From afefed8863a8269b608dde9986bb188c43dd210a Mon Sep 17 00:00:00 2001 From: chriskl Date: Wed, 21 May 2003 09:06:23 +0000 Subject: [PATCH] add revoke support. massive improvements so now you can grant or revoke to multiple entities in one go. reduce code duplication. add some new translations --- BUGS | 3 + HISTORY | 2 + TODO | 1 - classes/database/Postgres.php | 69 ++++++++++---- lang/english.php | 10 +- lang/recoded/english.php | 10 +- privileges.php | 172 +++++++++------------------------- 7 files changed, 107 insertions(+), 160 deletions(-) diff --git a/BUGS b/BUGS index 19b195f7..79c264ad 100644 --- a/BUGS +++ b/BUGS @@ -1,2 +1,5 @@ * Lots more printVal()ing needs to be done. Whenever displaying user data, it should use $misc->printVal($var) instead of htmlspecialchars($var). +* Add revoke support +* Fix grant option/grantor stuff +* Schema support for privileges diff --git a/HISTORY b/HISTORY index 25ed4c13..252c5824 100644 --- a/HISTORY +++ b/HISTORY @@ -25,6 +25,8 @@ Version 3.0-beta-1 on field name - Trim long strings. Use 'expand' and 'collapse' to see full strings or trimmed strings. +* Revoke on objects. Grant or revoke to multiple groups + and users at once. Version 3.0.0-dev-4 ------------------- diff --git a/TODO b/TODO index 0d42fe4f..376e140f 100644 --- a/TODO +++ b/TODO @@ -25,7 +25,6 @@ Groups Permissions ----------- -* Allow revoking of perms * Allow display of grants for a user * Allow display of grants for a group diff --git a/classes/database/Postgres.php b/classes/database/Postgres.php index c4cc669d..46a8fe70 100755 --- a/classes/database/Postgres.php +++ b/classes/database/Postgres.php @@ -4,7 +4,7 @@ * A class that implements the DB interface for Postgres * Note: This class uses ADODB and returns RecordSets. * - * $Id: Postgres.php,v 1.113 2003/05/20 03:54:04 chriskl Exp $ + * $Id: Postgres.php,v 1.114 2003/05/21 09:06:23 chriskl Exp $ */ // @@@ THOUGHT: What about inherits? ie. use of ONLY??? @@ -1998,20 +1998,35 @@ class Postgres extends BaseDB { /** * Grants a privilege to a user, group or public + * @param $mode 'GRANT' or 'REVOKE'; * @param $type The type of object * @param $object The name of the object - * @param $entity The type of entity (eg. USER, GROUP or PUBLIC) - * @param $name The username or groupname to grant privs to. Ignored for PUBLIC. - * @param $privilege The privilege to grant (eg. SELECT, ALL PRIVILEGES, etc.) + * @param $public True to grant to public, false otherwise + * @param $usernames The array of usernames to grant privs to. + * @param $groupnames The array of group names to grant privs to. + * @param $privileges The array of privileges to grant (eg. ('SELECT', 'ALL PRIVILEGES', etc.) ) * @return 0 success * @return -1 invalid type * @return -2 invalid entity + * @return -3 invalid privileges + * @return -4 not granting to anything + * @return -4 invalid mode */ - function grantPrivileges($type, $object, $entity, $name, $privilege) { + function setPrivileges($mode, $type, $object, $public, $usernames, $groupnames, $privileges) { $this->fieldClean($object); - $this->fieldClean($name); + $this->fieldArrayClean($usernames); + $this->fieldArrayClean($groupnames); + + // Input checking + if (!is_array($privileges) || sizeof($privileges) == 0) return -3; + if (!is_array($usernames) || !is_array($groupnames) || + (!$public && sizeof($usernames) == 0 && sizeof($groupnames) == 0)) return -4; + if ($mode != 'GRANT' && $mode != 'REVOKE') return -5; - $sql = "GRANT {$privilege} ON"; + if (in_array('ALL PRIVILEGES', $privileges)) + $sql = "{$mode} ALL PRIVILEGES ON"; + else + $sql = "{$mode} " . join(', ', $privileges) . " ON"; // @@ WE NEED SCHEMA SUPPORT BELOW switch ($type) { case 'table': @@ -2038,20 +2053,34 @@ class Postgres extends BaseDB { return -1; } - switch ($entity) { - case 'USER': - $sql .= " TO \"{$name}\""; - break; - case 'GROUP': - $sql .