db with only table specific rights where not displayed if there was not at least one db with db specfic rights

2005-11-09 12:36:13 +00:00
parent bfddbeafa4
commit 2da8671831
2 changed files with 222 additions and 231 deletions
--- a/3
+++ b/3
@@ -14,6 +14,9 @@ $Source$
      - display default engine in footer
    * libraries/common.lib.php: added PMA_getDbLink
    * libraries/display_create_table.lib.php: use fieldset
+    * server_privilegs.php:
+      db with only table specific rights where not displayed if there was not at
+      least one db with db specfic rights

 2005-11-08 Sebastian Mendel <cybot_tm@users.sourceforge.net>
    * Documentation.html, browse_foreigners.php, error.php,
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -1557,7 +1557,7 @@ if (empty($adduser) && empty($checkprivs)) {
        PMA_displayPrivTable((empty($dbname) ? '*' : $dbname), ((empty($dbname) || empty($tablename)) ? '*' : $tablename), TRUE, 3);
        echo '</form>' . "\n";

-        if ( empty( $tablename ) && isset($dbname_is_wildcard) && ! $dbname_is_wildcard ) {
+        if ( empty( $tablename ) && empty( $dbname_is_wildcard ) ) {

            // no table name was given, display all table specific rights
            // but only if $dbname contains no wildcards
@@ -1579,16 +1579,78 @@ if (empty($adduser) && empty($checkprivs)) {
               . '</tr>' . "\n"
               . '</thead>' . "\n"
               . '<tbody>' . "\n";
+
            $user_host_condition =
-                ' WHERE ' . PMA_convert_using('User') 
+                ' WHERE ' . PMA_convert_using('`User`')
                . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted')
-                . ' AND ' . PMA_convert_using('Host') 
+                . ' AND ' . PMA_convert_using('`Host`')
                . ' = ' . PMA_convert_using($hostname, 'quoted');

            // table body
            // get data
            if ( empty( $dbname ) ) {
-                $sql_query = 'SELECT * FROM `mysql`.`db`' . $user_host_condition . ' ORDER BY `Db` ASC;';
+                // we also want privielgs for this user not in table `db` but in other table
+                $tables = PMA_DBI_fetch_result('SHOW TABLES FROM `mysql`;');
+
+                $tables_to_search_for_users = array(
+                    'tables_priv', 'columns_priv',
+                );
+
+                $db_rights_sqls = array();
+                foreach ( $tables_to_search_for_users as $table_search_in ) {
+                    if ( in_array( $table_search_in, $tables ) ) {
+                        $db_rights_sqls[] = '
+                            SELECT DISTINCT `Db`
+                                   FROM `mysql`.`' . $table_search_in . '`
+                                  ' . $user_host_condition;
+                    }
+                }
+
+                $user_defaults = array(
+                    'Db'         => '',
+                    'Grant_priv' => 'N',
+                    'privs'      => array( 'USAGE' ),
+                    'Table_priv' => true,
+                );
+
+                // for the rights
+                $db_rights = array();
+
+                if ( PMA_MYSQL_INT_VERSION >= 40000 ) {
+                    $db_rights_sql = '(' . implode( ') UNION DISTINCT (', $db_rights_sqls ) . ')'
+                        .' ORDER BY `Db` ASC';
+
+                    $db_rights_result = PMA_DBI_query( $db_rights_sql );
+
+                    while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) {
+                        $db_rights_row = array_merge( $user_defaults, $db_rights_row );
+                        $db_rights[$db_rights_row['Db']] = $db_rights_row;
+                    }
+                } else {
+                    foreach ( $db_rights_sqls as $db_rights_sql ) {
+                        $db_rights_result = PMA_DBI_query( $db_rights_sql );
+
+                        while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) {
+                            $db_rights_row = array_merge( $user_defaults, $db_rights_row );
+                            $db_rights[$db_rights_row['Db']] = $db_rights_row;
+                        }
+                    }
+                }
+                PMA_DBI_free_result( $db_rights_result );
+                unset( $db_rights_sql, $db_rights_sqls, $db_rights_result, $db_rights_row );
+
+                $sql_query = 'SELECT * FROM `mysql`.`db`' . $user_host_condition . ' ORDER BY `Db` ASC';
+                $res = PMA_DBI_query( $sql_query );
+                unset( $sql_query );
+
+                while ( $row = PMA_DBI_fetch_assoc( $res ) ) {
+                    $db_rights[$row['Db']] = $row;
+                    $db_rights[$row['Db']]['can_delete'] = true;
+                }
+                PMA_DBI_free_result( $res );
+                unset( $row, $res );
+
+                ksort( $db_rights );
            } else {
                $sql_query =
                    'SELECT `Table_name`,'
@@ -1600,51 +1662,20 @@ if (empty($adduser) && empty($checkprivs)) {
                    .' AND ' . PMA_convert_using('`Db`')
                    .' LIKE ' . PMA_convert_using($dbname, 'quoted')
                    .' ORDER BY `Table_name` ASC;';
+                $db_rights = PMA_DBI_fetch_result( $sql_query, 'Db', NULL, NULL, PMA_DBI_QUERY_STORE );
            }
-            $res = PMA_DBI_query($sql_query, NULL, PMA_DBI_QUERY_STORE);
+

            // display rows
-            if (PMA_DBI_affected_rows() == 0) {
+            if ( count( $db_rights ) < 1 ) {
                echo '<tr class="odd">' . "\n"
                   . '    <td colspan="6"><center><i>' . $GLOBALS['strNone'] . '</i></center></td>' . "\n"
                   . '</tr>' . "\n";
            } else {
                $odd_row = true;
-                if (empty($dbname)) {
-                    $res2 = PMA_DBI_query('SELECT `Db` FROM `mysql`.`tables_priv`' . $user_host_condition . ' GROUP BY `Db` ORDER BY `Db` ASC;');
-                    $row2 = PMA_DBI_fetch_assoc($res2);
-                    if ( $row2 ) {
-                        $row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] );
-                    }
-                }
                $found_rows = array();
-                while ($row = PMA_DBI_fetch_assoc($res)) {
-                    while (empty($dbname) && $row2 && $row['Db'] > $row2['Db']) {
-                        $found_rows[] = $row2['Db'];
-                        echo '<tr class="' . ( $odd_row ? 'odd' : 'even' ) . '">' . "\n"
-                           . '    <td>' . htmlspecialchars( $row2['Db'] ) . '</td>' . "\n"
-                           . '    <td><tt>' . "\n"
-                           . '        <dfn title="' . $GLOBALS['strPrivDescUsage'] . '">USAGE</dfn>' . "\n"
-                           . '    </tt></td>' . "\n"
-                           . '    <td>' . $GLOBALS['strNo'] . '</td>' . "\n"
-                           . '    <td>' . $GLOBALS['strYes'] . '</td>' . "\n"
-                           . '    <td>';
-                        printf( $link_edit, urlencode( $username ),
-                            urlencode( $hostname ),
-                            urlencode( $row2['Db'] ),
-                            '' );
-                        echo '</td>' . "\n"
-                           . '    <td>';
-                        printf( $link_revoke, urlencode( $username ),
-                            urlencode( $hostname ), urlencode( $row2['Db'] ), '' );
-                        echo '</td>' . "\n"
-                           . '</tr>' . "\n";
-                        $row2 = PMA_DBI_fetch_assoc($res2);
-                        if ( $row2 ) {
-                            $row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] );
-                        }
-                        $odd_row = ! $odd_row;
-                    } // end while
+                //while ( $row = PMA_DBI_fetch_assoc( $res ) ) {
+                foreach ( $db_rights as $row ) {
                    $found_rows[] = empty($dbname) ? $row['Db'] : $row['Table_name'];

