[glom] Document: Really load the table privileges.
- From: Murray Cumming <murrayc src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glom] Document: Really load the table privileges.
- Date: Fri, 3 Feb 2012 10:40:48 +0000 (UTC)
commit 694bc016c1ce53a1e1853ab950c7abe94d1214fd
Author: Murray Cumming <murrayc murrayc com>
Date: Fri Feb 3 11:40:14 2012 +0100
Document: Really load the table privileges.
* glom/libglom/db_utils.[h|cc]: add_group(): Take a bool superuser
parameter.
add_groups_from_document(): Use add_group() instead of executing
the ADD GROUP query directly, to make sure that we also start
with some sane table privileges defaults, in case nothing else
sets the privielges.
* glom/libglom/document/document.cc: load_after(): Fix a typo
so that the group privileges are really loaded (and then
saved again instead of being lost).
* examples/example_film_manager.glom:
* examples/example_smallbusiness.glom: Save these with
useful group privileges, so the groups will be allowed to
see tables.
* tests/test_document_load.cc: Test the loading of the group
privileges.
Previously the examples were created with groups that could not
even view the tables, which meant that they could not even
find out about their existence.
This deals with the problem found here:
https://bugzilla.gnome.org/show_bug.cgi?id=669043#c2
But I would like to show the existence (and structure) of tables
even if their data cannot be viewed, so there is more work to do.
ChangeLog | 27 ++++++++++++
examples/example_film_manager.glom | 77 +++++++++++++++++++++++++++++++++--
examples/example_smallbusiness.glom | 27 +++++++++++-
glom/libglom/db_utils.cc | 18 ++++----
glom/libglom/db_utils.h | 2 +-
glom/libglom/document/document.cc | 2 +-
tests/test_document_load.cc | 29 +++++++++++--
7 files changed, 159 insertions(+), 23 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 4a6d2db..93412b5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,32 @@
2012-02-03 Murray Cumming <murrayc murrayc com>
+ Document: Really load the table privileges.
+
+ * glom/libglom/db_utils.[h|cc]: add_group(): Take a bool superuser
+ parameter.
+ add_groups_from_document(): Use add_group() instead of executing
+ the ADD GROUP query directly, to make sure that we also start
+ with some sane table privileges defaults, in case nothing else
+ sets the privielges.
+ * glom/libglom/document/document.cc: load_after(): Fix a typo
+ so that the group privileges are really loaded (and then
+ saved again instead of being lost).
+ * examples/example_film_manager.glom:
+ * examples/example_smallbusiness.glom: Save these with
+ useful group privileges, so the groups will be allowed to
+ see tables.
+ * tests/test_document_load.cc: Test the loading of the group
+ privileges.
+ Previously the examples were created with groups that could not
+ even view the tables, which meant that they could not even
+ find out about their existence.
+ This deals with the problem found here:
+ https://bugzilla.gnome.org/show_bug.cgi?id=669043#c2
+ But I would like to show the existence (and structure) of tables
+ even if their data cannot be viewed, so there is more work to do.
+
+2012-02-03 Murray Cumming <murrayc murrayc com>
+
test_selfhosting_new_empty_then_users: Slight improvement.
