Don’t execute REVOKE query when adding new users (part of #2229)

sequelpro · Dec 7, 2016 · 9eab47a175ae046da37d3dd6dedc8d8ba40e3b21 · 9eab47a
1 parent 013fff3
commit 9eab47a175ae046da37d3dd6dedc8d8ba40e3b21
Unified Split

Showing with 31 additions and 15 deletions.

+2 −0 Source/SPUserManager.h

+29 −15 Source/SPUserManager.m
diff --git a/Source/SPUserManager.h b/Source/SPUserManager.h
@@ -127,7 +127,9 @@
 - (BOOL)updateUser:(SPUserMO *)user;
 - (BOOL)updateResourcesForUser:(SPUserMO *)user;
 - (BOOL)grantPrivilegesToUser:(SPUserMO *)user;
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke;
 - (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user;
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user skippingRevoke:(BOOL)skipRevoke;
 
 // External
 /**

diff --git a/Source/SPUserManager.m b/Source/SPUserManager.m
@@ -1128,22 +1128,27 @@ - (BOOL)insertUser:(SPUserMO *)user
 			}
 			// If we created the user with the GRANT statment (MySQL < 5), then revoke the
 			// privileges we gave the new user.
-			else {
+			if(![serverSupport supportsCreateUser]) {
 				[connection queryString:[NSString stringWithFormat:@"REVOKE SELECT ON mysql.* FROM %@@%@", [[[user parent] valueForKey:@"user"] tickQuotedString], host]];
 
 				if (![self _checkAndDisplayMySqlError]) return NO;
 			}
 
-			return [self grantPrivilegesToUser:user];
+			return [self grantPrivilegesToUser:user skippingRevoke:YES];
 		}
 	}
 	return NO;
 }
 
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
+{
+	return [self grantDbPrivilegesWithPrivilege:schemaPriv skippingRevoke:NO];
+}
+
 /**
  * Grant or revoke DB privileges for the supplied user.
  */
-- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
+- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv skippingRevoke:(BOOL)skipRevoke
 {
 	NSMutableArray *grantPrivileges = [NSMutableArray array];
 	NSMutableArray *revokePrivileges = [NSMutableArray array];
@@ -1184,11 +1189,13 @@ - (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
 				   forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] 
 					  host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
 
-	// Revoke privileges
-	if(![self _revokePrivileges:revokePrivileges
-				 onDatabase:dbName 
-					forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] 
-					   host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
+	if(!skipRevoke) {
+		// Revoke privileges
+		if(![self _revokePrivileges:revokePrivileges
+					 onDatabase:dbName 
+						forUser:[schemaPriv valueForKeyPath:@"user.parent.user"] 
+						   host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
+	}
 
 	return YES;
 }
@@ -1214,10 +1221,15 @@ - (BOOL)updateResourcesForUser:(SPUserMO *)user
 	return YES;
 }
 
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user
+{
+	return [self grantPrivilegesToUser:user skippingRevoke:NO];
+}
+
 /**
  * Grant or revoke privileges for the supplied user.
  */
-- (BOOL)grantPrivilegesToUser:(SPUserMO *)user
+- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke
 {
 	if ([user valueForKey:@"parent"] != nil)
 	{
@@ -1249,16 +1261,18 @@ - (BOOL)grantPrivilegesToUser:(SPUserMO *)user
 					   forUser:[[user parent] valueForKey:@"user"] 
 						  host:[user valueForKey:@"host"]]) return NO;
 
-		// Revoke privileges
-		if(![self _revokePrivileges:revokePrivileges
-					 onDatabase:nil 
-						forUser:[[user parent] valueForKey:@"user"] 
-						   host:[user valueForKey:@"host"]]) return NO;
+		if(!skipRevoke) {
+			// Revoke privileges
+			if(![self _revokePrivileges:revokePrivileges
+						 onDatabase:nil 
+							forUser:[[user parent] valueForKey:@"user"] 
+							   host:[user valueForKey:@"host"]]) return NO;
+		}
 	}
 
 	for (SPPrivilegesMO *priv in [user valueForKey:@"schema_privileges"])
 	{
-		if(![self grantDbPrivilegesWithPrivilege:priv]) return NO;
+		if(![self grantDbPrivilegesWithPrivilege:priv skippingRevoke:skipRevoke]) return NO;
 	}
 
 	return YES;