } return YES; |