Forgot to regenerate the patch after last-minute fix before sending
email... Missing closing parenthesis in previous patch. New patch
attached.
On Mon, Feb 27, 2012 at 01:41:21PM +0100, Lionel Elie Mamane wrote:
> Attached patch fixes fdo#46675, a regression in 3.5.1rc1 wrt to 3.5.0
> introduced in the fix for fdo#45254. It is a backport of my
> corresponding commit in master; in 3.5.1 only getTablePrivileges is
> affected, not getColumnPrivileges.
>
> A PostgreSQL role can be member of another role. Think of the first
> role as a user and of the second role as a group; a role can be both a
> user and a group.
>
> PostgreSQL-SDBC in LibreOffice 3.5.1 leads the rest of the system to
> ignore privileges (permissions) given to a user via a group
> membership. This has the consequence that Base (e.g. in a form) won't
> allow the user to make things he is allowed to do: e.g. edit data,
> insert new data, ...: The corresponding UI elements are locked /
> greyed out, in the case that the user does not have that privilege
> directly, but "only" via a group membership.
>
> The bug has a testcase, but one needs a PostgreSQL server to test.
>
> The patch duplicates every privilege description line given to a role
> (group) for each member of that role, by doing a cross-product with
> every existing role, and restricting to rows such that the role is a
> member of the grantee group. PUBLIC is the special role "anyone".
> "pg_has_role(pr.oid, dp.grantee, 'USAGE')" is true if and only of
> pr.oid is a member of dp.grantee; it is false otherwise.
>
>
> Please apply to libreoffice-3-5 and libreoffice-3-5-1.
>From 72e2ca2d1e915cc998ae286ede8b47eae2b45b09 Mon Sep 17 00:00:00 2001
From: Lionel Elie Mamane <lio...@mamane.lu>
Date: Mon, 27 Feb 2012 13:10:40 +0100
Subject: [PATCH] fdo#46675: expand group memberships in PostgreSQL-SDBC
get*Privileges
---
.../drivers/postgresql/pq_databasemetadata.cxx | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/connectivity/source/drivers/postgresql/pq_databasemetadata.cxx b/connectivity/source/drivers/postgresql/pq_databasemetadata.cxx
index bfc7be0..6b6b8fe 100644
--- a/connectivity/source/drivers/postgresql/pq_databasemetadata.cxx
+++ b/connectivity/source/drivers/postgresql/pq_databasemetadata.cxx
@@ -1732,7 +1732,8 @@ static void columnMetaData2DatabaseTypeDescription(
rtl::OUStringBuffer sSQL(260);
sSQL.append( ASCII_STR(
- " SELECT * FROM ("
+ " SELECT dp.TABLE_CAT, dp.TABLE_SCHEM, dp.TABLE_NAME, dp.GRANTOR, pr.rolname AS GRANTEE, dp.privilege, dp.is_grantable "
+ " FROM ("
" SELECT table_catalog AS TABLE_CAT, table_schema AS TABLE_SCHEM, table_name,"
" grantor, grantee, privilege_type AS PRIVILEGE, is_grantable"
" FROM information_schema.table_privileges") );
@@ -1754,8 +1755,9 @@ static void columnMetaData2DatabaseTypeDescription(
" WHERE c.relkind IN ('r', 'v') AND c.relacl IS NULL AND pg_has_role(rg.oid, c.relowner, 'USAGE')"
" AND c.relowner=ro.oid AND c.relnamespace = pn.oid") );
sSQL.append( ASCII_STR(
- " ) s"
- " WHERE table_schem LIKE ? AND table_name LIKE ? "
+ " ) dp,"
+ " (SELECT oid, rolname FROM pg_catalog.pg_roles UNION ALL VALUES (0, 'PUBLIC')) pr"
+ " WHERE table_schem LIKE ? AND table_name LIKE ? AND (dp.grantee = 'PUBLIC' OR pg_has_role(pr.oid, dp.grantee, 'USAGE'))"
" ORDER BY table_schem, table_name, privilege" ) );
Reference< XPreparedStatement > statement = m_origin->prepareStatement( sSQL.makeStringAndClear() );
--
1.7.7.3
_______________________________________________
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice
