feat: support assigning a default role to a user

Refs #1155

Author: ansgarbecker

extra/locale/heidisql.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: HeidiSQL\n"
 "POT-Creation-Date: 2012-11-05 21:40\n"
-"PO-Revision-Date: 2026-03-24 12:08+0100\n"
+"PO-Revision-Date: 2026-03-24 15:09+0100\n"
 "Last-Translator: Ansgar Becker <anse@heidisql.com>\n"
 "Language-Team: English (http://www.transifex.com/projects/p/heidisql/language/en/)\n"
 "Language: en\n"
@@ -6833,3 +6833,6 @@ msgstr "Yes, with admin option"
 
 msgid "No password hash column available"
 msgstr "No password hash column available"
+
+msgid "Default role:"
+msgstr "Default role:"

source/dbstructures.mysql.pas

@@ -3401,6 +3401,7 @@ function TMySqlProvider.GetSql(AId: TQueryId): string;
     qReloadPrivileges: Result := 'FLUSH PRIVILEGES';
     qGrantRole: Result := 'GRANT %s TO %s%s';
     qRevokeRole: Result := 'REVOKE %s FROM %s';
+    qSetDefaultRole: Result := 'SET DEFAULT ROLE %s FOR %s';
     else Result := inherited;
   end;
 end;

source/dbstructures.pas

@@ -49,7 +49,7 @@ interface
     qGetReverseForeignKeys, qExplain, qSetTimezone,
     qShowFunctionStatus, qShowProcedureStatus, qShowTriggers, qShowEvents, qShowCreateTrigger,
     qHelpKeyword, qShowWarnings, qGetEnumTypes,
-    qDropUser, qCreateRole, qDropRole, qReloadPrivileges, qGrantRole, qRevokeRole);
+    qDropUser, qCreateRole, qDropRole, qReloadPrivileges, qGrantRole, qRevokeRole, qSetDefaultRole);
   TSqlProvider = class
     strict protected
       FNetType: TNetType;

