-
Notifications
You must be signed in to change notification settings - Fork 31
/
Copy pathmytap-role-8011.sql
136 lines (102 loc) · 3.51 KB
/
mytap-role-8011.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
-- ROLE
-- ====
USE tap;
DELIMITER //
/****************************************************************************/
-- MySQL role definitions
-- A role isn't a role unless it is assigned to a user or a role
-- mariadb has is_role
-- https://bugs.mysql.com/bug.php?id=84244
-- Roles can either be in the short form with just the user portion in which
-- case they get a default @% added or the long-form user@host (since it's
-- defined as a user and can be a user.
-- NB We test against a normalized single-quoted user with default hostname if one
-- is not supplied (@rname), we mirror the entered parameter string (rname) in all
-- messages, this way the user shouldn't be confused by the output not reflecting
-- their input.
DROP FUNCTION IF EXISTS _has_role //
CREATE FUNCTION _has_role(rname CHAR(93))
RETURNS BOOLEAN
DETERMINISTIC
BEGIN
DECLARE ret BOOLEAN;
SELECT COUNT(*) INTO ret
FROM `mysql`.`role_edges`
WHERE CONCAT('''', `from_user`, '''@''', from_host, '''') = rname;
RETURN IF(ret > 0, 1, 0);
END //
-- has_role(userdef, description)
-- 97 chars if everthing is quoted with ' or `
DROP FUNCTION IF EXISTS has_role //
CREATE FUNCTION has_role(rname CHAR(97), description TEXT)
RETURNS TEXT
DETERMINISTIC
BEGIN
SET @rname = _format_user(rname);
IF description = '' THEN
SET description = CONCAT('Role ', rname, ' should be active');
END IF;
IF NOT _has_user_at_host(@rname) THEN
RETURN CONCAT(ok(FALSE, description),'\n',
diag (CONCAT('Role ', rname, ' is not defined')));
END IF;
RETURN ok(_has_role(@rname), description);
END //
-- hasnt_role(userdef, description)
DROP FUNCTION IF EXISTS hasnt_role //
CREATE FUNCTION hasnt_role(rname CHAR(97), description TEXT)
RETURNS TEXT
DETERMINISTIC
BEGIN
SET @rname = _format_user(rname);
IF description = '' THEN
SET description = CONCAT('Role ', rname, ' should not be active');
END IF;
-- NB no diagnostic required here
RETURN ok(NOT _has_role(@rname), description);
END //
/********************************************************************/
-- _role_is_default (role_name)
-- Again, it's not a default until it's assigned to at least one user
DROP FUNCTION IF EXISTS _role_is_default //
CREATE FUNCTION _role_is_default(rname CHAR(93))
RETURNS BOOLEAN
DETERMINISTIC
BEGIN
DECLARE ret BOOLEAN;
SELECT COUNT(*) INTO ret
FROM `mysql`.`default_roles`
WHERE CONCAT('''', `default_role_user`, '''@''', `default_role_host`, '''') = rname;
RETURN IF(ret > 0, 1, 0);
END //
-- role_is_default(userdef, description)
DROP FUNCTION IF EXISTS role_is_default //
CREATE FUNCTION role_is_default(rname CHAR(97), description TEXT)
RETURNS TEXT
DETERMINISTIC
BEGIN
SET @rname = _format_user(rname);
IF description = '' THEN
SET description = CONCAT('Role ', rname, ' should be a DEFAULT role');
END IF;
IF NOT _has_user_at_host(@rname) THEN
RETURN CONCAT(ok(FALSE, description),'\n',
diag (CONCAT('Role ', rname, ' is not defined')));
END IF;
RETURN ok(_role_is_default(@rname), description);
END //
-- role_isnt_default(userdef, description)
DROP FUNCTION IF EXISTS role_isnt_default //
CREATE FUNCTION role_isnt_default(rname CHAR(97), description TEXT)
RETURNS TEXT
DETERMINISTIC
BEGIN
SET @rname = _format_user(rname);
IF description = '' THEN
SET description = CONCAT('Role ', rname, ' should not be a DEFAULT role');
END IF;
-- also here, no diagnostic necessary
RETURN ok(NOT _role_is_default(@rname), description);
END //
/********************************************************************/
DELIMITER ;