1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
<?php
/**
* Controller for database privileges
*/
declare(strict_types=1);
namespace PhpMyAdmin\Controllers\Database;
use PhpMyAdmin\CheckUserPrivileges;
use PhpMyAdmin\Controllers\AbstractController;
use PhpMyAdmin\DatabaseInterface;
use PhpMyAdmin\Dbal\DatabaseName;
use PhpMyAdmin\Dbal\InvalidDatabaseName;
use PhpMyAdmin\Http\ServerRequest;
use PhpMyAdmin\Message;
use PhpMyAdmin\ResponseRenderer;
use PhpMyAdmin\Server\Privileges;
use PhpMyAdmin\Template;
use PhpMyAdmin\Util;
use function __;
use function mb_strtolower;
use function ob_get_clean;
use function ob_start;
/**
* Controller for database privileges
*/
class PrivilegesController extends AbstractController
{
/** @var Privileges */
private $privileges;
/** @var DatabaseInterface */
private $dbi;
public function __construct(
ResponseRenderer $response,
Template $template,
Privileges $privileges,
DatabaseInterface $dbi
) {
parent::__construct($response, $template);
$this->privileges = $privileges;
$this->dbi = $dbi;
}
public function __invoke(ServerRequest $request): void
{
try {
$db = DatabaseName::fromValue($request->getParam('db'));
if ($this->dbi->getLowerCaseNames() === '1') {
$db = DatabaseName::fromValue(mb_strtolower($db->getName()));
}
} catch (InvalidDatabaseName $exception) {
$this->response->addHTML(Message::error($exception->getMessage())->getDisplay());
return;
}
$checkUserPrivileges = new CheckUserPrivileges($this->dbi);
$checkUserPrivileges->getPrivileges();
$this->addScriptFiles(['server/privileges.js', 'vendor/zxcvbn-ts.js']);
/**
* Checks if the user is allowed to do what they try to...
*/
$isGrantUser = $this->dbi->isGrantUser();
$isCreateUser = $this->dbi->isCreateUser();
if (! $this->dbi->isSuperUser() && ! $isGrantUser && ! $isCreateUser) {
$this->render('server/sub_page_header', [
'type' => 'privileges',
'is_image' => false,
]);
$this->response->addHTML(
Message::error(__('No Privileges'))
->getDisplay()
);
return;
}
if (! $isGrantUser && ! $isCreateUser) {
$this->response->addHTML(Message::notice(
__('You do not have the privileges to administrate the users!')
)->getDisplay());
}
ob_start();
[
$GLOBALS['tables'],
$GLOBALS['num_tables'],
$GLOBALS['total_num_tables'],,,
$GLOBALS['tooltip_truename'],
$GLOBALS['tooltip_aliasname'],
$GLOBALS['pos'],
] = Util::getDbInfo($request, $db->getName());
$content = ob_get_clean();
$this->response->addHTML($content . "\n");
$scriptName = Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabDatabase'], 'database');
$privileges = [];
if ($this->dbi->isSuperUser()) {
$privileges = $this->privileges->getAllPrivileges($db);
}
$this->render('database/privileges/index', [
'is_superuser' => $this->dbi->isSuperUser(),
'db' => $db->getName(),
'database_url' => $scriptName,
'text_dir' => $GLOBALS['text_dir'],
'is_createuser' => $this->dbi->isCreateUser(),
'is_grantuser' => $this->dbi->isGrantUser(),
'privileges' => $privileges,
]);
$this->render('export_modal');
}
}
|
