From 6f1bfbd955da3e4e92065a29c32a00eef9576aad Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Sat, 19 Feb 2022 14:05:35 +0100 Subject: [PATCH] roleConfig: fixes & refactor --- modules/account/back/models/role-config.js | 41 ++++++++------------ modules/account/back/models/role-config.json | 12 ++++++ 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/modules/account/back/models/role-config.js b/modules/account/back/models/role-config.js index b5cfb7b83..c6b32a4c5 100644 --- a/modules/account/back/models/role-config.js +++ b/modules/account/back/models/role-config.js @@ -1,7 +1,9 @@ module.exports = Self => { Self.getSynchronizer = async function() { - return await Self.findOne({fields: ['id']}); + return await Self.findOne({ + fields: ['id', 'rolePrefix', 'userPrefix', 'userHost'] + }); }; Object.assign(Self.prototype, { @@ -14,17 +16,16 @@ module.exports = Self => { }, async syncUser(userName, info, password) { - const mysqlHost = '%'; - let mysqlUser = userName; - if (this.dbType == 'MySQL') mysqlUser = `!${mysqlUser}`; + if (this.dbType == 'MySQL') + mysqlUser = this.userPrefix + mysqlUser; const [row] = await Self.rawSql( `SELECT COUNT(*) AS nRows FROM mysql.user WHERE User = ? AND Host = ?`, - [mysqlUser, mysqlHost] + [mysqlUser, this.userHost] ); let userExists = row.nRows > 0; @@ -35,11 +36,10 @@ module.exports = Self => { FROM mysql.global_priv WHERE User = ? AND Host = ?`, - [mysqlUser, mysqlHost] + [mysqlUser, this.userHost] ); const priv = row && JSON.parse(row.priv); - const role = priv && priv.default_role; - isUpdatable = !row || (role && role.startsWith('z-')); + isUpdatable = !row || (priv && priv.autogenerated); } if (!isUpdatable) { @@ -51,31 +51,27 @@ module.exports = Self => { if (password) { if (!userExists) { await Self.rawSql('CREATE USER ?@? IDENTIFIED BY ?', - [mysqlUser, mysqlHost, password] - ); + [mysqlUser, this.userHost, password]); userExists = true; } else { switch (this.dbType) { case 'MariaDB': await Self.rawSql('ALTER USER ?@? IDENTIFIED BY ?', - [mysqlUser, mysqlHost, password] - ); + [mysqlUser, this.userHost, password]); break; default: await Self.rawSql('SET PASSWORD FOR ?@? = PASSWORD(?)', - [mysqlUser, mysqlHost, password] - ); + [mysqlUser, this.userHost, password]); } } } if (userExists && this.dbType == 'MariaDB') { - let role = `z-${info.user.role().name}`; + let role = `${this.rolePrefix}${info.user.role().name}`; try { await Self.rawSql('REVOKE ALL, GRANT OPTION FROM ?@?', - [mysqlUser, mysqlHost] - ); + [mysqlUser, this.userHost]); } catch (err) { if (err.code == 'ER_REVOKE_GRANTS') console.warn(`${err.code}: ${err.sqlMessage}: ${err.sql}`); @@ -83,21 +79,18 @@ module.exports = Self => { throw err; } await Self.rawSql('GRANT ? TO ?@?', - [role, mysqlUser, mysqlHost] - ); + [role, mysqlUser, this.userHost]); if (role) { await Self.rawSql('SET DEFAULT ROLE ? FOR ?@?', - [role, mysqlUser, mysqlHost] - ); + [role, mysqlUser, this.userHost]); } else { await Self.rawSql('SET DEFAULT ROLE NONE FOR ?@?', - [mysqlUser, mysqlHost] - ); + [mysqlUser, this.userHost]); } } } else if (userExists) - await Self.rawSql('DROP USER ?@?', [mysqlUser, mysqlHost]); + await Self.rawSql('DROP USER ?@?', [mysqlUser, this.userHost]); } }); }; diff --git a/modules/account/back/models/role-config.json b/modules/account/back/models/role-config.json index c2abfcc38..f4138bea8 100644 --- a/modules/account/back/models/role-config.json +++ b/modules/account/back/models/role-config.json @@ -16,6 +16,18 @@ }, "mysqlPassword": { "type": "string" + }, + "rolePrefix": { + "type": "string" + }, + "userPrefix": { + "type": "string" + }, + "userHost": { + "type": "string" + }, + "tplUser": { + "type": "string" } } }