2016-02-04 09:32:11 -06:00
|
|
|
##########################################################################
|
|
|
|
|
#
|
|
|
|
|
# pgAdmin 4 - PostgreSQL Tools
|
|
|
|
|
#
|
|
|
|
|
# Copyright (C) 2013 - 2016, The pgAdmin Development Team
|
|
|
|
|
# This software is released under the PostgreSQL Licence
|
|
|
|
|
#
|
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
|
|
"""Server helper utilities"""
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def parse_priv_from_db(db_privileges):
|
|
|
|
|
"""
|
|
|
|
|
Common utility function to parse privileges retrieved from database.
|
|
|
|
|
"""
|
|
|
|
|
acl = {
|
|
|
|
|
'grantor': db_privileges['grantor'],
|
|
|
|
|
'grantee': db_privileges['grantee'],
|
|
|
|
|
'privileges':[]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
privileges = []
|
|
|
|
|
for idx, priv in enumerate(db_privileges['privileges']):
|
|
|
|
|
privileges.append({
|
|
|
|
|
"privilege_type": priv,
|
|
|
|
|
"privilege": True,
|
|
|
|
|
"with_grant": db_privileges['grantable'][idx]
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
acl['privileges'] = privileges
|
|
|
|
|
|
|
|
|
|
return acl
|
|
|
|
|
|
|
|
|
|
|
Resolved few issues (with some improvements) with existing nodes.
This commit takes care of the following issues/improvements.
* Adding missing imports for unauthorised in database module
* Node under Servers Nodes (i.e. Databases, tablespaces, roles nodes)
need to be inherited from PGChildNodeView (and, not from NodeView) for
adding server version check for their children.
* Adding statistics for database, and tablespaces in its node (not, yet
in UI)
* Renaming the camel case methods with proper name.
(i.e. getSQL -> get_sql, getNewSQL -> get_new_sql, etc.)
* Fixed the functions going beyond the text limit (column: 80) in
Databases, Roles & Tablespaces modules.
* Fixed the node method of Database module, which was not tested ever.
* We do not need separate SQL template for fetching the name (i.e.
get_name.sql), using the 'nodes.sql' for the same.
* Optimise the query for fetching ACLs for the database node, we didn't
require to join certain tables, while fetching only the ACLs.
* Introduced the list of the ACLs (regular and default ACLs for
different type) supported by each version [Databases Module].
* Renamed the templates 'get_nodes.sql' to' nodes.sql' to make it
consistent with other modules.
* Removed the checks for the authentication table use, as we don't need
to expose the password to the users (even the encrypted MD5). Using
the pg_roles view always for fetching roles/users information now.
* Resolved some typos in unreachable (specially the exceptions
catchment area.)
* Logging the exception in the application.
* Using qtLiteral, qtIdent properly in the templates (do not assume
about the types of data.)
* Using tsid as identifier instead of did for the tablespaces.
* Using nodes method of tablespace view for fetching individual node
information.
* Removing the hardcoded node information from the 'parse_priv_to_db'
function, and pass on allowed ACLs by the caller nodes.
* Using 'nodes.sql' to fetch name of the template instead of writing
that in the delete.sql template, which is definitely wrong place to
fetch the name of the object. [Tablespace Module]
2016-02-22 00:14:24 -06:00
|
|
|
def parse_priv_to_db(str_privileges, allowed_acls = []):
|
2016-02-04 09:32:11 -06:00
|
|
|
"""
|
|
|
|
|
Common utility function to parse privileges before sending to database.
|
|
|
|
|
"""
|
|
|
|
|
db_privileges = {
|
|
|
|
|
'c': 'CONNECT',
|
|
|
|
|
'C': 'CREATE',
|
|
|
|
|
'T': 'TEMPORARY',
|
|
|
|
|
'a': 'INSERT',
|
|
|
|
|
'r': 'SELECT',
|
|
|
|
|
'w': 'UPDATE',
|
|
|
|
|
'd': 'DELETE',
|
|
|
|
|
'D': 'TRUNCATE',
|
|
|
|
|
'x': 'REFERENCES',
|
|
|
|
|
't': 'TRIGGER',
|
|
|
|
|
'U': 'USAGE',
|
|
|
|
|
'X': 'EXECUTE'
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
privileges = []
|
Resolved few issues (with some improvements) with existing nodes.
This commit takes care of the following issues/improvements.
* Adding missing imports for unauthorised in database module
* Node under Servers Nodes (i.e. Databases, tablespaces, roles nodes)
need to be inherited from PGChildNodeView (and, not from NodeView) for
adding server version check for their children.
* Adding statistics for database, and tablespaces in its node (not, yet
in UI)
* Renaming the camel case methods with proper name.
(i.e. getSQL -> get_sql, getNewSQL -> get_new_sql, etc.)
* Fixed the functions going beyond the text limit (column: 80) in
Databases, Roles & Tablespaces modules.
* Fixed the node method of Database module, which was not tested ever.
* We do not need separate SQL template for fetching the name (i.e.
get_name.sql), using the 'nodes.sql' for the same.
* Optimise the query for fetching ACLs for the database node, we didn't
require to join certain tables, while fetching only the ACLs.
* Introduced the list of the ACLs (regular and default ACLs for
different type) supported by each version [Databases Module].
* Renamed the templates 'get_nodes.sql' to' nodes.sql' to make it
consistent with other modules.
* Removed the checks for the authentication table use, as we don't need
to expose the password to the users (even the encrypted MD5). Using
the pg_roles view always for fetching roles/users information now.
* Resolved some typos in unreachable (specially the exceptions
catchment area.)
* Logging the exception in the application.
* Using qtLiteral, qtIdent properly in the templates (do not assume
about the types of data.)
* Using tsid as identifier instead of did for the tablespaces.
* Using nodes method of tablespace view for fetching individual node
information.
* Removing the hardcoded node information from the 'parse_priv_to_db'
function, and pass on allowed ACLs by the caller nodes.
* Using 'nodes.sql' to fetch name of the template instead of writing
that in the delete.sql template, which is definitely wrong place to
fetch the name of the object. [Tablespace Module]
2016-02-22 00:14:24 -06:00
|
|
|
allowed_acls_len = len(allowed_acls)
|
2016-02-04 09:32:11 -06:00
|
|
|
|
|
|
|
|
for priv in str_privileges:
|
|
|
|
|
priv_with_grant = []
|
|
|
|
|
priv_without_grant = []
|
Resolved few issues (with some improvements) with existing nodes.
This commit takes care of the following issues/improvements.
* Adding missing imports for unauthorised in database module
* Node under Servers Nodes (i.e. Databases, tablespaces, roles nodes)
need to be inherited from PGChildNodeView (and, not from NodeView) for
adding server version check for their children.
* Adding statistics for database, and tablespaces in its node (not, yet
in UI)
* Renaming the camel case methods with proper name.
(i.e. getSQL -> get_sql, getNewSQL -> get_new_sql, etc.)
* Fixed the functions going beyond the text limit (column: 80) in
Databases, Roles & Tablespaces modules.
* Fixed the node method of Database module, which was not tested ever.
* We do not need separate SQL template for fetching the name (i.e.
get_name.sql), using the 'nodes.sql' for the same.
* Optimise the query for fetching ACLs for the database node, we didn't
require to join certain tables, while fetching only the ACLs.
* Introduced the list of the ACLs (regular and default ACLs for
different type) supported by each version [Databases Module].
* Renamed the templates 'get_nodes.sql' to' nodes.sql' to make it
consistent with other modules.
* Removed the checks for the authentication table use, as we don't need
to expose the password to the users (even the encrypted MD5). Using
the pg_roles view always for fetching roles/users information now.
* Resolved some typos in unreachable (specially the exceptions
catchment area.)
* Logging the exception in the application.
* Using qtLiteral, qtIdent properly in the templates (do not assume
about the types of data.)
* Using tsid as identifier instead of did for the tablespaces.
* Using nodes method of tablespace view for fetching individual node
information.
* Removing the hardcoded node information from the 'parse_priv_to_db'
function, and pass on allowed ACLs by the caller nodes.
* Using 'nodes.sql' to fetch name of the template instead of writing
that in the delete.sql template, which is definitely wrong place to
fetch the name of the object. [Tablespace Module]
2016-02-22 00:14:24 -06:00
|
|
|
|
2016-02-04 09:32:11 -06:00
|
|
|
for privilege in priv['privileges']:
|
Resolved few issues (with some improvements) with existing nodes.
This commit takes care of the following issues/improvements.
* Adding missing imports for unauthorised in database module
* Node under Servers Nodes (i.e. Databases, tablespaces, roles nodes)
need to be inherited from PGChildNodeView (and, not from NodeView) for
adding server version check for their children.
* Adding statistics for database, and tablespaces in its node (not, yet
in UI)
* Renaming the camel case methods with proper name.
(i.e. getSQL -> get_sql, getNewSQL -> get_new_sql, etc.)
* Fixed the functions going beyond the text limit (column: 80) in
Databases, Roles & Tablespaces modules.
* Fixed the node method of Database module, which was not tested ever.
* We do not need separate SQL template for fetching the name (i.e.
get_name.sql), using the 'nodes.sql' for the same.
