From c700993dd53316f662b6aa56ec8cfeead185b9b9 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Tue, 19 May 2015 12:41:48 -0700 Subject: [PATCH] Fix a problem introduced with #1101 and optimize privilege handling * If a db user belonged to a role which had a privilege, the user would not have the privilege added as the role gave the appearance that the user already had it. Fixed to always check the privileges specific to the user. * Make fewer db queries to determine if privileges need to be changed and change them (was four for each privilege. Now two for each object that has a set of privileges changed). --- database/postgresql/postgresql_user.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/database/postgresql/postgresql_user.py b/database/postgresql/postgresql_user.py index a1d4da4b7af..2998ab273f9 100644 --- a/database/postgresql/postgresql_user.py +++ b/database/postgresql/postgresql_user.py @@ -431,8 +431,6 @@ def revoke_privileges(cursor, user, privs): check_funcs = dict(table=has_table_privileges, database=has_database_privileges) changed = False - revoke_funcs = dict(table=revoke_table_privilege, database=revoke_database_privilege) - check_funcs = dict(table=has_table_privilege, database=has_database_privilege) for type_ in privs: for name, privileges in privs[type_].iteritems(): # Check that any of the privileges requested to be removed are @@ -446,8 +444,9 @@ def revoke_privileges(cursor, user, privs): def grant_privileges(cursor, user, privs): if privs is None: return False - grant_funcs = dict(table=grant_table_privilege, database=grant_database_privilege) - check_funcs = dict(table=has_table_privilege, database=has_database_privilege) + + grant_funcs = dict(table=grant_table_privileges, database=grant_database_privileges) + check_funcs = dict(table=has_table_privileges, database=has_database_privileges) grant_funcs = dict(table=grant_table_privileges, database=grant_database_privileges) check_funcs = dict(table=has_table_privileges, database=has_database_privileges)