fix missing privileges on view update (drop/create)

Author: ruslantalpa

build.xml

@@ -1,6 +1,6 @@
 <project name="apgdiff" default="jar" basedir=".">
     <property name="name" value="Another PostgreSQL Diff Tool"/>
-    <property name="version" value="2.6.2-subzero"/>
+    <property name="version" value="2.6.3-subzero"/>
     <property name="build" value="build"/>
     <property name="dist" value="dist"/>
     <property name="build.output" value="${build}/classes"/>

pom.xml

@@ -20,7 +20,7 @@
     <groupId>cz.startnet</groupId>
     <artifactId>apgdiff</artifactId>
     <name>Another PostgreSQL Diff Tool</name>
-    <version>2.6.2-subzero</version>
+    <version>2.6.3-subzero</version>
     <description>Simple PostgreSQL diff tool that is useful for schema upgrades. The tool compares two schema dump files and creates output file that is (after some hand-made modifications) suitable for upgrade of old schema.</description>
 
     <url>http://www.apgdiff.com/</url>

src/main/java/cz/startnet/utils/pgdiff/PgDiffViews.java

@@ -46,27 +46,17 @@ public static void createViews(final PrintWriter writer,
                             + PgDiffUtils.getQuotedName(newView.getName())
                             + " OWNER TO " + newView.getOwnerTo() + ";");
                 }
+                writer.println();
                 for (PgRelationPrivilege viewPrivilege : newView.getPrivileges()) {
-                    writer.println("REVOKE ALL ON TABLE "
-                            + PgDiffUtils.getQuotedName(newView.getName())
-                            + " FROM " + viewPrivilege.getRoleName() + ";");
-                    if (!"".equals(viewPrivilege.getPrivilegesSQL(true))) {
-                        writer.println("GRANT "
-                                + viewPrivilege.getPrivilegesSQL(true)
-                                + " ON TABLE "
-                                + PgDiffUtils.getQuotedName(newView.getName())
-                                + " TO " + viewPrivilege.getRoleName()
-                                + " WITH GRANT OPTION;");
-                    }
-                    if (!"".equals(viewPrivilege.getPrivilegesSQL(false))) {
-                        writer.println("GRANT "
-                                + viewPrivilege.getPrivilegesSQL(false)
-                                + " ON TABLE "
-                                + PgDiffUtils.getQuotedName(newView.getName())
-                                + " TO " + viewPrivilege.getRoleName() + ";");
+                    grantPrivileges(writer, newView, viewPrivilege);
+                }
+                writer.println();
+                for (PgColumn newColumn : newView.getColumns()) {
+                    for (PgColumnPrivilege newColumnPrivilege : newColumn
+                        .getPrivileges()) {
+                        grantColumnPrivileges(writer, newView, newColumn, newColumnPrivilege);
                     }
                 }
-
             }
         }
     }
@@ -228,8 +218,10 @@ public static void alterViews(final PrintWriter writer,
                         + PgDiffUtils.getQuotedName(newView.getName())
                         + " OWNER TO " + newView.getOwnerTo() + ";");
             }
-            alterPrivileges(writer, oldView, newView, searchPathHelper);
-            alterPrivilegesColumns(writer, oldView, newView, searchPathHelper);
+            if(!isViewModified(oldView, newView)){
+                alterPrivileges(writer, oldView, newView, searchPathHelper);
+                alterPrivilegesColumns(writer, oldView, newView, searchPathHelper);
+            } // else when view is modified, it is dropped and recreated with privileges in createView
         }
     }
 
@@ -298,6 +290,27 @@ private static void diffDefaultValues(final PrintWriter writer,
         }
     }
 
