Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mysql账号管理支持回收权限(REVOKE) #1341

Merged
merged 1 commit into from
Jan 17, 2022
Merged

mysql账号管理支持回收权限(REVOKE) #1341

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 18 additions & 13 deletions sql/instance_account.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,7 @@ def grant(request):
"""获取用户权限变更语句,并执行权限变更"""
instance_id = request.POST.get('instance_id', 0)
user_host = request.POST.get('user_host')
op_type = int(request.POST.get('op_type'))
priv_type = int(request.POST.get('priv_type'))
privs = json.loads(request.POST.get('privs'))
grant_sql = ''
Expand All @@ -170,23 +171,24 @@ def grant(request):
global_privs = privs['global_privs']
if not all([global_privs]):
return JsonResponse({'status': 1, 'msg': '信息不完整,请确认后提交', 'data': []})
if 'GRANT' in global_privs:
global_privs.remove('GRANT')
grant_sql = f"GRANT {','.join(global_privs)} ON *.* TO {user_host} WITH GRANT OPTION;"
else:
global_privs = ['GRANT OPTION' if g == 'GRANT' else g for g in global_privs]
if op_type == 0:
grant_sql = f"GRANT {','.join(global_privs)} ON *.* TO {user_host};"
elif op_type == 1:
grant_sql = f"REVOKE {','.join(global_privs)} ON *.* FROM {user_host};"

# 库权限
elif priv_type == 1:
db_privs = privs['db_privs']
db_name = request.POST.getlist('db_name[]')
if not all([db_privs, db_name]):
return JsonResponse({'status': 1, 'msg': '信息不完整,请确认后提交', 'data': []})
for db in db_name:
if 'GRANT' in db_privs:
db_privs.remove('GRANT')
grant_sql += f"GRANT {','.join(db_privs)} ON `{db}`.* TO {user_host} WITH GRANT OPTION;"
else:
db_privs = ['GRANT OPTION' if d == 'GRANT' else d for d in db_privs]
if op_type == 0:
grant_sql += f"GRANT {','.join(db_privs)} ON `{db}`.* TO {user_host};"
elif op_type == 1:
grant_sql += f"REVOKE {','.join(db_privs)} ON `{db}`.* FROM {user_host};"
# 表权限
elif priv_type == 2:
tb_privs = privs['tb_privs']
Expand All @@ -195,11 +197,11 @@ def grant(request):
if not all([tb_privs, db_name, tb_name]):
return JsonResponse({'status': 1, 'msg': '信息不完整,请确认后提交', 'data': []})
for tb in tb_name:
if 'GRANT' in tb_privs:
tb_privs.remove('GRANT')
grant_sql += f"GRANT {','.join(tb_privs)} ON `{db_name}`.`{tb}` TO {user_host} WITH GRANT OPTION;"
else:
tb_privs = ['GRANT OPTION' if t == 'GRANT' else t for t in tb_privs]
if op_type == 0:
grant_sql += f"GRANT {','.join(tb_privs)} ON `{db_name}`.`{tb}` TO {user_host};"
elif op_type == 1:
grant_sql += f"REVOKE {','.join(tb_privs)} ON `{db_name}`.`{tb}` FROM {user_host};"
# 列权限
elif priv_type == 3:
col_privs = privs['col_privs']
Expand All @@ -209,7 +211,10 @@ def grant(request):
if not all([col_privs, db_name, tb_name, col_name]):
return JsonResponse({'status': 1, 'msg': '信息不完整,请确认后提交', 'data': []})
for priv in col_privs:
grant_sql += f"GRANT {priv}(`{'`,`'.join(col_name)}`) ON `{db_name}`.`{tb_name}` TO {user_host};"
if op_type == 0:
grant_sql += f"GRANT {priv}(`{'`,`'.join(col_name)}`) ON `{db_name}`.`{tb_name}` TO {user_host};"
elif op_type == 1:
grant_sql += f"REVOKE {priv}(`{'`,`'.join(col_name)}`) ON `{db_name}`.`{tb_name}` FROM {user_host};"

# 执行变更语句
try:
Expand Down
15 changes: 14 additions & 1 deletion sql/templates/instanceaccount.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,16 @@ <h4 class="modal-title">授权变更
</div>
<div class="panel-body">
<div class="form-group">
<h5 class="control-label text-bold">选择授权类型:</h5>
<h5 class="control-label text-bold">选择操作类型:</h5>
<div class="form-group">
<select id="op-type" name="op-type"
class="selectpicker show-tick form-control bs-select-hidden"
data-name="操作类型" title="请选择操作类型" required>
<option value="0" selected="selected">赋权</option>
<option value="1">回收</option>
</select>
</div>
<h5 class="control-label text-bold">选择权限类型:</h5>
<div class="form-group">
<select id="priv-type" name="priv-type"
class="selectpicker show-tick form-control bs-select-hidden"
Expand Down Expand Up @@ -1382,6 +1391,7 @@ <h4 class="modal-title">删除账号

//变更账号权限
$("#grantsBtn").unbind("click").click(function () {
let op_type = $("#op-type").val();
let priv_type = $("#priv-type").val();
let db_name = $("#db_name").val();
let tb_name = $("#tb_name").val();
Expand Down Expand Up @@ -1431,6 +1441,7 @@ <h4 class="modal-title">删除账号
data: {
instance_id: $("#instance").val(),
user_host: $("#modify-user").text(),
op_type: op_type,
priv_type: priv_type,
privs: JSON.stringify(privs),
db_name: db_name,
Expand All @@ -1446,7 +1457,9 @@ <h4 class="modal-title">删除账号
this.checked = false
});
$("#priv-type").val("0");
$("#op-type").val("0");
$("#priv-type").trigger("change");
$("#op-type").trigger("change");
user_list()
} else {
alert(data.msg);
Expand Down