diff options
-rw-r--r-- | Source/SPUserManager.h | 2 | ||||
-rw-r--r-- | Source/SPUserManager.m | 44 |
2 files changed, 31 insertions, 15 deletions
diff --git a/Source/SPUserManager.h b/Source/SPUserManager.h index 6338145f..5ce1e6bc 100644 --- a/Source/SPUserManager.h +++ b/Source/SPUserManager.h @@ -127,7 +127,9 @@ - (BOOL)updateUser:(SPUserMO *)user; - (BOOL)updateResourcesForUser:(SPUserMO *)user; - (BOOL)grantPrivilegesToUser:(SPUserMO *)user; +- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke; - (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user; +- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user skippingRevoke:(BOOL)skipRevoke; // External /** diff --git a/Source/SPUserManager.m b/Source/SPUserManager.m index 12da17fb..ede7e7a9 100644 --- a/Source/SPUserManager.m +++ b/Source/SPUserManager.m @@ -1128,22 +1128,27 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; } // If we created the user with the GRANT statment (MySQL < 5), then revoke the // privileges we gave the new user. - else { + if(![serverSupport supportsCreateUser]) { [connection queryString:[NSString stringWithFormat:@"REVOKE SELECT ON mysql.* FROM %@@%@", [[[user parent] valueForKey:@"user"] tickQuotedString], host]]; if (![self _checkAndDisplayMySqlError]) return NO; } - return [self grantPrivilegesToUser:user]; + return [self grantPrivilegesToUser:user skippingRevoke:YES]; } } return NO; } +- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv +{ + return [self grantDbPrivilegesWithPrivilege:schemaPriv skippingRevoke:NO]; +} + /** * Grant or revoke DB privileges for the supplied user. */ -- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv +- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv skippingRevoke:(BOOL)skipRevoke { NSMutableArray *grantPrivileges = [NSMutableArray array]; NSMutableArray *revokePrivileges = [NSMutableArray array]; @@ -1184,11 +1189,13 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO; - // Revoke privileges - if(![self _revokePrivileges:revokePrivileges - onDatabase:dbName - forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] - host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO; + if(!skipRevoke) { + // Revoke privileges + if(![self _revokePrivileges:revokePrivileges + onDatabase:dbName + forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] + host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO; + } return YES; } @@ -1214,10 +1221,15 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; return YES; } +- (BOOL)grantPrivilegesToUser:(SPUserMO *)user +{ + return [self grantPrivilegesToUser:user skippingRevoke:NO]; +} + /** * Grant or revoke privileges for the supplied user. */ -- (BOOL)grantPrivilegesToUser:(SPUserMO *)user +- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke { if ([user valueForKey:@"parent"] != nil) { @@ -1249,16 +1261,18 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; forUser:[[user parent] valueForKey:@"user"] host:[user valueForKey:@"host"]]) return NO; - // Revoke privileges - if(![self _revokePrivileges:revokePrivileges - onDatabase:nil - forUser:[[user parent] valueForKey:@"user"] - host:[user valueForKey:@"host"]]) return NO; + if(!skipRevoke) { + // Revoke privileges + if(![self _revokePrivileges:revokePrivileges + onDatabase:nil + forUser:[[user parent] valueForKey:@"user"] + host:[user valueForKey:@"host"]]) return NO; + } } for (SPPrivilegesMO *priv in [user valueForKey:@"schema_privileges"]) { - if(![self grantDbPrivilegesWithPrivilege:priv]) return NO; + if(![self grantDbPrivilegesWithPrivilege:priv skippingRevoke:skipRevoke]) return NO; } return YES; |