Skip to content

Commit

Permalink
Don’t execute REVOKE query when adding new users (part of #2229)
Browse files Browse the repository at this point in the history
  • Loading branch information
dmoagx committed Dec 7, 2016
1 parent 013fff3 commit 9eab47a
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 15 deletions.
2 changes: 2 additions & 0 deletions Source/SPUserManager.h
Expand Up @@ -127,7 +127,9 @@
- (BOOL)updateUser:(SPUserMO *)user;
- (BOOL)updateResourcesForUser:(SPUserMO *)user;
- (BOOL)grantPrivilegesToUser:(SPUserMO *)user;
- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke;
- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user;
- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)user skippingRevoke:(BOOL)skipRevoke;

// External
/**
Expand Down
44 changes: 29 additions & 15 deletions Source/SPUserManager.m
Expand Up @@ -1128,22 +1128,27 @@ - (BOOL)insertUser:(SPUserMO *)user
}
// If we created the user with the GRANT statment (MySQL < 5), then revoke the
// privileges we gave the new user.
else {
if(![serverSupport supportsCreateUser]) {
[connection queryString:[NSString stringWithFormat:@"REVOKE SELECT ON mysql.* FROM %@@%@", [[[user parent] valueForKey:@"user"] tickQuotedString], host]];

if (![self _checkAndDisplayMySqlError]) return NO;
}

return [self grantPrivilegesToUser:user];
return [self grantPrivilegesToUser:user skippingRevoke:YES];
}
}
return NO;
}

- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
{
return [self grantDbPrivilegesWithPrivilege:schemaPriv skippingRevoke:NO];
}

/**
* Grant or revoke DB privileges for the supplied user.
*/
- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
- (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv skippingRevoke:(BOOL)skipRevoke
{
NSMutableArray *grantPrivileges = [NSMutableArray array];
NSMutableArray *revokePrivileges = [NSMutableArray array];
Expand Down Expand Up @@ -1184,11 +1189,13 @@ - (BOOL)grantDbPrivilegesWithPrivilege:(SPPrivilegesMO *)schemaPriv
forUser:[schemaPriv valueForKeyPath:@"user.parent.user"]
host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;

// Revoke privileges
if(![self _revokePrivileges:revokePrivileges
onDatabase:dbName
forUser:[schemaPriv valueForKeyPath:@"user.parent.user"]
host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
if(!skipRevoke) {
// Revoke privileges
if(![self _revokePrivileges:revokePrivileges
onDatabase:dbName
forUser:[schemaPriv valueForKeyPath:@"user.parent.user"]
host:[schemaPriv valueForKeyPath:@"user.host"]]) return NO;
}

return YES;
}
Expand All @@ -1214,10 +1221,15 @@ - (BOOL)updateResourcesForUser:(SPUserMO *)user
return YES;
}

- (BOOL)grantPrivilegesToUser:(SPUserMO *)user
{
return [self grantPrivilegesToUser:user skippingRevoke:NO];
}

/**
* Grant or revoke privileges for the supplied user.
*/
- (BOOL)grantPrivilegesToUser:(SPUserMO *)user
- (BOOL)grantPrivilegesToUser:(SPUserMO *)user skippingRevoke:(BOOL)skipRevoke
{
if ([user valueForKey:@"parent"] != nil)
{
Expand Down Expand Up @@ -1249,16 +1261,18 @@ - (BOOL)grantPrivilegesToUser:(SPUserMO *)user
forUser:[[user parent] valueForKey:@"user"]
host:[user valueForKey:@"host"]]) return NO;

// Revoke privileges
if(![self _revokePrivileges:revokePrivileges
onDatabase:nil
forUser:[[user parent] valueForKey:@"user"]
host:[user valueForKey:@"host"]]) return NO;
if(!skipRevoke) {
// Revoke privileges
if(![self _revokePrivileges:revokePrivileges
onDatabase:nil
forUser:[[user parent] valueForKey:@"user"]
host:[user valueForKey:@"host"]]) return NO;
}
}

for (SPPrivilegesMO *priv in [user valueForKey:@"schema_privileges"])
{
if(![self grantDbPrivilegesWithPrivilege:priv]) return NO;
if(![self grantDbPrivilegesWithPrivilege:priv skippingRevoke:skipRevoke]) return NO;
}

return YES;
Expand Down

0 comments on commit 9eab47a

Please sign in to comment.