                    echo '<tr class="' . ( $odd_row ? 'odd' : 'even' ) . '">' . "\n"
@@ -1654,15 +1685,8 @@ if (empty($adduser) && empty($checkprivs)) {
                       . '        </tt></td>' . "\n"
                       . '    <td>' . (((empty($dbname) && $row['Grant_priv'] == 'Y') || (!empty($dbname) && in_array('Grant', explode(',', $row['Table_priv'])))) ? $GLOBALS['strYes'] : $GLOBALS['strNo']) . '</td>' . "\n"
                       . '    <td>';
-                    if ((empty($dbname) && $row2 && $row['Db'] == $row2['Db'])
-                        || (!empty($dbname) && $row['Column_priv'])) {
+                    if ( $row['Table_priv'] || $row['Column_priv'] ) {
                        echo $GLOBALS['strYes'];
-                        if (empty($dbname)) {
-                            $row2 = PMA_DBI_fetch_assoc($res2);
-                            if ( $row2 ) {
-                                $row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] );
-                            }
-                        }
                    } else {
                        echo $GLOBALS['strNo'];
                    }
@@ -1674,52 +1698,17 @@ if (empty($adduser) && empty($checkprivs)) {
                        urlencode( empty($dbname) ? '' : $row['Table_name'] ) );
                    echo '</td>' . "\n"
                       . '    <td>';
+                    if ( $row['can_delete'] || $row['Table_name'] ) {
                        printf( $link_revoke, urlencode( $username ),
                            urlencode( $hostname ),
                            urlencode( empty( $dbname ) ? $row['Db'] : $dbname ),
                            urlencode( empty( $dbname ) ? '' : $row['Table_name'] ) );
+                    }
                    echo '</td>' . "\n"
                       . '</tr>' . "\n";
                    $odd_row = ! $odd_row;
                } // end while
-    
-    
-                while (empty($dbname) && $row2) {
-    
-                    $found_rows[] = $row2['Db'];
-                    echo '<tr class="' . ( $odd_row ? 'odd' : 'even' ) . '">' . "\n"
-                       . '    <td>' . htmlspecialchars( $row2['Db']) . '</td>' . "\n"
-                       . '    <td><tt>' . "\n"
-                       . '        <dfn title="' . $GLOBALS['strPrivDescUsage'] . '">USAGE</dfn>' . "\n"
-                       . '        </tt></td>' . "\n"
-                       . '    <td>' . $GLOBALS['strNo'] . '</td>' . "\n"
-                       . '    <td>' . $GLOBALS['strYes'] . '</td>' . "\n"
-                       . '    <td>';
-                    printf( $link_edit, urlencode( $username ),
-                        urlencode( $hostname ),
-                        urlencode( $row2['Db'] ),
-                        '' );
-                    echo '</td>' . "\n"
-                       . '    <td>';
-                    printf( $link_revoke, urlencode( $username ),
-                        urlencode( $hostname ), urlencode( $row2['Db'] ), '' );
-                    echo '</td>' . "\n"
-                       . '</tr>' . "\n";
-                    $row2 = PMA_DBI_fetch_assoc($res2);
-                    if ( $row2 ) {
-                        $row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] );
            }
-    
-                    $odd_row = ! $odd_row;
-                } // end while
-                if (empty($dbname)) {
-                    PMA_DBI_free_result($res2);
-                    unset($res2);
-                    unset($row2);
-                }
-            }
-            PMA_DBI_free_result($res);
-            unset($res);
            unset($row);
            echo '</tbody>' . "\n"
               . '</table>' . "\n";
@@ -1747,7 +1736,8 @@ if (empty($adduser) && empty($checkprivs)) {
                    }
                    echo '    </select>' . "\n";
                }
-                echo '    <input type="text" id="text_dbname" name="dbname" class="textfield" />' . "\n";
+                echo '    <input type="text" id="text_dbname" name="dbname" class="textfield" />' . "\n"
+                    .PMA_showHint( $GLOBALS['strEscapeWildcards'] );
            } else {
                echo '    <input type="hidden" name="dbname" value="' . htmlspecialchars($dbname) . '"/>' . "\n"
                   . '    <label for="text_tablename">' . $GLOBALS['strAddPrivilegesOnTbl'] . ':</label>' . "\n";
@@ -1759,8 +1749,7 @@ if (empty($adduser) && empty($checkprivs)) {
                        }
                    }
                    PMA_DBI_free_result($res);
-                    unset($res);
-                    unset($row);
+                    unset( $res, $row );
                    if (!empty($pred_tbl_array)) {
                        echo '    <select name="pred_tablename" onchange="this.form.submit();">' . "\n"
                           . '        <option value="" selected="selected">' . $GLOBALS['strUseTextField'] . ':</option>' . "\n";
@@ -1774,10 +1763,9 @@ if (empty($adduser) && empty($checkprivs)) {
                }
                echo '    <input type="text" id="text_tablename" name="tablename" class="textfield" />' . "\n";
            }
-            echo '    <input type="submit" value="' . $GLOBALS['strGo'] . '" />' . PMA_showHint($GLOBALS['strEscapeWildcards']) . "\n"
-               . '</fieldset>' . "\n";
+            echo '</fieldset>' . "\n";
            echo '<fieldset class="tblFooters">' . "\n"
-               . '    <input type="submit" value="' . $GLOBALS['strGo'] . '" />' . PMA_showHint($GLOBALS['strEscapeWildcards']) . "\n"
+               . '    <input type="submit" value="' . $GLOBALS['strGo'] . '" />'
               . '</fieldset>' . "\n"
               . '</form>' . "\n";
        }