Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Update PostgreSqlPlatform.php #626

Closed
wants to merge 5 commits into from

5 participants

@x42p

If the database have different schemes, with objects, that the actual logged in user has no rights, the existing statements will collect all objects (sequences and tables) and try to read them in later steps. This will throws exceptions. The reason for that is the fact, that both procedures getListSequencesList() and getListTablesSQL() will receive all known database objects from postgres catalogs. But the actual logged-in user, maby has no read permissions to object inside other scheme-owner. The additional parts inside both sql-statements will reduce the result to only objects that the user are able to see.

@x42p x42p Update PostgreSqlPlatform.php
If the database have different schemes, with objects, that the actual logged in user has no rights, the existing statements will collect all objects (sequences and tables) and try to read them in later steps. This will throws exceptions. The reason for that is the fact, that both procedures getListSequencesList() and getListTablesSQL() will receive all known database objects from postgres catalogs. But the actual logged-in user, maby has no read permissions to object inside other scheme-owner. The additional parts inside both sql-statements will reduce the result to only objects that the user are able to see.
12075eb
@doctrinebot
Collaborator

Hello,

thank you for creating this pull request. I have automatically opened an issue
on our Jira Bug Tracker for you. See the issue link:

http://www.doctrine-project.org/jira/browse/DBAL-930

We use Jira to track the state of pull requests and the versions they got
included in.

lib/Doctrine/DBAL/Platforms/PostgreSqlPlatform.php
@@ -209,8 +209,10 @@ public function getListSequencesSQL($database)
c.relname, n.nspname AS schemaname
FROM
pg_class c, pg_namespace n
- WHERE relkind = 'S' AND n.oid = c.relnamespace AND
- (n.nspname NOT LIKE 'pg_%' AND n.nspname != 'information_schema')";
+ WHERE relkind = 'S'
+ AND n.oid = c.relnamespace
+ AND (n.nspname NOT LIKE 'pg_%' AND n.nspname != 'information_schema')
+ AND pg_table_is_visible(oid) is true";
@guilhermeblanco Owner

Build broke because column reference needs to be c.oid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
x42p added some commits
@x42p x42p Update PostgreSqlPlatform.php
missing table identifier added
49fcf23
@x42p x42p Update PostgreSqlPlatform.php
correct table identifier
7d05d27
@deeky666
Collaborator

@x42p Testsuite is still failing. Can you please have a look? Thanks.

@milokmet

@guilhermeblanco Wouldn't be better and more readle to replace the pg_catalog tables by the information_schema tables/views that shows only the objects that are granted to use for the current logged user?

x42p added some commits
@x42p x42p Update PostgreSqlPlatform.php
I take the guess an use the information_schema. It makes it more clear and simple
059e594
@x42p x42p Update PostgreSqlPlatform.php
some format changes to trigger travis-cl once more again
19c26f9
@deeky666
Collaborator

@x42p thanks for your contribution, continued work in #702.

@deeky666 deeky666 closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jun 29, 2014
  1. @x42p

    Update PostgreSqlPlatform.php

    x42p authored
    If the database have different schemes, with objects, that the actual logged in user has no rights, the existing statements will collect all objects (sequences and tables) and try to read them in later steps. This will throws exceptions. The reason for that is the fact, that both procedures getListSequencesList() and getListTablesSQL() will receive all known database objects from postgres catalogs. But the actual logged-in user, maby has no read permissions to object inside other scheme-owner. The additional parts inside both sql-statements will reduce the result to only objects that the user are able to see.
Commits on Jul 3, 2014
  1. @x42p

    Update PostgreSqlPlatform.php

    x42p authored
    missing table identifier added
  2. @x42p

    Update PostgreSqlPlatform.php

    x42p authored
    correct table identifier
Commits on Jul 23, 2014
  1. @x42p

    Update PostgreSqlPlatform.php

    x42p authored
    I take the guess an use the information_schema. It makes it more clear and simple
Commits on Jul 25, 2014
  1. @x42p

    Update PostgreSqlPlatform.php

    x42p authored
    some format changes to trigger travis-cl once more again
This page is out of date. Refresh to see the latest.
Showing with 12 additions and 8 deletions.
  1. +12 −8 lib/Doctrine/DBAL/Platforms/PostgreSqlPlatform.php
View
20 lib/Doctrine/DBAL/Platforms/PostgreSqlPlatform.php
@@ -205,12 +205,11 @@ public function getListDatabasesSQL()
*/
public function getListSequencesSQL($database)
{
- return "SELECT
- c.relname, n.nspname AS schemaname
- FROM
- pg_class c, pg_namespace n
- WHERE relkind = 'S' AND n.oid = c.relnamespace AND
- (n.nspname NOT LIKE 'pg_%' AND n.nspname != 'information_schema')";
+ return "SELECT sequence_name AS relname,
+ sequence_schema AS schemaname
+ FROM information_schema.sequences
+ WHERE sequence_schema NOT LIKE 'pg_%'
+ AND sequence_schema != 'information_schema'";
}
/**
@@ -218,8 +217,13 @@ public function getListSequencesSQL($database)
*/
public function getListTablesSQL()
{
- return "SELECT quote_ident(tablename) AS table_name, schemaname AS schema_name
- FROM pg_tables WHERE schemaname NOT LIKE 'pg_%' AND schemaname != 'information_schema' AND tablename != 'geometry_columns' AND tablename != 'spatial_ref_sys'";
+ return "SELECT quote_ident(table_name) AS table_name,
+ table_schema AS schema_name
+ FROM information_schema.tables
+ WHERE table_schema NOT LIKE 'pg_%'
+ AND table_schema != 'information_schema'
+ AND table_name != 'geometry_columns'
+ AND table_name != 'spatial_ref_sys'";
}
/**
Something went wrong with that request. Please try again.