Permalink
Browse files

Don’t execute REVOKE query when adding new users (part of #2229)

  • Loading branch information...
dmoagx committed Dec 7, 2016
1 parent 013fff3 commit 9eab47a175ae046da37d3dd6dedc8d8ba40e3b21
Showing with 31 additions and 15 deletions.
  1. +2 −0 Source/SPUserManager.h
  2. +29 −15 Source/SPUserManager.m
View
@@ -127,7 +127,9 @@
- (BOOL)updateUser:(SPUserMO *)user;
- (BOOL)updateResourcesForUser:(SPUserMO *)user;
- (BOOL)grantPrivilegesToUser:(SPUserMO *)user;
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke;
- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user;
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user skippingRevoke:(BOOL)skipRevoke;
// External
/**
View
@@ -1128,22 +1128,27 @@ - (BOOL)insertUser:(SPUserMO *)user
}
// If we created the user with the GRANT statment (MySQL < 5), then revoke the
// privileges we gave the new user.
- else {
+ if(![serverSupport supportsCreateUser]) {
[connection queryString:[NSString stringWithFormat:@"REVOKE SELECT ON mysql.* FROM %@@%@", [[[user parent] valueForKey:@"user"] tickQuotedString], host]];
if (![self _checkAndDisplayMySqlError]) return NO;
}
- return [self grantPrivilegesToUser:user];
+ return [self grantPrivilegesToUser:user skippingRevoke:YES];
}
}
return NO;
}
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
+{
+ return [self grantDbPrivilegesWithPrivilege:schemaPriv skippingRevoke:NO];
+}
+
/**
* Grant or revoke DB privileges for the supplied user.
*/
-- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv skippingRevoke:(BOOL)skipRevoke
{
NSMutableArray *grantPrivileges = [NSMutableArray array];
NSMutableArray *revokePrivileges = [NSMutableArray array];
@@ -1184,11 +1189,13 @@ - (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
forUser:[schemaPriv valueForKeyPath:@"user.parent.user"]
host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
- // Revoke privileges
- if(![self _revokePrivileges:revokePrivileges
- onDatabase:dbName
- forUser:[schemaPriv valueForKeyPath:@"user.parent.user"]
- host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
+ if(!skipRevoke) {
+ // Revoke privileges
+ if(![self _revokePrivileges:revokePrivileges
+ onDatabase:dbName
+ forUser:[schemaPriv valueForKeyPath:@"user.parent.user"]
+ host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
+ }
return YES;
}
@@ -1214,10 +1221,15 @@ - (BOOL)updateResourcesForUser:(SPUserMO *)user
return YES;
}
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user
+{
+ return [self grantPrivilegesToUser:user skippingRevoke:NO];
+}
+
/**
* Grant or revoke privileges for the supplied user.
*/
-- (BOOL)grantPrivilegesToUser:(SPUserMO *)user
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke
{
if ([user valueForKey:@"parent"] != nil)
{
@@ -1249,16 +1261,18 @@ - (BOOL)grantPrivilegesToUser:(SPUserMO *)user
forUser:[[user parent] valueForKey:@"user"]
host:[user valueForKey:@"host"]]) return NO;
- // Revoke privileges
- if(![self _revokePrivileges:revokePrivileges
- onDatabase:nil
- forUser:[[user parent] valueForKey:@"user"]
- host:[user valueForKey:@"host"]]) return NO;
+ if(!skipRevoke) {
+ // Revoke privileges
+ if(![self _revokePrivileges:revokePrivileges
+ onDatabase:nil
+ forUser:[[user parent] valueForKey:@"user"]
+ host:[user valueForKey:@"host"]]) return NO;
+ }
}
for (SPPrivilegesMO *priv in [user valueForKey:@"schema_privileges"])
{
- if(![self grantDbPrivilegesWithPrivilege:priv]) return NO;
+ if(![self grantDbPrivilegesWithPrivilege:priv skippingRevoke:skipRevoke]) return NO;
}
return YES;

0 comments on commit 9eab47a

Please sign in to comment.