Skip to content
Snippets Groups Projects
Commit 03a3bbcf authored by Daniel Hornung's avatar Daniel Hornung
Browse files

ENH: Added function to set role's permission.

parent 9f5af78d
No related branches found
No related tags found
No related merge requests found
......@@ -3,7 +3,8 @@
# ** header v3.0
# This file is a part of the CaosDB Project.
#
# Copyright (C) 2019, 2020 Daniel Hornung <d.hornung@indiscale.com>
# Copyright (C) 2021 Indiscale GmbH <info@indiscale.com>
# Copyright (C) 2019, 2020, 2021 Daniel Hornung <d.hornung@indiscale.com>
# Copyright (C) 2020 Timm Fitschen <t.fitschen@indiscale.com>
# Copyright (C) 2020 Henrik tom Wörden <h.tomwoerden@indiscale.com>
# Copyright (C) 2020 IndiScale <info@indiscale.com>
......@@ -23,6 +24,10 @@
#
# ** end header
# Although some sanity checks are performed, this script still allows lots of SQL injection
# possibilities.
set -e
INSTALL_SQL_FILE="db_2_0.sql"
......@@ -198,9 +203,47 @@ function _db_exists() {
}
# Grant the given permissions to the given role.
#
# Arguments
# ---------
# role : str
# The role, may consist of alphanumerical letters plus `.`, `_`, `-`. The role must exist in the
# `roles` table.
#
# permissions : str
# The permissions string. May not contain single quotes, should be similar to:
# [{"grant":"true","priority":"true","permission":"*"}]
function grant-permission() {
role="$1"
permissions="$2"
if echo -n "$role" | grep -v -q "^[[:alnum:]._-]*$" ; then
echo "Role contains invalid character(s)!"
exit 1
fi
if [[ $permissions == "'" ]]; then
echo "Permissions string contains single quote!"
exit 1
fi
cmd="SELECT COUNT(1) from roles where name='${role}';"
count=$($MYSQL_CMD $(get_mysql_args) -AN -e "$cmd")
if [[ $count == "0" ]]; then
echo "Role not found!"
exit 1
fi
cmd="INSERT INTO permissions (role, permissions) VALUE ('${role}', '${permissions}')"
cmd+="ON DUPLICATE KEY UPDATE role='${role}'"
cmd+=";"
$MYSQL_CMD $(get_mysql_args) -e "$cmd"
}
case $1 in
"drop") drop $2 ;;
"grant") grant $2 ;;
"grant-permission") grant-permission $2 $3 ;; # Args: role, permissions
"test") shift ; runtests $@ ;;
"test-connection") test-connection ;;
"install_db") install_db ;;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment