db with only table specific rights where not displayed if there was not at least one db with db specfic rights
This commit is contained in:
Sebastian Mendel
@@ -14,6 +14,9 @@ $Source$
|
||||
- display default engine in footer
|
||||
* libraries/common.lib.php: added PMA_getDbLink
|
||||
* libraries/display_create_table.lib.php: use fieldset
|
||||
* server_privilegs.php:
|
||||
db with only table specific rights where not displayed if there was not at
|
||||
least one db with db specfic rights
|
||||
|
||||
2005-11-08 Sebastian Mendel <cybot_tm@users.sourceforge.net>
|
||||
* Documentation.html, browse_foreigners.php, error.php,
|
||||
|
||||
@@ -1236,8 +1236,8 @@ $link_revoke .= '</a>';
|
||||
/**
|
||||
* Displays the page
|
||||
*/
|
||||
if (empty($adduser) && empty($checkprivs)) {
|
||||
if (!isset($username)) {
|
||||
if ( empty( $adduser ) && empty( $checkprivs ) ) {
|
||||
if ( ! isset( $username ) ) {
|
||||
// No username is given --> display the overview
|
||||
echo '<h2>' . "\n"
|
||||
. ($GLOBALS['cfg']['MainPageIconic'] ? '<img class="icon" src="'. $GLOBALS['pmaThemeImage'] . 'b_usrlist.png" alt="" />' : '')
|
||||
@@ -1282,7 +1282,7 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
$sql_query .= ' ORDER BY `User` ASC, `Host` ASC;';
|
||||
$res = PMA_DBI_try_query($sql_query, NULL, PMA_DBI_QUERY_STORE);
|
||||
|
||||
if (!$res) {
|
||||
if ( ! $res ) {
|
||||
// the query failed! This may have two reasons:
|
||||
// - the user does not have enough privileges
|
||||
// - the privilege tables use a structure of an earlier version.
|
||||
@@ -1548,16 +1548,16 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
. PMA_generate_common_hidden_inputs('', '', 3)
|
||||
. '<input type="hidden" name="username" value="' . htmlspecialchars($username) . '" />' . "\n"
|
||||
. '<input type="hidden" name="hostname" value="' . htmlspecialchars($hostname) . '" />' . "\n";
|
||||
if (!empty($dbname)) {
|
||||
if ( ! empty( $dbname ) ) {
|
||||
echo '<input type="hidden" name="dbname" value="' . htmlspecialchars($dbname) . '" />' . "\n";
|
||||
if (!empty($tablename)) {
|
||||
if ( ! empty( $tablename ) ) {
|
||||
echo ' <input type="hidden" name="tablename" value="' . htmlspecialchars($tablename) . '" />' . "\n";
|
||||
}
|
||||
}
|
||||
PMA_displayPrivTable((empty($dbname) ? '*' : $dbname), ((empty($dbname) || empty($tablename)) ? '*' : $tablename), TRUE, 3);
|
||||
echo '</form>' . "\n";
|
||||
|
||||
if ( empty( $tablename ) && isset($dbname_is_wildcard) && ! $dbname_is_wildcard ) {
|
||||
if ( empty( $tablename ) && empty( $dbname_is_wildcard ) ) {
|
||||
|
||||
// no table name was given, display all table specific rights
|
||||
// but only if $dbname contains no wildcards
|
||||
@@ -1579,16 +1579,78 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
. '</tr>' . "\n"
|
||||
. '</thead>' . "\n"
|
||||
. '<tbody>' . "\n";
|
||||
|
||||
$user_host_condition =
|
||||
' WHERE ' . PMA_convert_using('User')
|
||||
' WHERE ' . PMA_convert_using('`User`')
|
||||
. ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted')
|
||||
. ' AND ' . PMA_convert_using('Host')
|
||||
. ' AND ' . PMA_convert_using('`Host`')
|
||||
. ' = ' . PMA_convert_using($hostname, 'quoted');
|
||||
|
||||
// table body
|
||||
// get data
|
||||
if (empty($dbname)) {
|
||||
$sql_query = 'SELECT * FROM `mysql`.`db`' . $user_host_condition . ' ORDER BY `Db` ASC;';
|
||||
if ( empty( $dbname ) ) {
|
||||
// we also want privielgs for this user not in table `db` but in other table
|
||||
$tables = PMA_DBI_fetch_result('SHOW TABLES FROM `mysql`;');
|
||||
|
||||
$tables_to_search_for_users = array(
|
||||
'tables_priv', 'columns_priv',
|
||||
);
|
||||
|
||||
$db_rights_sqls = array();
|
||||
foreach ( $tables_to_search_for_users as $table_search_in ) {
|
||||
if ( in_array( $table_search_in, $tables ) ) {
|
||||
$db_rights_sqls[] = '
|
||||
SELECT DISTINCT `Db`
|
||||
FROM `mysql`.`' . $table_search_in . '`
|
||||
' . $user_host_condition;
|
||||
}
|
||||
}
|
||||
|
||||
$user_defaults = array(
|
||||
'Db' => '',
|
||||
'Grant_priv' => 'N',
|
||||
'privs' => array( 'USAGE' ),
|
||||
'Table_priv' => true,
|
||||
);
|
||||
|
||||
// for the rights
|
||||
$db_rights = array();
|
||||
|
||||
if ( PMA_MYSQL_INT_VERSION >= 40000 ) {
|
||||
$db_rights_sql = '(' . implode( ') UNION DISTINCT (', $db_rights_sqls ) . ')'
|
||||
.' ORDER BY `Db` ASC';
|
||||
|
||||
$db_rights_result = PMA_DBI_query( $db_rights_sql );
|
||||
|
||||
while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) {
|
||||
$db_rights_row = array_merge( $user_defaults, $db_rights_row );
|
||||
$db_rights[$db_rights_row['Db']] = $db_rights_row;
|
||||
}
|
||||
} else {
|
||||
foreach ( $db_rights_sqls as $db_rights_sql ) {
|
||||
$db_rights_result = PMA_DBI_query( $db_rights_sql );
|
||||
|
||||
while ( $db_rights_row = PMA_DBI_fetch_assoc( $db_rights_result ) ) {
|
||||
$db_rights_row = array_merge( $user_defaults, $db_rights_row );
|
||||
$db_rights[$db_rights_row['Db']] = $db_rights_row;
|
||||
}
|
||||
}
|
||||
}
|
||||
PMA_DBI_free_result( $db_rights_result );
|
||||
unset( $db_rights_sql, $db_rights_sqls, $db_rights_result, $db_rights_row );
|
||||
|
||||
$sql_query = 'SELECT * FROM `mysql`.`db`' . $user_host_condition . ' ORDER BY `Db` ASC';
|
||||
$res = PMA_DBI_query( $sql_query );
|
||||
unset( $sql_query );
|
||||
|
||||
while ( $row = PMA_DBI_fetch_assoc( $res ) ) {
|
||||
$db_rights[$row['Db']] = $row;
|
||||
$db_rights[$row['Db']]['can_delete'] = true;
|
||||
}
|
||||
PMA_DBI_free_result( $res );
|
||||
unset( $row, $res );
|
||||
|
||||
ksort( $db_rights );
|
||||
} else {
|
||||
$sql_query =
|
||||
'SELECT `Table_name`,'
|
||||
@@ -1600,51 +1662,20 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
.' AND ' . PMA_convert_using('`Db`')
|
||||
.' LIKE ' . PMA_convert_using($dbname, 'quoted')
|
||||
.' ORDER BY `Table_name` ASC;';
|
||||
$db_rights = PMA_DBI_fetch_result( $sql_query, 'Db', NULL, NULL, PMA_DBI_QUERY_STORE );
|
||||
}
|
||||
$res = PMA_DBI_query($sql_query, NULL, PMA_DBI_QUERY_STORE);
|
||||
|
||||
|
||||
// display rows
|
||||
if (PMA_DBI_affected_rows() == 0) {
|
||||
if ( count( $db_rights ) < 1 ) {
|
||||
echo '<tr class="odd">' . "\n"
|
||||
. ' <td colspan="6"><center><i>' . $GLOBALS['strNone'] . '</i></center></td>' . "\n"
|
||||
. '</tr>' . "\n";
|
||||
} else {
|
||||
$odd_row = true;
|
||||
if (empty($dbname)) {
|
||||
$res2 = PMA_DBI_query('SELECT `Db` FROM `mysql`.`tables_priv`' . $user_host_condition . ' GROUP BY `Db` ORDER BY `Db` ASC;');
|
||||
$row2 = PMA_DBI_fetch_assoc($res2);
|
||||
if ( $row2 ) {
|
||||
$row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] );
|
||||
}
|
||||
}
|
||||
$found_rows = array();
|
||||
while ($row = PMA_DBI_fetch_assoc($res)) {
|
||||
while (empty($dbname) && $row2 && $row['Db'] > $row2['Db']) {
|
||||
$found_rows[] = $row2['Db'];
|
||||
echo '<tr class="' . ( $odd_row ? 'odd' : 'even' ) . '">' . "\n"
|
||||
. ' <td>' . htmlspecialchars( $row2['Db'] ) . '</td>' . "\n"
|
||||
. ' <td><tt>' . "\n"
|
||||
. ' <dfn title="' . $GLOBALS['strPrivDescUsage'] . '">USAGE</dfn>' . "\n"
|
||||
. ' </tt></td>' . "\n"
|
||||
. ' <td>' . $GLOBALS['strNo'] . '</td>' . "\n"
|
||||
. ' <td>' . $GLOBALS['strYes'] . '</td>' . "\n"
|
||||
. ' <td>';
|
||||
printf( $link_edit, urlencode( $username ),
|
||||
urlencode( $hostname ),
|
||||
urlencode( $row2['Db'] ),
|
||||
'' );
|
||||
echo '</td>' . "\n"
|
||||
. ' <td>';
|
||||
printf( $link_revoke, urlencode( $username ),
|
||||
urlencode( $hostname ), urlencode( $row2['Db'] ), '' );
|
||||
echo '</td>' . "\n"
|
||||
. '</tr>' . "\n";
|
||||
$row2 = PMA_DBI_fetch_assoc($res2);
|
||||
if ( $row2 ) {
|
||||
$row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] );
|
||||
}
|
||||
$odd_row = ! $odd_row;
|
||||
} // end while
|
||||
//while ( $row = PMA_DBI_fetch_assoc( $res ) ) {
|
||||
foreach ( $db_rights as $row ) {
|
||||
$found_rows[] = empty($dbname) ? $row['Db'] : $row['Table_name'];
|
||||
|
||||
echo '<tr class="' . ( $odd_row ? 'odd' : 'even' ) . '">' . "\n"
|
||||
@@ -1654,15 +1685,8 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
. ' </tt></td>' . "\n"
|
||||
. ' <td>' . (((empty($dbname) && $row['Grant_priv'] == 'Y') || (!empty($dbname) && in_array('Grant', explode(',', $row['Table_priv'])))) ? $GLOBALS['strYes'] : $GLOBALS['strNo']) . '</td>' . "\n"
|
||||
. ' <td>';
|
||||
if ((empty($dbname) && $row2 && $row['Db'] == $row2['Db'])
|
||||
|| (!empty($dbname) && $row['Column_priv'])) {
|
||||
if ( $row['Table_priv'] || $row['Column_priv'] ) {
|
||||
echo $GLOBALS['strYes'];
|
||||
if (empty($dbname)) {
|
||||
$row2 = PMA_DBI_fetch_assoc($res2);
|
||||
if ( $row2 ) {
|
||||
$row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] );
|
||||
}
|
||||
}
|
||||
} else {
|
||||
echo $GLOBALS['strNo'];
|
||||
}
|
||||
@@ -1674,52 +1698,17 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
urlencode( empty($dbname) ? '' : $row['Table_name'] ) );
|
||||
echo '</td>' . "\n"
|
||||
. ' <td>';
|
||||
if ( $row['can_delete'] || $row['Table_name'] ) {
|
||||
printf( $link_revoke, urlencode( $username ),
|
||||
urlencode( $hostname ),
|
||||
urlencode( empty( $dbname ) ? $row['Db'] : $dbname ),
|
||||
urlencode( empty( $dbname ) ? '' : $row['Table_name'] ) );
|
||||
}
|
||||
echo '</td>' . "\n"
|
||||
