Week #9 Task: RFE #1488 User privilege tab not shown in all relevant cases
Scheduled Deadline: July 14, 2014
Completed On: Not yet completed.
Follow up on RFE #637 Custom Field Handlers:
Few problems were encountered in my last week’s task i.e. RFE #637 Custom Field Handlers. My mentor, Isaac Bennetch, was having trouble with the auto-upgrade functionality. For him, the upgrade was not happening and the failure was not being detected also. I tried reproducing this problem but was unable to reproduce this on my machine.
So, we moved this discussion to the mailing list to find a solution. After discussing this on the developer mailing list, we found that the reason was the behaviour of the tryMultiQuery(), which actually returns the result of the first statement of the script and not the status of the whole script. We first thought that it was wrong but it was later found to be correct. So, we had to loop over the results of each statement being executed to detect whether whole script was executed or not. Thanks to Hugues for giving a code snippet which helped a lot in solving this problem. It was the case of half upgrade script being executed and then failing at some statement later which was not being detected by the patch and instead of disabling the transformation feature and reporting the problem to the user it bypassed silently. We were now able to detect failure but the problem was now that what to do in the case of half script gets executed and how to rollback it and how to confirm that rollback was done properly or not as it may also fail. As the upgrade script was not idempotent (Idempotence is the property of certain operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application. [Courtesy: Wikipedia]), it was not safe to execute it multiple times as it may lead to unstable condition of the pma__column_info table making it unusable. But I noticed that by modifying the upgrade script we can make it idempotent and fail-safe. So, this was also done. After improving the patch, the failure in upgrade resulted in disabled transformation and same was reported to the user.
For my mentor, it was still not upgrading automatically but it was detecting the upgrade failure and suggested to do a manual upgrade. It was later found that the his control user was not having the enough permissions to alter the structure of phpmyadmin database and it was not his fault too, as we had earlier suggested to grant only SELECT, INSERT, DELETE, UPDATE on phpmyadmin database (grant query in examples/create_tables.sql) and this permission problem will be faced by many of our users. But after granting this permission, auto-upgrade worked fine.
Thanks to my mentor for reporting this though it was the problem with permissions but it helped in detection of a case of half executed script which would have otherwise gone unnoticed and might have troubled our users later.
RFE #1488 User privilege tab not shown in all relevant cases:
As far as this feature is concerned, a user having GRANT_OPTION or CREATE USER privilege only should also be shown the user tab. Actually, such users are not of much use in practical and providing the GUI for them to manage user permissions is also not possible because to read the list of other users & their permission, a user need to have SELECT privilege on mysql database (See mysql documentation on SHOW GRANTS) and that’s how we identify a superuser.
Even if a user is having ALL Privileges on a specific database, he still need to have SELECT access to mysql database to read list of other users & their permissions. But we can still provide them access to create user interface as it does not require any SELECT privilege on mysql database though we are internally using SELECT statements on mysql database for “Add user” page for some tasks such as to detect whether user already exists or not. This is something that has to be managed in this task. We will display them a message that they do not have enough privileges to see list of users and on the other side, giving them access to create user page if they have privilege to do so. So, they will be having partial access to Users tab.
I have started to implement this and have managed to do this at Server > Users tab. However, the code is not yet ready for review also.
Users tab for user with CREATE USER privilege.
Key accomplishments last week: Robust auto-upgrade failure detection for RFE #637 Custom Field Handlers.
Key tasks that stalled: RFE #1488 User privilege tab not shown in all relevant cases.
Tasks in the upcoming week: RFE #1488 User privilege tab not shown in all relevant cases (Contd.).
Filed under: GSoC 2014