pg_examiner 0.5.0 → 0.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/pg_examiner/result/table.rb +38 -0
- data/lib/pg_examiner/result.rb +1 -1
- data/lib/pg_examiner/version.rb +1 -1
- data/spec/role_and_permissions_spec.rb +53 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 97dbbbfede24a927c3f330b55b3ccf5df361d2fecd607fcd6a0567dfeb81ba00
|
4
|
+
data.tar.gz: f9dab98fdf931d26a2fb75d8e89f3b2ccd528fea1017619b618d154c697bdbbf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 83409a8174c21bd6885f3cfc858fa6aba351188804ca235ac6e37f1d06316602dccddaae115f11e74f034ebd8d8e9b289c861841362904080bad10d375b11c42
|
7
|
+
data.tar.gz: da864e8f1ccdfdf7f014a2f56fa3657b35182c11e4d84b2017e30a7c79c7812847a3c214f042043902f7e85a960596b45c2bcc8d9934a825d81c872eae50b581
|
@@ -9,6 +9,7 @@ module PGExaminer
|
|
9
9
|
"indexes" => "indexes",
|
10
10
|
"constraints" => "constraints",
|
11
11
|
"triggers" => "triggers",
|
12
|
+
"permissions" => "permissions",
|
12
13
|
}
|
13
14
|
end
|
14
15
|
|
@@ -43,6 +44,43 @@ module PGExaminer
|
|
43
44
|
t['tgrelid'] == oid
|
44
45
|
end.map{|row| Trigger.new(result, row, self)}.sort_by(&:name)
|
45
46
|
end
|
47
|
+
|
48
|
+
def permissions
|
49
|
+
@permissions ||= begin
|
50
|
+
if acl = @row["relacl"]
|
51
|
+
acl[/^{(.*)}$/, 1].split(",").map{|acl| Permission.new(acl)}.sort_by(&:name)
|
52
|
+
else
|
53
|
+
[]
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
class Permission < Base
|
59
|
+
attr_accessor :name, :grantor, :permissions
|
60
|
+
|
61
|
+
CHARS_TO_LABELS = {
|
62
|
+
"r" => "SELECT", # "read"
|
63
|
+
"w" => "UPDATE", # "write"
|
64
|
+
"a" => "INSERT", # "append"
|
65
|
+
"d" => "DELETE",
|
66
|
+
"D" => "TRUNCATE",
|
67
|
+
"x" => "REFERENCES",
|
68
|
+
"t" => "TRIGGER",
|
69
|
+
}.freeze
|
70
|
+
|
71
|
+
def initialize(acl)
|
72
|
+
@name, permissions = acl.split("=")
|
73
|
+
permissions, @grantor = permissions.split("/")
|
74
|
+
@permissions = permissions.split("").map{|char| CHARS_TO_LABELS.fetch(char)}
|
75
|
+
end
|
76
|
+
|
77
|
+
def diffable_methods
|
78
|
+
{
|
79
|
+
"grantor" => "grantor",
|
80
|
+
"permissions" => "permissions",
|
81
|
+
}
|
82
|
+
end
|
83
|
+
end
|
46
84
|
end
|
47
85
|
end
|
48
86
|
end
|
data/lib/pg_examiner/result.rb
CHANGED
@@ -64,7 +64,7 @@ module PGExaminer
|
|
64
64
|
SQL
|
65
65
|
|
66
66
|
@pg_class = load_table @pg_namespace.map{|ns| ns['oid']}, <<-SQL
|
67
|
-
SELECT oid, relname AS name, relkind, relpersistence, reloptions, relnamespace
|
67
|
+
SELECT oid, relname AS name, relkind, relpersistence, reloptions, relnamespace, relacl
|
68
68
|
FROM pg_class
|
69
69
|
WHERE relnamespace IN (?)
|
70
70
|
SQL
|
data/lib/pg_examiner/version.rb
CHANGED
@@ -0,0 +1,53 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PGExaminer do
|
6
|
+
it "should be able to tell when roles have different permissions on tables" do
|
7
|
+
a = examine <<-SQL
|
8
|
+
CREATE ROLE user_1;
|
9
|
+
|
10
|
+
CREATE TABLE test_table (
|
11
|
+
id integer
|
12
|
+
);
|
13
|
+
|
14
|
+
GRANT SELECT ON test_table TO user_1;
|
15
|
+
SQL
|
16
|
+
|
17
|
+
b = examine <<-SQL
|
18
|
+
CREATE ROLE user_1;
|
19
|
+
|
20
|
+
CREATE TABLE test_table (
|
21
|
+
id integer
|
22
|
+
);
|
23
|
+
|
24
|
+
GRANT SELECT, UPDATE ON test_table TO user_1;
|
25
|
+
SQL
|
26
|
+
|
27
|
+
a.diff(b).should == {"schemas"=>{"public"=>{"tables"=>{"test_table"=>{"permissions"=>{"user_1"=>{"permissions"=>{["SELECT"]=>["SELECT", "UPDATE"]}}}}}}}}
|
28
|
+
end
|
29
|
+
|
30
|
+
it "should ignore inconsequential differences in permissions" do
|
31
|
+
a = examine <<-SQL
|
32
|
+
CREATE ROLE user_1;
|
33
|
+
|
34
|
+
CREATE TABLE test_table (
|
35
|
+
id integer
|
36
|
+
);
|
37
|
+
|
38
|
+
GRANT UPDATE, SELECT ON test_table TO user_1;
|
39
|
+
SQL
|
40
|
+
|
41
|
+
b = examine <<-SQL
|
42
|
+
CREATE ROLE user_1;
|
43
|
+
|
44
|
+
CREATE TABLE test_table (
|
45
|
+
id integer
|
46
|
+
);
|
47
|
+
|
48
|
+
GRANT SELECT, UPDATE ON test_table TO user_1;
|
49
|
+
SQL
|
50
|
+
|
51
|
+
a.diff(b).should == {}
|
52
|
+
end
|
53
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pg_examiner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Hanks
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-02-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: pg
|
@@ -115,6 +115,7 @@ files:
|
|
115
115
|
- spec/function_spec.rb
|
116
116
|
- spec/index_spec.rb
|
117
117
|
- spec/language_spec.rb
|
118
|
+
- spec/role_and_permissions_spec.rb
|
118
119
|
- spec/schema_spec.rb
|
119
120
|
- spec/sequence_spec.rb
|
120
121
|
- spec/spec_helper.rb
|
@@ -150,6 +151,7 @@ test_files:
|
|
150
151
|
- spec/function_spec.rb
|
151
152
|
- spec/index_spec.rb
|
152
153
|
- spec/language_spec.rb
|
154
|
+
- spec/role_and_permissions_spec.rb
|
153
155
|
- spec/schema_spec.rb
|
154
156
|
- spec/sequence_spec.rb
|
155
157
|
- spec/spec_helper.rb
|