/** * Returns SQL to create the function * * @return string */ public static function get_creation_sql($node_schema, $node_function) { // http://msdn.microsoft.com/en-us/library/ms186755.aspx $sql = 'CREATE FUNCTION ' . mssql10_function::get_declaration($node_schema, $node_function) . "\n" . 'RETURNS ' . $node_function['returns'] . "\n" . " AS \n" . mssql10_function::get_definition($node_function) . "\n" . "; -- DBSTEWARD_FUNCTION_DEFINITION_END\n"; // quick sanity check: GRANT EXECUTE on FUNCTION that RETURNS table if (strcasecmp($node_function['returns'], 'table') == 0) { foreach ($node_function->grant as $grant) { if (strcasecmp($grant['operation'], 'EXECUTE') == 0) { throw new exception("function " . $node_function['name'] . " - MSSQL does not allow execute permission on functions that return the table type"); } } } // MSSQL procedure mode? if (isset($node_function['procedure'])) { if (strcasecmp($node_function['returns'], 'int') != 0) { throw new exception("function " . $node_function['name'] . " error -- mssql procedure functions always return int, update the definition to say so"); } $sql = 'CREATE PROCEDURE ' . mssql10_function::get_declaration($node_schema, $node_function) . "\n" . " AS \n" . mssql10_function::get_definition($node_function) . "\n" . "; -- DBSTEWARD_PROCEDURE_DEFINITION_END\n"; } // @IMPLEMENT: $node_function['language'] specifier ? // @IMPLEMENT: $node_function['cachePolicy'] specifier ? // @IMPLEMENT: $node_function['securityDefiner'] specifier ? // @IMPLEMENT: $node_function['owner'] specifier ? // @IMPLEMENT: $node_function['description'] specifier ? foreach (dbx::get_permissions($node_function) as $permission) { $grant_sql = mssql10_permission::get_sql(dbsteward::$new_database, $node_schema, $node_function, $permission); $sql .= $grant_sql . "\n"; } return $sql; }
public static function has_permission($node_object, $node_permission) { $permission_operations = pgsql8_permission::get_permission_operations($node_permission); // for each of the rights the node_permission provides foreach ($permission_operations as $permission_operation) { // look at each of the permissions on the node_object and see if the right is given foreach (dbx::get_permissions($node_object) as $node_object_permission) { if (strcasecmp($node_object_permission->getName(), $node_permission->getName()) == 0) { if (strcasecmp($node_object_permission['role'], $node_permission['role']) == 0) { // if this node_object_permission of node_object provides the right // the permission is confirmed provided in the object already if (in_array($permission_operation, pgsql8_permission::get_permission_operations($node_object_permission))) { // so move on to the next permission_operation continue 2; } } } } // if we get here if the right is not found in the in_array comparison for the object dbsteward::warning("permission_operation " . $permission_operation . " not found in " . $node_object['name'] . " permissions for " . $node_permission['role']); return false; } // if we get here then all rights were found to be provided in the object already // so the answer to has_permission? is yes return true; }
protected static function update_permissions($ofs1, $ofs3) { foreach (dbx::get_schemas(dbsteward::$new_database) as $new_schema) { $old_schema = dbx::get_schema(dbsteward::$old_database, $new_schema['name']); foreach (dbx::get_permissions($new_schema) as $new_permission) { if ($old_schema == NULL || !mssql10_permission::has_permission($old_schema, $new_permission)) { $ofs1->write(mssql10_permission::get_sql(dbsteward::$new_database, $new_schema, $new_schema, $new_permission) . "\n"); } } foreach (dbx::get_tables($new_schema) as $new_table) { $old_table = NULL; if ($old_schema != NULL) { $old_table = dbx::get_table($old_schema, $new_table['name']); } if (!dbsteward::$ignore_oldnames && mssql10_diff_tables::is_renamed_table($new_schema, $new_table)) { // oldTableName renamed table ? skip permission diffing on it, it is the same continue; } foreach (dbx::get_permissions($new_table) as $new_permission) { if ($old_table == NULL || !mssql10_permission::has_permission($old_table, $new_permission)) { $ofs1->write(mssql10_permission::get_sql(dbsteward::$new_database, $new_schema, $new_table, $new_permission) . "\n"); } } } foreach (dbx::get_sequences($new_schema) as $new_sequence) { $old_sequence = NULL; if ($old_schema != NULL) { $old_sequence = dbx::get_sequence($old_schema, $new_sequence['name']); } foreach (dbx::get_permissions($new_sequence) as $new_permission) { if ($old_sequence == NULL || !mssql10_permission::has_permission($old_sequence, $new_permission)) { $ofs1->write(mssql10_permission::get_sql(dbsteward::$new_database, $new_schema, $new_sequence, $new_permission) . "\n"); } } } foreach (dbx::get_functions($new_schema) as $new_function) { $old_function = NULL; if ($old_schema != NULL) { $old_function = dbx::get_function($old_schema, $new_function['name'], mssql10_function::get_declaration($new_schema, $new_function)); } foreach (dbx::get_permissions($new_function) as $new_permission) { if ($old_function == NULL || !mssql10_permission::has_permission($old_function, $new_permission)) { $ofs1->write(mssql10_permission::get_sql(dbsteward::$new_database, $new_schema, $new_function, $new_permission) . "\n"); } } } foreach (dbx::get_views($new_schema) as $new_view) { $old_view = NULL; if ($old_schema != NULL) { $old_view = dbx::get_view($old_schema, $new_view['name']); } foreach (dbx::get_permissions($new_view) as $new_permission) { // if always_recreate_views flag is on, always grant all view permissions, as the view was recreated if (dbsteward::$always_recreate_views || $old_view == NULL || !mssql10_permission::has_permission($old_view, $new_permission) || mssql10_diff_views::is_view_modified($old_view, $new_view)) { // view permissions are in schema stage 3 file because views are (re)created in that stage for SELECT * expansion $ofs3->write(mssql10_permission::get_sql(dbsteward::$new_database, $new_schema, $new_view, $new_permission) . "\n"); } } } } }
public static function build_schema($db_doc, $ofs, $table_depends) { // schema creation foreach ($db_doc->schema as $schema) { $ofs->write(pgsql8_schema::get_creation_sql($schema)); // schema grants if (isset($schema->grant)) { foreach ($schema->grant as $grant) { $ofs->write(pgsql8_permission::get_sql($db_doc, $schema, $schema, $grant) . "\n"); } } } // types: enumerated list, etc foreach ($db_doc->schema as $schema) { foreach ($schema->type as $type) { $ofs->write(pgsql8_type::get_creation_sql($schema, $type) . "\n"); } } // table structure creation foreach ($db_doc->schema as $schema) { // create defined tables pgsql8_table::$include_column_default_nextval_in_create_sql = FALSE; foreach ($schema->table as $table) { // table definition $ofs->write(pgsql8_table::get_creation_sql($schema, $table) . "\n"); // table indexes pgsql8_diff_indexes::diff_indexes_table($ofs, NULL, NULL, $schema, $table); // table grants if (isset($table->grant)) { foreach ($table->grant as $grant) { $ofs->write(pgsql8_permission::get_sql($db_doc, $schema, $table, $grant) . "\n"); } } $ofs->write("\n"); } pgsql8_table::$include_column_default_nextval_in_create_sql = TRUE; // sequences contained in the schema if (isset($schema->sequence)) { foreach ($schema->sequence as $sequence) { $ofs->write(pgsql8_sequence::get_creation_sql($schema, $sequence)); // sequence permission grants if (isset($sequence->grant)) { foreach ($sequence->grant as $grant) { $ofs->write(pgsql8_permission::get_sql($db_doc, $schema, $sequence, $grant) . "\n"); } } } } // add table nextvals that were omitted foreach ($schema->table as $table) { if (pgsql8_table::has_default_nextval($table)) { $ofs->write(pgsql8_table::get_default_nextval_sql($schema, $table) . "\n"); } } } $ofs->write("\n"); // function definitions foreach ($db_doc->schema as $schema) { foreach ($schema->function