/** * gets privilege map * * @param string $db the database * * @return array $privMap the privilege map */ function PMA_getPrivMap($db) { list($listOfPrivs, $listOfComparedPrivs) = PMA_getListOfPrivilegesAndComparedPrivileges(); $sql_query = "(" . " SELECT " . $listOfPrivs . ", '*' AS `Db`, 'g' AS `Type`" . " FROM `mysql`.`user`" . " WHERE NOT (" . $listOfComparedPrivs . ")" . ")" . " UNION " . "(" . " SELECT " . $listOfPrivs . ", `Db`, 'd' AS `Type`" . " FROM `mysql`.`db`" . " WHERE '" . PMA_Util::sqlAddSlashes($db) . "' LIKE `Db`" . " AND NOT (" . $listOfComparedPrivs . ")" . ")" . " ORDER BY `User` ASC, `Host` ASC, `Db` ASC;"; $res = $GLOBALS['dbi']->query($sql_query); $privMap = array(); PMA_mergePrivMapFromResult($privMap, $res); return $privMap; }
/** * Get the HTML for user form and check the privileges for a particular database. * * @param string $link_edit standard link for edit * @param string $conditional_class if ajaxable 'Ajax' otherwise '' * * @return string $html_output */ function PMA_getHtmlForSpecificDbPrivileges($link_edit, $conditional_class) { // check the privileges for a particular database. $html_output = '<form id="usersForm" action="server_privileges.php">' . '<fieldset>' . "\n"; $html_output .= '<legend>' . "\n" . PMA_Util::getIcon('b_usrcheck.png') . ' ' . sprintf(__('Users having access to "%s"'), '<a href="' . $GLOBALS['cfg']['DefaultTabDatabase'] . '?' . PMA_generate_common_url($_REQUEST['checkprivs']) . '">' . htmlspecialchars($_REQUEST['checkprivs']) . '</a>') . "\n" . '</legend>' . "\n"; $html_output .= '<table id="dbspecificuserrights" class="data">' . "\n" . '<thead>' . "\n" . '<tr><th>' . __('User') . '</th>' . "\n" . '<th>' . __('Host') . '</th>' . "\n" . '<th>' . __('Type') . '</th>' . "\n" . '<th>' . __('Privileges') . '</th>' . "\n" . '<th>' . __('Grant') . '</th>' . "\n" . '<th>' . __('Action') . '</th>' . "\n" . '</tr>' . "\n" . '</thead>' . "\n"; $odd_row = true; // now, we build the table... list($list_of_privileges, $list_of_compared_privileges) = PMA_getListOfPrivilegesAndComparedPrivileges(); $sql_query = '(SELECT ' . $list_of_privileges . ', `Db`' . ' FROM `mysql`.`db`' . ' WHERE \'' . PMA_Util::sqlAddSlashes($_REQUEST['checkprivs']) . "'" . ' LIKE `Db`' . ' AND NOT (' . $list_of_compared_privileges . ')) ' . 'UNION ' . '(SELECT ' . $list_of_privileges . ', \'*\' AS `Db`' . ' FROM `mysql`.`user` ' . ' WHERE NOT (' . $list_of_compared_privileges . ')) ' . ' ORDER BY `User` ASC,' . ' `Host` ASC,' . ' `Db` ASC;'; $res = PMA_DBI_query($sql_query); $row = PMA_DBI_fetch_assoc($res); if ($row) { $found = true; } $html_output .= PMA_getHtmlTableBodyForSpecificDbPrivs($found, $row, $odd_row, $link_edit, $res); $html_output .= '</table>' . '</fieldset>' . '</form>' . "\n"; if ($GLOBALS['is_ajax_request'] == true && empty($_REQUEST['ajax_page_request'])) { $message = PMA_Message::success(__('User has been added.')); $response = PMA_Response::getInstance(); $response->addJSON('message', $message); $response->addJSON('user_form', $html_output); exit; } else { // Offer to create a new user for the current database $html_output .= '<fieldset id="fieldset_add_user">' . "\n" . '<legend>' . _pgettext('Create new user', 'New') . '</legend>' . "\n"; $html_output .= '<a href="server_privileges.php?' . $GLOBALS['url_query'] . '&adduser=1&' . 'dbname=' . htmlspecialchars($_REQUEST['checkprivs']) . '" rel="' . 'checkprivs=' . htmlspecialchars($_REQUEST['checkprivs']) . '&' . $GLOBALS['url_query'] . '" class="' . $conditional_class . '" name="db_specific">' . "\n" . PMA_Util::getIcon('b_usradd.png') . ' ' . __('Add user') . '</a>' . "\n"; $html_output .= '</fieldset>' . "\n"; } return $html_output; }
