cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix a problem introduced with #1101 and optimize privilege handling

Browse source 
* If a db user belonged to a role which had a privilege, the user would
  not have the privilege added as the role gave the appearance that the
  user already had it.  Fixed to always check the privileges specific to
  the user.
* Make fewer db queries to determine if privileges need to be changed
  and change them (was four for each privilege.  Now two for each object
  that has a set of privileges changed).
This commit is contained in:
Toshio Kuratomi 2015-05-19 12:41:48 -07:00 committed by Matt Clay
parent 75ef963922
commit fa60891f68
1 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/ansible/modules/database/postgresql/postgresql_user.py
View file

@ -419,8 +419,6 @@ def revoke_privileges(cursor, user, privs):
return False return False
changed = False changed = False
revoke_funcs = dict(table=revoke_table_privilege, database=revoke_database_privilege)
check_funcs = dict(table=has_table_privilege, database=has_database_privilege)
for type_ in privs: for type_ in privs:
revoke_func = { revoke_func = {
'table':revoke_table_privilege, 'table':revoke_table_privilege,
@ -436,8 +434,9 @@ def revoke_privileges(cursor, user, privs):
def grant_privileges(cursor, user, privs): def grant_privileges(cursor, user, privs):
if privs is None: if privs is None:
return False return False
grant_funcs = dict(table=grant_table_privilege, database=grant_database_privilege)
check_funcs = dict(table=has_table_privilege, database=has_database_privilege) grant_funcs = dict(table=grant_table_privileges, database=grant_database_privileges)
check_funcs = dict(table=has_table_privileges, database=has_database_privileges)
changed = False changed = False
for type_ in privs: for type_ in privs: