Commit 40437da2 authored by Murray Cumming's avatar Murray Cumming

More use of escape_sql_id().

* glom/base_db.cc:
* glom/libglom/db_utils.cc:
* glom/libglom/privs.cc:
* glom/mode_design/users/dialog_groups_list.cc:
* glom/mode_design/users/dialog_users_list.cc: Use
escape_sql_id() instead of manually adding quotes with no
escaping. However, I have not yet done this for group and
user names.
parent d0d78555
2011-11-08 Murray Cumming <murrayc@murrayc.com>
More use of escape_sql_id().
* glom/base_db.cc:
* glom/libglom/db_utils.cc:
* glom/libglom/privs.cc:
* glom/mode_design/users/dialog_groups_list.cc:
* glom/mode_design/users/dialog_users_list.cc: Use
escape_sql_id() instead of manually adding quotes with no
escaping. However, I have not yet done this for group and
user names.
2011-11-08 Murray Cumming <murrayc@murrayc.com>
libglom: Remove LayoutItem_Field::get_sql_name().
......
......@@ -1738,6 +1738,7 @@ bool Base_DB::add_user(const Glib::ustring& user, const Glib::ustring& password,
if(user.empty() || password.empty() || group.empty())
return false;
//TODO: Quote and escape the group and user names.
//Create the user:
//Note that ' around the user fails, so we use ".
Glib::ustring strQuery = "CREATE USER \"" + user + "\" PASSWORD '" + password + "'" ; //TODO: Escape the password.
......@@ -1776,7 +1777,8 @@ bool Base_DB::add_user(const Glib::ustring& user, const Glib::ustring& password,
for(Document::type_listTableInfo::const_iterator iter = table_list.begin(); iter != table_list.end(); ++iter)
{
const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON \"" + (*iter)->get_name() + "\" FROM \"" + user + "\"";
const Glib::ustring table_name = (*iter)->get_name();
const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON " + DbUtils::escape_sql_id(table_name) + " FROM \"" + user + "\"";
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
std::cerr << G_STRFUNC << ": REVOKE failed." << std::endl;
......
......@@ -552,6 +552,7 @@ bool add_standard_groups(Document* document)
type_vec_strings::const_iterator iterFind = std::find(vecGroups.begin(), vecGroups.end(), devgroup);
if(iterFind == vecGroups.end())
{
//TODO: Escape and quote the user and group names here?
//The "SUPERUSER" here has no effect because SUPERUSER is not "inherited" to member users.
//But let's keep it to make the purpose of this group obvious.
bool test = query_execute_string("CREATE GROUP \"" GLOM_STANDARD_GROUP_NAME_DEVELOPER "\" WITH SUPERUSER");
......@@ -1086,20 +1087,6 @@ bool create_table_with_default_fields(Document* document, const Glib::ustring& t
created = create_table(table_info, fields);
//Create a table with 1 "ID" field:
//MSYQL:
//query_execute( "CREATE TABLE \"" + table_name + "\" (" + primary_key_name + " INT NOT NULL AUTO_INCREMENT PRIMARY KEY)" );
//query_execute( "INSERT INTO \"" + table_name + "\" VALUES (0)" );
//PostgresSQL:
//query_execute( "CREATE TABLE \"" + table_name + "\" (\"" + primary_key_name + "\" serial NOT NULL PRIMARY KEY)" );
//query_execute( "CREATE TABLE \"" + table_name + "\" (" +
// field_primary_key->get_name() + " numeric NOT NULL PRIMARY KEY," +
// extra_field_description + "varchar, " +
// extra_field_comments + "varchar" +
// ")" );
if(created)
{
//Save the changes in the document:
......
......@@ -226,11 +226,12 @@ void Privs::set_table_privileges(const Glib::ustring& group_name, const Glib::us
}
}
strQuery += " " + strPrivilege + " ON \"" + table_name + "\" ";
strQuery += " " + strPrivilege + " ON " + DbUtils::escape_sql_id(table_name) + " ";
//This must match the Grant or Revoke:
strQuery += "TO";
//TODO: Quote and escape group_name?
strQuery += " GROUP \"" + group_name + "\"";
const bool test = DbUtils::query_execute_string(strQuery);
......
......@@ -477,7 +477,7 @@ bool Dialog_GroupsList::set_table_privilege(const Glib::ustring& table_name, con
else if(priv == PRIV_DELETE)
strPrivilege = "DELETE";
strQuery += " " + strPrivilege + " ON \"" + table_name + "\" ";
strQuery += " " + strPrivilege + " ON " + DbUtils::escape_sql_id(table_name) + " ";
//This must match the Grant or Revoke:
if(grant)
......@@ -485,6 +485,7 @@ bool Dialog_GroupsList::set_table_privilege(const Glib::ustring& table_name, con
else
strQuery += "FROM";
//TODO: Quote and escape group_name?
strQuery += " GROUP \"" + group_name + "\"";
const bool test = DbUtils::query_execute_string(strQuery); //TODO: Handle errors.
......
......@@ -204,6 +204,7 @@ void Dialog_UsersList::on_button_user_add()
if(!user.empty())
{
//Add it to the group:
//TODO: Quote and escape the group and user names?
const Glib::ustring strQuery = "ALTER GROUP \"" + m_combo_group->get_active_text() + "\" ADD USER \"" + user + "\"";
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
......@@ -214,7 +215,9 @@ void Dialog_UsersList::on_button_user_add()
for(Document::type_listTableInfo::const_iterator iter = table_list.begin(); iter != table_list.end(); ++iter)
{
const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON \"" + (*iter)->get_name() + "\" FROM \"" + user + "\"";
//TODO: Quote and escape user?
const Glib::ustring table_name = (*iter)->get_name();
const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON " + DbUtils::escape_sql_id(table_name) + " FROM \"" + user + "\"";
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
std::cerr << G_STRFUNC << ": REVOKE failed." << std::endl;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment