[glom/glom-1-20] Document: Really load the table privileges.
- From: Murray Cumming <murrayc src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glom/glom-1-20] Document: Really load the table privileges.
- Date: Mon, 6 Feb 2012 11:32:42 +0000 (UTC)
commit 1b21a6f90b36179e3ddc23850cc78d308e676bd1
Author: Murray Cumming <murrayc murrayc com>
Date: Fri Feb 3 11:40:14 2012 +0100
Document: Really load the table privileges.
* glom/libglom/db_utils.[h|cc]: add_group(): Take a bool superuser
parameter.
add_groups_from_document(): Use add_group() instead of executing
the ADD GROUP query directly, to make sure that we also start
with some sane table privileges defaults, in case nothing else
sets the privielges.
* glom/libglom/document/document.cc: load_after(): Fix a typo
so that the group privileges are really loaded (and then
saved again instead of being lost).
* examples/example_film_manager.glom:
* examples/example_smallbusiness.glom: Save these with
useful group privileges, so the groups will be allowed to
see tables.
* tests/test_document_load.cc: Test the loading of the group
privileges.
Previously the examples were created with groups that could not
even view the tables, which meant that they could not even
find out about their existence.
This deals with the problem found here:
https://bugzilla.gnome.org/show_bug.cgi?id=669043#c2
But I would like to show the existence (and structure) of tables
even if their data cannot be viewed, so there is more work to do.
Conflicts:
examples/example_film_manager.glom
tests/test_document_load.cc
ChangeLog | 27 ++++++++++++
examples/example_film_manager.glom | 75 +++++++++++++++++++++++++++++++++-
examples/example_smallbusiness.glom | 27 +++++++++++-
glom/libglom/db_utils.cc | 18 ++++----
glom/libglom/db_utils.h | 2 +-
glom/libglom/document/document.cc | 2 +-
tests/test_document_load.cc | 31 ++++++++++++---
7 files changed, 159 insertions(+), 23 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index b61c6d9..20ffcb1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,32 @@
2012-02-03 Murray Cumming <murrayc murrayc com>
+ Document: Really load the table privileges.
+
+ * glom/libglom/db_utils.[h|cc]: add_group(): Take a bool superuser
+ parameter.
+ add_groups_from_document(): Use add_group() instead of executing
+ the ADD GROUP query directly, to make sure that we also start
+ with some sane table privileges defaults, in case nothing else
+ sets the privielges.
+ * glom/libglom/document/document.cc: load_after(): Fix a typo
+ so that the group privileges are really loaded (and then
+ saved again instead of being lost).
+ * examples/example_film_manager.glom:
+ * examples/example_smallbusiness.glom: Save these with
+ useful group privileges, so the groups will be allowed to
+ see tables.
+ * tests/test_document_load.cc: Test the loading of the group
+ privileges.
+ Previously the examples were created with groups that could not
+ even view the tables, which meant that they could not even
+ find out about their existence.
+ This deals with the problem found here:
+ https://bugzilla.gnome.org/show_bug.cgi?id=669043#c2
+ But I would like to show the existence (and structure) of tables
+ even if their data cannot be viewed, so there is more work to do.
+
+2012-02-03 Murray Cumming <murrayc murrayc com>
+
Add some runtime warnings.
