Class: ActiveRecord::ConnectionAdapters::PostgreSQLRevokePrivilege

Inherits:
PostgreSQLPrivilege show all
Defined in:
lib/active_record/postgresql_extensions/permissions.rb

Overview

Creates queries for revoking PostgreSQL role privileges.

This class is meant to be used by the revoke_*_privileges methods in the PostgreSQLAdapter. Different database objects have different privileges that you can apply to a role. See the PostgreSQLPrivilege PRIVILEGE_TYPES constant for usage. Generally speaking, you usually don’t want to use this class directly, but rather the aforementioned wrapped methods.

When using the revoke_*_privileges methods, you can specify multiple permissions, objects and roles by using Arrays for the appropriate argument. You can also apply the privileges to all objects within a schema by using the :all option in the options Hash and supply the schema name as the first argument.

Examples

revoke_table_privileges([ :table1, :table2 ], :select, :joe)
# => REVOKE SELECT ON TABLE "table1", "table2" FROM "joe"

revoke_sequence_privileges(:my_seq, [ :select, :update ], :public)
# => REVOKE SELECT, UPDATE ON SEQUENCE "my_seq" FROM PUBLIC

You can specify the :grant_option_for in any of the revoke_*_privilege methods to add a GRANT OPTION FOR clause to the command. Note that this option removes the role’s ability to grant the privilege to other roles, but does not remove the privilege itself.

You can also specify the :cascade option to cause the privilege revocation to cascade down to depedent privileges.

The cascading stuff is pretty crazy, so you may want to consult the PostgreSQL docs on the subject.

Instance Attribute Summary

Attributes inherited from PostgreSQLPrivilege

#base, #objects, #options, #privileges, #query_options, #roles, #type

Instance Method Summary collapse

Methods inherited from PostgreSQLPrivilege

#initialize

Constructor Details

This class inherits a constructor from ActiveRecord::ConnectionAdapters::PostgreSQLPrivilege

Instance Method Details

#to_sqlObject Also known as: to_s

:nodoc:



338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
 
# File 'lib/active_record/postgresql_extensions/permissions.rb', line 338

def to_sql #:nodoc:
  my_query_options = {
    :quote_objects => true,
    :named_object_type => true
  }.merge query_options

  sql = 'REVOKE '
  sql << 'GRANT OPTION FOR ' if options[:grant_option_for]
  sql << "#{Array.wrap(privileges).collect(&:to_s).collect(&:upcase).join(', ')} ON "

  if options[:all]
    ActiveRecord::PostgreSQLExtensions::Features.check_feature(:modify_mass_privileges)

    sql << "ALL #{type.to_s.upcase}S IN SCHEMA #{base.quote_schema(objects)}"
  else
    sql << "#{type.to_s.upcase} " if my_query_options[:named_object_type]

    sql << Array.wrap(objects).collect do |t|
      if my_query_options[:quote_objects]
        if my_query_options[:ignore_schema]
          base.quote_generic_ignore_scoped_schema(t)
        else
          base.quote_table_name(t)
        end
      else
        t
      end
    end.join(', ')
  end

  sql << ' FROM ' << Array.wrap(roles).collect do |r|
    r = r.to_s
    if r.upcase == 'PUBLIC'
      'PUBLIC'
    else
      base.quote_role r
    end
  end.join(', ')

  sql << ' CASCADE' if options[:cascade]
  "#{sql};"
end