as $function) { if (pgsql8_function::has_definition($function)) { $ofs->write(pgsql8_function::get_creation_sql($schema, $function)); // when pg:build_schema() is doing its thing for straight builds, include function permissions // they are not included in pg_function::get_creation_sql() foreach (dbx::get_permissions($function) as $function_permission) { $ofs->write(pgsql8_permission::get_sql($db_doc, $schema, $function, $function_permission) . "\n"); } } } } $ofs->write("\n"); // maybe move this but here we're defining column defaults fo realz foreach ($db_doc->schema as $schema) { foreach ($schema->table as $table) { $ofs->write(pgsql8_table::define_table_column_defaults($schema, $table)); } } // define table primary keys before foreign keys so unique requirements are always met for FOREIGN KEY constraints foreach ($db_doc->schema as $schema) { foreach ($schema->table as $table) { pgsql8_diff_tables::diff_constraints_table($ofs, NULL, NULL, $schema, $table, 'primaryKey', FALSE); } } $ofs->write("\n"); // foreign key references // use the dependency order to specify foreign keys in an order that will satisfy nested foreign keys and etc for ($i = 0; $i < count($table_depends); $i++) { $schema = $table_depends[$i]['schema']; $table = $table_depends[$i]['table']; if ($table['name'] === dbsteward::TABLE_DEPENDENCY_IGNORABLE_NAME) { // don't do anything with this table, it is a magic internal DBSteward value continue; } pgsql8_diff_tables::diff_constraints_table($ofs, NULL, NULL, $schema, $table, 'constraint', FALSE); } $ofs->write("\n"); // trigger definitions foreach ($db_doc->schema as $schema) { foreach ($schema->trigger as $trigger) { // only do triggers set to the current sql format if (strcasecmp($trigger['sqlFormat'], dbsteward::get_sql_format()) == 0) { $ofs->write(pgsql8_trigger::get_creation_sql($schema, $trigger)); } } } $ofs->write("\n"); pgsql8_diff_views::create_views_ordered($ofs, null, $db_doc); // view permission grants foreach ($db_doc->schema as $schema) { foreach ($schema->view as $view) { if (isset($view->grant)) { foreach ($view->grant as $grant) { $ofs->write(pgsql8_permission::get_sql($db_doc, $schema, $view, $grant) . "\n"); } } } } $ofs->write("\n"); // use pgdiff to add any configurationParameters that are defined pgsql8_diff::update_database_config_parameters($ofs, null, $db_doc); }
/** * Outputs commands for addition, removal and modifications of * table columns. * * @param $ofs1 stage1 output file segmenter * @param $ofs3 stage3 output file segmenter * @param $old_table original table * @param $new_table new table */ private static function update_table_columns($ofs1, $ofs3, $old_table, $new_schema, $new_table) { $commands = array(); $drop_defaults_columns = array(); self::add_drop_table_columns($commands, $old_table, $new_table); self::add_create_table_columns($commands, $old_table, $new_schema, $new_table, $drop_defaults_columns); self::add_modify_table_columns($commands, $old_table, $new_schema, $new_table, $drop_defaults_columns); if (count($commands) > 0) { // do 'pre' 'entire' statements before aggregate table alterations for ($i = 0; $i < count($commands); $i++) { if ($commands[$i]['stage'] == 'BEFORE1') { $ofs1->write($commands[$i]['command'] . "\n"); } else { if ($commands[$i]['stage'] == 'BEFORE3') { $ofs3->write($commands[$i]['command'] . "\n"); } } } $quotedTableName = pgsql8::get_quoted_schema_name($new_schema['name']) . '.' . pgsql8::get_quoted_table_name($new_table['name']); $stage1_sql = ''; $stage3_sql = ''; for ($i = 0; $i < count($commands); $i++) { if (!isset($commands[$i]['stage']) || !isset($commands[$i]['command'])) { var_dump($commands[$i]); throw new exception("bad command format"); } if ($commands[$i]['stage'] == '1') { // we have a stage 1 alteration to make // do the alter table prefix if we haven't yet if (strlen($stage1_sql) == 0) { $stage1_sql = "ALTER TABLE " . $quotedTableName . "\n"; } $stage1_sql .