From 167e7c2b81f535b8adee92bceb158d91438cb59e Mon Sep 17 00:00:00 2001
From: Will Thames <will@thames.id.au>
Date: Wed, 8 Apr 2015 12:44:01 +1000
Subject: [PATCH] Perform privilege grants/revokes only when required

Use `has_table_privileges` and `has_database_privileges`
to test whether a user already has a privilege before
granting it, or whether a user doesn't have  a privilege
before revoking it.
---
 database/postgresql/postgresql_user.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/database/postgresql/postgresql_user.py b/database/postgresql/postgresql_user.py
index 98f234fc1db..a1d4da4b7af 100644
--- a/database/postgresql/postgresql_user.py
+++ b/database/postgresql/postgresql_user.py
@@ -431,6 +431,8 @@ def revoke_privileges(cursor, user, privs):
     check_funcs = dict(table=has_table_privileges, database=has_database_privileges)
 
     changed = False
+    revoke_funcs = dict(table=revoke_table_privilege, database=revoke_database_privilege)
+    check_funcs = dict(table=has_table_privilege, database=has_database_privilege)
     for type_ in privs:
         for name, privileges in privs[type_].iteritems():
             # Check that any of the privileges requested to be removed are
@@ -444,6 +446,8 @@ def revoke_privileges(cursor, user, privs):
 def grant_privileges(cursor, user, privs):
     if privs is None:
         return False
+    grant_funcs = dict(table=grant_table_privilege, database=grant_database_privilege)
+    check_funcs = dict(table=has_table_privilege, database=has_database_privilege)
 
     grant_funcs = dict(table=grant_table_privileges, database=grant_database_privileges)
     check_funcs = dict(table=has_table_privileges, database=has_database_privileges)