Class: ActiveRecord::ConnectionAdapters::PostgreSQLRevokePrivilege
- Inherits:
-
PostgreSQLPrivilege
- Object
- PostgreSQLPrivilege
- ActiveRecord::ConnectionAdapters::PostgreSQLRevokePrivilege
- Defined in:
- lib/active_record/postgresql_extensions/permissions.rb
Overview
Creates queries for revoking PostgreSQL role privileges.
This class is meant to be used by the revoke_*_privileges methods in the PostgreSQLAdapter. Different database objects have different privileges that you can apply to a role. See the PostgreSQLPrivilege PRIVILEGE_TYPES constant for usage. Generally speaking, you usually don’t want to use this class directly, but rather the aforementioned wrapped methods.
When using the revoke_*_privileges methods, you can specify multiple permissions, objects and roles by using Arrays for the appropriate argument. You can also apply the privileges to all objects within a schema by using the :all option in the options Hash and supply the schema name as the first argument.
Examples
revoke_table_privileges([ :table1, :table2 ], :select, :joe)
# => REVOKE SELECT ON TABLE "table1", "table2" FROM "joe"
revoke_sequence_privileges(:my_seq, [ :select, :update ], :public)
# => REVOKE SELECT, UPDATE ON SEQUENCE "my_seq" FROM PUBLIC
You can specify the :grant_option_for
in any of the revoke_*_privilege methods to add a GRANT OPTION FOR clause to the command. Note that this option removes the role’s ability to grant the privilege to other roles, but does not remove the privilege itself.
You can also specify the :cascade
option to cause the privilege revocation to cascade down to depedent privileges.
The cascading stuff is pretty crazy, so you may want to consult the PostgreSQL docs on the subject.
Instance Attribute Summary
Attributes inherited from PostgreSQLPrivilege
#base, #objects, #options, #privileges, #query_options, #roles, #type
Instance Method Summary collapse
-
#to_sql ⇒ Object
(also: #to_s)
:nodoc:.
Methods inherited from PostgreSQLPrivilege
Constructor Details
This class inherits a constructor from ActiveRecord::ConnectionAdapters::PostgreSQLPrivilege
Instance Method Details
#to_sql ⇒ Object Also known as: to_s
:nodoc:
338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 |
# File 'lib/active_record/postgresql_extensions/permissions.rb', line 338 def to_sql #:nodoc: = { :quote_objects => true, :named_object_type => true }.merge sql = 'REVOKE ' sql << 'GRANT OPTION FOR ' if [:grant_option_for] sql << "#{Array.wrap(privileges).collect(&:to_s).collect(&:upcase).join(', ')} ON " if [:all] ActiveRecord::PostgreSQLExtensions::Features.check_feature(:modify_mass_privileges) sql << "ALL #{type.to_s.upcase}S IN SCHEMA #{base.quote_schema(objects)}" else sql << "#{type.to_s.upcase} " if [:named_object_type] sql << Array.wrap(objects).collect do |t| if [:quote_objects] if [:ignore_schema] base.quote_generic_ignore_scoped_schema(t) else base.quote_table_name(t) end else t end end.join(', ') end sql << ' FROM ' << Array.wrap(roles).collect do |r| r = r.to_s if r.upcase == 'PUBLIC' 'PUBLIC' else base.quote_role r end end.join(', ') sql << ' CASCADE' if [:cascade] "#{sql};" end |