89 lines
3.7 KiB
PHP
89 lines
3.7 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
return static function (AppContext $ctx): void {
|
|
$ok = [];
|
|
$errors = [];
|
|
|
|
$daUser = $ctx->daUser->username();
|
|
$prefix = $ctx->daUser->prefix();
|
|
|
|
$dbNames = array_map(static fn(array $db): string => $db['name'], $ctx->pg->listDatabasesForUser($daUser));
|
|
$roleNames = array_map(static fn(array $r): string => $r['name'], $ctx->pg->listRolesForUser($daUser));
|
|
|
|
if ($ctx->isPost()) {
|
|
try {
|
|
$ctx->requireCsrf('assign_database_submit');
|
|
|
|
$dbName = NamePolicy::normalizeDatabaseName($ctx->postString('db_name'), $prefix);
|
|
$roleName = NamePolicy::normalizeRoleName($ctx->postString('role_name'), $prefix);
|
|
|
|
if (!in_array($dbName, $dbNames, true)) {
|
|
throw new RuntimeException('Baza nie należy do bieżącego użytkownika DA: ' . $dbName);
|
|
}
|
|
if (!in_array($roleName, $roleNames, true)) {
|
|
throw new RuntimeException('Użytkownik PostgreSQL nie należy do bieżącego konta DA: ' . $roleName);
|
|
}
|
|
|
|
$privileges = NamePolicy::sanitizePrivileges($ctx->postArray('privileges'));
|
|
if (empty($privileges)) {
|
|
$privileges = NamePolicy::defaultPrivileges();
|
|
}
|
|
|
|
$ctx->pg->grantPrivileges($dbName, $roleName, $privileges);
|
|
|
|
$hostEntries = $ctx->pg->getRoleHostEntries($daUser, $roleName);
|
|
$hasLocalhost = false;
|
|
foreach ($hostEntries as $entry) {
|
|
if ($entry['host'] === 'localhost') {
|
|
$hasLocalhost = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!$hasLocalhost) {
|
|
$hostEntries[] = ['host' => 'localhost', 'note' => ''];
|
|
$ctx->pg->replaceRoleHostsWithNotes($daUser, $roleName, $hostEntries);
|
|
}
|
|
|
|
$sync = $ctx->pg->syncHbaRules();
|
|
if (!$sync['ok']) {
|
|
$errors[] = 'Przypisanie wykonane, ale synchronizacja pg_hba nie powiodła się: ' . $sync['output'];
|
|
}
|
|
|
|
$ok[] = 'Przypisano bazę ' . $dbName . ' do użytkownika ' . $roleName . '.';
|
|
} catch (Throwable $e) {
|
|
$errors[] = $e->getMessage();
|
|
}
|
|
}
|
|
|
|
$dbOptions = '<option value="">-- wybierz bazę --</option>';
|
|
foreach ($dbNames as $dbName) {
|
|
$dbOptions .= '<option value="' . AppContext::e($dbName) . '">' . AppContext::e($dbName) . '</option>';
|
|
}
|
|
|
|
$roleOptions = '<option value="">-- wybierz użytkownika --</option>';
|
|
foreach ($roleNames as $roleName) {
|
|
$roleOptions .= '<option value="' . AppContext::e($roleName) . '">' . AppContext::e($roleName) . '</option>';
|
|
}
|
|
|
|
$privCheckboxes = '';
|
|
foreach (NamePolicy::PRIVILEGE_LABELS as $code => $label) {
|
|
$checked = ($code === 'ALL') ? ' checked' : '';
|
|
$privCheckboxes .= '<label class="inline"><input type="checkbox" name="privileges[]" value="' . AppContext::e($code) . '"' . $checked . '> ' . AppContext::e($label) . '</label>';
|
|
}
|
|
|
|
$body = '';
|
|
$body .= '<form method="post">';
|
|
$body .= $ctx->csrfField('assign_database_submit');
|
|
$body .= '<div class="row">';
|
|
$body .= '<div><label>Baza danych</label><select name="db_name" required>' . $dbOptions . '</select></div>';
|
|
$body .= '<div><label>Użytkownik PostgreSQL</label><select name="role_name" required>' . $roleOptions . '</select></div>';
|
|
$body .= '</div>';
|
|
$body .= '<div class="panel"><h3>Uprawnienia</h3><div class="privileges-group" data-privileges-group>' . $privCheckboxes . '</div></div>';
|
|
$body .= '<div class="actions"><button class="primary" type="submit">Przypisz bazę</button></div>';
|
|
$body .= '</form>';
|
|
|
|
$ctx->renderPage('Przypisywanie Bazy do Użytkownika', $body, $ok, $errors);
|
|
};
|