* glom/libglom/db_utils.cc: get_table_names_from_database():
diff --git a/examples/example_film_manager.glom b/examples/example_film_manager.glom
index 2a29d62..d43edaf 100644
--- a/examples/example_film_manager.glom
+++ b/examples/example_film_manager.glom
@@ -4038,8 +4038,77 @@ else:
<print_layouts/>
</table>
<groups><!--These are only used when recreating a database from an example file. The actual access-control is on the server, of course.-->
- <group name="accounts"/>
- <group name="glom_developer" developer="true"/>
- <group name="personnel_department"/>
+ <group name="production">
+ <table_privs table_name="accommodation" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="cars" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="characters" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="companies" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="costume" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="crew" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="deliveries" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="departments" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="equipment" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="journeys" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="locations" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_cast" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_costume" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_crew" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_equipment" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_extras" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_makeup" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scenes" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ </group>
+ <group name="glom_developer">
+ <table_privs table_name="accommodation" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="cars" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="characters" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="companies" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="costume" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="crew" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="deliveries" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="departments" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="equipment" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="journeys" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="locations" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_cast" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_costume" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_crew" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_equipment" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_extras" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_makeup" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scenes" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ </group>
+ <group name="props_department">
+ <table_privs table_name="accommodation" priv_view="true"/>
+ <table_privs table_name="cars" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="characters" priv_view="true"/>
+ <table_privs table_name="companies" priv_view="true"/>
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="costume" priv_view="true"/>
+ <table_privs table_name="crew" priv_view="true"/>
+ <table_privs table_name="deliveries" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="departments" priv_view="true"/>
+ <table_privs table_name="equipment" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true"/>
+ <table_privs table_name="journeys" priv_view="true"/>
+ <table_privs table_name="locations" priv_view="true"/>
+ <table_privs table_name="props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_cast" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="scene_costume" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="scene_crew" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="scene_equipment" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="scene_extras" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="scene_makeup" priv_view="true"/>
+ <table_privs table_name="scene_props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scenes" priv_view="true" priv_edit="true"/>
+ </group>
</groups>
<library_modules/></glom_document>
diff --git a/examples/example_smallbusiness.glom b/examples/example_smallbusiness.glom
index 2305faf..391450d 100644
--- a/examples/example_smallbusiness.glom
+++ b/examples/example_smallbusiness.glom
@@ -1502,8 +1502,29 @@ Orientation=portrait
<print_layouts/>
</table>
<groups><!--These are only used when recreating a database from an example file. The actual access-control is on the server, of course.-->
- <group name="accounts"/>
- <group name="glom_developer" developer="true"/>
- <group name="personnel_department"/>
+ <group name="accounts">
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="invoice_lines" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="invoices" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="products" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="staff" priv_view="true" priv_edit="true"/>
+ </group>
+ <group name="glom_developer">
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="invoice_lines" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="invoices" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="products" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="staff" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ </group>
+ <group name="personnel_department">
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="invoice_lines" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="invoices" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="products" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="staff" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ </group>
</groups>
<library_modules/></glom_document>
diff --git a/glom/libglom/db_utils.cc b/glom/libglom/db_utils.cc
index 9c92aea..3cfc2c0 100644
--- a/glom/libglom/db_utils.cc
+++ b/glom/libglom/db_utils.cc
@@ -652,16 +652,15 @@ bool add_groups_from_document(Document* document)
{
const GroupInfo& group = *iter;
const Glib::ustring name = group.get_name();
+ std::cout << G_STRFUNC << ": DEBUG: group=" << name << std::endl;
//See if the group exists in the database:
type_vec_strings::const_iterator iterFind = std::find(database_groups.begin(), database_groups.end(), name);
if(!name.empty() && iterFind == database_groups.end())
{
- const Glib::ustring query = build_query_create_group(name, group.m_developer);
- const bool test = query_execute_string(query);
- if(!test)
+ if(!add_group(document, name, group.m_developer))
{
- std::cerr << G_STRFUNC << ": CREATE GROUP failed when adding the group with name=" << name << std::endl;
+ std::cerr << G_STRFUNC << ": add_group() failed when adding the group with name=" << name << std::endl;
return false;
}
}
@@ -2017,7 +2016,7 @@ bool add_user(const Document* document, const Glib::ustring& user, const Glib::u
return true;
}
-bool add_group(const Document* document, const Glib::ustring& group)
+bool add_group(const Document* document, const Glib::ustring& group, bool superuser)
{
if(!document)
{
@@ -2031,7 +2030,7 @@ bool add_group(const Document* document, const Glib::ustring& group)
return false;
}
- const Glib::ustring strQuery = DbUtils::build_query_create_group(group);
+ const Glib::ustring strQuery = DbUtils::build_query_create_group(group, superuser);
//std::cout << "DEBUGCREATE: " << strQuery << std::endl;
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
@@ -2045,10 +2044,11 @@ bool add_group(const Document* document, const Glib::ustring& group)
priv.m_view = true;
priv.m_edit = true;
- Document::type_listTableInfo table_list = document->get_tables(true /* plus system prefs */);
- for(Document::type_listTableInfo::const_iterator iter = table_list.begin(); iter != table_list.end(); ++iter)
+ const type_vec_strings table_list =
+ get_table_names_from_database(true /* plus system prefs */);
+ for(type_vec_strings::const_iterator iter = table_list.begin(); iter != table_list.end(); ++iter)
{
- if(!Privs::set_table_privileges(group, (*iter)->get_name(), priv))
+ if(!Privs::set_table_privileges(group, *iter, priv))
{
std::cerr << G_STRFUNC << "Privs::set_table_privileges() failed." << std::endl;
return false;
diff --git a/glom/libglom/db_utils.h b/glom/libglom/db_utils.h
index 763e0bd..ec6477f 100644
--- a/glom/libglom/db_utils.h
+++ b/glom/libglom/db_utils.h
@@ -176,7 +176,7 @@ bool remove_user(const Glib::ustring& user);
/** Add a @a group to the database.
* @result true if the addition succeeded.
*/
-bool add_group(const Document* document, const Glib::ustring& group);
+bool add_group(const Document* document, const Glib::ustring& group, bool superuser = false);
bool remove_user_from_group(const Glib::ustring& user, const Glib::ustring& group);
diff --git a/glom/libglom/document/document.cc b/glom/libglom/document/document.cc
index b9f1493..0d29965 100644
--- a/glom/libglom/document/document.cc
+++ b/glom/libglom/document/document.cc
@@ -3048,7 +3048,7 @@ bool Document::load_after(int& failure_code)
group_info.set_name( get_node_attribute_value(node, GLOM_ATTRIBUTE_NAME) );
group_info.m_developer = get_node_attribute_value_as_bool(node, GLOM_ATTRIBUTE_DEVELOPER);
- xmlpp::Node::NodeList listTablePrivs = nodeGroups->get_children(GLOM_NODE_TABLE_PRIVS);
+ xmlpp::Node::NodeList listTablePrivs = node->get_children(GLOM_NODE_TABLE_PRIVS);
for(xmlpp::Node::NodeList::iterator iter = listTablePrivs.begin(); iter != listTablePrivs.end(); ++iter)
{
xmlpp::Element* node = dynamic_cast<xmlpp::Element*>(*iter);
diff --git a/tests/test_document_load.cc b/tests/test_document_load.cc
index caf0369..22c79e4 100644
--- a/tests/test_document_load.cc
+++ b/tests/test_document_load.cc
@@ -46,12 +46,19 @@ bool contains_named(const T_Container& container, const Glib::ustring& name)
return iter != container.end();
}
-static bool groups_contain_named(const Glom::Document::type_list_groups& container, const Glib::ustring& name)
+static bool get_group_named(const Glom::Document::type_list_groups& container, const Glib::ustring& name, Glom::GroupInfo& group_info).
{
- const Glom::Document::type_list_groups::const_iterator iter =
+ Glom::Document::type_list_groups::const_iterator iter =
std::find_if(container.begin(), container.end(),
Glom::predicate_FieldHasName<Glom::GroupInfo>(name));
- return iter != container.end();
+ if(iter != container.end())
+ {
+ group_info = *iter;
+ return true;
+ }
+
+ group_info = Glom::GroupInfo();
+ return false;
}
static bool needs_navigation(Glom::Document& document, const Glib::ustring& table_name, const Glib::ustring& field_name)
@@ -309,9 +316,21 @@ int main()
//Test user groups:
- Glom::Document::type_list_groups groups = document.get_groups();
- g_assert(groups_contain_named(groups, "glom_developer"));
- g_assert(groups_contain_named(groups, "accounts"));
+ Glom::Document::type_list_groups user_groups = document.get_groups();
+ Glom::GroupInfo group_info_ignored;
+ g_assert(get_group_named(user_groups, "glom_developer", group_info_ignored));
+
+ Glom::GroupInfo group_info_accounts;
+ g_assert(get_group_named(user_groups, "props_department", group_info_accounts));
+ Glom::GroupInfo::type_map_table_privileges::const_iterator iterFind =
+ group_info_accounts.m_map_privileges.find("scenes");
+ const bool privileges_found = (iterFind != group_info_accounts.m_map_privileges.end());
+ g_assert(privileges_found);
+ const Glom::Privileges privs = iterFind->second;
+ g_assert(privs.m_view == true);
+ g_assert(privs.m_edit == true);
+ g_assert(privs.m_create == false);
+ g_assert(privs.m_delete == false);
//Test navigation:
if(!needs_navigation(document, "scenes", "location_id"))
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
