public setRole ( $rolename, $password, $superuser, $createdb, $createrole, $inherits, $login, $connlimit, $expiry, $memberof, $members, $adminmembers, $memberofold, $membersold, $adminmembersold ) | ||
$rolename | The name of the role to adjust | |
$password | A password for the role | |
$superuser | Boolean whether or not the role is a superuser | |
$createdb | Boolean whether or not the role can create databases | |
$createrole | Boolean whether or not the role can create other roles | |
$inherits | Boolean whether or not the role inherits the privileges from parent roles | |
$login | Boolean whether or not the role will be allowed to login | |
$connlimit | Number of concurrent connections the role can make | |
$expiry | string Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire | |
$memberof | (array) Roles to which the role will be immediately added as a new member | |
$members | (array) Roles which are automatically added as members of the role | |
$adminmembers | (array) Roles which are automatically added as admin members of the role | |
$memberofold | (array) Original roles whose the role belongs to | |
$membersold | (array) Original roles that are members of the role | |
$adminmembersold | (array) Original roles that are admin members of the role |
function setRole($rolename, $password, $superuser, $createdb, $createrole, $inherits, $login, $connlimit, $expiry, $memberof, $members, $adminmembers, $memberofold, $membersold, $adminmembersold)
{
$enc = $this->_encryptPassword($rolename, $password);
$this->fieldClean($rolename);
$this->clean($enc);
$this->clean($connlimit);
$this->clean($expiry);
$this->fieldArrayClean($memberof);
$this->fieldArrayClean($members);
$this->fieldArrayClean($adminmembers);
$sql = "ALTER ROLE \"{$rolename}\"";
if ($password != '') {
$sql .= " WITH ENCRYPTED PASSWORD '{$enc}'";
}
$sql .= $superuser ? ' SUPERUSER' : ' NOSUPERUSER';
$sql .= $createdb ? ' CREATEDB' : ' NOCREATEDB';
$sql .= $createrole ? ' CREATEROLE' : ' NOCREATEROLE';
$sql .= $inherits ? ' INHERIT' : ' NOINHERIT';
$sql .= $login ? ' LOGIN' : ' NOLOGIN';
if ($connlimit != '') {
$sql .= " CONNECTION LIMIT {$connlimit}";
} else {
$sql .= ' CONNECTION LIMIT -1';
}
if ($expiry != '') {
$sql .= " VALID UNTIL '{$expiry}'";
} else {
$sql .= " VALID UNTIL 'infinity'";
}
$status = $this->execute($sql);
if ($status != 0) {
return -1;
}
//memberof
$old = explode(',', $memberofold);
foreach ($memberof as $m) {
if (!in_array($m, $old)) {
$status = $this->grantRole($m, $rolename);
if ($status != 0) {
return -1;
}
}
}
if ($memberofold) {
foreach ($old as $o) {
if (!in_array($o, $memberof)) {
$status = $this->revokeRole($o, $rolename, 0, 'CASCADE');
if ($status != 0) {
return -1;
}
}
}
}
//members
$old = explode(',', $membersold);
foreach ($members as $m) {
if (!in_array($m, $old)) {
$status = $this->grantRole($rolename, $m);
if ($status != 0) {
return -1;
}
}
}
if ($membersold) {
foreach ($old as $o) {
if (!in_array($o, $members)) {
$status = $this->revokeRole($rolename, $o, 0, 'CASCADE');
if ($status != 0) {
return -1;
}
}
}
}
//adminmembers
$old = explode(',', $adminmembersold);
foreach ($adminmembers as $m) {
if (!in_array($m, $old)) {
$status = $this->grantRole($rolename, $m, 1);
if ($status != 0) {
return -1;
}
}
}
if ($adminmembersold) {
foreach ($old as $o) {
if (!in_array($o, $adminmembers)) {
$status = $this->revokeRole($rolename, $o, 1, 'CASCADE');
if ($status != 0) {
return -1;
}
}
}
}
return $status;
}