Fix a problem introduced with #1101 and optimize privilege handling
* If a db user belonged to a role which had a privilege, the user would not have the privilege added as the role gave the appearance that the user already had it. Fixed to always check the privileges specific to the user. * Make fewer db queries to determine if privileges need to be changed and change them (was four for each privilege. Now two for each object that has a set of privileges changed).
This commit is contained in:
parent
fa9d2f56df
commit
c700993dd5
1 changed files with 3 additions and 4 deletions
|
@ -431,8 +431,6 @@ def revoke_privileges(cursor, user, privs):
|
|||
check_funcs = dict(table=has_table_privileges, database=has_database_privileges)
|
||||
|
||||
changed = False
|
||||
revoke_funcs = dict(table=revoke_table_privilege, database=revoke_database_privilege)
|
||||
check_funcs = dict(table=has_table_privilege, database=has_database_privilege)
|
||||
for type_ in privs:
|
||||
for name, privileges in privs[type_].iteritems():
|
||||
# Check that any of the privileges requested to be removed are
|
||||
|
@ -446,8 +444,9 @@ def revoke_privileges(cursor, user, privs):
|
|||
def grant_privileges(cursor, user, privs):
|
||||
if privs is None:
|
||||
return False
|
||||
grant_funcs = dict(table=grant_table_privilege, database=grant_database_privilege)
|
||||
check_funcs = dict(table=has_table_privilege, database=has_database_privilege)
|
||||
|
||||
grant_funcs = dict(table=grant_table_privileges, database=grant_database_privileges)
|
||||
check_funcs = dict(table=has_table_privileges, database=has_database_privileges)
|
||||
|
||||
grant_funcs = dict(table=grant_table_privileges, database=grant_database_privileges)
|
||||
check_funcs = dict(table=has_table_privileges, database=has_database_privileges)
|
||||
|
|
Loading…
Reference in a new issue