コード例 #1
0
/**
 * Get a HTML table for display user's tabel specific or database specific rights
 *
 * @param string $username username
 * @param string $hostname host name
 * @param string $dbname   database name
 *
 * @return array $html_output, $found_rows
 */
function PMA_getHtmlForAllTableSpecificRights($username, $hostname, $dbname)
{
    // table header
    $html_output = PMA_URL_getHiddenInputs('', '') . '<input type="hidden" name="username" ' . 'value="' . htmlspecialchars($username) . '" />' . "\n" . '<input type="hidden" name="hostname" ' . 'value="' . htmlspecialchars($hostname) . '" />' . "\n" . '<fieldset>' . "\n" . '<legend data-submenu-label="' . (!mb_strlen($dbname) ? __('Database') : __('Table')) . '">' . (!mb_strlen($dbname) ? __('Database-specific privileges') : __('Table-specific privileges')) . '</legend>' . "\n" . '<table class="data">' . "\n" . '<thead>' . "\n" . '<tr><th>' . (!mb_strlen($dbname) ? __('Database') : __('Table')) . '</th>' . "\n" . '<th>' . __('Privileges') . '</th>' . "\n" . '<th>' . __('Grant') . '</th>' . "\n" . '<th>' . (!mb_strlen($dbname) ? __('Table-specific privileges') : __('Column-specific privileges')) . '</th>' . "\n" . '<th colspan="2">' . __('Action') . '</th>' . "\n" . '</tr>' . "\n" . '</thead>' . "\n";
    $user_host_condition = ' WHERE `User`' . ' = \'' . PMA_Util::sqlAddSlashes($username) . "'" . ' AND `Host`' . ' = \'' . PMA_Util::sqlAddSlashes($hostname) . "'";
    // table body
    // get data
    // we also want privileges for this user not in table `db` but in other table
    $tables = $GLOBALS['dbi']->fetchResult('SHOW TABLES FROM `mysql`;');
    /**
     * no db name given, so we want all privs for the given user
     * db name was given, so we want all user specific rights for this db
     */
    $db_rights = PMA_getUserSpecificRights($tables, $user_host_condition, $dbname);
    ksort($db_rights);
    $html_output .= '<tbody>' . "\n";
    // display rows
    list($found_rows, $html_out) = PMA_getHtmlForUserRights($db_rights, $dbname, $hostname, $username);
    $html_output .= $html_out;
    $html_output .= '</tbody>' . "\n";
    $html_output .= '</table>' . "\n";
    return array($html_output, $found_rows);
}
コード例 #2
0
 /**
  * Tests for PMA_getUserSpecificRights
  *
  * @return void
  */
 function testPMAGetUserSpecificRights()
 {
     // Setup for the test
     $GLOBALS['dbi']->expects($this->any())->method('fetchAssoc')->will($this->onConsecutiveCalls(array('Db' => 'y'), false, array('Db' => 'y'), false, false, array('Table_name' => 't')));
     // Test case 1
     $tables = array('columns_priv');
     $user_host_condition = '';
     $dbname = '';
     $expected = array('y' => array('privs' => array('USAGE'), 'Db' => 'y', 'Grant_priv' => 'N', 'Column_priv' => true, 'can_delete' => true));
     $actual = PMA_getUserSpecificRights($tables, $user_host_condition, $dbname);
     $this->assertEquals($expected, $actual);
     // Test case 2
     $dbname = 'db';
     $expected = array('t' => array('Table_name' => 't'));
     $actual = PMA_getUserSpecificRights($tables, $user_host_condition, $dbname);
     $this->assertEquals($expected, $actual);
 }
コード例 #3
0
/**
 * Get a HTML table for display user's tabel specific or database specific rights
 *
 * @param string $username username
 * @param string $hostname host name
 * @param string $type     database, table or routine
 * @param string $dbname   database name
 *
 * @return array $html_output
 */
function PMA_getHtmlForAllTableSpecificRights($username, $hostname, $type, $dbname = '')
{
