Allow selection of 'PUBLIC' as a role in privileges. Fixes #1416

2016-07-13 14:51:25 +01:00 · 2016-07-13 14:51:25 +01:00 · f79ca32e45
parent ae692d2416
commit f79ca32e45
7 changed files with 27 additions and 22 deletions
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/column/templates/column/macros/privilege.macros
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/column/templates/column/macros/privilege.macros
@ -1,13 +1,13 @@
 {% macro APPLY(conn, schema_name, table_object, column_object, role, privs, with_grant_privs) -%}
 {% if privs %}
 GRANT {% for p in privs %}{% if loop.index != 1 %}, {% endif %}{{p}}({{conn|qtIdent(column_object)}}){% endfor %}
- ON {{ conn|qtIdent(schema_name, table_object) }} TO {{ conn|qtIdent(role) }};
+ ON {{ conn|qtIdent(schema_name, table_object) }} TO {{ role }};
 {% endif %}
 {% if with_grant_privs %}
 GRANT {% for p in with_grant_privs %}{% if loop.index != 1 %}, {% endif %}{{p}}({{conn|qtIdent(column_object)}}){% endfor %}
- ON {{ conn|qtIdent(schema_name, table_object) }} TO {{ conn|qtIdent(role) }} WITH GRANT OPTION;
+ ON {{ conn|qtIdent(schema_name, table_object) }} TO {{ role }} WITH GRANT OPTION;
 {% endif %}
 {%- endmacro %}
 {% macro RESETALL(conn, schema_name, table_object, column_object, role) -%}
-REVOKE ALL({{ conn|qtIdent(column_object) }}) ON {{ conn|qtIdent(schema_name, table_object) }} FROM {{ conn|qtIdent(role) }};
+REVOKE ALL({{ conn|qtIdent(column_object) }}) ON {{ conn|qtIdent(schema_name, table_object) }} FROM {{ role }};
 {%- endmacro %}
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/templates/column/macros/privilege.macros
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/templates/column/macros/privilege.macros
@ -1,13 +1,13 @@
 {% macro APPLY(conn, schema_name, table_object, column_object, role, privs, with_grant_privs) -%}
 {% if privs %}
 GRANT {% for p in privs %}{% if loop.index != 1 %}, {% endif %}{{p}}({{conn|qtIdent(column_object)}}){% endfor %}
- ON {{ conn|qtIdent(schema_name, table_object) }} TO {{ conn|qtIdent(role) }};
+ ON {{ conn|qtIdent(schema_name, table_object) }} TO {{ role }};
 {% endif %}
 {% if with_grant_privs %}
 GRANT {% for p in with_grant_privs %}{% if loop.index != 1 %}, {% endif %}{{p}}({{conn|qtIdent(column_object)}}){% endfor %}
- ON {{ conn|qtIdent(schema_name, table_object) }} TO {{ conn|qtIdent(role) }} WITH GRANT OPTION;
+ ON {{ conn|qtIdent(schema_name, table_object) }} TO {{ role }} WITH GRANT OPTION;
 {% endif %}
 {%- endmacro %}
 {% macro RESETALL(conn, schema_name, table_object, column_object, role) -%}
-REVOKE ALL({{ conn|qtIdent(column_object) }}) ON {{ conn|qtIdent(schema_name, table_object) }} FROM {{ conn|qtIdent(role) }};
+REVOKE ALL({{ conn|qtIdent(column_object) }}) ON {{ conn|qtIdent(schema_name, table_object) }} FROM {{ role }};
 {%- endmacro %}
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/templates/macros/functions/privilege.macros
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/templates/macros/functions/privilege.macros
@ -3,12 +3,12 @@
 {##############################################}
 {% macro SET(conn, type, role, param, privs, with_grant_privs, schema, func_args) -%}
 {% if privs %}
-GRANT {{ privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(schema, param) }}({{func_args}}) TO {{conn|qtIdent(role) }};
+GRANT {{ privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(schema, param) }}({{func_args}}) TO {{role }};
 {% endif %}
 {% if with_grant_privs %}
-GRANT {{ with_grant_privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(schema, param) }}({{func_args}}) TO {{ conn|qtIdent(role) }} WITH GRANT OPTION;
+GRANT {{ with_grant_privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(schema, param) }}({{func_args}}) TO {{ role }} WITH GRANT OPTION;
 {% endif %}
 {%- endmacro %}
 {% macro UNSETALL(conn, type, role, param, schema, func_args) -%}
-REVOKE ALL ON {{ type }} {{ conn|qtIdent(schema, param) }}({{func_args}}) FROM {{conn|qtIdent(role) }};
+REVOKE ALL ON {{ type }} {{ conn|qtIdent(schema, param) }}({{func_args}}) FROM {{role }};
 {%- endmacro %}
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/templates/macros/schemas/privilege.macros
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/templates/macros/schemas/privilege.macros
@ -3,16 +3,16 @@
 {##########################################}
 {% macro SET(conn, type, role, param, privs, with_grant_privs, schema) -%}
 {% if privs %}
-GRANT {{ privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(schema, param) }} TO {{ conn|qtIdent(role) }};
+GRANT {{ privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(schema, param) }} TO {{ role }};
 {% endif %}
 {% if with_grant_privs %}
 {% if privs %}
 {# This empty if is to add new line in between #}

 {% endif %}
-GRANT {{ with_grant_privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(schema, param) }} TO {{ conn|qtIdent(role) }} WITH GRANT OPTION;
+GRANT {{ with_grant_privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(schema, param) }} TO {{ role }} WITH GRANT OPTION;
 {% endif %}
 {%- endmacro %}
 {% macro UNSETALL(conn, type, role, param, schema) -%}
-REVOKE ALL ON {{ type }} {{ conn|qtIdent(schema, param) }} FROM {{ conn|qtIdent(role) }};
+REVOKE ALL ON {{ type }} {{ conn|qtIdent(schema, param) }} FROM {{ role }};
 {%- endmacro %}
--- a/web/pgadmin/browser/server_groups/servers/templates/macros/default_privilege.macros
+++ b/web/pgadmin/browser/server_groups/servers/templates/macros/default_privilege.macros
@ -1,29 +1,29 @@
 {% macro APPLY(conn, type, role, privs, with_grant_privs) -%}
 {% if privs %}
 ALTER DEFAULT PRIVILEGES
-GRANT {{ privs|join(', ') }} ON {{ type }} TO {{ conn|qtIdent(role) }};
+GRANT {{ privs|join(', ') }} ON {{ type }} TO {{ role }};
 {% endif %}
 {% if with_grant_privs %}
 ALTER DEFAULT PRIVILEGES
-GRANT {{ with_grant_privs|join(', ') }} ON {{ type }} TO {{ conn|qtIdent(role) }} WITH GRANT OPTION;
+GRANT {{ with_grant_privs|join(', ') }} ON {{ type }} TO {{ role }} WITH GRANT OPTION;
 {% endif %}
 {%- endmacro %}
 {% macro RESETALL(conn, type, role) -%}
 ALTER DEFAULT PRIVILEGES
-    REVOKE ALL ON {{ type }} FROM {{ conn|qtIdent(role) }};
+    REVOKE ALL ON {{ type }} FROM {{ role }};
 {%- endmacro %}
 {### To allow create macro for specific database object ###}
 {% macro SET(conn, db_object_type, db_object_name, type, role, privs, with_grant_privs) -%}
 {% if privs %}
 ALTER DEFAULT PRIVILEGES IN {{ db_object_type }} {{ conn|qtIdent(db_object_name) }}
-GRANT {{ privs|join(', ') }} ON {{ type }} TO {{ conn|qtIdent(role) }};
+GRANT {{ privs|join(', ') }} ON {{ type }} TO {{ role }};
 {% endif %}
 {% if with_grant_privs %}
 ALTER DEFAULT PRIVILEGES IN {{ db_object_type }} {{ conn|qtIdent(db_object_name) }}
-GRANT {{ with_grant_privs|join(', ') }} ON {{ type }} TO {{ conn|qtIdent(role) }} WITH GRANT OPTION;
+GRANT {{ with_grant_privs|join(', ') }} ON {{ type }} TO {{ role }} WITH GRANT OPTION;
 {% endif %}
 {%- endmacro %}
 {% macro UNSET(conn, db_object_type, db_object_name, type, role) -%}
 ALTER DEFAULT PRIVILEGES IN {{ db_object_type }} {{ conn|qtIdent(db_object_name) }}
-    REVOKE ALL ON {{ type }} FROM {{ conn|qtIdent(role) }};
+    REVOKE ALL ON {{ type }} FROM {{ role }};
 {%- endmacro %}
--- a/web/pgadmin/browser/server_groups/servers/templates/macros/privilege.macros
+++ b/web/pgadmin/browser/server_groups/servers/templates/macros/privilege.macros
@ -1,11 +1,11 @@
 {% macro APPLY(conn, type, role, param, privs, with_grant_privs) -%}
 {% if privs %}
-GRANT {{ privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(param) }} TO {{ conn|qtIdent(role) }};
+GRANT {{ privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(param) }} TO {{ role }};
 {% endif %}
 {% if with_grant_privs %}
-GRANT {{ with_grant_privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(param) }} TO {{ conn|qtIdent(role) }} WITH GRANT OPTION;
+GRANT {{ with_grant_privs|join(', ') }} ON {{ type }} {{ conn|qtIdent(param) }} TO {{ role }} WITH GRANT OPTION;
 {% endif %}
 {%- endmacro %}
 {% macro RESETALL(conn, type, role, param) -%}
-REVOKE ALL ON {{ type }} {{ conn|qtIdent(param) }} FROM {{ conn|qtIdent(role) }};
+REVOKE ALL ON {{ type }} {{ conn|qtIdent(param) }} FROM {{ role }};
 {%- endmacro %}
--- a/web/pgadmin/browser/server_groups/servers/utils.py
+++ b/web/pgadmin/browser/server_groups/servers/utils.py
@ -37,6 +37,10 @@ def parse_priv_to_db(str_privileges, allowed_acls=[]):
    """
    Common utility function to parse privileges before sending to database.
    """
+    from pgadmin.utils.driver import get_driver
+    from config import PG_DEFAULT_DRIVER
+    driver = get_driver(PG_DEFAULT_DRIVER)
+
    db_privileges = {
        'c': 'CONNECT',
        'C': 'CREATE',
@ -82,7 +86,8 @@ def parse_priv_to_db(str_privileges, allowed_acls=[]):
            priv_without_grant = ['ALL']
        # Appending and returning all ACL
        privileges.append({
-            'grantee': priv['grantee'],
+            'grantee': driver.qtIdent(None, priv['grantee'])
+            if priv['grantee'] != 'PUBLIC' else 'PUBLIC',
            'with_grant': priv_with_grant,
            'without_grant': priv_without_grant
        })