+    private static void grantPrivileges(final PrintWriter writer, 
+            final PgView view, final PgRelationPrivilege privilege  ){
+        writer.println("REVOKE ALL ON TABLE "
+                + PgDiffUtils.getQuotedName(view.getName())
+                + " FROM " + privilege.getRoleName() + ";");
+        if (!"".equals(privilege.getPrivilegesSQL(true))) {
+            writer.println("GRANT "
+                    + privilege.getPrivilegesSQL(true)
+                    + " ON TABLE "
+                    + PgDiffUtils.getQuotedName(view.getName())
+                    + " TO " + privilege.getRoleName()
+                    + " WITH GRANT OPTION;");
+        }
+        if (!"".equals(privilege.getPrivilegesSQL(false))) {
+            writer.println("GRANT "
+                    + privilege.getPrivilegesSQL(false)
+                    + " ON TABLE "
+                    + PgDiffUtils.getQuotedName(view.getName())
+                    + " TO " + privilege.getRoleName() + ";");
+        }
+    }
     private static void alterPrivileges(final PrintWriter writer,
             final PgView oldView, final PgView newView,
             final SearchPathHelper searchPathHelper) {
@@ -316,24 +329,7 @@ private static void alterPrivileges(final PrintWriter writer,
                 if (!emptyLinePrinted) {
                     writer.println();
                 }
-                writer.println("REVOKE ALL ON TABLE "
-                        + PgDiffUtils.getQuotedName(newView.getName())
-                        + " FROM " + newViewPrivilege.getRoleName() + ";");
-                if (!"".equals(newViewPrivilege.getPrivilegesSQL(true))) {
-                    writer.println("GRANT "
-                            + newViewPrivilege.getPrivilegesSQL(true)
-                            + " ON TABLE "
-                            + PgDiffUtils.getQuotedName(newView.getName())
-                            + " TO " + newViewPrivilege.getRoleName()
-                            + " WITH GRANT OPTION;");
-                }
-                if (!"".equals(newViewPrivilege.getPrivilegesSQL(false))) {
-                    writer.println("GRANT "
-                            + newViewPrivilege.getPrivilegesSQL(false)
-                            + " ON TABLE "
-                            + PgDiffUtils.getQuotedName(newView.getName())
-                            + " TO " + newViewPrivilege.getRoleName() + ";");
-                }
+                grantPrivileges(writer, newView, newViewPrivilege);
             } // else similar privilege will not be updated
         }
         for (PgRelationPrivilege newViewPrivilege : newView.getPrivileges()) {
@@ -343,35 +339,53 @@ private static void alterPrivileges(final PrintWriter writer,
                 if (!emptyLinePrinted) {
                     writer.println();
                 }
-                writer.println("REVOKE ALL ON TABLE "
-                        + PgDiffUtils.getQuotedName(newView.getName())
-                        + " FROM " + newViewPrivilege.getRoleName() + ";");
-                if (!"".equals(newViewPrivilege.getPrivilegesSQL(true))) {
-                    writer.println("GRANT "
-                            + newViewPrivilege.getPrivilegesSQL(true)
-                            + " ON TABLE "
-                            + PgDiffUtils.getQuotedName(newView.getName())
-                            + " TO " + newViewPrivilege.getRoleName()
-                            + " WITH GRANT OPTION;");
-                }
-                if (!"".equals(newViewPrivilege.getPrivilegesSQL(false))) {
-                    writer.println("GRANT "
-                            + newViewPrivilege.getPrivilegesSQL(false)
-                            + " ON TABLE "
-                            + PgDiffUtils.getQuotedName(newView.getName())
-                            + " TO " + newViewPrivilege.getRoleName() + ";");
-                }
+                grantPrivileges(writer, newView, newViewPrivilege);
             }
         }
     }
 
