From 2e625451a3e2069f21b5ebadabc0184d3c801875 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Tue, 22 Dec 2015 17:21:26 -0800
Subject: [PATCH] Re-factor DB permissions editing

---
 mysql/edit_db.cgi    |  8 +++---
 mysql/lang/en        | 63 +-------------------------------------------
 mysql/list_dbs.cgi   | 21 ++++++++++-----
 mysql/list_hosts.cgi |  4 +--
 mysql/mysql-lib.pl   | 14 ----------
 mysql/save_db.cgi    | 44 ++++++++++++++-----------------
 6 files changed, 43 insertions(+), 111 deletions(-)

diff --git a/mysql/edit_db.cgi b/mysql/edit_db.cgi
index 452999777..6d618e711 100755
--- a/mysql/edit_db.cgi
+++ b/mysql/edit_db.cgi
@@ -27,6 +27,8 @@ else {
 	print &ui_hidden("olduser", $u->[2]);
 	}
 print &ui_table_start($text{'db_header'}, undef, 2);
+%fieldmap = map { $_->{'field'}, $_->{'index'} }
+		&table_structure($master_db, "db");
 
 # Database name
 print &ui_table_row($text{'db_db'}, &select_db($u->[1]));
@@ -43,9 +45,9 @@ print &ui_table_row($text{'db_host'},
 	    [ 2, &ui_textbox("host", $u->[0] eq '%' ? '' : $u->[0], 40) ] ]));
 
 # Permissions for DB
-for($i=3; $i<=&db_priv_cols()+3-1; $i++) {
-	push(@opts, [ $i, $text{"db_priv$i"} ]);
-	push(@sel, $i) if ($u->[$i] eq 'Y');
+foreach my $f (&priv_fields('db')) {
+	push(@opts, $f);
+	push(@sel, $f->[0]) if ($u->[$fieldmap{$f->[0]}] eq 'Y');
 	}
 print &ui_table_row($text{'db_perms'},
 	&ui_select("perms", \@sel, \@opts, 10, 1, 1));
diff --git a/mysql/lang/en b/mysql/lang/en
index de35b2446..2b9ce64d2 100644
--- a/mysql/lang/en
+++ b/mysql/lang/en
@@ -229,32 +229,6 @@ users_host=Hosts
 users_pass=Encrypted password
 users_perms=Permissions
 users_add=Create new user.
-users_priv3=Select
-users_priv4=Insert
-users_priv5=Update
-users_priv6=Delete
-users_priv7=Create
-users_priv8=Drop
-users_priv9=Reload
-users_priv10=Shutdown
-users_priv11=Process
-users_priv12=File
-users_priv13=Grant
-users_priv14=References
-users_priv15=Index
-users_priv16=Alter
-users_priv17=Show DB
-users_priv18=Super
-users_priv19=Create temp
-users_priv20=Lock
-users_priv21=Execute
-users_priv22=Slave
-users_priv23=Client
-users_priv24=Create View
-users_priv25=Show View
-users_priv26=Create Routine
-users_priv27=Alter Routine
-users_priv28=Create User
 users_all=All
 users_anon=Anonymous
 users_none=None
@@ -306,6 +280,7 @@ user_priv_show_db=Show databases
 user_priv_super=Superuser
 user_priv_create_tmp_table=Create temp tables
 user_priv_lock=Lock tables
+user_priv_lock_tables=Lock tables
 user_priv_execute=Execute
 user_priv_repl_slave=Slave replication
 user_priv_repl_client=Client replication
@@ -346,23 +321,6 @@ dbs_any=Any
 dbs_empty=No database permissions defined.
 dbs_hosts=From host permissions
 dbs_add=Create new database permissions.
-dbs_priv3=Select
-dbs_priv4=Insert
-dbs_priv5=Update
-dbs_priv6=Delete
-dbs_priv7=Create
-dbs_priv8=Drop
-dbs_priv9=Grant
-dbs_priv10=References
-dbs_priv11=Index
-dbs_priv12=Alter
-dbs_priv13=Create temp
-dbs_priv14=Lock
-dbs_priv15=Create View
-dbs_priv16=Show View
-dbs_priv17=Create Routine
-dbs_priv18=Alter Routine
-dbs_priv19=Execute
 dbs_all=All
 dbs_none=None
 dbs_return=database permissions
@@ -382,25 +340,6 @@ db_host=Hosts
 db_hosts=From host permissions
 db_any=Any
 db_perms=Permissions
-db_priv3=Select table data
-db_priv4=Insert table data
-db_priv5=Update table data
-db_priv6=Delete table data
-db_priv7=Create tables
-db_priv8=Drop tables
-db_priv9=Grant privileges
-db_priv10=Reference operations
-db_priv11=Manage indexes
-db_priv12=Alter tables
-db_priv13=Create temp tables
-db_priv14=Lock tables
-db_priv15=Create View
-db_priv16=Show View
-db_priv17=Create Routine
-db_priv18=Alter Routine
-db_priv19=Execute
-db_priv20=Create Triggers
-db_priv21=Create Events
 db_err=Failed to save database permissions
 db_euser=Missing or invalid username
 db_ehost=Missing or invalid hostname
diff --git a/mysql/list_dbs.cgi b/mysql/list_dbs.cgi
index 81ce271e6..1d0436190 100755
--- a/mysql/list_dbs.cgi
+++ b/mysql/list_dbs.cgi
@@ -8,6 +8,8 @@ $access{'perms'} || &error($text{'perms_ecannot'});
 
 @rowlinks = ( &ui_link("edit_db.cgi?new=1",$text{'dbs_add'}) );
 $d = &execute_sql_safe($master_db, "select * from db order by db");
+%fieldmap = map { $_->{'field'}, $_->{'index'} }
+		&table_structure($master_db, "db");
 if (@{$d->{'data'}}) {
 	print &ui_form_start("delete_dbs.cgi");
 	unshift(@rowlinks, &select_all_link("d", 0),
@@ -32,13 +34,20 @@ if (@{$d->{'data'}}) {
 		push(@cols, $u->[0] eq '%' ? $text{'dbs_any'} :
 			    $u->[0] eq '' ? $text{'dbs_hosts'}
 					  : &html_escape($u->[0]));
-		local @priv;
-		for($j=3; $j<=&db_priv_cols()+3-1; $j++) {
-			push(@priv, $text{"dbs_priv$j"}) if ($u->[$j] eq 'Y');
+		my @priv;
+		my ($allprivs, $noprivs) = (1, 1);
+		foreach my $f (&priv_fields('db')) {
+			if ($u->[$fieldmap{$f->[0]}] eq 'Y') {
+				push(@priv, $f->[1]);
+				$noprivs = 0;
+				}
+			else {
+				$allprivs = 0;
+				}
 			}
-		push(@cols, 
-			scalar(@priv) == &db_priv_cols() ? $text{'dbs_all'} :
-			!@priv ? $text{'dbs_none'} : join("&nbsp;| ", @priv));
+		push(@cols, $allprivs ? $text{'users_all'} :
+			    $noprivs ? $text{'users_none'} :
+				       join("&nbsp;| ", @priv));
 		print &ui_checked_columns_row(\@cols, \@tds,
 				"d", join(" ", $u->[0], $u->[1], $u->[2]));
 		}
diff --git a/mysql/list_hosts.cgi b/mysql/list_hosts.cgi
index ea9f10185..139fc70ed 100755
--- a/mysql/list_hosts.cgi
+++ b/mysql/list_hosts.cgi
@@ -29,11 +29,11 @@ if (@{$d->{'data'}}) {
 		push(@cols, $u->[0] eq '%' || $u->[0] eq '' ?
 				$text{'hosts_any'} : &html_escape($u->[0]));
 		local @priv;
-		for($j=2; $j<=&db_priv_cols()+2-1; $j++) {
+		for($j=2; $j<=&host_priv_cols()+2-1; $j++) {
 			push(@priv, $text{"hosts_priv$j"}) if ($u->[$j] eq 'Y');
 			}
 		push(@cols,
-			scalar(@priv) == &db_priv_cols() ? $text{'hosts_all'} :
+			scalar(@priv) == &host_priv_cols() ? $text{'hosts_all'} :
 			!@priv ? $text{'hosts_none'} : join("&nbsp;| ", @priv));
 		print &ui_checked_columns_row(\@cols, \@tds,
 				"d", $u->[0]." ".$u->[1]);
diff --git a/mysql/mysql-lib.pl b/mysql/mysql-lib.pl
index e8ed50135..64e4b0864 100755
--- a/mysql/mysql-lib.pl
+++ b/mysql/mysql-lib.pl
@@ -771,20 +771,6 @@ if (!$priv_fields{$type}) {
 return @{$priv_fields{$type}};
 }
 
