gitlab-org--gitlab-foss/lib/gitlab/database/grant.rb

# frozen_string_literal: true

module Gitlab
  module Database
    # Model that can be used for querying permissions of a SQL user.
    class Grant
      # Returns true if the current user can create and execute triggers on the
      # given table.
      def self.create_and_execute_trigger?(table)
        # We _must not_ use quote_table_name as this will produce double
        # quotes on PostgreSQL and for "has_table_privilege" we need single
        # quotes.
        connection = ActiveRecord::Base.connection
        quoted_table = connection.quote(table)

        begin
          connection.select_one("SELECT has_table_privilege(#{quoted_table}, 'TRIGGER')").present?
        rescue ActiveRecord::StatementInvalid
          # This error is raised when using a non-existing table name. In this
          # case we just want to return false as a user technically can't
          # create triggers for such a table.
          false
        end
      end
    end
  end
end
Enable even more frozen string in lib/gitlab Enables frozens string for the following: * lib/gitlab/conflict/*/.rb * lib/gitlab/cross_project_access/*/.rb * lib/gitlab/cycle_analytics/*/.rb * lib/gitlab/data_builder/*/.rb * lib/gitlab/database/*/.rb * lib/gitlab/dependency_linker/*/.rb * lib/gitlab/diff/*/.rb * lib/gitlab/downtime_check/*/.rb * lib/gitlab/email/*/.rb * lib/gitlab/etag_caching/*/.rb Partially addresses gitlab-org/gitlab-ce#47424. 2018-11-05 23:45:35 -05:00			`# frozen_string_literal: true`

Improve migrations using triggers This adds a bunch of checks to migrations that may create or drop triggers. Dropping triggers/functions is done using "IF EXISTS" so we don't throw an error if the object in question has already been dropped. We now also raise a custom error (message) when the user does not have TRIGGER privileges. This should prevent the schema from entering an inconsistent state while also providing the user with enough information on how to solve the problem. The recommendation of using SUPERUSER permissions is a bit extreme but we require this anyway (Omnibus also configures users with this permission). Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/36633 2017-08-18 08:26:23 -04:00			`module Gitlab`
			`module Database`
			`# Model that can be used for querying permissions of a SQL user.`
Add latest changes from gitlab-org/gitlab@master 2020-01-31 13:09:11 -05:00			`class Grant`
Improve migrations using triggers This adds a bunch of checks to migrations that may create or drop triggers. Dropping triggers/functions is done using "IF EXISTS" so we don't throw an error if the object in question has already been dropped. We now also raise a custom error (message) when the user does not have TRIGGER privileges. This should prevent the schema from entering an inconsistent state while also providing the user with enough information on how to solve the problem. The recommendation of using SUPERUSER permissions is a bit extreme but we require this anyway (Omnibus also configures users with this permission). Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/36633 2017-08-18 08:26:23 -04:00			`# Returns true if the current user can create and execute triggers on the`
			`# given table.`
			`def self.create_and_execute_trigger?(table)`
Further remove code branches by database type We dropped MySQL support and a lot of mysql specific code has been removed in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/29608. This comes in from the other direction and removes any `if postgresql?` branches. 2019-07-24 09:59:55 -04:00			`# We _must not_ use quote_table_name as this will produce double`
			`# quotes on PostgreSQL and for "has_table_privilege" we need single`
			`# quotes.`
Add latest changes from gitlab-org/gitlab@master 2020-01-31 13:09:11 -05:00			`connection = ActiveRecord::Base.connection`
Further remove code branches by database type We dropped MySQL support and a lot of mysql specific code has been removed in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/29608. This comes in from the other direction and removes any `if postgresql?` branches. 2019-07-24 09:59:55 -04:00			`quoted_table = connection.quote(table)`
Fix TRIGGER checks for MySQL This ensures we can check if the user has TRIGGER permissions without querying restricted tables. Thanks to Steve Norman (https://gitlab.com/stevenorman) for helping out with this merge request. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/38372 2017-11-06 12:50:38 -05:00
Further remove code branches by database type We dropped MySQL support and a lot of mysql specific code has been removed in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/29608. This comes in from the other direction and removes any `if postgresql?` branches. 2019-07-24 09:59:55 -04:00			`begin`
Add latest changes from gitlab-org/gitlab@master 2020-01-31 13:09:11 -05:00			`connection.select_one("SELECT has_table_privilege(#{quoted_table}, 'TRIGGER')").present?`
Further remove code branches by database type We dropped MySQL support and a lot of mysql specific code has been removed in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/29608. This comes in from the other direction and removes any `if postgresql?` branches. 2019-07-24 09:59:55 -04:00			`rescue ActiveRecord::StatementInvalid`
			`# This error is raised when using a non-existing table name. In this`
			`# case we just want to return false as a user technically can't`
			`# create triggers for such a table.`
			`false`
Use has_table_privilege for TRIGGER on PostgreSQL This fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/38634. 2018-01-22 07:43:18 -05:00			`end`
Improve migrations using triggers This adds a bunch of checks to migrations that may create or drop triggers. Dropping triggers/functions is done using "IF EXISTS" so we don't throw an error if the object in question has already been dropped. We now also raise a custom error (message) when the user does not have TRIGGER privileges. This should prevent the schema from entering an inconsistent state while also providing the user with enough information on how to solve the problem. The recommendation of using SUPERUSER permissions is a bit extreme but we require this anyway (Omnibus also configures users with this permission). Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/36633 2017-08-18 08:26:23 -04:00			`end`
			`end`
			`end`
			`end`