+    private static void grantColumnPrivileges(final PrintWriter writer, 
+            final PgView view, final PgColumn column, final PgColumnPrivilege privilege){
+        
+        writer.println("REVOKE ALL ("
+                + PgDiffUtils.getQuotedName(column.getName())
+                + ") ON TABLE "
+                + PgDiffUtils.getQuotedName(view.getName())
+                + " FROM " + privilege.getRoleName()
+                + ";");
+        if (!"".equals(privilege.getPrivilegesSQL(
+                true,
+                PgDiffUtils.getQuotedName(column.getName())))) {
+            writer.println("GRANT "
+                    + privilege.getPrivilegesSQL(true,
+                            PgDiffUtils.getQuotedName(column
+                                    .getName()))
+                    + " ON TABLE "
+                    + PgDiffUtils.getQuotedName(view
+                            .getName()) + " TO "
+                    + privilege.getRoleName()
+                    + " WITH GRANT OPTION;");
+        }
+        if (!"".equals(privilege.getPrivilegesSQL(
+                false,
+                PgDiffUtils.getQuotedName(column.getName())))) {
+            writer.println("GRANT "
+                    + privilege.getPrivilegesSQL(
+                            false, PgDiffUtils
+                                    .getQuotedName(column
+                                            .getName()))
+                    + " ON TABLE "
+                    + PgDiffUtils.getQuotedName(view
+                            .getName()) + " TO "
+                    + privilege.getRoleName() + ";");
+        }
+    }
     private static void alterPrivilegesColumns(final PrintWriter writer,
             final PgView oldView, final PgView newView,
             final SearchPathHelper searchPathHelper) {
         boolean emptyLinePrinted = false;
         for (PgColumn newColumn : newView.getColumns()) {
             final PgColumn oldColumn = oldView.getColumn(newColumn.getName());
-
             if (oldColumn != null) {
                 for (PgColumnPrivilege oldColumnPrivilege : oldColumn
                         .getPrivileges()) {
@@ -404,39 +418,7 @@ private static void alterPrivilegesColumns(final PrintWriter writer,
                             emptyLinePrinted = true;
                             writer.println();
                         }
-                        writer.println("REVOKE ALL ("
-                                + PgDiffUtils.getQuotedName(newColumn.getName())
-                                + ") ON TABLE "
-                                + PgDiffUtils.getQuotedName(newView.getName())
-                                + " FROM " + newColumnPrivilege.getRoleName()
-                                + ";");
-                        if (!"".equals(newColumnPrivilege.getPrivilegesSQL(
-                                true,
-                                PgDiffUtils.getQuotedName(newColumn.getName())))) {
-                            writer.println("GRANT "
-                                    + newColumnPrivilege.getPrivilegesSQL(true,
-                                            PgDiffUtils.getQuotedName(newColumn
-                                                    .getName()))
-                                    + " ON TABLE "
-                                    + PgDiffUtils.getQuotedName(newView
-                                            .getName()) + " TO "
-                                    + newColumnPrivilege.getRoleName()
-                                    + " WITH GRANT OPTION;");
-                        }
-                        if (!"".equals(newColumnPrivilege.getPrivilegesSQL(
-                                false,
-                                PgDiffUtils.getQuotedName(newColumn.getName())))) {
-                            writer.println("GRANT "
-                                    + newColumnPrivilege.getPrivilegesSQL(
-                                            false, PgDiffUtils
-                                                    .getQuotedName(newColumn
-                                                            .getName()))
-                                    + " ON TABLE "
-                                    + PgDiffUtils.getQuotedName(newView
-                                            .getName()) + " TO "
-                                    + newColumnPrivilege.getRoleName() + ";");
-                        }
-
+                        grantColumnPrivileges(writer, newView, newColumn, newColumnPrivilege);
                     }
                 }
             }

src/test/java/cz/startnet/utils/pgdiff/PgDiffTest.java

@@ -272,6 +272,7 @@ public static Collection<?> parameters() {
                   , {"alter_view_owner", false, false, false, false}
                   , {"grant_on_table_cols_mixed", false, false, false, false}
                   , {"grant_on_view_cols_mixed", false, false, false, false}
+                  , {"grant_on_view_change", false, false, false, false}
                 });
     }
     /**
@@ -399,7 +400,9 @@ public void runDiff() throws FileNotFoundException, IOException {
         }
 
         reader.close();
-
+        // System.out.println("exp???" + sbExpDiff.toString().trim() + "???");
+        // System.out.println("");
+        // System.out.println("diff!!!" + diffInput.toString().trim() + "!!!");
         Assert.assertEquals("File name template: " + fileNameTemplate,
                 sbExpDiff.toString().trim(),
                 diffInput.toString().trim());

src/test/resources/cz/startnet/utils/pgdiff/add_view_diff.sql

@@ -3,3 +3,11 @@ CREATE VIEW testview WITH (security_barrier) AS
 	SELECT testtable.id, testtable.name FROM testtable;
 
 ALTER VIEW testview OWNER TO fordfrog;
+
+REVOKE ALL ON TABLE testview FROM admin;
+GRANT UPDATE ON TABLE testview TO admin;
+
+REVOKE ALL (id) ON TABLE testview FROM admin;
+GRANT SELECT (id) ON TABLE testview TO admin;
+REVOKE ALL (name) ON TABLE testview FROM admin;
+GRANT SELECT (name), INSERT (name) ON TABLE testview TO admin;

src/test/resources/cz/startnet/utils/pgdiff/add_view_new.sql

@@ -42,6 +42,7 @@ CREATE VIEW testview WITH (security_barrier) AS
 
 
 ALTER TABLE public.testview OWNER TO fordfrog;
+grant select(id, name), insert(name), update on testview to admin;
 