    $uiData = array('database' => array('formId' => 'database_specific_priv', 'subMenuLabel' => __('Database'), 'legend' => __('Database-specific privileges'), 'typeLabel' => __('Database')), 'table' => array('formId' => 'table_specific_priv', 'subMenuLabel' => __('Table'), 'legend' => __('Table-specific privileges'), 'typeLabel' => __('Table')), 'routine' => array('formId' => 'routine_specific_priv', 'subMenuLabel' => __('Routine'), 'legend' => __('Routine-specific privileges'), 'typeLabel' => __('Routine')));
    /**
     * no db name given, so we want all privs for the given user
     * db name was given, so we want all user specific rights for this db
     */
    $db_rights = PMA_getUserSpecificRights($username, $hostname, $type, $dbname);
    ksort($db_rights);
    $foundRows = array();
    $privileges = array();
    foreach ($db_rights as $row) {
        $onePrivilege = array();
        $paramDbName = '';
        $paramTableName = '';
        $paramRoutineName = '';
        if ($type == 'database') {
            $name = $row['Db'];
            $onePrivilege['grant'] = $row['Grant_priv'] == 'Y';
            $onePrivilege['tablePrivs'] = !empty($row['Table_priv']) || !empty($row['Column_priv']);
            $onePrivilege['privileges'] = join(',', PMA_extractPrivInfo($row, true));
            $paramDbName = $row['Db'];
        } elseif ($type == 'table') {
            $name = $row['Table_name'];
            $onePrivilege['grant'] = in_array('Grant', explode(',', $row['Table_priv']));
            $onePrivilege['columnPrivs'] = !empty($row['Column_priv']);
            $onePrivilege['privileges'] = join(',', PMA_extractPrivInfo($row, true));
            $paramDbName = $dbname;
            $paramTableName = $row['Table_name'];
        } else {
            // routine
            $name = $row['Routine_name'];
            $onePrivilege['grant'] = in_array('Grant', explode(',', $row['Proc_priv']));
            $privs = array('Alter_routine_priv' => 'N', 'Execute_priv' => 'N', 'Grant_priv' => 'N');
            foreach (explode(',', $row['Proc_priv']) as $priv) {
                if ($priv == 'Alter Routine') {
                    $privs['Alter_routine_priv'] = 'Y';
                } else {
                    $privs[$priv . '_priv'] = 'Y';
                }
            }
            $onePrivilege['privileges'] = join(',', PMA_extractPrivInfo($privs, true));
            $paramDbName = $dbname;
            $paramRoutineName = $row['Routine_name'];
        }
        $foundRows[] = $name;
        $onePrivilege['name'] = $name;
        $onePrivilege['editLink'] = '';
        if ($GLOBALS['is_grantuser']) {
            $onePrivilege['editLink'] = PMA_getUserLink('edit', $username, $hostname, $paramDbName, $paramTableName, $paramRoutineName);
        }
        $onePrivilege['revokeLink'] = '';
        if ($type != 'database' || !empty($row['can_delete'])) {
            $onePrivilege['revokeLink'] = PMA_getUserLink('revoke', $username, $hostname, $paramDbName, $paramTableName, $paramRoutineName);
        }
        $privileges[] = $onePrivilege;
    }
    $data = $uiData[$type];
    $data['privileges'] = $privileges;
    $data['userName'] = $username;
    $data['hostName'] = $hostname;
    $data['database'] = $dbname;
    $data['type'] = $type;
    if ($type == 'database') {
        // we already have the list of databases from libraries/common.inc.php
        // via $pma = new PMA;
        $pred_db_array = $GLOBALS['pma']->databases;
        $databases_to_skip = array('information_schema', 'performance_schema');
        $databases = array();
        if (!empty($pred_db_array)) {
            foreach ($pred_db_array as $current_db) {
                if (in_array($current_db, $databases_to_skip)) {
                    continue;
                }
                $current_db_escaped = PMA_Util::escapeMysqlWildcards($current_db);
                // cannot use array_diff() once, outside of the loop,
