allow revoking grant options, with cascade if desired

diff --git a/BUGS b/BUGS
index b58198ce679b3588ef7206c160dfea1aa4350c87..b8e38c892c670198ff3f6a04e973a6747fc9477e 100644 (file)
--- a/BUGS
+++ b/BUGS
@@ -7,5 +7,4 @@
 * pg_dump feature!!!
 * reports - unindexed fk's
          - slow indexes
-* Revoke grant option
 

diff --git a/HISTORY b/HISTORY
index 9898fac5309803e2d7049c897b8a3a3f7869cdb3..31d16be05b3c59553873dc05b06eec92f62aed79 100644 (file)
--- a/HISTORY
+++ b/HISTORY
@@ -9,6 +9,7 @@ Features:
 * Add first & last links to nav.  Double number of pages shown.
 * German update from Markus Bertheau
 * Allow granting privileges WITH GRANT OPTION for 7.4
+* Allow revoking GRANT OPTION with CASCADE option for 7.4
 * Display new PostgreSQL 7.4 grant options and grantor in privileges
 * Find object feature
 * Support for domains in 7.3 and domain constraints and alter domain in 7.4

diff --git a/classes/database/Postgres.php b/classes/database/Postgres.php
index 388b8ee164e1564598a9683863b6f3e4dda136ba..ec62726207db561aa836a8ceffb0709dc1a34f89 100755 (executable)
--- a/classes/database/Postgres.php
+++ b/classes/database/Postgres.php
@@ -4,7 +4,7 @@
  * A class that implements the DB interface for Postgres
  * Note: This class uses ADODB and returns RecordSets.
  *
- * $Id: Postgres.php,v 1.136 2003/08/11 05:48:04 chriskl Exp $
+ * $Id: Postgres.php,v 1.137 2003/08/11 09:15:32 chriskl Exp $
  */
 
 // @@@ THOUGHT: What about inherits? ie. use of ONLY???
@@ -2212,6 +2212,7 @@ class Postgres extends BaseDB {
         * @param $groupnames The array of group names to grant privs to.        
         * @param $privileges The array of privileges to grant (eg. ('SELECT', 'ALL PRIVILEGES', etc.) )
         * @param $grantoption True if has grant option, false otherwise
+        * @param $cascade True for cascade revoke, false otherwise
         * @return 0 success
         * @return -1 invalid type
         * @return -2 invalid entity
@@ -2219,7 +2220,7 @@ class Postgres extends BaseDB {
         * @return -4 not granting to anything
         * @return -4 invalid mode
         */
-       function setPrivileges($mode, $type, $object, $public, $usernames, $groupnames, $privileges, $grantoption) {
+       function setPrivileges($mode, $type, $object, $public, $usernames, $groupnames, $privileges, $grantoption, $cascade) {
                $this->fieldArrayClean($usernames);
                $this->fieldArrayClean($groupnames);
 
@@ -2229,10 +2230,17 @@ class Postgres extends BaseDB {
                        (!$public && sizeof($usernames) == 0 && sizeof($groupnames) == 0)) return -4;
                if ($mode != 'GRANT' && $mode != 'REVOKE') return -5;
 
+               $sql = $mode;
+
+               // Grant option
+               if ($this->hasGrantOption() && $mode == 'REVOKE' && $grantoption) {
+                       $sql .= ' GRANT OPTION FOR';
+               }               
+
                if (in_array('ALL PRIVILEGES', $privileges))
-                       $sql = "{$mode} ALL PRIVILEGES ON";
+                       $sql .= " ALL PRIVILEGES ON";
                else
-                       $sql = "{$mode} " . join(', ', $privileges) . " ON";
+                       $sql .= " " . join(', ', $privileges) . " ON";
                switch ($type) {
                        case 'table':
                        case 'view':
@@ -2293,7 +2301,12 @@ class Postgres extends BaseDB {
                // Grant option
                if ($this->hasGrantOption() && $mode == 'GRANT' && $grantoption) {
                        $sql .= ' WITH GRANT OPTION';
-               }               
+               }
+               
+               // Cascade revoke
+               if ($this->hasGrantOption() && $mode == 'REVOKE' && $cascade) {
+                       $sql .= ' CASCADE';
+               }
 
                return $this->execute($sql);
        }

diff --git a/privileges.php b/privileges.php
index 8907cf1db45f3424faacbaf3f1af86fa5131f9fe..7434d056f529f364830d47d0d7d645b917ff176e 100644 (file)
--- a/privileges.php
+++ b/privileges.php
@@ -3,7 +3,7 @@
        /**
         * Manage privileges in a database
         *
-        * $Id: privileges.php,v 1.17 2003/07/28 07:50:31 chriskl Exp $
+        * $Id: privileges.php,v 1.18 2003/08/11 09:15:32 chriskl Exp $
         */
 
        // Include application functions
@@ -86,6 +86,8 @@
                                echo "<td class=\"data1\">\n";
                                echo "<input type=\"checkbox\" name=\"grantoption\"", 
                                                        isset($_REQUEST['grantoption']) ? ' selected="selected"' : '', ">GRANT OPTION<br />\n";
+                               echo "<input type=\"checkbox\" name=\"cascade\"", 
+                                                       isset($_REQUEST['cascade']) ? ' selected="selected"' : '', ">CASCADE ({$lang['strrevoke']})<br />\n";
                                echo "</td></tr>\n";
                        }
                        echo "</table>\n";
@@ -111,7 +113,7 @@
                else {
                        $status = $localData->setPrivileges(isset($_REQUEST['grant']) ? 'GRANT' : 'REVOKE', $_REQUEST['type'], $_REQUEST['object'],
                                isset($_REQUEST['public']), $_REQUEST['username'], $_REQUEST['groupname'], array_keys($_REQUEST['privilege']),
-                               isset($_REQUEST['grantoption']) && isset($_REQUEST['grant']));
+                               isset($_REQUEST['grantoption']), isset($_REQUEST['cascade']));
                        if ($status == 0)
                                doDefault($lang['strgranted']);
                        elseif ($status == -3 || $status == -4)