/** * Outputs DDL for differences in functions * * @param $ofs1 stage1 output pointer * @param $ofs3 stage3 output pointer * @param $old_schema original schema * @param $new_schema new schema */ public static function diff_functions($ofs1, $ofs3, $old_schema, $new_schema) { // drop functions that no longer exist in stage 3 if ($old_schema != null) { foreach (dbx::get_functions($old_schema) as $old_function) { if (!pgsql8_schema::contains_function($new_schema, pgsql8_function::get_declaration($new_schema, $old_function, FALSE))) { $ofs3->write(pgsql8_function::get_drop_sql($old_schema, $old_function) . "\n"); } } } // Add new functions and replace modified functions foreach (dbx::get_functions($new_schema) as $new_function) { $old_function = null; if ($old_schema != null) { $old_function = dbx::get_function($old_schema, $new_function['name'], pgsql8_function::get_declaration($new_schema, $new_function)); } if ($old_function == null || !pgsql8_function::equals($new_schema, $new_function, $old_function, pgsql8_diff::$ignore_function_whitespace)) { $ofs1->write(pgsql8_function::get_creation_sql($new_schema, $new_function) . "\n"); } else { if (isset($new_function['forceRedefine']) && strcasecmp($new_function['forceRedefine'], 'true') == 0) { $ofs1->write("-- DBSteward insists on function recreation: " . $new_schema['name'] . "." . $new_function['name'] . " has forceRedefine set to true\n"); $ofs1->write(pgsql8_function::get_creation_sql($new_schema, $new_function) . "\n"); } else { if (pgsql8_schema::contains_type($new_schema, $new_function['returns']) && pgsql8_schema::contains_type($old_schema, $new_function['returns']) && !pgsql8_type::equals(dbx::get_type($old_schema, $new_function['returns']), dbx::get_type($new_schema, $new_function['returns']))) { $ofs1->write("-- Force function re-creation " . $new_function['name'] . " for type: " . $new_function['returns'] . "\n"); $ofs1->write(pgsql8_function::get_creation_sql($new_schema, $new_function) . "\n"); } } } } }
protected static function update_permissions($ofs1, $ofs3) { foreach (dbx::get_schemas(dbsteward::$new_database) as $new_schema) { pgsql8::set_context_replica_set_id($new_schema); $old_schema = dbx::get_schema(dbsteward::$old_database, $new_schema['name']); foreach (dbx::get_permissions($new_schema) as $new_permission) { if ($old_schema == null || !pgsql8_permission::has_permission($old_schema, $new_permission)) { $ofs1->write(pgsql8_permission::get_sql(dbsteward::$new_database, $new_schema, $new_schema, $new_permission) . "\n"); } } foreach (dbx::get_tables($new_schema) as $new_table) { pgsql8::set_context_replica_set_id($new_table); $old_table = null; if ($old_schema != null) { $old_table = dbx::get_table($old_schema, $new_table['name']); } if (!dbsteward::$ignore_oldnames && pgsql8_diff_tables::is_renamed_table($new_schema, $new_table)) { // oldTableName renamed table ? skip permission diffing on it, it is the same continue; } foreach (dbx::get_permissions($new_table) as $new_permission) { if ($old_table == null || !pgsql8_permission::has_permission($old_table, $new_permission)) { $ofs1->write(pgsql8_permission::get_sql(dbsteward::$new_database, $new_schema, $new_table, $new_permission) . "\n"); } } } foreach (dbx::get_sequences($new_schema) as $new_sequence) { $old_sequence = null; if ($old_schema != null) { $old_sequence = dbx::get_sequence($old_schema, $new_sequence['name']); } foreach (dbx::get_permissions($new_sequence) as $new_permission) { if ($old_sequence == null || !pgsql8_permission::has_permission($old_sequence, $new_permission)) { $ofs1->write(pgsql8_permission::get_sql(dbsteward::$new_database, $new_schema, $new_sequence, $new_permission) . "\n"); } } } foreach (dbx::get_functions($new_schema) as $new_function) { $old_function = null; if ($old_schema != null) { $old_function = dbx::get_function($old_schema, $new_function['name'], pgsql8_function::get_declaration($new_schema, $new_function)); } foreach (dbx::get_permissions($new_function) as $new_permission) { if ($old_function == null || !pgsql8_permission::has_permission($old_function, $new_permission)) { $ofs1->write(pgsql8_permission::get_sql(dbsteward::$new_database, $new_schema, $new_function, $new_permission) . "\n"); } } } foreach (dbx::get_views($new_schema) as $new_view) { $old_view = NULL; if ($old_schema != NULL) { $old_view = dbx::get_view($old_schema, $new_view['name']); } foreach (dbx::get_permissions($new_view) as $new_permission) { // if always_recreate_views flag is on, always grant all view permissions, as the view was recreated if (dbsteward::$always_recreate_views || $old_view == NULL || !pgsql8_permission::has_permission($old_view, $new_permission) || pgsql8_diff_views::is_view_modified($old_view, $new_view)) { // view permissions are in schema stage 3 file because views are (re)created in that stage for SELECT * expansion $ofs3->write(pgsql8_permission::get_sql(dbsteward::$new_database, $new_schema, $new_view, $new_permission) . "\n"); } } } } }
public static function equals($node_schema_a, $node_function_a, $node_function_b, $ignore_function_whitespace) { if (strcasecmp($node_function_a['name'], $node_function_b['name']) != 0) { return false; } $a_definition = pgsql8_function::get_definition($node_function_a); $b_definition = pgsql8_function::get_definition($node_function_b); if ($ignore_function_whitespace) { $a_definition = preg_replace("/\\s+/", " ", $a_definition); $b_definition = preg_replace("/\\s+/", " ", $b_definition); } $db_doc = $node_schema_a->xpath('..'); $a_owner = xml_parser::role_enum($db_doc[0], $node_function_a['owner']); $b_owner = xml_parser::role_enum($db_doc[0], $node_function_b['owner']); $equals = strcasecmp(pgsql8_function::get_declaration($node_schema_a, $node_function_a), pgsql8_function::get_declaration($node_schema_a, $node_function_b)) == 0 && strcasecmp($a_definition, $b_definition) == 0 && strcasecmp($a_owner, $b_owner) == 0 && strcasecmp($node_function_a['type'], $node_function_b['type']) == 0; return $equals; }
public static function &get_function(&$node_schema, $name, $declaration = NULL, $create_if_not_exist = FALSE) { $node_function = NULL; $nodes = $node_schema->xpath("function[@name='" . $name . "']"); // filter out versions of functon in languages that are not relevant to the current format being processed $filtered_nodes = array(); foreach ($nodes as $node) { if (format_function::has_definition($node)) { $filtered_nodes[] = $node; } } $nodes = $filtered_nodes; // TODO: this logic is buggy and needs fixed if (count($nodes) == 0) { if ($create_if_not_exist) { // function not found, caller wants the function created in the db $node_function = $node_schema->addChild('function'); $node_function->addAttribute('name', $name); } } else { if (count($nodes) > 1) { if (strlen($declaration) == 0) { throw new exception("more than one match for function " . $name . " and declaration is blank"); } foreach ($nodes as $node) { if (strcasecmp(pgsql8_function::get_declaration($node_schema, $node), $declaration) == 0) { if ($node_function == NULL) { $node_function = $node; } else { throw new exception("more than one function match " . $name . " matches passed declaration: " . $declaration); } } } if ($node_function == NULL) { //@DEBUG: use this to make sure function declaration comparisons are working properly dbsteward::warning("NOTICE: no functions named " . $name . " match passed declaration: " . $declaration); } } else { $node_function = $nodes[0]; } } return $node_function; }
public function testFunctionNameQuoting() { $xml = <<<XML <dbsteward> <schema name="test"> <table name="test1"> <column name="col1" type="int" /> </table> <function name="testfunc" returns="int" owner="ROLE_OWNER" cachePolicy="VOLATILE" description="test function"> <functionParameter name="test_id" type="int" /> <functionDefinition language="plpgsql" sqlFormat="pgsql8"> BEGIN RETURN test_id; END; </functionDefinition> </function> </schema> </dbsteward> XML; $db_doc = simplexml_load_string($xml); $fxn_sql = pgsql8_function::get_declaration($db_doc->schema, $db_doc->schema->function); $expected = '"test"."testfunc"(test_id int)'; $this->assertEquals($expected, $fxn_sql); }
