lib/gitlab/database/grant.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

module Gitlab
  module Database
    # Model that can be used for querying permissions of a SQL user.
    class Grant < ActiveRecord::Base
      self.table_name =
        if Database.postgresql?
          'information_schema.role_table_grants'
        else
          'information_schema.schema_privileges'
        end

      # Returns true if the current user can create and execute triggers on the
      # given table.
      def self.create_and_execute_trigger?(table)
        priv =
          if Database.postgresql?
            where(privilege_type: 'TRIGGER', table_name: table)
              .where('grantee = user')
          else
            queries = [
              Grant.select(1)
                .from('information_schema.user_privileges')
                .where("PRIVILEGE_TYPE = 'SUPER'")
                .where("GRANTEE = CONCAT('\\'', REPLACE(CURRENT_USER(), '@', '\\'@\\''), '\\'')"),

              Grant.select(1)
                .from('information_schema.schema_privileges')
                .where("PRIVILEGE_TYPE = 'TRIGGER'")
                .where('TABLE_SCHEMA = ?', Gitlab::Database.database_name)
                .where("GRANTEE = CONCAT('\\'', REPLACE(CURRENT_USER(), '@', '\\'@\\''), '\\'')")
            ]

            union = SQL::Union.new(queries).to_sql

            Grant.from("(#{union}) privs")
          end

        priv.any?
      end
    end
  end
end