From 9eab47a175ae046da37d3dd6dedc8d8ba40e3b21 Mon Sep 17 00:00:00 2001 From: Max Lohrmann Date: Wed, 7 Dec 2016 01:18:21 +0100 Subject: =?UTF-8?q?Don=E2=80=99t=20execute=20REVOKE=20query=20when=20addin?= =?UTF-8?q?g=20new=20users=20(part=20of=20#2229)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Source/SPUserManager.h | 2 ++ Source/SPUserManager.m | 44 +++++++++++++++++++++++++++++--------------- 2 files changed, 31 insertions(+), 15 deletions(-) diff --git a/Source/SPUserManager.h b/Source/SPUserManager.h index 6338145f..5ce1e6bc 100644 --- a/Source/SPUserManager.h +++ b/Source/SPUserManager.h @@ -127,7 +127,9 @@ - (BOOL)updateUser:(SPUserMO *)user; - (BOOL)updateResourcesForUser:(SPUserMO *)user; - (BOOL)grantPrivilegesToUser:(SPUserMO *)user; +- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke; - (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user; +- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user skippingRevoke:(BOOL)skipRevoke; // External /** diff --git a/Source/SPUserManager.m b/Source/SPUserManager.m index 12da17fb..ede7e7a9 100644 --- a/Source/SPUserManager.m +++ b/Source/SPUserManager.m @@ -1128,22 +1128,27 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; } // If we created the user with the GRANT statment (MySQL < 5), then revoke the // privileges we gave the new user. - else { + if(![serverSupport supportsCreateUser]) { [connection queryString:[NSString stringWithFormat:@"REVOKE SELECT ON mysql.* FROM %@@%@", [[[user parent] valueForKey:@"user"] tickQuotedString], host]]; if (![self _checkAndDisplayMySqlError]) return NO; } - return [self grantPrivilegesToUser:user]; + return [self grantPrivilegesToUser:user skippingRevoke:YES]; } } return NO; } +- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv +{ + return [self grantDbPrivilegesWithPrivilege:schemaPriv skippingRevoke:NO]; +} + /** * Grant or revoke DB privileges for the supplied user. */ -- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv +- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv skippingRevoke:(BOOL)skipRevoke { NSMutableArray *grantPrivileges = [NSMutableArray array]; NSMutableArray *revokePrivileges = [NSMutableArray array]; @@ -1184,11 +1189,13 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO; - // Revoke privileges - if(![self _revokePrivileges:revokePrivileges - onDatabase:dbName - forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] - host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO; + if(!skipRevoke) { + // Revoke privileges + if(![self _revokePrivileges:revokePrivileges + onDatabase:dbName + forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] + host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO; + } return YES; } @@ -1214,10 +1221,15 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; return YES; } +- (BOOL)grantPrivilegesToUser:(SPUserMO *)user +{ + return [self grantPrivilegesToUser:user skippingRevoke:NO]; +} + /** * Grant or revoke privileges for the supplied user. */ -- (BOOL)grantPrivilegesToUser:(SPUserMO *)user +- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke { if ([user valueForKey:@"parent"] != nil) { @@ -1249,16 +1261,18 @@ static NSString * const SPTableViewNameColumnID = @"NameColumn"; forUser:[[user parent] valueForKey:@"user"] host:[user valueForKey:@"host"]]) return NO; - // Revoke privileges - if(![self _revokePrivileges:revokePrivileges - onDatabase:nil - forUser:[[user parent] valueForKey:@"user"] - host:[user valueForKey:@"host"]]) return NO; + if(!skipRevoke) { + // Revoke privileges + if(![self _revokePrivileges:revokePrivileges + onDatabase:nil + forUser:[[user parent] valueForKey:@"user"] + host:[user valueForKey:@"host"]]) return NO; + } } for (SPPrivilegesMO *priv in [user valueForKey:@"schema_privileges"]) { - if(![self grantDbPrivilegesWithPrivilege:priv]) return NO; + if(![self grantDbPrivilegesWithPrivilege:priv skippingRevoke:skipRevoke]) return NO; } return YES; -- cgit v1.2.3