* tests/test_selfhosting_new_from_example_operator.cc: Check
diff --git a/examples/example_film_manager.glom b/examples/example_film_manager.glom
index 39b64ee..a159ac5 100644
--- a/examples/example_film_manager.glom
+++ b/examples/example_film_manager.glom
@@ -5,7 +5,7 @@
<trans loc="es" val="Gestor de pelÃculas Openismus"/>
<trans loc="sl" val="Upravljalnik filmov Openismus"/>
</trans_set>
- <connection hosting_mode="postgres_self" server="localhost" port="5435" try_other_ports="false" database="glom_film_production_manager"/>
+ <connection hosting_mode="postgres_self" server="localhost" port="5433" try_other_ports="false" database="glom_film_production_manager"/>
<table name="accommodation" title="Accommodation">
<example_rows/>
<trans_set>
@@ -5209,8 +5209,77 @@ else:
<print_layouts/>
</table>
<groups><!--These are only used when recreating a database from an example file. The actual access-control is on the server, of course.-->
- <group name="accounts"/>
- <group name="glom_developer" developer="true"/>
- <group name="personnel_department"/>
+ <group name="production">
+ <table_privs table_name="accommodation" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="cars" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="characters" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="companies" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="costume" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="crew" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="deliveries" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="departments" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="equipment" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="journeys" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="locations" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_cast" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_costume" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_crew" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_equipment" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_extras" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_makeup" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scenes" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ </group>
+ <group name="glom_developer">
+ <table_privs table_name="accommodation" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="cars" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="characters" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="companies" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="costume" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="crew" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="deliveries" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="departments" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="equipment" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="journeys" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="locations" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_cast" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_costume" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_crew" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_equipment" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_extras" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_makeup" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scenes" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ </group>
+ <group name="props_department">
+ <table_privs table_name="accommodation" priv_view="true"/>
+ <table_privs table_name="cars" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="characters" priv_view="true"/>
+ <table_privs table_name="companies" priv_view="true"/>
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="costume" priv_view="true"/>
+ <table_privs table_name="crew" priv_view="true"/>
+ <table_privs table_name="deliveries" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="departments" priv_view="true"/>
+ <table_privs table_name="equipment" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true"/>
+ <table_privs table_name="journeys" priv_view="true"/>
+ <table_privs table_name="locations" priv_view="true"/>
+ <table_privs table_name="props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scene_cast" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="scene_costume" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="scene_crew" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="scene_equipment" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="scene_extras" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="scene_makeup" priv_view="true"/>
+ <table_privs table_name="scene_props" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="scenes" priv_view="true" priv_edit="true"/>
+ </group>
</groups>
<library_modules/></glom_document>
diff --git a/examples/example_smallbusiness.glom b/examples/example_smallbusiness.glom
index 0db0e5a..cc4cc77 100644
--- a/examples/example_smallbusiness.glom
+++ b/examples/example_smallbusiness.glom
@@ -1816,8 +1816,29 @@ Orientation=portrait
<print_layouts/>
</table>
<groups><!--These are only used when recreating a database from an example file. The actual access-control is on the server, of course.-->
- <group name="accounts"/>
- <group name="glom_developer" developer="true"/>
- <group name="personnel_department"/>
+ <group name="accounts">
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="invoice_lines" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="invoices" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="products" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="staff" priv_view="true" priv_edit="true"/>
+ </group>
+ <group name="glom_developer">
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="invoice_lines" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="invoices" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="products" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="staff" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ </group>
+ <group name="personnel_department">
+ <table_privs table_name="contacts" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ <table_privs table_name="glom_system_preferences" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="invoice_lines" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="invoices" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="products" priv_view="true" priv_edit="true"/>
+ <table_privs table_name="staff" priv_view="true" priv_edit="true" priv_create="true" priv_delete="true"/>
+ </group>
</groups>
<library_modules/></glom_document>
diff --git a/glom/libglom/db_utils.cc b/glom/libglom/db_utils.cc
index 2ea67b6..235f802 100644
--- a/glom/libglom/db_utils.cc
+++ b/glom/libglom/db_utils.cc
@@ -651,16 +651,15 @@ bool add_groups_from_document(Document* document)
{
const GroupInfo& group = *iter;
const Glib::ustring name = group.get_name();
+ std::cout << G_STRFUNC << ": DEBUG: group=" << name << std::endl;
//See if the group exists in the database:
type_vec_strings::const_iterator iterFind = std::find(database_groups.begin(), database_groups.end(), name);
if(!name.empty() && iterFind == database_groups.end())
{
- const Glib::ustring query = build_query_create_group(name, group.m_developer);
- const bool test = query_execute_string(query);
- if(!test)
+ if(!add_group(document, name, group.m_developer))
{
- std::cerr << G_STRFUNC << ": CREATE GROUP failed when adding the group with name=" << name << std::endl;
+ std::cerr << G_STRFUNC << ": add_group() failed when adding the group with name=" << name << std::endl;
return false;
}
}
@@ -2099,7 +2098,7 @@ bool add_user(const Document* document, const Glib::ustring& user, const Glib::u
return true;
}
-bool add_group(const Document* document, const Glib::ustring& group)
+bool add_group(const Document* document, const Glib::ustring& group, bool superuser)
{
if(!document)
{
@@ -2113,7 +2112,7 @@ bool add_group(const Document* document, const Glib::ustring& group)
return false;
}
- const Glib::ustring strQuery = DbUtils::build_query_create_group(group);
+ const Glib::ustring strQuery = DbUtils::build_query_create_group(group, superuser);
//std::cout << "DEBUGCREATE: " << strQuery << std::endl;
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
@@ -2127,10 +2126,11 @@ bool add_group(const Document* document, const Glib::ustring& group)
priv.m_view = true;
priv.m_edit = true;
- Document::type_listTableInfo table_list = document->get_tables(true /* plus system prefs */);
- for(Document::type_listTableInfo::const_iterator iter = table_list.begin(); iter != table_list.end(); ++iter)
+ const type_vec_strings table_list =
+ get_table_names_from_database(true /* plus system prefs */);
+ for(type_vec_strings::const_iterator iter = table_list.begin(); iter != table_list.end(); ++iter)
{
- if(!Privs::set_table_privileges(group, (*iter)->get_name(), priv))
+ if(!Privs::set_table_privileges(group, *iter, priv))
{
std::cerr << G_STRFUNC << "Privs::set_table_privileges() failed." << std::endl;
return false;
diff --git a/glom/libglom/db_utils.h b/glom/libglom/db_utils.h
index 59f708e..6f27486 100644
--- a/glom/libglom/db_utils.h
+++ b/glom/libglom/db_utils.h
@@ -192,7 +192,7 @@ bool remove_user(const Glib::ustring& user);
/** Add a @a group to the database.
* @result true if the addition succeeded.
*/
-bool add_group(const Document* document, const Glib::ustring& group);
+bool add_group(const Document* document, const Glib::ustring& group, bool superuser = false);
bool remove_user_from_group(const Glib::ustring& user, const Glib::ustring& group);
diff --git a/glom/libglom/document/document.cc b/glom/libglom/document/document.cc
index d803801..4e61606 100644
--- a/glom/libglom/document/document.cc
+++ b/glom/libglom/document/document.cc
@@ -3133,7 +3133,7 @@ bool Document::load_after(int& failure_code)
group_info.set_name( get_node_attribute_value(node, GLOM_ATTRIBUTE_NAME) );
group_info.m_developer = get_node_attribute_value_as_bool(node, GLOM_ATTRIBUTE_DEVELOPER);
- xmlpp::Node::NodeList listTablePrivs = nodeGroups->get_children(GLOM_NODE_TABLE_PRIVS);
+ xmlpp::Node::NodeList listTablePrivs = node->get_children(GLOM_NODE_TABLE_PRIVS);
for(xmlpp::Node::NodeList::iterator iter = listTablePrivs.begin(); iter != listTablePrivs.end(); ++iter)
{
xmlpp::Element* node = dynamic_cast<xmlpp::Element*>(*iter);
diff --git a/tests/test_document_load.cc b/tests/test_document_load.cc
index e6287a3..3a97bb4 100644
--- a/tests/test_document_load.cc
+++ b/tests/test_document_load.cc
@@ -63,12 +63,19 @@ bool contains_value(const T_Container& container, const Glib::ustring& name)
}
-static bool groups_contain_named(const Glom::Document::type_list_groups& container, const Glib::ustring& name)
+static bool get_group_named(const Glom::Document::type_list_groups& container, const Glib::ustring& name, Glom::GroupInfo& group_info)
{
- const Glom::Document::type_list_groups::const_iterator iter =
+ Glom::Document::type_list_groups::const_iterator iter =
std::find_if(container.begin(), container.end(),
Glom::predicate_FieldHasName<Glom::GroupInfo>(name));
- return iter != container.end();
+ if(iter != container.end())
+ {
+ group_info = *iter;
+ return true;
+ }
+
+ group_info = Glom::GroupInfo();
+ return false;
}
static bool needs_navigation(Glom::Document& document, const Glib::ustring& table_name, const Glib::ustring& field_name)
@@ -342,8 +349,20 @@ int main()
//Test user groups:
Glom::Document::type_list_groups user_groups = document.get_groups();
- g_assert(groups_contain_named(user_groups, "glom_developer"));
- g_assert(groups_contain_named(user_groups, "accounts"));
+ Glom::GroupInfo group_info_ignored;
+ g_assert(get_group_named(user_groups, "glom_developer", group_info_ignored));
+
+ Glom::GroupInfo group_info_accounts;
+ g_assert(get_group_named(user_groups, "props_department", group_info_accounts));
+ Glom::GroupInfo::type_map_table_privileges::const_iterator iterFind =
+ group_info_accounts.m_map_privileges.find("scenes");
+ const bool privileges_found = (iterFind != group_info_accounts.m_map_privileges.end());
+ g_assert(privileges_found);
+ const Glom::Privileges privs = iterFind->second;
+ g_assert(privs.m_view == true);
+ g_assert(privs.m_edit == true);
+ g_assert(privs.m_create == false);
+ g_assert(privs.m_delete == false);
//Test navigation:
if(!needs_navigation(document, "scenes", "location_id"))
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