source/usermanager.lfm

@@ -174,7 +174,7 @@ object UserManagerForm: TUserManagerForm
     TabOrder = 1
     object PageControlSettings: TPageControl
       Left = 0
-      Height = 145
+      Height = 173
       Top = 0
       Width = 385
       ActivePage = tabCredentials
@@ -185,7 +185,7 @@ object UserManagerForm: TUserManagerForm
       object tabCredentials: TTabSheet
         AutoSize = True
         Caption = 'Credentials'
-        ClientHeight = 117
+        ClientHeight = 145
         ClientWidth = 377
         object lblUsername: TLabel
           AnchorSideLeft.Control = tabCredentials
@@ -237,10 +237,12 @@ object UserManagerForm: TUserManagerForm
         object editRepeatPassword: TEdit
           AnchorSideTop.Control = editPassword
           AnchorSideTop.Side = asrBottom
-          Left = 178
+          AnchorSideRight.Control = tabCredentials
+          AnchorSideRight.Side = asrBottom
+          Left = 150
           Height = 23
           Top = 89
-          Width = 194
+          Width = 222
           Anchors = [akTop, akLeft, akRight]
           BorderSpacing.Around = 5
           EchoMode = emPassword
@@ -251,10 +253,12 @@ object UserManagerForm: TUserManagerForm
         object editPassword: TEditButton
           AnchorSideTop.Control = editFromHost
           AnchorSideTop.Side = asrBottom
-          Left = 178
+          AnchorSideRight.Control = tabCredentials
+          AnchorSideRight.Side = asrBottom
+          Left = 150
           Height = 23
           Top = 61
-          Width = 194
+          Width = 222
           Anchors = [akTop, akLeft, akRight]
           BorderSpacing.Around = 5
           ButtonWidth = 23
@@ -271,10 +275,12 @@ object UserManagerForm: TUserManagerForm
         object editFromHost: TEditButton
           AnchorSideTop.Control = editUsername
           AnchorSideTop.Side = asrBottom
-          Left = 178
+          AnchorSideRight.Control = tabCredentials
+          AnchorSideRight.Side = asrBottom
+          Left = 150
           Height = 23
           Top = 33
-          Width = 194
+          Width = 222
           Anchors = [akTop, akLeft, akRight]
           BorderSpacing.Around = 5
           ButtonWidth = 23
@@ -289,20 +295,48 @@ object UserManagerForm: TUserManagerForm
         end
         object editUsername: TEdit
           AnchorSideTop.Control = tabCredentials
-          Left = 178
+          AnchorSideRight.Control = tabCredentials
+          AnchorSideRight.Side = asrBottom
+          Left = 150
           Height = 23
           Top = 5
-          Width = 194
+          Width = 222
           Anchors = [akTop, akLeft, akRight]
           BorderSpacing.Around = 5
           TabOrder = 0
           OnChange = Modification
         end
+        object comboDefaultRole: TComboBox
+          AnchorSideTop.Control = editRepeatPassword
+          AnchorSideTop.Side = asrBottom
+          AnchorSideRight.Control = tabCredentials
+          AnchorSideRight.Side = asrBottom
+          Left = 150
+          Height = 23
+          Top = 117
+          Width = 222
+          Anchors = [akTop, akLeft, akRight]
+          BorderSpacing.Around = 5
+          ItemHeight = 15
+          Style = csDropDownList
+          TabOrder = 4
+        end
+        object lblDefaultRole: TLabel
+          AnchorSideLeft.Control = tabCredentials
+          AnchorSideTop.Control = comboDefaultRole
+          AnchorSideTop.Side = asrCenter
+          Left = 5
+          Height = 15
+          Top = 121
+          Width = 64
+          BorderSpacing.Around = 5
+          Caption = 'Default role:'
+        end
       end
       object tabLimitations: TTabSheet
         AutoSize = True
         Caption = 'Limitations'
-        ClientHeight = 117
+        ClientHeight = 145
         ClientWidth = 377
         ImageIndex = 1
         object lblMaxQueries: TLabel
@@ -416,7 +450,7 @@ object UserManagerForm: TUserManagerForm
       object tabSSL: TTabSheet
         AutoSize = True
         Caption = 'SSL options'
-        ClientHeight = 117
+        ClientHeight = 145
         ClientWidth = 377
         ImageIndex = 2
         object lblCipher: TLabel
@@ -528,20 +562,20 @@ object UserManagerForm: TUserManagerForm
     end
     object PageControlAccess: TPageControl
       Left = 0
-      Height = 178
-      Top = 145
+      Height = 150
+      Top = 173
       Width = 385
       ActivePage = tabPrivileges
       Align = alClient
       TabIndex = 0
       TabOrder = 1
       object tabPrivileges: TTabSheet
         Caption = 'Privileges'
-        ClientHeight = 150
+        ClientHeight = 122
         ClientWidth = 377
         object treePrivs: TLazVirtualStringTree
           Left = 0
-          Height = 122
+          Height = 94
           Top = 28
           Width = 377
           Align = alClient
@@ -592,11 +626,11 @@ object UserManagerForm: TUserManagerForm
       end
       object tabRoles: TTabSheet
         Caption = 'Roles'
-        ClientHeight = 150
+        ClientHeight = 122
         ClientWidth = 377
         object ValueListEditorRoles: TValueListEditor
           Left = 0
-          Height = 150
+          Height = 122
           Top = 0
           Width = 377
           Align = alClient

source/usermanager.pas

@@ -32,7 +32,7 @@   TPrivComparer = class(TComparer<TPrivObj>)
   TUserProblem = (upNone, upEmptyPassword, upInvalidPasswordLen, upSkipNameResolve, upUnknown);
 
   TUser = class(TObject)
-    Username, Host, Password, Cipher, Issuer, Subject: String;
+    Username, Host, Password, Cipher, Issuer, Subject, DefaultRole: String;
     MaxQueries, MaxUpdates, MaxConnections, MaxUserConnections, SSL: Integer;
     Problem: TUserProblem;
     IsRole: Boolean;
@@ -51,7 +51,8 @@   TUser = class(TObject)
   PUser = ^TUser;
   TUserList = class(TObjectList<TUser>)
     public
-      function GetRoleNames: TStringList;
+      function GetRoleNames: TStringList; overload;
+      procedure GetRoleNames(Strings: TStrings); overload;
       function GetDefaultRoles: TStringList;
   end;
 