. '</tr>' . "\n";
|
||||
$odd_row = ! $odd_row;
|
||||
} // end while
|
||||
|
||||
|
||||
while (empty($dbname) && $row2) {
|
||||
|
||||
$found_rows[] = $row2['Db'];
|
||||
echo '<tr class="' . ( $odd_row ? 'odd' : 'even' ) . '">' . "\n"
|
||||
. ' <td>' . htmlspecialchars( $row2['Db']) . '</td>' . "\n"
|
||||
. ' <td><tt>' . "\n"
|
||||
. ' <dfn title="' . $GLOBALS['strPrivDescUsage'] . '">USAGE</dfn>' . "\n"
|
||||
. ' </tt></td>' . "\n"
|
||||
. ' <td>' . $GLOBALS['strNo'] . '</td>' . "\n"
|
||||
. ' <td>' . $GLOBALS['strYes'] . '</td>' . "\n"
|
||||
. ' <td>';
|
||||
printf( $link_edit, urlencode( $username ),
|
||||
urlencode( $hostname ),
|
||||
urlencode( $row2['Db'] ),
|
||||
'' );
|
||||
echo '</td>' . "\n"
|
||||
. ' <td>';
|
||||
printf( $link_revoke, urlencode( $username ),
|
||||
urlencode( $hostname ), urlencode( $row2['Db'] ), '' );
|
||||
echo '</td>' . "\n"
|
||||
. '</tr>' . "\n";
|
||||
$row2 = PMA_DBI_fetch_assoc($res2);
|
||||
if ( $row2 ) {
|
||||
$row2['Db'] = PMA_escape_mysql_wildcards( $row2['Db'] );
|
||||
}
|
||||
|
||||
$odd_row = ! $odd_row;
|
||||
} // end while
|
||||
if (empty($dbname)) {
|
||||
PMA_DBI_free_result($res2);
|
||||
unset($res2);
|
||||
unset($row2);
|
||||
}
|
||||
}
|
||||
PMA_DBI_free_result($res);
|
||||
unset($res);
|
||||
unset($row);
|
||||
echo '</tbody>' . "\n"
|
||||
. '</table>' . "\n";
|
||||
@@ -1747,7 +1736,8 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
}
|
||||
echo ' </select>' . "\n";
|
||||
}
|
||||
echo ' <input type="text" id="text_dbname" name="dbname" class="textfield" />' . "\n";
|
||||
echo ' <input type="text" id="text_dbname" name="dbname" class="textfield" />' . "\n"
|
||||
.PMA_showHint( $GLOBALS['strEscapeWildcards'] );
|
||||
} else {
|
||||
echo ' <input type="hidden" name="dbname" value="' . htmlspecialchars($dbname) . '"/>' . "\n"
|
||||
. ' <label for="text_tablename">' . $GLOBALS['strAddPrivilegesOnTbl'] . ':</label>' . "\n";
|
||||
@@ -1759,8 +1749,7 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
}
|
||||
}
|
||||
PMA_DBI_free_result($res);
|
||||
unset($res);
|
||||
unset($row);
|
||||
unset( $res, $row );
|
||||
if (!empty($pred_tbl_array)) {
|
||||
echo ' <select name="pred_tablename" onchange="this.form.submit();">' . "\n"
|
||||
. ' <option value="" selected="selected">' . $GLOBALS['strUseTextField'] . ':</option>' . "\n";
|
||||
@@ -1774,10 +1763,9 @@ if (empty($adduser) && empty($checkprivs)) {
|
||||
}
|
||||
echo ' <input type="text" id="text_tablename" name="tablename" class="textfield" />' . "\n";
|
||||
}
|
||||
echo ' <input type="submit" value="' . $GLOBALS['strGo'] . '" />' . PMA_showHint($GLOBALS['strEscapeWildcards']) . "\n"
|
||||
. '</fieldset>' . "\n";
|
||||
echo '</fieldset>' . "\n";
|
||||
echo '<fieldset class="tblFooters">' . "\n"
|
||||
. ' <input type="submit" value="' . $GLOBALS['strGo'] . '" />' . PMA_showHint($GLOBALS['strEscapeWildcards']) . "\n"
|
||||
. ' <input type="submit" value="' . $GLOBALS['strGo'] . '" />'
|
||||
. '</fieldset>' . "\n"
|
||||
. '</form>' . "\n";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user