From 9c7d5bb6f9f6916e679174511b6811e14f5fc289 Mon Sep 17 00:00:00 2001 From: chriskl Date: Mon, 10 Feb 2003 14:48:52 +0000 Subject: [PATCH] Allow granting of perms on any objects (except funcions atm) to users, groups or public. It currently only lets you grant to a single user a single privilege at a time, but it's easily improved. --- TODO | 3 +- classes/database/Postgres.php | 62 +++++++++- lang/english.php | 9 +- lang/recoded/english.php | 9 +- privileges.php | 217 ++++++++++++++++++++++++++++++++-- 5 files changed, 283 insertions(+), 17 deletions(-) diff --git a/TODO b/TODO index 5d88e000..857a27bd 100644 --- a/TODO +++ b/TODO @@ -34,7 +34,8 @@ Groups Permissions [ Robert ] ----------- -* Allow granting of perms +* -Allow granting of perms (chriskl) +* Allow granting on functions * Allow revoking of perms * Allow display of grants on an object * Allow display of grants for a user diff --git a/classes/database/Postgres.php b/classes/database/Postgres.php index 97809937..a1dac6f1 100755 --- a/classes/database/Postgres.php +++ b/classes/database/Postgres.php @@ -4,7 +4,7 @@ * A class that implements the DB interface for Postgres * Note: This class uses ADODB and returns RecordSets. * - * $Id: Postgres.php,v 1.51 2003/02/09 10:22:39 chriskl Exp $ + * $Id: Postgres.php,v 1.52 2003/02/10 14:48:54 chriskl Exp $ */ // @@@ THOUGHT: What about inherits? ie. use of ONLY??? @@ -838,7 +838,7 @@ class Postgres extends BaseDB { */ function dropUniqueConstraint($table, $name) { $this->fieldClean($name); - + $sql = "DROP INDEX \"{$name}\""; return $this->execute($sql); @@ -1602,6 +1602,64 @@ class Postgres extends BaseDB { return $temp; } + + /** + * Grants a privilege to a user, group or public + * @param $type The type of object + * @param $object The name of the object + * @param $entity The type of entity (eg. USER, GROUP or PUBLIC) + * @param $name The username or groupname to grant privs to. Ignored for PUBLIC. + * @param $privilege The privilege to grant (eg. SELECT, ALL PRIVILEGES, etc.) + * @return 0 success + * @return -1 invalid type + * @return -2 invalid entity + */ + function grantPrivileges($type, $object, $entity, $name, $privilege) { + $this->fieldClean($privilege); + $this->fieldClean($object); + $this->fieldClean($name); + + $sql = "GRANT {$privilege} ON"; + // @@ WE NEED SCHEMA SUPPORT BELOW + switch ($type) { + case 'table': + case 'view': + case 'sequence': + $sql .= " \"{$object}\""; + break; + case 'database': + $sql .= " DATABASE \"{$object}\""; + break; + case 'function': + $sql .= " FUNCTION \"{$object}\""; + break; + case 'language': + $sql .= " LANGUAGE \"{$object}\""; + break; + case 'schema': + // @@ MOVE THIS TO 7.3 ONLY + $sql .= " SCHEMA \"{$object}\""; + break; + default: + return -1; + } + + switch ($entity) { + case 'USER': + $sql .= " TO \"{$name}\""; + break; + case 'GROUP': + $sql .= " TO GROUP \"{$name}\""; + break; + case 'PUBLIC': + $sql .= " TO PUBLIC"; + break; + default: + return -2; + } + + return $this->execute($sql); + } // Capabilities function hasTables() { return true; } diff --git a/lang/english.php b/lang/english.php index 7f4b26a0..e10c253b 100755 --- a/lang/english.php +++ b/lang/english.php @@ -4,7 +4,7 @@ * Language template file for WebDB. Use this to base language * files. * - * $Id: english.php,v 1.50 2003/02/09 10:22:39 chriskl Exp $ + * $Id: english.php,v 1.51 2003/02/10 14:48:55 chriskl Exp $ */ // Language and character set @@ -139,10 +139,15 @@ $strMembers = 'Members'; // Privilges + $strPrivilege = 'Privilege'; $strPrivileges = 'Privileges'; $strNoPrivileges = 'This object has no privileges.'; $strGrant = 'Grant'; $strRevoke = 'Revoke'; + $strGranted = 'Privileges granted.'; + $strGrantFailed = 'Failed to grant privileges.'; + $strGrantUser = 'Grant User'; + $strGrantGroup = 'Grant Group'; // Databases $strDatabase = 'Database'; @@ -159,7 +164,7 @@ $strDatabaseDropped = 'Database dropped.'; $strDatabaseDroppedBad = 'Database drop failed.'; $strEnterSQL = 'Enter the SQL to execute below:'; - + // Views $strView = 'View'; $strViews = 'Views'; diff --git a/lang/recoded/english.php b/lang/recoded/english.php index 931c6674..1e02fc3b 100644 --- a/lang/recoded/english.php +++ b/lang/recoded/english.php @@ -4,7 +4,7 @@ * Language template file for WebDB. Use this to base language * files. * - * $Id: english.php,v 1.6 2003/02/09 10:22:39 chriskl Exp $ + * $Id: english.php,v 1.7 2003/02/10 14:48:56 chriskl Exp $ */ // Language and character set @@ -139,10 +139,15 @@ $strMembers = 'Members'; // Privilges + $strPrivilege = 'Privilege'; $strPrivileges = 'Privileges'; $strNoPrivileges = 'This object has no privileges.'; $strGrant = 'Grant'; $strRevoke = 'Revoke'; + $strGranted = 'Privileges granted.'; + $strGrantFailed = 'Failed to grant privileges.'; + $strGrantUser = 'Grant User'; + $strGrantGroup = 'Grant Group'; // Databases $strDatabase = 'Database'; @@ -159,7 +164,7 @@ $strDatabaseDropped = 'Database dropped.'; $strDatabaseDroppedBad = 'Database drop failed.'; $strEnterSQL = 'Enter the SQL to execute below:'; - + // Views $strView = 'View'; $strViews = 'Views'; diff --git a/privileges.php b/privileges.php index 2400067d..a3a40dbd 100644 --- a/privileges.php +++ b/privileges.php @@ -3,7 +3,7 @@ /** * Manage privileges in a database * - * $Id: privileges.php,v 1.5 2003/02/09 10:22:38 chriskl Exp $ + * $Id: privileges.php,v 1.6 2003/02/10 14:48:53 chriskl Exp $ */ // Include application functions @@ -13,6 +13,162 @@ if (!isset($msg)) $msg = ''; $PHP_SELF = $_SERVER['PHP_SELF']; + /** + * Grant permissions on an object to a user + * @peram $confirm To show entry screen + * @param $msg (optional) A message to show + */ + function doGrantUser($confirm, $msg = '') { + global $data, $localData, $misc; + global $PHP_SELF, $strPrivilege, $strPrivileges, $strGrant, $strCancel, $strUser; + global $strGranted, $strGrantFailed; + + if (!isset($_REQUEST['username'])) $_REQUEST['username'] = ''; + if (!isset($_REQUEST['privilege'])) $_REQUEST['privilege'] = ''; + + if ($confirm) { + // Get users from the database + $users = &$localData->getUsers(); + + switch ($_REQUEST['type']) { + case 'function': + $name = $_REQUEST['function']; + break; + default: + $name = $_REQUEST['object']; + } + echo "

$strPrivileges: ", htmlspecialchars($name), ": {$strGrant}

\n"; + $misc->printMsg($msg); + + echo "
\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "
{$strUser}
{$strPrivilege}
\n"; + + echo "\n"; + echo "\n"; + echo "\n"; + switch ($_REQUEST['type']) { + case 'table': + echo "\n"; + break; + case 'function': + echo "\n"; + break; + default: + } + echo $misc->form; + echo "

\n"; + echo "
\n"; + } + else { + $status = $localData->grantPrivileges($_REQUEST['type'], $_REQUEST['object'], + ($_REQUEST['username'] == 'PUBLIC') ? 'PUBLIC' : 'USER', + $_REQUEST['username'], $_REQUEST['privilege']); + if ($status == 0) + doDefault($strGranted); + else + doDefault($strGrantFailed); + } + } + + /** + * Grant permissions on an object to a group + * @peram $confirm To show entry screen + * @param $msg (optional) A message to show + */ + function doGrantGroup($confirm, $msg = '') { + global $data, $localData, $misc; + global $PHP_SELF, $strPrivilege, $strPrivileges, $strGrant, $strCancel, $strGroup; + global $strGranted, $strGrantFailed; + + if (!isset($_REQUEST['groupname'])) $_REQUEST['groupname'] = ''; + if (!isset($_REQUEST['privilege'])) $_REQUEST['privilege'] = ''; + + if ($confirm) { + // Get groups from the database + $groups = &$localData->getGroups(); + + switch ($_REQUEST['type']) { + case 'function': + $name = $_REQUEST['function']; + break; + default: + $name = $_REQUEST['object']; + } + echo "

$strPrivileges: ", htmlspecialchars($name), ": {$strGrant}

\n"; + $misc->printMsg($msg); + + echo "
\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "
{$strGroup}
{$strPrivilege}
\n"; + + echo "\n"; + echo "\n"; + echo "\n"; + switch ($_REQUEST['type']) { + case 'table': + echo "\n"; + break; + case 'function': + echo "\n"; + break; + default: + } + echo $misc->form; + echo "

\n"; + echo "
\n"; + } + else { + $status = $localData->grantPrivileges($_REQUEST['type'], $_REQUEST['object'], + ($_REQUEST['groupname'] == 'PUBLIC') ? 'PUBLIC' : 'GROUP', + $_REQUEST['groupname'], $_REQUEST['privilege']); + if ($status == 0) + doDefault($strGranted); + else + doDefault($strGrantFailed); + } + } + /** * Show permissions on a database, namespace, relation, language or function */ @@ -21,7 +177,7 @@ global $PHP_SELF, $strPrivileges, $strGrant, $strRevoke; global $strUser, $strGroup, $strYes, $strNo, $strType; global $strShowAllViews, $strShowAllSequences, $strShowAllFunctions, $strNoPrivileges; - global $strShowAllSchemas; + global $strShowAllSchemas, $strGrantUser, $strGrantGroup; switch ($_REQUEST['type']) { case 'database': @@ -85,29 +241,70 @@ else { echo "

{$strNoPrivileges}

\n"; } - + + // Links for granting to a user or group switch ($_REQUEST['type']) { + case 'table': + echo "

href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "&table=", htmlspecialchars($_REQUEST['table']), "\">{$strGrantUser} |\n"; + echo "href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "&table=", htmlspecialchars($_REQUEST['table']), "\">{$strGrantGroup}\n"; + break; case 'view': - echo "

href}\">{$strShowAllViews}

\n"; + echo "

href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "\">{$strGrantUser} |\n"; + echo "href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "\">{$strGrantGroup}\n"; + echo "| href}\">{$strShowAllViews}

\n"; break; case 'sequence': - echo "

href}\">{$strShowAllSequences}

\n"; + echo "

href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "\">{$strGrantUser} |\n"; + echo "href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "\">{$strGrantGroup}\n"; + echo "| href}\">{$strShowAllSequences}

\n"; + break; + case 'database': + echo "

href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "\">{$strGrantUser} |\n"; + echo "href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "\">{$strGrantGroup}\n"; break; case 'function': - echo "

href}\">$strShowAllFunctions

\n"; + echo "

href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "&function=", htmlspecialchars($_REQUEST['function']), "\">{$strGrantUser} |\n"; + echo "href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "&function=", htmlspecialchars($_REQUEST['function']), "\">{$strGrantGroup}\n"; + echo "| href}\">$strShowAllFunctions

\n"; break; case 'schema': - echo "

href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "\">{$strGrantUser} |\n"; + echo "href}&type={$_REQUEST['type']}&object=", + htmlspecialchars($_REQUEST['object']), "\">{$strGrantGroup}\n"; + echo "| $strShowAllSchemas

\n"; - break; + break; } + echo "

\n"; } $misc->printHeader($strPrivileges); switch ($action) { - case 'edit': - doEdit(); + case 'savegrantgroup': + if (isset($_REQUEST['cancel'])) doDefault(); + else doGrantGroup(false); + break; + case 'grantgroup': + doGrantGroup(true); + break; + case 'savegrantuser': + if (isset($_REQUEST['cancel'])) doDefault(); + else doGrantUser(false); + break; + case 'grantuser': + doGrantUser(true); break; default: doDefault(); -- 2.39.5