= " TO GROUP \"{$name}\""; - break; - case 'PUBLIC': - $sql .= " TO PUBLIC"; - break; - default: - return -2; + // Dump PUBLIC + $first = true; + $sql .= ($mode == 'GRANT') ? ' TO ' : ' FROM '; + if ($public) { + $sql .= 'PUBLIC'; + $first = false; } - + // Dump users + foreach ($usernames as $v) { + if ($first) { + $sql .= "\"{$v}\""; + $first = false; + } + else { + $sql .= ", \"{$v}\""; + } + } + // Dump groups + foreach ($groupnames as $v) { + if ($first) { + $sql .= "GROUP \"{$v}\""; + $first = false; + } + else { + $sql .= ", GROUP \"{$v}\""; + } + } + return $this->execute($sql); } diff --git a/lang/english.php b/lang/english.php index f6382f12..d1b84d72 100755 --- a/lang/english.php +++ b/lang/english.php @@ -4,7 +4,7 @@ * English language file for phpPgAdmin. Use this as a basis * for new translations. * - * $Id: english.php,v 1.79 2003/05/20 09:01:58 chriskl Exp $ + * $Id: english.php,v 1.80 2003/05/21 09:06:24 chriskl Exp $ */ // Language and character set @@ -204,10 +204,10 @@ $lang['strnoprivileges'] = 'This object has default owner privileges.'; $lang['strgrant'] = 'Grant'; $lang['strrevoke'] = 'Revoke'; - $lang['strgranted'] = 'Privileges granted.'; - $lang['strgrantfailed'] = 'Failed to grant privileges.'; - $lang['strgrantuser'] = 'Grant User'; - $lang['strgrantgroup'] = 'Grant Group'; + $lang['strgranted'] = 'Privileges changed.'; + $lang['strgrantfailed'] = 'Failed to change privileges.'; + $lang['strgrantbad'] = 'You must specify at least one user or group and at least one privilege.'; + $lang['stralterprivs'] = 'Alter Privileges'; // Databases $lang['strdatabase'] = 'Database'; diff --git a/lang/recoded/english.php b/lang/recoded/english.php index 0ce7c213..b758e224 100644 --- a/lang/recoded/english.php +++ b/lang/recoded/english.php @@ -4,7 +4,7 @@ * English language file for phpPgAdmin. Use this as a basis * for new translations. * - * $Id: english.php,v 1.31 2003/05/20 09:01:58 chriskl Exp $ + * $Id: english.php,v 1.32 2003/05/21 09:06:24 chriskl Exp $ */ // Language and character set @@ -204,10 +204,10 @@ $lang['strnoprivileges'] = 'This object has default owner privileges.'; $lang['strgrant'] = 'Grant'; $lang['strrevoke'] = 'Revoke'; - $lang['strgranted'] = 'Privileges granted.'; - $lang['strgrantfailed'] = 'Failed to grant privileges.'; - $lang['strgrantuser'] = 'Grant User'; - $lang['strgrantgroup'] = 'Grant Group'; + $lang['strgranted'] = 'Privileges changed.'; + $lang['strgrantfailed'] = 'Failed to change privileges.'; + $lang['strgrantbad'] = 'You must specify at least one user or group and at least one privilege.'; + $lang['stralterprivs'] = 'Alter Privileges'; // Databases $lang['strdatabase'] = 'Database'; diff --git a/privileges.php b/privileges.php index 3f179f23..ad89c07f 100644 --- a/privileges.php +++ b/privileges.php @@ -3,7 +3,7 @@ /** * Manage privileges in a database * - * $Id: privileges.php,v 1.11 2003/05/21 07:02:12 chriskl Exp $ + * $Id: privileges.php,v 1.12 2003/05/21 09:06:23 chriskl Exp $ */ // Include application functions @@ -18,12 +18,13 @@ * @peram $confirm To show entry screen * @param $msg (optional) A message to show */ - function doGrantUser($confirm, $msg = '') { + function doAlter($confirm, $msg = '') { global $data, $localData, $misc; global $PHP_SELF, $lang; - if (!isset($_REQUEST['username'])) $_REQUEST['username'] = ''; - if (!isset($_REQUEST['privilege'])) $_REQUEST['privilege'] = ''; + if (!isset($_REQUEST['username'])) $_REQUEST['username'] = array(); + if (!isset($_REQUEST['groupname'])) $_REQUEST['groupname'] = array(); + if (!isset($_REQUEST['privilege'])) $_REQUEST['privilege'] = array(); // Set name switch ($_REQUEST['type']) { @@ -37,17 +38,16 @@ if ($confirm) { // Get users from the database $users = &$localData->getUsers(); + // Get groups from the database + $groups = &$localData->getGroups(); - echo "

