aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Source/SPUserManager.h2
-rw-r--r--Source/SPUserManager.m44
2 files changed, 31 insertions, 15 deletions
diff --git a/Source/SPUserManager.h b/Source/SPUserManager.h
index 6338145f..5ce1e6bc 100644
--- a/Source/SPUserManager.h
+++ b/Source/SPUserManager.h
@@ -127,7 +127,9 @@
- (BOOL)updateUser:(SPUserMO *)user;
- (BOOL)updateResourcesForUser:(SPUserMO *)user;
- (BOOL)grantPrivilegesToUser:(SPUserMO *)user;
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke;
- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user;
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user skippingRevoke:(BOOL)skipRevoke;
// External
/**
diff --git a/Source/SPUserManager.m b/Source/SPUserManager.m
index 12da17fb..ede7e7a9 100644
--- a/Source/SPUserManager.m
+++ b/Source/SPUserManager.m
@@ -1128,22 +1128,27 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn";
}
// If we created the user with the GRANT statment (MySQL < 5), then revoke the
// privileges we gave the new user.
- else {
+ if(![serverSupport supportsCreateUser]) {
[connection queryString:[NSString stringWithFormat:@"REVOKE SELECT ON mysql.* FROM %@@%@", [[[user parent] valueForKey:@"user"] tickQuotedString], host]];
if (![self _checkAndDisplayMySqlError]) return NO;
}
- return [self grantPrivilegesToUser:user];
+ return [self grantPrivilegesToUser:user skippingRevoke:YES];
}
}
return NO;
}
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
+{
+ return [self grantDbPrivilegesWithPrivilege:schemaPriv skippingRevoke:NO];
+}
+
/**
* Grant or revoke DB privileges for the supplied user.
*/
-- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv skippingRevoke:(BOOL)skipRevoke
{
NSMutableArray *grantPrivileges = [NSMutableArray array];
NSMutableArray *revokePrivileges = [NSMutableArray array];
@@ -1184,11 +1189,13 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn";
forUser:[schemaPriv valueForKeyPath:@"user.parent.user"]
host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
- // Revoke privileges
- if(![self _revokePrivileges:revokePrivileges
- onDatabase:dbName
- forUser:[schemaPriv valueForKeyPath:@"user.parent.user"]
- host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
+ if(!skipRevoke) {
+ // Revoke privileges
+ if(![self _revokePrivileges:revokePrivileges
+ onDatabase:dbName
+ forUser:[schemaPriv valueForKeyPath:@"user.parent.user"]
+ host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
+ }
return YES;
}
@@ -1214,10 +1221,15 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn";
return YES;
}
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user
+{
+ return [self grantPrivilegesToUser:user skippingRevoke:NO];
+}
+
/**
* Grant or revoke privileges for the supplied user.
*/
-- (BOOL)grantPrivilegesToUser:(SPUserMO *)user
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke
{
if ([user valueForKey:@"parent"] != nil)
{
@@ -1249,16 +1261,18 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn";
forUser:[[user parent] valueForKey:@"user"]
host:[user valueForKey:@"host"]]) return NO;
- // Revoke privileges
- if(![self _revokePrivileges:revokePrivileges
- onDatabase:nil
- forUser:[[user parent] valueForKey:@"user"]
- host:[user valueForKey:@"host"]]) return NO;
+ if(!skipRevoke) {
+ // Revoke privileges
+ if(![self _revokePrivileges:revokePrivileges
+ onDatabase:nil
+ forUser:[[user parent] valueForKey:@"user"]
+ host:[user valueForKey:@"host"]]) return NO;
+ }
}
for (SPPrivilegesMO *priv in [user valueForKey:@"schema_privileges"])
{
- if(![self grantDbPrivilegesWithPrivilege:priv]) return NO;
+ if(![self grantDbPrivilegesWithPrivilege:priv skippingRevoke:skipRevoke]) return NO;
}
return YES;