                // because the list of databases has special characters
                // already escaped in $foundRows,
                // contrary to the output of SHOW DATABASES
                if (!in_array($current_db_escaped, $foundRows)) {
                    $databases[] = $current_db;
                }
            }
        }
        $data['databases'] = $databases;
    } elseif ($type == 'table') {
        $result = @$GLOBALS['dbi']->tryQuery("SHOW TABLES FROM " . PMA_Util::backquote($dbname), null, PMA_DatabaseInterface::QUERY_STORE);
        $tables = array();
        if ($result) {
            while ($row = $GLOBALS['dbi']->fetchRow($result)) {
                if (!in_array($row[0], $foundRows)) {
                    $tables[] = $row[0];
                }
            }
            $GLOBALS['dbi']->freeResult($result);
        }
        $data['tables'] = $tables;
    } else {
        // routine
        $routineData = $GLOBALS['dbi']->getRoutines($dbname);
        $routines = array();
        foreach ($routineData as $routine) {
            if (!in_array($routine['name'], $foundRows)) {
                $routines[] = $routine['name'];
            }
        }
        $data['routines'] = $routines;
    }
    $html_output = PMA\Template::get('privileges/privileges_summary')->render($data);
    return $html_output;
}
コード例 #4
0
/**
 * Get a HTML table for display user's tabel specific or database specific rights
 *
 * @param string $username      username
 * @param string $hostname      host name
 * @param string $dbname        database name
 * @param string $link_edit     standard link to edit privileges
 * @param string $link_revoke   standard link to revoke
 *
 * @return array $html_output, $found_rows
 */
function PMA_getTableForDisplayAllTableSpecificRights($username, $hostname, $link_edit, $link_revoke, $dbname)
{
    // table header
    $html_output = PMA_generate_common_hidden_inputs('', '') . '<input type="hidden" name="username" ' . 'value="' . htmlspecialchars($username) . '" />' . "\n" . '<input type="hidden" name="hostname" ' . 'value="' . htmlspecialchars($hostname) . '" />' . "\n" . '<fieldset>' . "\n" . '<legend>' . (!strlen($dbname) ? __('Database-specific privileges') : __('Table-specific privileges')) . '</legend>' . "\n" . '<table class="data">' . "\n" . '<thead>' . "\n" . '<tr><th>' . (!strlen($dbname) ? __('Database') : __('Table')) . '</th>' . "\n" . '<th>' . __('Privileges') . '</th>' . "\n" . '<th>' . __('Grant') . '</th>' . "\n" . '<th>' . (!strlen($dbname) ? __('Table-specific privileges') : __('Column-specific privileges')) . '</th>' . "\n" . '<th colspan="2">' . __('Action') . '</th>' . "\n" . '</tr>' . "\n" . '</thead>' . "\n";
    $user_host_condition = ' WHERE `User`' . ' = \'' . PMA_CommonFunctions::getInstance()->sqlAddSlashes($username) . "'" . ' AND `Host`' . ' = \'' . PMA_CommonFunctions::getInstance()->sqlAddSlashes($hostname) . "'";
    // table body
    // get data
    // we also want privielgs for this user not in table `db` but in other table
    $tables = PMA_DBI_fetch_result('SHOW TABLES FROM `mysql`;');
    /**
     * no db name given, so we want all privs for the given user
     * db name was given, so we want all user specific rights for this db
     */
    $db_rights = PMA_getUserSpecificRights($tables, $user_host_condition, $dbname);
    ksort($db_rights);
    $html_output .= '<tbody>' . "\n";
    // display rows
    list($found_rows, $html_out) = PMA_getHtmlForDisplayUserRightsInRows($db_rights, $link_edit, $dbname, $link_revoke, $hostname, $username);
    $html_output .= $html_out;
    $html_output .= '</tbody>' . "\n";
    $html_output .= '</table>' . "\n";
    return array($html_output, $found_rows);
}