{$lang['strprivileges']}: ", $misc->printVal($name), ": {$lang['strgrant']}

\n"; + echo "

{$lang['strprivileges']}: ", $misc->printVal($name), ": {$lang['stralterprivs']}

\n"; $misc->printMsg($msg); echo "
\n"; echo "\n"; - echo "\n"; - echo "\n"; + echo "\n"; - echo "\n"; - echo "\n"; - echo "
{$lang['struser']}
{$lang['strusers']}
{$lang['strprivilege']}
\n"; - - echo "\n"; - echo "\n"; - echo "\n"; - switch ($_REQUEST['type']) { - case 'table': - echo "\n"; - break; - case 'function': - echo "\n"; - break; - default: - } - echo $misc->form; - echo "

\n"; - echo "

\n"; - echo "
\n"; - } - else { - $status = $localData->grantPrivileges($_REQUEST['type'], $name, - ($_REQUEST['username'] == 'PUBLIC') ? 'PUBLIC' : 'USER', - $_REQUEST['username'], $_REQUEST['privilege']); - if ($status == 0) - doDefault($lang['strgranted']); - else - doDefault($lang['strgrantfailed']); - } - } - - /** - * Grant permissions on an object to a group - * @peram $confirm To show entry screen - * @param $msg (optional) A message to show - */ - function doGrantGroup($confirm, $msg = '') { - global $data, $localData, $misc; - global $PHP_SELF, $lang; - - if (!isset($_REQUEST['groupname'])) $_REQUEST['groupname'] = ''; - if (!isset($_REQUEST['privilege'])) $_REQUEST['privilege'] = ''; - - // Set name - switch ($_REQUEST['type']) { - case 'function': - $name = $_REQUEST['function']; - break; - default: - $name = $_REQUEST['object']; - } - - if ($confirm) { - // Get groups from the database - $groups = &$localData->getGroups(); - - echo "

{$lang['strprivileges']}: ", $misc->printVal($name), ": {$lang['strgrant']}

\n"; - $misc->printMsg($msg); - - echo "
\n"; - echo "\n"; - echo "\n"; - echo "\n"; + echo "\n"; - echo "\n"; - echo "\n"; + echo "\n"; + echo "\n"; echo "
{$lang['strgroup']}
{$lang['strgroups']}\n"; + echo "PUBLIC
\n"; + echo "
{$lang['strprivilege']}
{$lang['strprivileges']}\n"; foreach ($data->privlist[$_REQUEST['type']] as $v) { $v = htmlspecialchars($v); - echo "\n"; + echo "{$v}
\n"; } - echo "
\n"; - echo "\n"; + echo "\n"; echo "\n"; echo "\n"; switch ($_REQUEST['type']) { @@ -158,18 +89,20 @@ default: } echo $misc->form; - echo "

\n"; + echo "

\n"; + echo "\n"; echo "