-# db_priv_cols()
-# Returns the number of columns used for privileges in the db table
-sub db_priv_cols
-{
-if (!$db_priv_cols) {
-	local @str = &table_structure("mysql", "db");
-	local $s;
-	foreach $s (@str) {
-		$db_priv_cols++ if ($s->{'field'} =~ /_priv/i);
-		}
-	}
-return $db_priv_cols;
-}
-
 # host_priv_cols()
 # Returns the number of columns used for privileges in the db table
 sub host_priv_cols
diff --git a/mysql/save_db.cgi b/mysql/save_db.cgi
index b5b9aed62..bc5502ef3 100755
--- a/mysql/save_db.cgi
+++ b/mysql/save_db.cgi
@@ -35,36 +35,32 @@ else {
 		&can_edit_db($db) || &error($text{'perms_edb'});
 		}
 
-	map { $perms[$_]++ } split(/\0/, $in{'perms'});
+	%perms = map { $_, 1 } split(/\0/, $in{'perms'});
 	@desc = &table_structure($master_db, 'db');
+	@pfields = map { $_->[0] } &priv_fields('db');
+	$host = $in{'host_mode'} == 0 ? '' :
+		$in{'host_mode'} == 1 ? '%' : $in{'host'};
+	$user = $in{'user_def'} ? '' : $in{'user'};
 	if ($in{'new'}) {
 		# Create a new db
-		for($i=3; $i<=&db_priv_cols()+3-1; $i++) {
-			push(@yesno, $perms[$i] ? "'Y'" : "'N'");
-			}
-		$sql = sprintf "insert into db (%s) values ('%s', '%s', '%s', %s)",
-			join(",", map { $desc[$_]->{'field'} } (0 .. &db_priv_cols()+3-1)),
-			$in{'host_mode'} == 0 ? '' :
-			$in{'host_mode'} == 1 ? '%' : $in{'host'},
-			$db, $in{'user_def'} ? '' : $in{'user'},
-			join(",", @yesno);
+		$sql = "insert into db (host, db, user, ".
+                       join(", ", @pfields).
+                       ") values (?, ?, ?, ". 
+                       join(", ", map { "?" } @pfields).")";
+                &execute_sql_logged($master_db, $sql,
+                        $host, $db, $user,
+                        (map { $perms{$_} ? 'Y' : 'N' } @pfields));
 		}
 	else {
-		# Update existing user
-		for($i=3; $i<=&db_priv_cols()+3-1; $i++) {
-			push(@yesno, $desc[$i]->{'field'}."=".
-				     ($perms[$i] ? "'Y'" : "'N'"));
-			}
-		$sql = sprintf "update db set user = '%s', host = '%s', ".
-			       "db = '%s', %s where user = '%s' and ".
-			       "host = '%s' and db = '%s'",
-			$in{'user_def'} ? '' : $in{'user'},
-			$in{'host_mode'} == 0 ? '' :
-			$in{'host_mode'} == 1 ? '%' : $in{'host'},
-			$db, join(" , ", @yesno),
-			$in{'olduser'}, $in{'oldhost'}, $in{'olddb'};
+		# Update existing db
+		$sql = "update db set host = ?, db = ?, user = ?, ".
+		       join(", ",map { "$_ = ?" } @pfields).
+		       " where host = ? and db = ? and user = ?";
+		&execute_sql_logged($master_db, $sql,
+			$host, $db, $user,
+			(map { $perms{$_} ? 'Y' : 'N' } @pfields),
+			$in{'oldhost'}, $in{'olddb'}, $in{'olduser'});
 		}
-	&execute_sql_logged($master_db, $sql);
 	}
 &execute_sql_logged($master_db, 'flush privileges');
 if ($in{'delete'}) {