Re: [pgadmin-hackers] New macros for sequence node [pgadmin4]

Harshal Dhumal Wed, 10 Feb 2016 04:12:04 -0800

Hi,

Here is updated patch for macros. I have added required validation in
macros.



-- 
*Harshal Dhumal*
*Software Engineer *



EenterpriseDB <http://www.enterprisedb.com>

On Wed, Feb 10, 2016 at 1:06 PM, Ashesh Vashi <ashesh.va...@enterprisedb.com
> wrote:

> On Tue, Feb 9, 2016 at 3:48 PM, Harshal Dhumal <
> harshal.dhu...@enterprisedb.com> wrote:
>
>> Hi,
>>
>> PFA of macros  (privilege, security) for sequence node.
>>
>> Also fixed minor issue in security macro (removed unwanted qtIdent for
>> provider)
>>
> This is not allowed.
> We can't pass on the data coming from the client blindly to the server.
> It is an area, which can introduce the SQL injection in our code.
>
> Hence - I can't allowed that.
>
> --
>
> Thanks & Regards,
>
> Ashesh Vashi
> EnterpriseDB INDIA: Enterprise PostgreSQL Company
> <http://www.enterprisedb.com/>
>
>
> *http://www.linkedin.com/in/asheshvashi*
> <http://www.linkedin.com/in/asheshvashi>
>
>>
>>
>>
>> --
>> *Harshal Dhumal*
>> *Software Engineer *
>>
>>
>>
>> EenterpriseDB <http://www.enterprisedb.com>
>>
>>
>> --
>> Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
>> To make changes to your subscription:
>> http://www.postgresql.org/mailpref/pgadmin-hackers
>>
>>
>

diff --git a/web/pgadmin/browser/server_groups/servers/templates/macros/privilege.macros b/web/pgadmin/browser/server_groups/servers/templates/macros/privilege.macros
index 1d6660c..144a7bb 100644
--- a/web/pgadmin/browser/server_groups/servers/templates/macros/privilege.macros
+++ b/web/pgadmin/browser/server_groups/servers/templates/macros/privilege.macros
@@ -1,3 +1,6 @@
+{################################################}
+{# This is generic macro for other objects #}
+{################################################}
 {% macro APPLY(conn, type, role, param, priv, with_grant) -%}
 {% if priv %}
 GRANT {{ priv }} ON {{ type }} {{ conn|qtIdent(param) }} TO {{ conn|qtIdent(role) }};
@@ -8,4 +11,18 @@ GRANT {{ with_grant }} ON {{ type }} {{ conn|qtIdent(param) }} TO {{ conn|qtIden
 {%- endmacro %}
 {% macro RESETALL(conn, type, role, param) -%}
 REVOKE ALL ON {{ type }} {{ conn|qtIdent(param) }} FROM {{ conn|qtIdent(role) }};
+{%- endmacro %}
+{####################################################}
+{# This macro is specific to sequence object    #}
+{####################################################}
+{% macro SET(conn, type, role, param, priv, with_grant, schema) -%}
+{% if priv %}
+GRANT {{ priv }} ON {{ type }} {{ conn|qtIdent(schema, param) }} TO {{ conn|qtIdent(role) }};
+{% endif %}
+{% if with_grant %}
+GRANT {{ with_grant }} ON {{ type }} {{ conn|qtIdent(schema, param) }} TO {{ conn|qtIdent(role) }} WITH GRANT OPTION;
+{% endif %}
+{%- endmacro %}
+{% macro UNSETALL(conn, type, role, param, schema) -%}
+REVOKE ALL ON {{ type }} {{ conn|qtIdent(schema, param) }} FROM {{ conn|qtIdent(role) }};
 {%- endmacro %}
\ No newline at end of file
diff --git a/web/pgadmin/browser/server_groups/servers/templates/macros/security.macros b/web/pgadmin/browser/server_groups/servers/templates/macros/security.macros
index 83fb9d2..8194bd1 100644
--- a/web/pgadmin/browser/server_groups/servers/templates/macros/security.macros
+++ b/web/pgadmin/browser/server_groups/servers/templates/macros/security.macros
@@ -1,6 +1,18 @@
+{################################################}
+{# This is generic macro for other objects #}
+{################################################}
 {% macro APPLY(conn, type, name, provider, label) -%}
-SECURITY LABEL FOR {{ conn|qtIdent(provider) }} ON {{ type }} {{ conn|qtIdent(name) }} IS {{ label|qtLiteral }};
+SECURITY LABEL FOR {{ provider }} ON {{ type }} {{ conn|qtIdent(name) }} IS {{ label|qtLiteral }};
 {%- endmacro %}
 {% macro DROP(conn, type, name, provider) -%}
-SECURITY LABEL FOR {{ conn|qtIdent(provider) }} ON {{ type }} {{ conn|qtIdent(name) }} IS NULL;
+SECURITY LABEL FOR {{ provider }} ON {{ type }} {{ conn|qtIdent(name) }} IS NULL;
 {%- endmacro %}
+{####################################################}
+{# This macro is specific to sequence object    #}
+{####################################################}
+{% macro SET(conn, type, name, provider, label, schema) -%}
+SECURITY LABEL FOR {{ provider }} ON {{ type }} {{ conn|qtIdent(schema, name) }} IS {{ label|qtLiteral }};
+{%- endmacro %}
+{% macro UNSET(conn, type, name, provider, schema) -%}
+SECURITY LABEL FOR {{ provider }} ON {{ type }} {{ conn|qtIdent(schema, name) }} IS NULL;
+{%- endmacro %}
\ No newline at end of file

-- 
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers

Re: [pgadmin-hackers] New macros for sequence node [pgadmin4]

Reply via email to