public static function get_sql($db_doc, $node_schema, $node_object, $node_permission) { format::set_context_replica_set_id($node_object); $perms = pgsql8_permission::get_permission_operations($node_permission); $roles = preg_split(dbsteward::PATTERN_SPLIT_ROLE, $node_permission['role'], -1, PREG_SPLIT_NO_EMPTY); $object_type = strtoupper($node_object->getName()); switch ($object_type) { case 'SCHEMA': $object_name = pgsql8::get_quoted_schema_name($node_schema['name']); break; case 'SEQUENCE': case 'TABLE': case 'VIEW': $object_name = pgsql8::get_quoted_schema_name($node_schema['name']) . '.' . pgsql8::get_quoted_table_name($node_object['name']); break; case 'FUNCTION': $object_name = pgsql8_function::get_declaration($node_schema, $node_object); break; default: throw new exception("unknown object type encountered: " . $object_type); } $sql = ''; for ($j = 0; $j < count($roles); $j++) { $with = ''; if (isset($node_permission['with']) && strlen($node_permission['with']) > 0) { $with = "WITH " . $node_permission['with'] . " OPTION"; } if (strcasecmp($object_type, 'VIEW') == 0) { // postgresql doesn't want you to name the view keyword when you grant rights to views $pg_object_type = ''; } else { $pg_object_type = $object_type; } if (strlen($sql) > 0) { $sql .= "\n"; } $sql .= self::compile_sql_statement(strtoupper($node_permission->getName()), implode(', ', $perms), $pg_object_type, $object_name, xml_parser::role_enum($db_doc, $roles[$j]), $with); // SCHEMA IMPLICIT GRANTS if (strcasecmp($object_type, 'SCHEMA') == 0) { // READYONLY USER PROVISION: grant usage on the schema for the readonly user if (strlen($db_doc->database->role->readonly) > 0) { if (strlen($sql) > 0) { $sql .= "\n"; } $sql .= self::compile_sql_statement('GRANT', 'USAGE', 'SCHEMA', pgsql8::get_quoted_schema_name($node_schema['name']), $db_doc->database->role->readonly); } } // SEQUENCE IMPLICIT GRANTS if (strcasecmp($object_type, 'SEQUENCE') == 0) { // READYONLY USER PROVISION: generate a SELECT on the sequence for the readonly user if (strlen($db_doc->database->role->readonly) > 0) { if (strlen($sql) > 0) { $sql .= "\n"; } $sql .= self::compile_sql_statement('GRANT', 'SELECT', 'SEQUENCE', pgsql8::get_quoted_schema_name($node_schema['name']) . '.' . pgsql8::get_quoted_table_name($node_object['name']), $db_doc->database->role->readonly); } } // TABLE IMPLICIT GRANTS if (strcasecmp($object_type, 'TABLE') == 0) { // READYONLY USER PROVISION: grant select on the table for the readonly user if (strlen($db_doc->database->role->readonly) > 0) { if (strlen($sql) > 0) { $sql .= "\n"; } $sql .= self::compile_sql_statement('GRANT', 'SELECT', 'TABLE', pgsql8::get_quoted_schema_name($node_schema['name']) . '.' . pgsql8::get_quoted_table_name($node_object['name']), $db_doc->database->role->readonly); } // don't need to grant cascaded serial permissions to the table owner if (strcasecmp('ROLE_OWNER', $roles[$j]) == 0) { continue; } // set serial columns permissions based on table permissions foreach ($node_object->column as $column) { if (preg_match(pgsql8::PATTERN_TABLE_LINKED_TYPES, $column['type']) > 0) { $col_sequence = pgsql8::identifier_name($node_schema['name'], $node_object['name'], $column['name'], '_seq'); $seq_priv = array(); // if you can SELECT, INSERT or UPDATE the table, you can SELECT on the sequence if (in_array('SELECT', $perms) || in_array('INSERT', $perms) || in_array('UPDATE', $perms)) { $seq_priv[] = 'SELECT'; } // if you can INSERT or UPDATE the table, you can UPDATE the sequence if (in_array('INSERT', $perms) || in_array('UPDATE', $perms)) { $seq_priv[] = 'UPDATE'; } // if you only have USAGE or SELECT // then seq_priv is empty, and no grant should be issued if (count($seq_priv) > 0) { $with = ''; if (isset($node_permission['with']) && strlen($node_permission['with']) > 0) { $with = "WITH " . $node_permission['with'] . " OPTION"; } if (strlen($sql) > 0) { $sql .= "\n"; } $sql .= self::compile_sql_statement('GRANT', implode(',', $seq_priv), 'SEQUENCE', pgsql8::get_quoted_schema_name($node_schema['name']) . '.' . pgsql8::get_quoted_table_name($col_sequence), xml_parser::role_enum($db_doc, $roles[$j]), $with); } // READYONLY USER PROVISION: grant implicit select on the sequence for the readonly user if (strlen($db_doc->database->role->readonly) > 0) { if (strlen($sql) > 0) { $sql .= "\n"; } $sql .= self::compile_sql_statement('GRANT', 'SELECT', 'SEQUENCE', pgsql8::get_quoted_schema_name($node_schema['name']) . '.' . pgsql8::get_quoted_table_name($col_sequence), $db_doc->database->role->readonly); } } } } } return $sql; }