 --
 -- Data for Name: testtable; Type: TABLE DATA; Schema: public; Owner: fordfrog

src/test/resources/cz/startnet/utils/pgdiff/grant_on_view_change_diff.sql

@@ -0,0 +1,22 @@
+DROP VIEW IF EXISTS items_view;
+
+CREATE VIEW items_view AS
+	select id, name from items;
+
+REVOKE ALL ON TABLE items_view FROM admin;
+GRANT UPDATE ON TABLE items_view TO admin;
+REVOKE ALL ON TABLE items_view FROM customer;
+GRANT SELECT ON TABLE items_view TO customer;
+REVOKE ALL ON TABLE items_view FROM webuser;
+GRANT INSERT, DELETE ON TABLE items_view TO webuser;
+
+REVOKE ALL (id) ON TABLE items_view FROM admin;
+GRANT SELECT (id) ON TABLE items_view TO admin;
+REVOKE ALL (id) ON TABLE items_view FROM webuser;
+GRANT SELECT (id) ON TABLE items_view TO webuser;
+REVOKE ALL (name) ON TABLE items_view FROM admin;
+GRANT SELECT (name), INSERT (name) ON TABLE items_view TO admin;
+REVOKE ALL (name) ON TABLE items_view FROM customer;
+GRANT UPDATE (name) ON TABLE items_view TO customer;
+REVOKE ALL (name) ON TABLE items_view FROM webuser;
+GRANT SELECT (name), UPDATE (name) ON TABLE items_view TO webuser;

src/test/resources/cz/startnet/utils/pgdiff/grant_on_view_change_new.sql

@@ -0,0 +1,9 @@
+create table items(id integer, name text);
+
+create view items_view as select id, name from items;
+
+grant select(id, name), insert(name), update on items_view to admin;
+
+grant select, update(name) on items_view to customer;
+
+grant select(id, name), insert, delete, update(name) on items_view to webuser;

src/test/resources/cz/startnet/utils/pgdiff/grant_on_view_change_original.sql

@@ -0,0 +1,5 @@
+create table items(id integer, name text);
+
+create view items_view as select id from items;
+
+grant select(id), update on items_view to admin;

src/test/resources/cz/startnet/utils/pgdiff/grant_on_view_cols_mixed_diff.sql

@@ -1,19 +1,11 @@
-
-REVOKE ALL ON TABLE items_view FROM admin;
-GRANT UPDATE ON TABLE items_view TO admin;
-
 REVOKE ALL ON TABLE items_view FROM customer;
 GRANT SELECT ON TABLE items_view TO customer;
 
 REVOKE ALL ON TABLE items_view FROM webuser;
 GRANT INSERT, DELETE ON TABLE items_view TO webuser;
 
-REVOKE ALL (id) ON TABLE items_view FROM admin;
-GRANT SELECT (id) ON TABLE items_view TO admin;
 REVOKE ALL (id) ON TABLE items_view FROM webuser;
 GRANT SELECT (id) ON TABLE items_view TO webuser;
-REVOKE ALL (name) ON TABLE items_view FROM admin;
-GRANT SELECT (name), INSERT (name) ON TABLE items_view TO admin;
 REVOKE ALL (name) ON TABLE items_view FROM customer;
 GRANT UPDATE (name) ON TABLE items_view TO customer;
 REVOKE ALL (name) ON TABLE items_view FROM webuser;

src/test/resources/cz/startnet/utils/pgdiff/grant_on_view_cols_mixed_new.sql

@@ -1,6 +1,6 @@
 create table items(id integer, name text);
 
-create view items_view as select id from items;
+create view items_view as select id, name from items;
 
 grant select(id, name), insert(name), update on items_view to admin;
 

src/test/resources/cz/startnet/utils/pgdiff/grant_on_view_cols_mixed_original.sql

@@ -1,3 +1,5 @@
 create table items(id integer, name text);
 
-create view items_view as select id from items;
+create view items_view as select id, name from items;
+
+grant select(id, name), insert(name), update on items_view to admin;