/** * Test for PMA_getListOfPrivilegesAndComparedPrivileges * * @return void */ public function testPMAGetListOfPrivilegesAndComparedPrivileges() { list($list_of_privileges, $list_of_compared_privileges) = PMA_getListOfPrivilegesAndComparedPrivileges(); $expect = "`User`, `Host`, `Select_priv`, `Insert_priv`"; $this->assertContains($expect, $list_of_privileges); $expect = "`Select_priv` = 'N' AND `Insert_priv` = 'N'"; $this->assertContains($expect, $list_of_compared_privileges); $expect = "`Create_routine_priv` = 'N' AND `Alter_routine_priv` = 'N'"; $this->assertContains($expect, $list_of_compared_privileges); }
/** * Get the HTML for user form and check the privileges for a particular table. * * @param string $db database name * @param string $table table name * * @return string $html_output */ function PMA_getHtmlForSpecificTablePrivileges($db, $table) { // check the privileges for a particular table. $html_output = '<form id="usersForm" action="server_privileges.php">'; $html_output .= '<fieldset>'; $html_output .= '<legend>' . PMA_Util::getIcon('b_usrcheck.png') . sprintf(__('Users having access to "%s"'), '<a href="' . $GLOBALS['cfg']['DefaultTabTable'] . PMA_URL_getCommon(array('db' => $db, 'table' => $table)) . '">' . htmlspecialchars($db) . '.' . htmlspecialchars($table) . '</a>') . '</legend>'; $html_output .= '<table id="tablespecificuserrights" class="data">'; $html_output .= '<thead>' . '<tr><th>' . __('User') . '</th>' . '<th>' . __('Host') . '</th>' . '<th>' . __('Type') . '</th>' . '<th>' . __('Privileges') . '</th>' . '<th>' . __('Grant') . '</th>' . '<th>' . __('Action') . '</th>' . '</tr>' . '</thead>'; list($listOfPrivs, $listOfComparedPrivs) = PMA_getListOfPrivilegesAndComparedPrivileges(); $sql_query = "(" . " SELECT " . $listOfPrivs . ", '*' AS `Db`, 'g' AS `Type`" . " FROM `mysql`.`user`" . " WHERE NOT (" . $listOfComparedPrivs . ")" . ")" . " UNION " . "(" . " SELECT " . $listOfPrivs . ", `Db`, 'd' AS `Type`" . " FROM `mysql`.`db`" . " WHERE '" . PMA_Util::sqlAddSlashes($db) . "' LIKE `Db`" . " AND NOT (" . $listOfComparedPrivs . ")" . ")" . " ORDER BY `User` ASC, `Host` ASC, `Db` ASC;"; $res = $GLOBALS['dbi']->query($sql_query); $privMap = array(); while ($row = $GLOBALS['dbi']->fetchAssoc($res)) { $user = $row['User']; $host = $row['Host']; if (!isset($privMap[$user])) { $privMap[$user] = array(); } if (!isset($privMap[$user][$host])) { $privMap[$user][$host] = array(); } $privMap[$user][$host][] = $row; } $sql_query = "SELECT `User`, `Host`, `Db`," . " 't' AS `Type`, `Table_name`, `Table_priv`" . " FROM `mysql`.`tables_priv`" . " WHERE '" . PMA_Util::sqlAddSlashes($db) . "' LIKE `Db`" . " AND '" . PMA_Util::sqlAddSlashes($table) . "' LIKE `Table_name`" . " AND NOT (`Table_priv` = '' AND Column_priv = '')" . " ORDER BY `User` ASC, `Host` ASC, `Db` ASC, `Table_priv` ASC;"; $res = $GLOBALS['dbi']->query($sql_query); while ($row = $GLOBALS['dbi']->fetchAssoc($res)) { $user = $row['User']; $host = $row['Host']; if (!isset($privMap[$user])) { $privMap[$user] = array(); } if (!isset($privMap[$user][$host])) { $privMap[$user][$host] = array(); } $privMap[$user][$host][] = $row; } $html_output .= PMA_getHtmlTableBodyForSpecificDbOrTablePrivs($privMap, $db); $html_output .= '</table>'; $html_output .= '</fieldset>'; $html_output .= '</form>'; // Offer to create a new user for the current database $html_output .= '<fieldset id="fieldset_add_user">' . '<legend>' . _pgettext('Create new user', 'New') . '</legend>'; $html_output .= '<a href="server_privileges.php' . PMA_URL_getCommon(array('adduser' => 1, 'dbname' => $db, 'tablename' => $table)) . '" rel="' . PMA_URL_getCommon(array('checkprivsdb' => $db, 'checkprivstable' => $table)) . '" class="ajax" name="table_specific">' . PMA_Util::getIcon('b_usradd.png') . __('Add user') . '</a>'; $html_output .= '</fieldset>'; return $html_output; }