[glom] Prevent SQL SELECT errors when the user does not have view (SELECT) rights.

From: Murray Cumming <murrayc src gnome org>
To: commits-list gnome org
Cc:
Subject: [glom] Prevent SQL SELECT errors when the user does not have view (SELECT) rights.
Date: Fri, 24 Feb 2012 08:54:54 +0000 (UTC)
commit 4763ba94336777fae951920d27ee23d91963e1b2
Author: Murray Cumming <murrayc murrayc com>
Date:   Fri Feb 24 09:54:37 2012 +0100

    Prevent SQL SELECT errors when the user does not have view (SELECT) rights.
    
    * glom/libglom/privs.cc: get_current_privs(): Check for an empty table
    name to avoid SQL errors.
    * glom/frame_glom.cc: show_table_allow_empty():
    * glom/mode_data/box_data_list.cc: fill_from_database(), create_layout(),
    * glom/mode_data/box_data_list_related.cc: init_db_detail(), create_layout():
    * glom/mode_data/datawidget/combochoiceswithtreemodel.cc:
    set_choices_related(): Set DbAddDel::set_allow_view(), with the
    discovered view privileges for the current user, to avoid SQL errors when the
    user does not have SELECT rights.

 ChangeLog                                          |   14 ++++++++++++++
 glom/frame_glom.cc                                 |    7 +++++--
 glom/libglom/privs.cc                              |    6 ++++++
 glom/mode_data/box_data_list.cc                    |    6 ++++--
 glom/mode_data/box_data_list_related.cc            |   16 ++++++++++++++++
 .../datawidget/combochoiceswithtreemodel.cc        |    4 +++-
 glom/mode_data/db_adddel/db_adddel.cc              |    1 -
 7 files changed, 48 insertions(+), 6 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 9d3c515..7bebcab 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,19 @@
 2012-02-24  Murray Cumming  <murrayc murrayc com>
 
+	Prevent SQL SELECT errors when the user does not have view (SELECT) rights.
+
+	* glom/libglom/privs.cc: get_current_privs(): Check for an empty table 
+	name to avoid SQL errors.
+	* glom/frame_glom.cc: show_table_allow_empty():
+	* glom/mode_data/box_data_list.cc: fill_from_database(), create_layout(),
+	* glom/mode_data/box_data_list_related.cc: init_db_detail(), create_layout():
+	* glom/mode_data/datawidget/combochoiceswithtreemodel.cc:
+	set_choices_related(): Set DbAddDel::set_allow_view(), with the 
+	discovered view privileges for the current user, to avoid SQL errors when the
+	user does not have SELECT rights.
+
+2012-02-24  Murray Cumming  <murrayc murrayc com>
+
 	More not hiding the database structure if the user does not have view rights.
 
 	* glom/mode_data/box_data_list_related.cc: Do not check if the field really	
diff --git a/glom/frame_glom.cc b/glom/frame_glom.cc
index 72f9398..22bf876 100644
--- a/glom/frame_glom.cc
+++ b/glom/frame_glom.cc
@@ -395,8 +395,11 @@ void Frame_Glom::show_table_allow_empty(const Glib::ustring& table_name, const G
           layout_fields.push_back(layout_item_temp);
           Glib::RefPtr<Gnome::Gda::SqlBuilder> sql_query_without_sort = Utils::build_sql_select_with_where_clause(found_set.m_table_name, layout_fields, found_set.m_where_clause, found_set.m_extra_join, type_sort_clause());
 
-          //TODO: Avoid this if the user does not have view rights, because it would fail:
-          const int count = DbUtils::count_rows_returned_by(sql_query_without_sort);
+          const Privileges table_privs = Privs::get_current_privs(found_set.m_table_name);
+          int count = 0;
+          if(table_privs.m_view) //Avoid the query if the user does not have view rights, because it would fail.
+            count = DbUtils::count_rows_returned_by(sql_query_without_sort);
+            
           if(count < 10000) //Arbitrary large number.
             found_set.m_sort_clause.push_back( type_pair_sort_field(layout_item_sort, true /* ascending */) );
         }
diff --git a/glom/libglom/privs.cc b/glom/libglom/privs.cc
index 1390c79..3ff5e54 100644
--- a/glom/libglom/privs.cc
+++ b/glom/libglom/privs.cc
@@ -430,6 +430,12 @@ bool Privs::on_privs_privileges_cache_timeout(const Glib::ustring& table_name)
 
 Privileges Privs::get_current_privs(const Glib::ustring& table_name)
 {
+  if(table_name.empty())
+  {
+    std::cerr << G_STRFUNC << ": table_name is empty." << std::endl;
+    return Privileges();
+  }
+  
   //TODO_Performance: There's lots of database access here.
   //We could maybe replace some with the postgres has_table_* function().
 
diff --git a/glom/mode_data/box_data_list.cc b/glom/mode_data/box_data_list.cc
index 97b6c64..308be3f 100644
--- a/glom/mode_data/box_data_list.cc
+++ b/glom/mode_data/box_data_list.cc
@@ -144,14 +144,13 @@ bool Box_Data_List::fill_from_database()
 
     enable_buttons();
 
+    m_AddDel.set_allow_view(table_privs.m_view);
     m_AddDel.set_found_set(m_found_set);
 
     result = m_AddDel.refresh_from_database();
 
     if(table_privs.m_view)
     {
-      //TODO: Don't show it if m_view is false.
-
       //Select first record:
       Glib::RefPtr<Gtk::TreeModel> refModel = m_AddDel.get_model();
       if(refModel)
@@ -482,6 +481,9 @@ void Box_Data_List::create_layout()
     m_FieldsShown.push_back(layout_item); //TODO: Do this only if it is not already present.
   }
 
+  const Privileges table_privs = Privs::get_current_privs(m_found_set.m_table_name);
+  m_AddDel.set_allow_view(table_privs.m_view);
+    
   m_AddDel.set_found_set(m_found_set);
   m_AddDel.set_columns(items_to_use); //TODO: Use LayoutGroup::type_list_const_items instead?
 
diff --git a/glom/mode_data/box_data_list_related.cc b/glom/mode_data/box_data_list_related.cc
index aff23dc..f5bd183 100644
--- a/glom/mode_data/box_data_list_related.cc
+++ b/glom/mode_data/box_data_list_related.cc
@@ -23,6 +23,7 @@
 #include <glom/appwindow.h>
 #include <libglom/data_structure/glomconversions.h>
 #include <libglom/db_utils.h>
+#include <libglom/privs.h>
 #include <glom/glade_utils.h>
 #include <glom/frame_glom.h> //For show_ok_dialog()
 #include <glom/utils_ui.h> //For bold_message()).
@@ -82,6 +83,11 @@ bool Box_Data_List_Related::init_db_details(const Glib::ustring& parent_table, b
   else
     LayoutWidgetBase::m_table_name = Glib::ustring();
 
+  if(LayoutWidgetBase::m_table_name.empty())
+  {
+    std::cerr << G_STRFUNC << ": LayoutWidgetBase::m_table_name is null" << std::endl;
+  }
+  
   Base_DB_Table::m_table_name = LayoutWidgetBase::m_table_name;
 
   if(show_title)
@@ -125,6 +131,10 @@ bool Box_Data_List_Related::init_db_details(const Glib::ustring& parent_table, b
 
   FoundSet found_set;
   found_set.m_table_name = LayoutWidgetBase::m_table_name;
+
+  const Privileges table_privs = Privs::get_current_privs(m_found_set.m_table_name);
+  m_AddDel.set_allow_view(table_privs.m_view);
+
   m_AddDel.set_found_set(found_set);
   return Box_Data_ManyRecords::init_db_details(found_set, "" /* layout_platform */); //Calls create_layout() and fill_from_database().
 }
@@ -165,6 +175,9 @@ bool Box_Data_List_Related::fill_from_database()
 
   m_AddDel.set_allow_add(allow_add);
 
+  const Privileges table_privs = Privs::get_current_privs(m_found_set.m_table_name);
+  m_AddDel.set_allow_view(table_privs.m_view);
+
   m_AddDel.set_found_set(m_found_set);
   result = m_AddDel.refresh_from_database();
 
@@ -465,6 +478,9 @@ void Box_Data_List_Related::create_layout()
     items_to_use.push_back(layout_item);
   }
 
+  const Privileges table_privs = Privs::get_current_privs(m_found_set.m_table_name);
+  m_AddDel.set_allow_view(table_privs.m_view);
+  
   m_AddDel.set_found_set(m_found_set);
   m_AddDel.set_columns(items_to_use);
 
diff --git a/glom/mode_data/datawidget/combochoiceswithtreemodel.cc b/glom/mode_data/datawidget/combochoiceswithtreemodel.cc
index d8afc1a..3505ac6 100644
--- a/glom/mode_data/datawidget/combochoiceswithtreemodel.cc
+++ b/glom/mode_data/datawidget/combochoiceswithtreemodel.cc
@@ -21,6 +21,7 @@
 #include "combochoiceswithtreemodel.h"
 #include <glom/mode_data/datawidget/treemodel_db_withextratext.h>
 #include <libglom/data_structure/glomconversions.h>
+#include <libglom/privs.h>
 #include <glom/utils_ui.h>
 #include <glom/appwindow.h>
 #include <gtkmm/liststore.h>
@@ -315,7 +316,8 @@ void ComboChoicesWithTreeModel::set_choices_related(const Document* document, co
   //We create DbTreeModelWithExtraText rather than just DbTreeModel, 
   //because Combo(has_entry) needs it.
   //TODO: Avoid getting the actual data if the user does not have view rights.
-  m_refModel = DbTreeModelWithExtraText::create(found_set, layout_items, true /* allow_view */, false /* find mode */, m_db_layout_items);
+  const Privileges table_privs = Privs::get_current_privs(found_set.m_table_name);
+  m_refModel = DbTreeModelWithExtraText::create(found_set, layout_items, table_privs.m_view, false /* find mode */, m_db_layout_items);
   if(!m_refModel)
   {
     std::cerr << G_STRFUNC << ": DbTreeModel::create() returned a null model." << std::endl;
diff --git a/glom/mode_data/db_adddel/db_adddel.cc b/glom/mode_data/db_adddel/db_adddel.cc
index e0b0bed..f5f6b87 100644
--- a/glom/mode_data/db_adddel/db_adddel.cc
+++ b/glom/mode_data/db_adddel/db_adddel.cc
@@ -671,7 +671,6 @@ void DbAddDel::construct_specified_columns()
     return;
   }
 
-  //TODO: Do not try to get the data if the user does not have view rights.
   m_refListStore = DbTreeModel::create(m_found_set, m_column_items, m_allow_view, m_find_mode, m_FieldsShown);
   //m_FieldsShown is needed by Base_DB_Table_Data::record_new().
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]