@@ -130,6 +131,8 @@   TUserManagerForm = class(TExtForm)
     tlbObjects: TToolBar;
     btnAddObject: TToolButton;
     ValueListEditorRoles: TValueListEditor;
+    lblDefaultRole: TLabel;
+    comboDefaultRole: TComboBox;
     procedure btnCancelClick(Sender: TObject);
     procedure editFromHostButtonClick(Sender: TObject);
     procedure editPasswordButtonClick(Sender: TObject);
@@ -193,7 +196,7 @@   TUserManagerForm = class(TExtForm)
     { Private declarations }
     FUsers: TUserList;
     FModified, FAdded: Boolean;
-    FHasIsRole: Boolean;
+    FHasIsRole, FHasDefaultRole: Boolean;
     FCloneGrants: TStringList;
     FPrivObjects: TPrivObjList;
     FPrivsGlobal, FPrivsDb, FPrivsTable, FPrivsRoutine, FPrivsColumn: TStringList;
@@ -257,6 +260,8 @@ procedure TUserManagerForm.FormCreate(Sender: TObject);
     'REPLICATION SLAVE ADMIN,SET USER,SLAVE MONITOR');
   FixVT(listUsers);
   FixVT(treePrivs);
+  FHasIsRole := False;
+  FHasDefaultRole := False;
 end;
 
 procedure TUserManagerForm.FormDestroy(Sender: TObject);
@@ -289,7 +294,7 @@ procedure TUserManagerForm.FormShow(Sender: TObject);
   Version, i: Integer;
   Users: TDBQuery;
   U: TUser;
-  tmp, PasswordExpr, IsRoleExpr: String;
+  tmp, PasswordExpr, IsRoleExpr, DefaultRoleExpr: String;
   SkipNameResolve,
   HasPassword, HasAuthString: Boolean;
   PasswordLengthMatters: Boolean;
@@ -419,6 +424,7 @@ procedure TUserManagerForm.FormShow(Sender: TObject);
     HasPassword := UserTableColumns.IndexOf('password') > -1;
     HasAuthString := UserTableColumns.IndexOf('authentication_string') > -1;
     FHasIsRole := UserTableColumns.IndexOf('is_role') > -1;
+    FHasDefaultRole := UserTableColumns.IndexOf('default_role') > -1;
     if HasPassword and (not HasAuthString) then
       PasswordExpr := 'password'
     else if (not HasPassword) and HasAuthString then
@@ -429,13 +435,15 @@ procedure TUserManagerForm.FormShow(Sender: TObject);
       Raise Exception.Create(_('No password hash column available'));
     PasswordExpr := PasswordExpr + ' AS ' + FConnection.QuoteIdent('password');
     IsRoleExpr := IfThen(FHasIsRole, 'is_role', FConnection.EscapeString('N')+' AS is_role');
+    DefaultRoleExpr := IfThen(FHasDefaultRole, 'default_role', FConnection.EscapeString('')+' AS default_role');
 
     Users := FConnection.GetResults(
       'SELECT '+
       FConnection.QuoteIdent('user') + ', ' +
       FConnection.QuoteIdent('host') + ', ' +
       PasswordExpr + ', ' +
-      IsRoleExpr + ' ' +
+      IsRoleExpr + ', ' +
+      DefaultRoleExpr + ' ' +
       'FROM '+FConnection.QuoteIdent('mysql')+'.'+FConnection.QuoteIdent('user')
       );
     FUsers := TUserList.Create(True);
@@ -446,6 +454,7 @@ procedure TUserManagerForm.FormShow(Sender: TObject);
       U.Host := Users.Col('host');
       U.Password := Users.Col('password');
       U.IsRole := UpperCase(Users.Col('is_role')) = 'Y';
+      U.DefaultRole := Users.Col('default_role');
       U.Problem := upNone;
       if U.IsUser then begin
         if Length(U.Password) = 0 then
@@ -635,6 +644,10 @@ procedure TUserManagerForm.listUsersFocusChanged(Sender: TBaseVirtualTree; Node:
   editPassword.Clear;
   editPassword.TextHint := '';
   editRepeatPassword.Clear;
+  comboDefaultRole.Items.Clear;
+  comboDefaultRole.Items.Add(_('None'));
+  FUsers.GetRoleNames(comboDefaultRole.Items);
+  comboDefaultRole.ItemIndex := 0;
   spinMaxQueries.Value := 0;
   spinMaxUpdates.Value := 0;
   spinMaxConnections.Value := 0;
@@ -655,6 +668,10 @@ procedure TUserManagerForm.listUsersFocusChanged(Sender: TBaseVirtualTree; Node:
       UserHost := FConnection.EscapeString(User.Username);
     editUsername.Text := User.Username;
     editFromHost.Text := User.Host;
+    i := comboDefaultRole.Items.IndexOf(User.DefaultRole);
+    if i > -1 then
+      comboDefaultRole.ItemIndex := i;
+
     Caption := Caption + ' - ' + User.Username;
 
