← Back to branch summary

~launchpad-pqm/launchpad/devel

« back to all changes in this revision

Viewing changes to database/schema/security.py

  • Committer: Stuart Bishop
  • Date: 2011-07-25 14:09:44 UTC
  • mto: (7675.1045.660 db-devel)
  • mto: This revision was merged to the branch mainline in revision 13516.
  • Revision ID: stuart.bishop@canonical.com-20110725140944-gs60anuqsusjhkfi
https://launchpad.net/bugs/798120
security.py --no-revoke should not attempt ownership changes

Show diffs side-by-side

added added

removed removed

Lines of Context:
database/schema/security.py
388
388
        else:
389
389
            log.debug("%s not in any roles", user)
390
390
 
391
 
    # Change ownership of all objects to OWNER
392
 
    for obj in schema.values():
393
 
        if obj.type in ("function", "sequence"):
394
 
            pass # Can't change ownership of functions or sequences
395
 
        else:
396
 
            if obj.owner != options.owner:
397
 
                log.info("Resetting ownership of %s", obj.fullname)
398
 
                cur.execute("ALTER TABLE %s OWNER TO %s" % (
399
 
                    obj.fullname, quote_identifier(options.owner)))
400
 
 
401
391
    if options.revoke:
 
392
        # Change ownership of all objects to OWNER.
 
393
        # We skip this in --no-revoke mode as ownership changes may
 
394
        # block on a live system.
 
395
        for obj in schema.values():
 
396
            if obj.type in ("function", "sequence"):
 
397
                pass # Can't change ownership of functions or sequences
 
398
            else:
 
399
                if obj.owner != options.owner:
 
400
                    log.info("Resetting ownership of %s", obj.fullname)
 
401
                    cur.execute("ALTER TABLE %s OWNER TO %s" % (
 
402
                        obj.fullname, quote_identifier(options.owner)))
 
403
 
402
404
        # Revoke all privs from known groups. Don't revoke anything for
403
405
        # users or groups not defined in our security.cfg.
404
406
        table_revocations = PermissionGatherer("TABLE")
430
432
        function_revocations.revoke(cur)
431
433
        sequence_revocations.revoke(cur)
432
434
    else:
 
435
        log.info("Not resetting ownership of database objects")
433
436
        log.info("Not revoking permissions on database objects")
434
437
 
435
438
    # Set of all tables we have granted permissions on. After we have assigned