direct-online/vito
2
0
Fork 0
mirror of https://github.com/vitodeploy/vito.git synced 2025-04-20 02:11:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Privileges for public Schema in PostgreSQL 15+ (#347)

Browse Source 
Co-authored-by: Bernard Sarfo Twumasi <bst@smartocean.com>
This commit is contained in:
Bernard Sarfo Twumasi 2024-11-04 20:35:22 +01:00 committed by GitHub
parent 113607aae3
commit 0f810f4077
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/SSH/Services/Database/AbstractDatabase.php
View File

@ -117,6 +117,7 @@ public function deleteUser(string $username, string $host): void
public function link(string $username, string $host, array $databases): void public function link(string $username, string $host, array $databases): void
{ {
$ssh = $this->service->server->ssh(); $ssh = $this->service->server->ssh();
$version = $this->service->version;
foreach ($databases as $database) { foreach ($databases as $database) {
$ssh->exec( $ssh->exec(
@ -124,6 +125,7 @@ public function link(string $username, string $host, array $databases): void
'username' => $username, 'username' => $username,
'host' => $host, 'host' => $host,
'database' => $database, 'database' => $database,
'version' => $version,
]), ]),
'link-user-to-database' 'link-user-to-database'
); );
@ -132,10 +134,13 @@ public function link(string $username, string $host, array $databases): void
public function unlink(string $username, string $host): void public function unlink(string $username, string $host): void
{ {
$version = $this->service->version;
$this->service->server->ssh()->exec( $this->service->server->ssh()->exec(
$this->getScript($this->getScriptsDir().'/unlink.sh', [ $this->getScript($this->getScriptsDir().'/unlink.sh', [
'username' => $username, 'username' => $username,
'host' => $host, 'host' => $host,
'version' => $version,
]), ]),
'unlink-user-from-databases' 'unlink-user-from-databases'
); );

15
app/SSH/Services/Database/scripts/postgresql/link.sh
View File

@ -1,5 +1,16 @@
if ! sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE \"__database__\" TO \"__username__\";"; then USER_TO_LINK='__username__'
DB_NAME='__database__'
DB_VERSION='__version__'
if ! sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE \"$DB_NAME\" TO $USER_TO_LINK;"; then
echo 'VITO_SSH_ERROR' && exit 1 echo 'VITO_SSH_ERROR' && exit 1
fi fi
echo "Linking to __database__ finished" # Check if PostgreSQL version is 15 or greater
if [ "$DB_VERSION" -ge 15 ]; then
if ! sudo -u postgres psql -d "$DB_NAME" -c "GRANT USAGE, CREATE ON SCHEMA public TO $USER_TO_LINK;"; then
echo 'VITO_SSH_ERROR' && exit 1
fi
fi
echo "Linking to $DB_NAME finished"

8
app/SSH/Services/Database/scripts/postgresql/unlink.sh
View File

@ -1,10 +1,16 @@
USER_TO_REVOKE='__username__' USER_TO_REVOKE='__username__'
DB_VERSION='__version__'
DATABASES=$(sudo -u postgres psql -t -c "SELECT datname FROM pg_database WHERE datistemplate = false;") DATABASES=$(sudo -u postgres psql -t -c "SELECT datname FROM pg_database WHERE datistemplate = false;")
for DB in $DATABASES; do for DB in $DATABASES; do
echo "Revoking privileges in database: $DB" echo "Revoking privileges in database: $DB"
sudo -u postgres psql -d "$DB" -c "REVOKE ALL PRIVILEGES ON DATABASE \"$DB\" FROM \"$USER_TO_REVOKE\";" sudo -u postgres psql -d "$DB" -c "REVOKE ALL PRIVILEGES ON DATABASE \"$DB\" FROM $USER_TO_REVOKE;"
# Check if PostgreSQL version is 15 or greater
if [ "$DB_VERSION" -ge 15 ]; then
sudo -u postgres psql -d "$DB" -c "REVOKE USAGE, CREATE ON SCHEMA public FROM $USER_TO_REVOKE;"
fi
done done
echo "Privileges revoked from $USER_TO_REVOKE" echo "Privileges revoked from $USER_TO_REVOKE"