lib/posgra/driver.rb in posgra-0.1.5 vs lib/posgra/driver.rb in posgra-0.1.6
- old
+ new
@@ -40,11 +40,11 @@
password = @identifier.identify(user)
sql = "CREATE USER #{@client.escape_identifier(user)} PASSWORD #{@client.escape_literal(password)}"
log(:info, sql, :color => :cyan)
unless @options[:dry_run]
- @client.query(sql)
+ exec(sql)
updated = true
end
updated
end
@@ -54,11 +54,11 @@
sql = "DROP USER #{@client.escape_identifier(user)}"
log(:info, sql, :color => :red)
unless @options[:dry_run]
- @client.query(sql)
+ exec(sql)
updated = true
end
updated
end
@@ -68,11 +68,11 @@
sql = "CREATE GROUP #{@client.escape_identifier(group)}"
log(:info, sql, :color => :cyan)
unless @options[:dry_run]
- @client.query(sql)
+ exec(sql)
updated = true
end
updated
end
@@ -82,11 +82,11 @@
sql = "ALTER GROUP #{@client.escape_identifier(group)} ADD USER #{@client.escape_identifier(user)}"
log(:info, sql, :color => :green)
unless @options[:dry_run]
- @client.query(sql)
+ exec(sql)
updated = true
end
updated
end
@@ -96,11 +96,11 @@
sql = "ALTER GROUP #{@client.escape_identifier(group)} DROP USER #{@client.escape_identifier(user)}"
log(:info, sql, :color => :cyan)
unless @options[:dry_run]
- @client.query(sql)
+ exec(sql)
updated = true
end
updated
end
@@ -110,26 +110,22 @@
sql = "DROP GROUP #{@client.escape_identifier(group)}"
log(:info, sql, :color => :red)
unless @options[:dry_run]
- @client.query(sql)
+ exec(sql)
updated = true
end
updated
end
def revoke_all_on_schema(role, schema)
updated = false
- sql = "REVOKE ALL ON ALL TABLES IN SCHEMA #{@client.escape_identifier(schema)} FROM #{@client.escape_identifier(role)}"
- log(:info, sql, :color => :green)
-
- unless @options[:dry_run]
- @client.query(sql)
- updated = true
+ describe_objects(schema).each do |object|
+ updated = revoke_all_on_object(role, schema, object) || updated
end
updated
end
@@ -138,11 +134,11 @@
sql = "REVOKE ALL ON #{@client.escape_identifier(schema)}.#{@client.escape_identifier(object)} FROM #{@client.escape_identifier(role)}"
log(:info, sql, :color => :green)
unless @options[:dry_run]
- @client.query(sql)
+ exec(sql)
updated = true
end
updated
end
@@ -157,11 +153,11 @@
end
log(:info, sql, :color => :green)
unless @options[:dry_run]
- @client.query(sql)
+ exec(sql)
updated = true
end
updated
end
@@ -183,11 +179,11 @@
sql = "GRANT #{priv} ON #{@client.escape_identifier(schema)}.#{@client.escape_identifier(object)} TO #{@client.escape_identifier(role)} WITH GRANT OPTION"
log(:info, sql, :color => :green)
unless @options[:dry_run]
- @client.query(sql)
+ exec(sql)
updated = true
end
updated
end
@@ -197,11 +193,11 @@
sql = "REVOKE GRANT OPTION FOR #{priv} ON #{@client.escape_identifier(schema)}.#{@client.escape_identifier(object)} FROM #{@client.escape_identifier(role)}"
log(:info, sql, :color => :green)
unless @options[:dry_run]
- @client.query(sql)
+ exec(sql)
updated = true
end
updated
end
@@ -211,19 +207,19 @@
sql = "REVOKE #{priv} ON #{@client.escape_identifier(schema)}.#{@client.escape_identifier(object)} FROM #{@client.escape_identifier(role)}"
log(:info, sql, :color => :green)
unless @options[:dry_run]
- @client.query(sql)
+ exec(sql)
updated = true
end
updated
end
def describe_objects(schema)
- rs = @client.exec <<-SQL
+ rs = exec <<-SQL
SELECT
pg_class.relname,
pg_namespace.nspname
FROM
pg_class
@@ -243,11 +239,11 @@
objects
end
def describe_users
- rs = @client.exec('SELECT * FROM pg_user')
+ rs = exec('SELECT * FROM pg_user')
options_by_user = {}
rs.each do |row|
user = row.fetch('usename')
@@ -257,11 +253,11 @@
options_by_user
end
def describe_groups
- rs = @client.exec <<-SQL
+ rs = exec <<-SQL
SELECT
pg_group.groname,
pg_user.usename
FROM
pg_group
@@ -280,11 +276,11 @@
users_by_group
end
def describe_grants
- rs = @client.exec <<-SQL
+ rs = exec <<-SQL
SELECT
pg_class.relname,
pg_namespace.nspname,
pg_class.relacl,
pg_user.usename,
@@ -327,12 +323,15 @@
aclitems_fmt = DEFAULT_ACL_BY_KIND.fetch(relkind, DEFAULT_ACL)
aclitems ||= aclitems_fmt % [owner, owner]
aclitems = aclitems[1..-2].split(',')
aclitems.map do |aclitem|
+ aclitem = unquote_aclitem(aclitem)
grantee, privileges_grantor = aclitem.split('=', 2)
privileges, grantor = privileges_grantor.split('/', 2)
+ grantee = unescape_aclname(grantee)
+ grantor = unescape_aclname(grantor)
{
'grantee' => grantee,
'privileges' => expand_privileges(privileges),
'grantor' => grantor,
@@ -355,7 +354,20 @@
'is_grantable' => !!is_grantable,
}
end
options_by_privilege
+ end
+
+ def exec(sql)
+ log(:debug, sql)
+ @client.exec(sql)
+ end
+
+ def unquote_aclitem(str)
+ str.sub(/\A"/, '').sub(/"\z/, '').gsub('\\', '')
+ end
+
+ def unescape_aclname(str)
+ str.sub(/\A"/, '').sub(/"\z/, '').gsub('""', '"')
end
end