= $commands[$i]['command'] . " ,\n"; } else { if ($commands[$i]['stage'] == '3') { // we have a stage 3 alteration to make // do the alter table prefix if we haven't yet if (strlen($stage3_sql) == 0) { $stage3_sql = "ALTER TABLE " . $quotedTableName . "\n"; } $stage3_sql .= $commands[$i]['command'] . " ,\n"; } } } if (strlen($stage1_sql) > 0) { // slony will make the alter table statement changes as its super user // which if the db owner is different, // implicit sequence creation will fail with: // ERROR: 55000: sequence must have same owner as table it is linked to // so if the alter statement contains a new serial column, // change the user to the slony user for the alter, then (see similar block below) if (isset($new_table['slonyId']) && strlen($new_table['slonyId']) > 0 && stripos($stage1_sql, 'serial') !== false) { // if replication user is defined, check if ownership switch is needed if (strlen(dbsteward::$new_database->database->role->replication) > 0) { if (strcasecmp(dbsteward::$new_database->database->role->owner, dbsteward::$new_database->database->role->replication) != 0) { $alter = "ALTER TABLE " . $quotedTableName . " OWNER TO " . dbsteward::$new_database->database->role->replication . "; -- dbsteward: postgresql needs to be appeased by making the owner the user we are executing as when pushing DDL through slony\n"; $ofs1->write($alter); } } } $stage1_sql = substr($stage1_sql, 0, -3) . ";\n"; $ofs1->write($stage1_sql); // replicated table? put ownership back (see full exp above) if (isset($new_table['slonyId']) && strlen($new_table['slonyId']) > 0 && stripos($stage1_sql, 'serial') !== false) { // if replication user is defined, check ownership switchback if (strlen(dbsteward::$new_database->database->role->replication) > 0) { if (strcasecmp(dbsteward::$new_database->database->role->owner, dbsteward::$new_database->database->role->replication) != 0) { $alter = "ALTER TABLE " . $quotedTableName . " OWNER TO " . dbsteward::$new_database->database->role->owner . "; -- dbsteward: postgresql has been appeased (see above)\n"; $ofs1->write($alter); } } // we are here because a serial column was added, the application will need permissions on the sequence foreach (dbx::get_permissions($new_table) as $sa_permission) { // re-grant all permissions, because permssions run through pgsql8_permission::get_sql() // will do implicit serial column permissions to match table permissions $ofs1->write(pgsql8_permission::get_sql(dbsteward::$new_database, $new_schema, $new_table, $sa_permission) . "\n"); } } } if (strlen($stage3_sql) > 0) { $stage3_sql = substr($stage3_sql, 0, -3) . ";\n"; $ofs3->write($stage3_sql); } if (count($drop_defaults_columns) > 0) { $ofs1->write("\n"); $ofs1->write("ALTER TABLE " . $quotedTableName . "\n"); for ($i = 0; $i < count($drop_defaults_columns); $i++) { $ofs1->write("\tALTER COLUMN " . pgsql8::get_quoted_column_name($drop_defaults_columns[$i]['name']) . " DROP DEFAULT"); if ($i < count($drop_defaults_columns) - 1) { $ofs1->write(",\n"); } else { $ofs1->write(";\n"); } } } // do 'post' 'entire' statements immediately following aggregate table alterations for ($i = 0; $i < count($commands); $i++) { if ($commands[$i]['stage'] == 'BEFORE1') { // already taken care of in earlier entire command output loop } else { if ($commands[$i]['stage'] == 'BEFORE3') { // already taken care of in earlier entire command output loop } else { if ($commands[$i]['stage'] == '1') { // already taken care of in earlier command aggregate loop } else { if ($commands[$i]['stage'] == '3') { // already taken care of in earlier command aggregate loop } else { if ($commands[$i]['stage'] == 'AFTER1') { $ofs1->write($commands[$i]['command'] . "\n"); } else { if ($commands[$i]['stage'] == 'AFTER3') { $ofs3->write($commands[$i]['command'] . "\n"); } else { throw new exception("Unknown stage " . $commands[$i]['stage'] . " during table " . $quotedTableName . " updates"); } } } } } } } } }