     AllPNames := TStringList.Create;
@@ -893,6 +910,8 @@ procedure TUserManagerForm.listUsersFocusChanged(Sender: TBaseVirtualTree; Node:
   editPassword.Enabled := UserSelected and User.IsUser;
   lblRepeatPassword.Enabled := UserSelected and User.IsUser;
   editRepeatPassword.Enabled := UserSelected and User.IsUser;
+  comboDefaultRole.Enabled := UserSelected and User.IsUser and FHasDefaultRole;
+  lblDefaultRole.Enabled := comboDefaultRole.Enabled;
   tabCredentials.Enabled := UserSelected;
   lblMaxQueries.Enabled := UserSelected and User.IsUser and (FConnection.ServerVersionInt >= 40002);
 
@@ -1508,6 +1527,23 @@ procedure TUserManagerForm.btnSaveClick(Sender: TObject);
       end;
     end;
 
+    // Set default role
+    if comboDefaultRole.Enabled and (comboDefaultRole.ItemIndex > -1) then begin
+      if comboDefaultRole.ItemIndex = 0 then begin
+        FConnection.Query(qSetDefaultRole, ['NONE', OrgUserHost]);
+      end
+      else try
+        RoleName := comboDefaultRole.Text;
+        RoleAssigned := ValueListEditorRoles.Strings.Values[RoleName];
+        if (RoleAssigned = TUser.RoleYes) or (RoleAssigned = TUser.RoleYesAdmin) then
+          FConnection.Query(qSetDefaultRole, [FConnection.EscapeString(RoleName), OrgUserHost]);
+      except
+        on E:EDbError do; // Happens when this role was not granted before
+      end;
+      FConnection.ShowWarnings;
+    end;
+
+
     // Rename user
     if (FocusedUser.Username <> editUsername.Text) or (FocusedUser.Host <> editFromHost.Text) then begin
 
@@ -1540,6 +1576,7 @@ procedure TUserManagerForm.btnSaveClick(Sender: TObject);
     FocusedUser.Host := editFromHost.Text;
     if editPassword.Modified then
       FocusedUser.Password := editPassword.Text;
+    FocusedUser.DefaultRole := IfThen(comboDefaultRole.ItemIndex=0, '', comboDefaultRole.Text);
     FocusedUser.SSL := comboSSL.ItemIndex;
     FocusedUser.Cipher := editCipher.Text;
     FocusedUser.Issuer := editIssuer.Text;
@@ -1740,6 +1777,7 @@ constructor TUser.Create;
   Username := '';
   Host := '';
   Password := '';
+  DefaultRole := '';
   Cipher := '';
   Issuer := '';
   Subject := '';
@@ -1862,6 +1900,15 @@ function TUserList.GetRoleNames: TStringList;
   end;
 end;
 
+procedure TUserList.GetRoleNames(Strings: TStrings);
+var
+  RoleNames: TStringList;
+begin
+  RoleNames := GetRoleNames;
+  Strings.AddStrings(RoleNames);
+  RoleNames.Free;
+end;
+
 function TUserList.GetDefaultRoles: TStringList;
 var
   RoleNames: TStringList;