feat: support assigning a default role to a user

Refs #1155

Author: ansgarbecker

source/dbstructures.mysql.pas

@@ -3395,6 +3395,7 @@ function TMySqlProvider.GetSql(AId: TQueryId): string;
     qReloadPrivileges: Result := 'FLUSH PRIVILEGES';
     qGrantRole: Result := 'GRANT %s TO %s%s';
     qRevokeRole: Result := 'REVOKE %s FROM %s';
+    qSetDefaultRole: Result := 'SET DEFAULT ROLE %s FOR %s';
     else Result := inherited;
   end;
 end;

source/dbstructures.pas

@@ -51,7 +51,7 @@ interface
     qGetReverseForeignKeys, qExplain, qSetTimezone,
     qShowFunctionStatus, qShowProcedureStatus, qShowTriggers, qShowEvents, qShowCreateTrigger,
     qHelpKeyword, qShowWarnings, qGetEnumTypes,
-    qDropUser, qCreateRole, qDropRole, qReloadPrivileges, qGrantRole, qRevokeRole);
+    qDropUser, qCreateRole, qDropRole, qReloadPrivileges, qGrantRole, qRevokeRole, qSetDefaultRole);
   TSqlProvider = class
     strict protected
       FNetType: TNetType;

source/usermanager.dfm

@@ -214,15 +214,15 @@ object UserManagerForm: TUserManagerForm
       Left = 0
       Top = 0
       Width = 283
-      Height = 145
+      Height = 177
       ActivePage = tabCredentials
       Align = alTop
       TabOrder = 0
       object tabCredentials: TTabSheet
         Caption = 'Credentials'
         DesignSize = (
           275
-          116)
+          148)
         object lblUsername: TLabel
           Left = 3
           Top = 10
@@ -254,6 +254,13 @@ object UserManagerForm: TUserManagerForm
           Caption = 'Repeat password:'
           FocusControl = editRepeatPassword
         end
+        object lblDefaultRole: TLabel
+          Left = 3
+          Top = 120
+          Width = 67
+          Height = 14
+          Caption = 'Default role:'
+        end
         object editRepeatPassword: TEdit
           Left = 176
           Top = 88
@@ -301,13 +308,23 @@ object UserManagerForm: TUserManagerForm
           TabOrder = 0
           OnChange = Modification
         end
+        object comboDefaultRole: TComboBox
+          Left = 176
+          Top = 116
+          Width = 96
+          Height = 22
+          Style = csDropDownList
+          Anchors = [akLeft, akTop, akRight]
+          TabOrder = 4
+          OnChange = Modification
+        end
       end
       object tabLimitations: TTabSheet
         Caption = 'Limitations'
         ImageIndex = 1
         DesignSize = (
           275
-          116)
+          148)
         object lblMaxQueries: TLabel
           Left = 3
           Top = 10
@@ -431,7 +448,7 @@ object UserManagerForm: TUserManagerForm
         ImageIndex = 2
         DesignSize = (
           275
-          116)
+          148)
         object lblCipher: TLabel
           Left = 3
           Top = 36
@@ -512,9 +529,9 @@ object UserManagerForm: TUserManagerForm
     end
     object PageControlAccess: TPageControl
       Left = 0
-      Top = 145
+      Top = 177
       Width = 283
-      Height = 171
+      Height = 139
       ActivePage = tabPrivileges
       Align = alClient
       TabOrder = 1
@@ -524,7 +541,7 @@ object UserManagerForm: TUserManagerForm
           Left = 0
           Top = 22
           Width = 275
-          Height = 120
+          Height = 88
           Align = alClient
           Header.AutoSizeIndex = 0
           Header.Height = 14
@@ -581,7 +598,7 @@ object UserManagerForm: TUserManagerForm
           Left = 0
           Top = 0
           Width = 275
-          Height = 142
+          Height = 110
           Align = alClient
           Strings.Strings = (
             'Roll=off')

source/usermanager.pas

@@ -32,7 +32,7 @@   TPrivComparer = class(TComparer<TPrivObj>)
   TUserProblem = (upNone, upEmptyPassword, upInvalidPasswordLen, upSkipNameResolve, upUnknown);
 
   TUser = class(TObject)
-    Username, Host, Password, Cipher, Issuer, Subject: String;
+    Username, Host, Password, Cipher, Issuer, Subject, DefaultRole: String;
     MaxQueries, MaxUpdates, MaxConnections, MaxUserConnections, SSL: Integer;
     Problem: TUserProblem;
     IsRole: Boolean;
@@ -51,7 +51,8 @@   TUser = class(TObject)
   PUser = ^TUser;
   TUserList = class(TObjectList<TUser>)
     public
-      function GetRoleNames: TStringList;
+      function GetRoleNames: TStringList; overload;
+      procedure GetRoleNames(Strings: TStrings); overload;
       function GetDefaultRoles: TStringList;
   end;
 
@@ -131,6 +132,8 @@   TUserManagerForm = class(TExtForm)
     tlbObjects: TToolBar;
     btnAddObject: TToolButton;
     ValueListEditorRoles: TValueListEditor;
+    lblDefaultRole: TLabel;
+    comboDefaultRole: TComboBox;
     procedure FormCreate(Sender: TObject);
     procedure FormShow(Sender: TObject);
     procedure btnAddUserClick(Sender: TObject);
@@ -190,7 +193,7 @@   TUserManagerForm = class(TExtForm)
     { Private declarations }
     FUsers: TUserList;
     FModified, FAdded: Boolean;
-    FHasIsRole: Boolean;
+    FHasIsRole, FHasDefaultRole: Boolean;
     FCloneGrants: TStringList;
     FPrivObjects: TPrivObjList;
     FPrivsGlobal, FPrivsDb, FPrivsTable, FPrivsRoutine, FPrivsColumn: TStringList;
@@ -261,7 +264,7 @@ procedure TUserManagerForm.FormShow(Sender: TObject);
   Version, i: Integer;
   Users: TDBQuery;
   U: TUser;
-  tmp, PasswordExpr, IsRoleExpr: String;
+  tmp, PasswordExpr, IsRoleExpr, DefaultRoleExpr: String;
   SkipNameResolve,
   HasPassword, HasAuthString: Boolean;
   PasswordLengthMatters: Boolean;
@@ -394,6 +397,7 @@ procedure TUserManagerForm.FormShow(Sender: TObject);
     HasPassword := UserTableColumns.IndexOf('password') > -1;
     HasAuthString := UserTableColumns.IndexOf('authentication_string') > -1;
     FHasIsRole := UserTableColumns.IndexOf('is_role') > -1;
+    FHasDefaultRole := UserTableColumns.IndexOf('default_role') > -1;
     if HasPassword and (not HasAuthString) then
       PasswordExpr := 'password'
     else if (not HasPassword) and HasAuthString then
@@ -404,13 +408,15 @@ procedure TUserManagerForm.FormShow(Sender: TObject);
       Raise Exception.Create(_('No password hash column available'));
     PasswordExpr := PasswordExpr + ' AS ' + FConnection.QuoteIdent('password');
     IsRoleExpr := IfThen(FHasIsRole, 'is_role', FConnection.EscapeString('N')+' AS is_role');
+    DefaultRoleExpr := IfThen(FHasDefaultRole, 'default_role', FConnection.EscapeString('')+' AS default_role');
 
