public static function get_permission_sql($db_doc, $node_schema, $node_object, $node_permission, $action = 'grant')
{
if (strcasecmp($node_permission->getName(), 'grant') != 0 && strcasecmp($node_permission->getName(), 'revoke') != 0) {
throw new exception("Cannot extract permission rights from node that is not grant or revoke");
}
if (!isset($node_permission['operation']) || strlen($node_permission['operation']) == 0) {
throw new exception("node_permission operation definition is empty");
}
$object_name = '';
$object_type = strtoupper($node_object->getName());
$privileges = array_map(function ($p) use($object_type) {
return mysql5_permission::get_real_privilege($p, $object_type);
}, static::get_permission_privileges($node_permission));
$roles = static::get_permission_roles($db_doc, $node_permission);
$with = static::get_permission_options_sql($node_permission);
switch ($object_type) {
case 'SCHEMA':
// all tables on current database, because no schemas
$object_name = '*';
break;
case 'VIEW':
return "-- Ignoring permissions on view '{$node_object['name']}' because MySQL uses SQL SECURITY DEFINER semantics\n";
case 'TABLE':
$object_name = mysql5::get_fully_qualified_table_name($node_schema['name'], $node_object['name']);
break;
case 'FUNCTION':
$object_name = "FUNCTION " . mysql5::get_fully_qualified_object_name($node_schema['name'], $node_object['name'], 'function');
break;
case 'SEQUENCE':
// sequences exist as rows in a table for mysql
$object_name = mysql5::get_fully_qualified_table_name($node_schema['name'], mysql5_sequence::TABLE_NAME);
break;
default:
throw new exception("unknown object type encountered: " . $object_type);
}
$sql = static::get_sql(strtoupper($action), $object_name, $privileges, array_map('mysql5::get_quoted_object_name', $roles), $with) . "\n";
return $sql;
}
