diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2017-11-06 18:50:38 +0100 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2017-11-06 23:34:07 +0100 |
commit | 60526a52912be977f55b7165bcdce4bbac190927 (patch) | |
tree | eb91e68382f429219025dacc10b0f10d82d07f8b /lib/gitlab/database | |
parent | c71cf908cd4f289248598d9ea1c144c7b65cbb94 (diff) | |
download | gitlab-ce-60526a52912be977f55b7165bcdce4bbac190927.tar.gz |
Fix TRIGGER checks for MySQLfix-mysql-grant-check
This ensures we can check if the user has TRIGGER permissions without
querying restricted tables. Thanks to Steve Norman
(https://gitlab.com/stevenorman) for helping out with this merge
request.
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/38372
Diffstat (limited to 'lib/gitlab/database')
-rw-r--r-- | lib/gitlab/database/grant.rb | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/lib/gitlab/database/grant.rb b/lib/gitlab/database/grant.rb index aee3981e79a..9f76967fc77 100644 --- a/lib/gitlab/database/grant.rb +++ b/lib/gitlab/database/grant.rb @@ -6,28 +6,36 @@ module Gitlab if Database.postgresql? 'information_schema.role_table_grants' else - 'mysql.user' + 'information_schema.schema_privileges' end - def self.scope_to_current_user - if Database.postgresql? - where('grantee = user') - else - where("CONCAT(User, '@', Host) = current_user()") - end - end - # Returns true if the current user can create and execute triggers on the # given table. def self.create_and_execute_trigger?(table) priv = if Database.postgresql? where(privilege_type: 'TRIGGER', table_name: table) + .where('grantee = user') else - where(Trigger_priv: 'Y') + queries = [ + Grant.select(1) + .from('information_schema.user_privileges') + .where("PRIVILEGE_TYPE = 'SUPER'") + .where("GRANTEE = CONCAT('\\'', REPLACE(CURRENT_USER(), '@', '\\'@\\''), '\\'')"), + + Grant.select(1) + .from('information_schema.schema_privileges') + .where("PRIVILEGE_TYPE = 'TRIGGER'") + .where('TABLE_SCHEMA = ?', Gitlab::Database.database_name) + .where("GRANTEE = CONCAT('\\'', REPLACE(CURRENT_USER(), '@', '\\'@\\''), '\\'')") + ] + + union = SQL::Union.new(queries).to_sql + + Grant.from("(#{union}) privs") end - priv.scope_to_current_user.any? + priv.any? end end end |