\n"; echo "
\n"; } else { - $status = $localData->grantPrivileges($_REQUEST['type'], $name, - ($_REQUEST['groupname'] == 'PUBLIC') ? 'PUBLIC' : 'GROUP', - $_REQUEST['groupname'], $_REQUEST['privilege']); + $status = $localData->setPrivileges(isset($_REQUEST['grant']) ? 'GRANT' : 'REVOKE', $_REQUEST['type'], $name, + isset($_REQUEST['public']), $_REQUEST['username'], $_REQUEST['groupname'], array_keys($_REQUEST['privilege'])); if ($status == 0) doDefault($lang['strgranted']); + elseif ($status == -3 || $status == -4) + doAlter(true, $lang['strgrantbad']); else - doDefault($lang['strgrantfailed']); + doAlter(true, $lang['strgrantfailed']); } } @@ -246,43 +179,31 @@ // Links for granting to a user or group switch ($_REQUEST['type']) { case 'table': - echo "

href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "&table=", urlencode($_REQUEST['table']), "\">{$lang['strgrantuser']} |\n"; - echo "href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "&table=", urlencode($_REQUEST['table']), "\">{$lang['strgrantgroup']}\n"; + echo "

href}&type={$_REQUEST['type']}&object=", + urlencode($_REQUEST['object']), "&table=", urlencode($_REQUEST['table']), "\">{$lang['stralterprivs']}

\n"; break; case 'view': - echo "

href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "\">{$lang['strgrantuser']} |\n"; - echo "href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "\">{$lang['strgrantgroup']}\n"; + echo "

href}&type={$_REQUEST['type']}&object=", + urlencode($_REQUEST['object']), "\">{$lang['stralterprivs']} |\n"; echo "| href}\">{$lang['strshowallviews']}

\n"; break; case 'sequence': - echo "

href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "\">{$lang['strgrantuser']} |\n"; - echo "href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "\">{$lang['strgrantgroup']}\n"; + echo "

href}&type={$_REQUEST['type']}&object=", + urlencode($_REQUEST['object']), "\">{$lang['stralterprivs']} |\n"; echo "| href}\">{$lang['strshowallsequences']}

\n"; break; case 'database': - echo "

href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "\">{$lang['strgrantuser']} |\n"; - echo "href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "\">{$lang['strgrantgroup']}\n"; + echo "

href}&type={$_REQUEST['type']}&object=", + urlencode($_REQUEST['object']), "\">{$lang['stralterprivs']}

\n"; break; case 'function': - echo "

href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "&function=", urlencode($_REQUEST['function']), "\">{$lang['strgrantuser']} |\n"; - echo "href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "&function=", urlencode($_REQUEST['function']), "\">{$lang['strgrantgroup']}\n"; + echo "

href}&type={$_REQUEST['type']}&object=", + urlencode($_REQUEST['object']), "&function=", urlencode($_REQUEST['function']), "\">{$lang['stralterprivs']} |\n"; echo "| href}\">{$lang['strshowallfunctions']}

\n"; break; case 'schema': - echo "

href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "\">{$lang['strgrantuser']} |\n"; - echo "href}&type={$_REQUEST['type']}&object=", - urlencode($_REQUEST['object']), "\">{$lang['strgrantgroup']}\n"; + echo "

href}&type={$_REQUEST['type']}&object=", + urlencode($_REQUEST['object']), "\">{$lang['stralterprivs']} |\n"; echo "| {$lang['strshowallschemas']}

\n"; break; @@ -294,19 +215,12 @@ $misc->printBody(); switch ($action) { - case 'savegrantgroup': - if (isset($_REQUEST['cancel'])) doDefault(); - else doGrantGroup(false); - break; - case 'grantgroup': - doGrantGroup(true); - break; - case 'savegrantuser': + case 'save': if (isset($_REQUEST['cancel'])) doDefault(); - else doGrantUser(false); + else doAlter(false); break; - case 'grantuser': - doGrantUser(true); + case 'alter': + doAlter(true); break; default: doDefault(); -- 2.39.5