     Users := FConnection.GetResults(
       'SELECT '+
       FConnection.QuoteIdent('user') + ', ' +
       FConnection.QuoteIdent('host') + ', ' +
       PasswordExpr + ', ' +
-      IsRoleExpr + ' ' +
+      IsRoleExpr + ', ' +
+      DefaultRoleExpr + ' ' +
       'FROM '+FConnection.QuoteIdent('mysql')+'.'+FConnection.QuoteIdent('user')
       );
     FUsers := TUserList.Create(True);
@@ -421,6 +427,7 @@ procedure TUserManagerForm.FormShow(Sender: TObject);
       U.Host := Users.Col('host');
       U.Password := Users.Col('password');
       U.IsRole := UpperCase(Users.Col('is_role')) = 'Y';
+      U.DefaultRole := Users.Col('default_role');
       U.Problem := upNone;
       if U.IsUser then begin
         if Length(U.Password) = 0 then
@@ -605,6 +612,10 @@ procedure TUserManagerForm.listUsersFocusChanged(Sender: TBaseVirtualTree; Node:
   editPassword.Clear;
   editPassword.TextHint := '';
   editRepeatPassword.Clear;
+  comboDefaultRole.Items.Clear;
+  comboDefaultRole.Items.Add(_('None'));
+  FUsers.GetRoleNames(comboDefaultRole.Items);
+  comboDefaultRole.ItemIndex := 0;
   udMaxQueries.Position := 0;
   udMaxUpdates.Position := 0;
   udMaxConnections.Position := 0;
@@ -625,6 +636,10 @@ procedure TUserManagerForm.listUsersFocusChanged(Sender: TBaseVirtualTree; Node:
       UserHost := FConnection.EscapeString(User.Username);
     editUsername.Text := User.Username;
     editFromHost.Text := User.Host;
+    i := comboDefaultRole.Items.IndexOf(User.DefaultRole);
+    if i > -1 then
+      comboDefaultRole.ItemIndex := i;
+
     Caption := Caption + ' - ' + User.Username;
 
     AllPNames := TStringList.Create;
@@ -863,6 +878,8 @@ procedure TUserManagerForm.listUsersFocusChanged(Sender: TBaseVirtualTree; Node:
   editPassword.Enabled := UserSelected and User.IsUser;
   lblRepeatPassword.Enabled := UserSelected and User.IsUser;
   editRepeatPassword.Enabled := UserSelected and User.IsUser;
+  comboDefaultRole.Enabled := UserSelected and User.IsUser and FHasDefaultRole;
+  lblDefaultRole.Enabled := comboDefaultRole.Enabled;
   tabCredentials.Enabled := UserSelected;
   lblMaxQueries.Enabled := UserSelected and User.IsUser and (FConnection.ServerVersionInt >= 40002);
 
@@ -1482,6 +1499,23 @@ procedure TUserManagerForm.btnSaveClick(Sender: TObject);
       end;
     end;
 
+    // Set default role
+    if comboDefaultRole.Enabled and (comboDefaultRole.ItemIndex > -1) then begin
+      if comboDefaultRole.ItemIndex = 0 then begin
+        FConnection.Query(qSetDefaultRole, ['NONE', OrgUserHost]);
+      end
+      else try
+        RoleName := comboDefaultRole.Text;
+        RoleAssigned := ValueListEditorRoles.Strings.Values[RoleName];
+        if (RoleAssigned = TUser.RoleYes) or (RoleAssigned = TUser.RoleYesAdmin) then
+          FConnection.Query(qSetDefaultRole, [FConnection.EscapeString(RoleName), OrgUserHost]);
+      except
+        on E:EDbError do; // Happens when this role was not granted before
+      end;
+      FConnection.ShowWarnings;
+    end;
+
+
     // Rename user
     if (FocusedUser.Username <> editUsername.Text) or (FocusedUser.Host <> editFromHost.Text) then begin
 
@@ -1514,6 +1548,7 @@ procedure TUserManagerForm.btnSaveClick(Sender: TObject);
     FocusedUser.Host := editFromHost.Text;
     if editPassword.Modified then
       FocusedUser.Password := editPassword.Text;
+    FocusedUser.DefaultRole := IfThen(comboDefaultRole.ItemIndex=0, '', comboDefaultRole.Text);
     FocusedUser.SSL := comboSSL.ItemIndex;
     FocusedUser.Cipher := editCipher.Text;
     FocusedUser.Issuer := editIssuer.Text;
@@ -1714,6 +1749,7 @@ constructor TUser.Create;
   Username := '';
   Host := '';
   Password := '';
+  DefaultRole := '';
   Cipher := '';
   Issuer := '';
   Subject := '';
@@ -1836,6 +1872,15 @@ function TUserList.GetRoleNames: TStringList;
   end;
 end;
 
+procedure TUserList.GetRoleNames(Strings: TStrings);
+var
+  RoleNames: TStringList;
+begin
+  RoleNames := GetRoleNames;
+  Strings.AddStrings(RoleNames);
+  RoleNames.Free;
+end;
+
 function TUserList.GetDefaultRoles: TStringList;
 var
   RoleNames: TStringList;