diff options
| author | Toshio Kuratomi <toshio@fedoraproject.org> | 2015-05-19 12:41:48 -0700 |
|---|---|---|
| committer | Toshio Kuratomi <toshio@fedoraproject.org> | 2015-06-01 15:59:26 -0700 |
| commit | c700993dd53316f662b6aa56ec8cfeead185b9b9 (patch) | |
| tree | 4afe47c006d893ebe23dd78e4777492527e2471b /database/postgresql/postgresql_user.py | |
| parent | fa9d2f56dfbeb7ffb3a6ab5f89c7a05c756d8b59 (diff) | |
| download | ansible-modules-core-c700993dd53316f662b6aa56ec8cfeead185b9b9.tar.gz | |
Fix a problem introduced with #1101 and optimize privilege handling
* If a db user belonged to a role which had a privilege, the user would
not have the privilege added as the role gave the appearance that the
user already had it. Fixed to always check the privileges specific to
the user.
* Make fewer db queries to determine if privileges need to be changed
and change them (was four for each privilege. Now two for each object
that has a set of privileges changed).
Diffstat (limited to 'database/postgresql/postgresql_user.py')
| -rw-r--r-- | database/postgresql/postgresql_user.py | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/database/postgresql/postgresql_user.py b/database/postgresql/postgresql_user.py index a1d4da4b..2998ab27 100644 --- a/database/postgresql/postgresql_user.py +++ b/database/postgresql/postgresql_user.py @@ -431,8 +431,6 @@ def revoke_privileges(cursor, user, privs): check_funcs = dict(table=has_table_privileges, database=has_database_privileges) changed = False - revoke_funcs = dict(table=revoke_table_privilege, database=revoke_database_privilege) - check_funcs = dict(table=has_table_privilege, database=has_database_privilege) for type_ in privs: for name, privileges in privs[type_].iteritems(): # Check that any of the privileges requested to be removed are @@ -446,8 +444,9 @@ def revoke_privileges(cursor, user, privs): def grant_privileges(cursor, user, privs): if privs is None: return False - grant_funcs = dict(table=grant_table_privilege, database=grant_database_privilege) - check_funcs = dict(table=has_table_privilege, database=has_database_privilege) + + grant_funcs = dict(table=grant_table_privileges, database=grant_database_privileges) + check_funcs = dict(table=has_table_privileges, database=has_database_privileges) grant_funcs = dict(table=grant_table_privileges, database=grant_database_privileges) check_funcs = dict(table=has_table_privileges, database=has_database_privileges) |