/**
* Returns SQL to create the function
*
* @return string
*/
public static function get_creation_sql($node_schema, $node_function)
{
// http://msdn.microsoft.com/en-us/library/ms186755.aspx
$sql = 'CREATE FUNCTION ' . mssql10_function::get_declaration($node_schema, $node_function) . "\n" . 'RETURNS ' . $node_function['returns'] . "\n" . " AS \n" . mssql10_function::get_definition($node_function) . "\n" . "; -- DBSTEWARD_FUNCTION_DEFINITION_END\n";
// quick sanity check: GRANT EXECUTE on FUNCTION that RETURNS table
if (strcasecmp($node_function['returns'], 'table') == 0) {
foreach ($node_function->grant as $grant) {
if (strcasecmp($grant['operation'], 'EXECUTE') == 0) {
throw new exception("function " . $node_function['name'] . " - MSSQL does not allow execute permission on functions that return the table type");
}
}
}
// MSSQL procedure mode?
if (isset($node_function['procedure'])) {
if (strcasecmp($node_function['returns'], 'int') != 0) {
throw new exception("function " . $node_function['name'] . " error -- mssql procedure functions always return int, update the definition to say so");
}
$sql = 'CREATE PROCEDURE ' . mssql10_function::get_declaration($node_schema, $node_function) . "\n" . " AS \n" . mssql10_function::get_definition($node_function) . "\n" . "; -- DBSTEWARD_PROCEDURE_DEFINITION_END\n";
}
// @IMPLEMENT: $node_function['language'] specifier ?
// @IMPLEMENT: $node_function['cachePolicy'] specifier ?
// @IMPLEMENT: $node_function['securityDefiner'] specifier ?
// @IMPLEMENT: $node_function['owner'] specifier ?
// @IMPLEMENT: $node_function['description'] specifier ?
foreach (dbx::get_permissions($node_function) as $permission) {
$grant_sql = mssql10_permission::get_sql(dbsteward::$new_database, $node_schema, $node_function, $permission);
$sql .= $grant_sql . "\n";
}
return $sql;
}
public static function get_creation_sql($node_schema, $node_type)
{
// notice in mssql10_column::column_type() enumerated types are defined as varchar(255) with a CHECK CONSTRAINT added
// this is due to the fact there are no enumerated types in MSSQL
// so, for application reference without VIEW DEFINITION permissions given to the application role
// create a value reference table for the enumeration's possible values, for the application to refer to
$reference_table_name = mssql10::get_quoted_schema_name($node_schema['name']) . '.' . mssql10::get_quoted_table_name($node_type['name'] . '_enum_values');
// enum types rewritten as varchar(255) -- see mssql10_column::column_type()
$ddl = "CREATE TABLE " . $reference_table_name . " (\n enum_value varchar(255)\n );\n";
$ddl .= mssql10_type::get_enum_value_insert($node_schema, $node_type);
$reference_table_node = new SimpleXMLElement('<table name="' . $node_type['name'] . '_enum_values' . '">
<grant operation="SELECT" role="ROLE_APPLICATION"/>
</table>');
$ddl .= mssql10_permission::get_sql(dbsteward::$new_database, $node_schema, $reference_table_node, $reference_table_node->grant);
return $ddl;
}
public static function get_sql($db_doc, $node_schema, $node_object, $node_permission)
{
$operations = mssql10_permission::get_permission_operations($node_permission);
$roles = preg_split(dbsteward::PATTERN_SPLIT_ROLE, $node_permission['role'], -1, PREG_SPLIT_NO_EMPTY);
$object_type = strtoupper($node_object->getName());
$sql = '';
switch ($object_type) {
case 'SCHEMA':
$object_name = mssql10::get_quoted_schema_name($node_schema['name']);
for ($i = 0; $i < count($operations); $i++) {
// see http://msdn.microsoft.com/en-us/library/ms187940.aspx
if (strcasecmp($operations[$i], 'USAGE') == 0) {
// for schemas, translate USAGE into SELECT
$operations[$i] = 'SELECT';
}
if (strcasecmp($operations[$i], 'ALL') == 0) {
$operations[$i] = 'SELECT';
$operations[] = 'INSERT';
$operations[] = 'UPDATE';
$operations[] = 'DELETE';
}
// CREATE TABLE permission is database-wide
// so create it explicitly here in-line
// and then remove it from the list of operations to define
if (strcasecmp($operations[$i], 'CREATE TABLE') == 0) {
for ($j = 0; $j < count($roles); $j++) {
$sql .= "GRANT CREATE TABLE TO " . mssql10::get_quoted_object_name(xml_parser::role_enum($db_doc, $roles[$j])) . ";\n";
}
unset($operations[$i]);
$operations = array_merge($operations);
$i--;
}
}
break;
case 'SEQUENCE':
for ($i = 0; $i < count($operations); $i++) {
// for sequences, translate USAGE into INSERT
if (strcasecmp($operations[$i], 'USAGE') == 0) {
$operations[$i] = 'INSERT';
}
}
// give explicit DELETE permission for pseudo sequences, implemented as mssql10_bit_table
if (!in_array('DELETE', $operations)) {
$operations[] = 'DELETE';
}
case 'TABLE':
case 'VIEW':
case 'FUNCTION':
$object_name = mssql10::get_quoted_schema_name($node_schema['name']) . '.' . mssql10::get_quoted_table_name($node_object['name']);
break;
default:
throw new exception("unknown object type encountered: " . $object_type);
}
for ($j = 0; $j < count($roles); $j++) {
$with = '';
if (isset($node_permission['with']) && strlen($node_permission['with']) > 0) {
$with = "WITH " . $node_permission['with'] . " OPTION";
}
// treat sequences as tables, because that's how mssql10_bit_table created them
if (strcasecmp($object_type, 'SEQUENCE') == 0) {
$object_type = 'TABLE';
}
// translate pg to ms object type names that the GRANT ... CLASS :: specifier accepts
$ms_object_type = $object_type;
// in mssql a table is an object when doing grants
if (strcasecmp($object_type, 'TABLE') == 0) {
$ms_object_type = 'OBJECT';
}
// in mssql a view is an object when doing grants
if (strcasecmp($object_type, 'VIEW') == 0) {
$ms_object_type = 'OBJECT';
}
// in mssql a function and a procedure is an object when doing grants
if (strcasecmp($object_type, 'FUNCTION') == 0) {
$ms_object_type = 'OBJECT';
}
if (strlen($sql) > 0) {
$sql .= "\n";
}
$sql .= self::compile_sql_statement(strtoupper($node_permission->getName()), implode(', ', $operations), $ms_object_type, $object_name, mssql10::get_quoted_object_name(xml_parser::role_enum($db_doc, $roles[$j])), $with);
}
return $sql;
}
protected static function update_permissions($ofs1, $ofs3)
{
foreach (dbx::get_schemas(dbsteward::$new_database) as $new_schema) {
$old_schema = dbx::get_schema(dbsteward::$old_database, $new_schema['name']);
foreach (dbx::get_permissions($new_schema) as $new_permission) {
if ($old_schema == NULL || !mssql10_permission::has_permission($old_schema, $new_permission)) {
$ofs1->write(mssql10_permission::get_sql(dbsteward::$new_database, $new_schema, $new_schema, $new_permission) . "\n");
}
}
foreach (dbx::get_tables($new_schema) as $new_table) {
$old_table = NULL;
if ($old_schema != NULL) {
$old_table = dbx::get_table($old_schema, $new_table['name']);
}
if (!dbsteward::$ignore_oldnames && mssql10_diff_tables::is_renamed_table($new_schema, $new_table)) {
// oldTableName renamed table ? skip permission diffing on it, it is the same
continue;
}
foreach (dbx::get_permissions($new_table) as $new_permission) {
if ($old_table == NULL || !mssql10_permission::has_permission($old_table, $new_permission)) {
$ofs1->write(mssql10_permission::get_sql(dbsteward::$new_database, $new_schema, $new_table, $new_permission) . "\n");
}
}
}
foreach (dbx::get_sequences($new_schema) as $new_sequence) {
$old_sequence = NULL;
if ($old_schema != NULL) {
$old_sequence = dbx::get_sequence($old_schema, $new_sequence['name']);
}
foreach (dbx::get_permissions($new_sequence) as $new_permission) {
if ($old_sequence == NULL || !mssql10_permission::has_permission($old_sequence, $new_permission)) {
$ofs1->write(mssql10_permission::get_sql(dbsteward::$new_database, $new_schema, $new_sequence, $new_permission) . "\n");
}
}
}
foreach (dbx::get_functions($new_schema) as $new_function) {
$old_function = NULL;
if ($old_schema != NULL) {
$old_function = dbx::get_function($old_schema, $new_function['name'], mssql10_function::get_declaration($new_schema, $new_function));
}
foreach (dbx::get_permissions($new_function) as $new_permission) {
if ($old_function == NULL || !mssql10_permission::has_permission($old_function, $new_permission)) {
$ofs1->write(mssql10_permission::get_sql(dbsteward::$new_database, $new_schema, $new_function, $new_permission) . "\n");
}
}
}
foreach (dbx::get_views($new_schema) as $new_view) {
$old_view = NULL;
if ($old_schema != NULL) {
$old_view = dbx::get_view($old_schema, $new_view['name']);
}
foreach (dbx::get_permissions($new_view) as $new_permission) {
// if always_recreate_views flag is on, always grant all view permissions, as the view was recreated
if (dbsteward::$always_recreate_views || $old_view == NULL || !mssql10_permission::has_permission($old_view, $new_permission) || mssql10_diff_views::is_view_modified($old_view, $new_view)) {
// view permissions are in schema stage 3 file because views are (re)created in that stage for SELECT * expansion
$ofs3->write(mssql10_permission::get_sql(dbsteward::$new_database, $new_schema, $new_view, $new_permission) . "\n");
}
}
}
}
}
public function build_schema($db_doc, $ofs, $table_depends)
{
// explicitly create the ROLE_APPLICATION
// webservers connect as a user granted this role
$ofs->write("CREATE ROLE " . $db_doc->database->role->application . ";\n");
// schema creation
foreach ($db_doc->schema as $schema) {
$ofs->write(mssql10_schema::get_creation_sql($schema));
// schema grants
if (isset($schema->grant)) {
foreach ($schema->grant as $grant) {
$ofs->write(mssql10_permission::get_sql($db_doc, $schema, $schema, $grant) . "\n");
}
}
}
// types: enumerated list, etc
foreach ($db_doc->schema as $schema) {
foreach ($schema->type as $type) {
$ofs->write(mssql10_type::get_creation_sql($schema, $type) . "\n");
}
}
// function definitions
foreach ($db_doc->schema as $schema) {
foreach ($schema->function as $function) {
if (mssql10_function::has_definition($function)) {
$ofs->write(mssql10_function::get_creation_sql($schema, $function));
}
}
}
$ofs->write("\n");
// table structure creation
foreach ($db_doc->schema as $schema) {
// create defined tables
foreach ($schema->table as $table) {
// table definition
$ofs->write(mssql10_table::get_creation_sql($schema, $table) . "\n");
// table indexes
mssql10_diff_indexes::diff_indexes_table($ofs, NULL, NULL, $schema, $table);
// table grants
if (isset($table->grant)) {
foreach ($table->grant as $grant) {
$ofs->write(mssql10_permission::get_sql($db_doc, $schema, $table, $grant) . "\n");
}
}
$ofs->write("\n");
}
// sequences contained in the schema
if (isset($schema->sequence)) {
foreach ($schema->sequence as $sequence) {
$ofs->write(mssql10_bit_table::get_creation_sql($schema, $sequence) . "\n");
// sequence permission grants
if (isset($sequence->grant)) {
foreach ($sequence->grant as $grant) {
$ofs->write(mssql10_permission::get_sql($db_doc, $schema, $sequence, $grant) . "\n");
}
}
}
}
}
$ofs->write("\n");
// define table primary keys before foreign keys so unique requirements are always met for FOREIGN KEY constraints
foreach ($db_doc->schema as $schema) {
foreach ($schema->table as $table) {
mssql10_diff_tables::diff_constraints_table($ofs, NULL, NULL, $schema, $table, 'primaryKey', FALSE);
}
}
$ofs->write("\n");
// foreign key references
// use the dependency order to specify foreign keys in an order that will satisfy nested foreign keys and etc
for ($i = 0; $i < count($table_depends); $i++) {
$schema = $table_depends[$i]['schema'];
$table = $table_depends[$i]['table'];
if ($table['name'] === dbsteward::TABLE_DEPENDENCY_IGNORABLE_NAME) {
// don't do anything with this table, it is a magic internal DBSteward value
continue;
}
mssql10_diff_tables::diff_constraints_table($ofs, NULL, NULL, $schema, $table, 'constraint', FALSE);
}
$ofs->write("\n");
// trigger definitions
foreach ($db_doc->schema as $schema) {
foreach ($schema->trigger as $trigger) {
// only do triggers set to the current sql format
if (strcasecmp($trigger['sqlFormat'], dbsteward::get_sql_format()) == 0) {
$ofs->write(mssql10_trigger::get_creation_sql($schema, $trigger));
}
}
}
$ofs->write("\n");
// view creation
foreach ($db_doc->schema as $schema) {
foreach ($schema->view as $view) {
$ofs->write(mssql10_view::get_creation_sql($schema, $view));
// view permission grants
if (isset($view->grant)) {
foreach ($view->grant as $grant) {
$ofs->write(mssql10_permission::get_sql($db_doc, $schema, $view, $grant) . "\n");
}
}
}
}
$ofs->write("\n");
// @TODO: database configurationParameter support needed ?
}