* Optimise the query for fetching ACLs for the database node, we didn't
require to join certain tables, while fetching only the ACLs.
* Introduced the list of the ACLs (regular and default ACLs for
different type) supported by each version [Databases Module].
* Renamed the templates 'get_nodes.sql' to' nodes.sql' to make it
consistent with other modules.
* Removed the checks for the authentication table use, as we don't need
to expose the password to the users (even the encrypted MD5). Using
the pg_roles view always for fetching roles/users information now.
* Resolved some typos in unreachable (specially the exceptions
catchment area.)
* Logging the exception in the application.
* Using qtLiteral, qtIdent properly in the templates (do not assume
about the types of data.)
* Using tsid as identifier instead of did for the tablespaces.
* Using nodes method of tablespace view for fetching individual node
information.
* Removing the hardcoded node information from the 'parse_priv_to_db'
function, and pass on allowed ACLs by the caller nodes.
* Using 'nodes.sql' to fetch name of the template instead of writing
that in the delete.sql template, which is definitely wrong place to
fetch the name of the object. [Tablespace Module]
2016-02-22 00:14:24 -06:00
|
|
|
|
|
|
|
|
if privilege['privilege_type'] not in db_privileges:
|
|
|
|
|
continue
|
|
|
|
|
|
|
|
|
|
if privilege['privilege_type'] not in allowed_acls:
|
|
|
|
|
continue
|
|
|
|
|
|
2016-02-04 09:32:11 -06:00
|
|
|
if privilege['with_grant']:
|
|
|
|
|
priv_with_grant.append(
|
|
|
|
|
db_privileges[privilege['privilege_type']]
|
|
|
|
|
)
|
|
|
|
|
elif privilege['privilege']:
|
|
|
|
|
priv_without_grant.append(
|
|
|
|
|
db_privileges[privilege['privilege_type']]
|
|
|
|
|
)
|
2016-03-09 11:10:03 -06:00
|
|
|
# If we have all acl then just return all
|
|
|
|
|
if len(priv_with_grant) == allowed_acls_len:
|
|
|
|
|
priv_with_grant = ['ALL']
|
|
|
|
|
if len(priv_without_grant) == allowed_acls_len:
|
|
|
|
|
priv_without_grant = ['ALL']
|
|
|
|
|
# Appending and returning all ACL
|
Resolved few issues (with some improvements) with existing nodes.
This commit takes care of the following issues/improvements.
* Adding missing imports for unauthorised in database module
* Node under Servers Nodes (i.e. Databases, tablespaces, roles nodes)
need to be inherited from PGChildNodeView (and, not from NodeView) for
adding server version check for their children.
* Adding statistics for database, and tablespaces in its node (not, yet
in UI)
* Renaming the camel case methods with proper name.
(i.e. getSQL -> get_sql, getNewSQL -> get_new_sql, etc.)
* Fixed the functions going beyond the text limit (column: 80) in
Databases, Roles & Tablespaces modules.
* Fixed the node method of Database module, which was not tested ever.
* We do not need separate SQL template for fetching the name (i.e.
get_name.sql), using the 'nodes.sql' for the same.
* Optimise the query for fetching ACLs for the database node, we didn't
require to join certain tables, while fetching only the ACLs.
* Introduced the list of the ACLs (regular and default ACLs for
different type) supported by each version [Databases Module].
* Renamed the templates 'get_nodes.sql' to' nodes.sql' to make it
consistent with other modules.
* Removed the checks for the authentication table use, as we don't need
to expose the password to the users (even the encrypted MD5). Using
the pg_roles view always for fetching roles/users information now.
* Resolved some typos in unreachable (specially the exceptions
catchment area.)
* Logging the exception in the application.
* Using qtLiteral, qtIdent properly in the templates (do not assume
about the types of data.)
* Using tsid as identifier instead of did for the tablespaces.
* Using nodes method of tablespace view for fetching individual node
information.
* Removing the hardcoded node information from the 'parse_priv_to_db'
function, and pass on allowed ACLs by the caller nodes.
* Using 'nodes.sql' to fetch name of the template instead of writing
that in the delete.sql template, which is definitely wrong place to
fetch the name of the object. [Tablespace Module]
2016-02-22 00:14:24 -06:00
|
|
|
privileges.append({
|
|
|
|
|
'grantee': priv['grantee'],
|
|
|
|
|
'with_grant': priv_with_grant,
|
|
|
|
|
'without_grant': priv_without_grant
|
|
|
|
|
})
|
2016-02-04 09:32:11 -06:00
|
|
|
|
|
|
|
|
return privileges
|
