Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
15b92e7c
Commit
15b92e7c
authored
Jan 22, 2018
by
Yorick Peterse
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use has_table_privilege for TRIGGER on PostgreSQL
This fixes
https://gitlab.com/gitlab-org/gitlab-ce/issues/38634
.
parent
fa037e7c
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
35 additions
and
20 deletions
+35
-20
changelogs/unreleased/fix-postgresql-table-grant.yml
changelogs/unreleased/fix-postgresql-table-grant.yml
+5
-0
lib/gitlab/database/grant.rb
lib/gitlab/database/grant.rb
+30
-20
No files found.
changelogs/unreleased/fix-postgresql-table-grant.yml
0 → 100644
View file @
15b92e7c
---
title
:
Use has_table_privilege for TRIGGER on PostgreSQL
merge_request
:
author
:
type
:
fixed
lib/gitlab/database/grant.rb
View file @
15b92e7c
...
@@ -12,30 +12,40 @@ module Gitlab
...
@@ -12,30 +12,40 @@ module Gitlab
# Returns true if the current user can create and execute triggers on the
# Returns true if the current user can create and execute triggers on the
# given table.
# given table.
def
self
.
create_and_execute_trigger?
(
table
)
def
self
.
create_and_execute_trigger?
(
table
)
priv
=
if
Database
.
postgresql?
if
Database
.
postgresql?
# We _must not_ use quote_table_name as this will produce double
where
(
privilege_type:
'TRIGGER'
,
table_name:
table
)
# quotes on PostgreSQL and for "has_table_privilege" we need single
.
where
(
'grantee = user'
)
# quotes.
else
quoted_table
=
connection
.
quote
(
table
)
queries
=
[
Grant
.
select
(
1
)
.
from
(
'information_schema.user_privileges'
)
.
where
(
"PRIVILEGE_TYPE = 'SUPER'"
)
.
where
(
"GRANTEE = CONCAT('
\\
'', REPLACE(CURRENT_USER(), '@', '
\\
'@
\\
''), '
\\
'')"
),
Grant
.
select
(
1
)
begin
.
from
(
'information_schema.schema_privileges'
)
from
(
nil
)
.
where
(
"PRIVILEGE_TYPE = 'TRIGGER'"
)
.
pluck
(
"has_table_privilege(
#{
quoted_table
}
, 'TRIGGER')"
)
.
where
(
'TABLE_SCHEMA = ?'
,
Gitlab
::
Database
.
database_name
)
.
first
.
where
(
"GRANTEE = CONCAT('
\\
'', REPLACE(CURRENT_USER(), '@', '
\\
'@
\\
''), '
\\
'')"
)
rescue
ActiveRecord
::
StatementInvalid
]
# This error is raised when using a non-existing table name. In this
# case we just want to return false as a user technically can't
# create triggers for such a table.
false
end
else
queries
=
[
Grant
.
select
(
1
)
.
from
(
'information_schema.user_privileges'
)
.
where
(
"PRIVILEGE_TYPE = 'SUPER'"
)
.
where
(
"GRANTEE = CONCAT('
\\
'', REPLACE(CURRENT_USER(), '@', '
\\
'@
\\
''), '
\\
'')"
),
union
=
SQL
::
Union
.
new
(
queries
).
to_sql
Grant
.
select
(
1
)
.
from
(
'information_schema.schema_privileges'
)
.
where
(
"PRIVILEGE_TYPE = 'TRIGGER'"
)
.
where
(
'TABLE_SCHEMA = ?'
,
Gitlab
::
Database
.
database_name
)
.
where
(
"GRANTEE = CONCAT('
\\
'', REPLACE(CURRENT_USER(), '@', '
\\
'@
\\
''), '
\\
'')"
)
]
Grant
.
from
(
"(
#{
union
}
) privs"
)
union
=
SQL
::
Union
.
new
(
queries
).
to_sql
end
priv
.
any?
Grant
.
from
(
"(
#{
union
}
) privs"
).
any?
end
end
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment