From 2fc384981886eeb33b262c443c05bb0c7dff0528 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Sun, 1 Jan 2012 15:43:47 -0500
Subject: Instead of doing an update table_priv, we need to do GRANT/REVOKE
 statements

When we are working with tables_priv we need to first get a downcased array of the currently set privileges, and a downcased array of the desired permissions.

Then we make a list of the permissions to revoke by subtracting the requested permissions from the currently set ones.

If the list of permissions to revoke is not empty, then we issue a REVOKE.

Then we make a list of the permissions to add by subtracting the requested permissions from the current set (no need to add select again if it is already there).

Then if the set of permissions to add is not empty, then we actually execute the statement.
---
 lib/puppet/provider/mysql_grant/mysql.rb | 39 ++++++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 9 deletions(-)

diff --git a/lib/puppet/provider/mysql_grant/mysql.rb b/lib/puppet/provider/mysql_grant/mysql.rb
index 2d474d0..e1bdc07 100644
--- a/lib/puppet/provider/mysql_grant/mysql.rb
+++ b/lib/puppet/provider/mysql_grant/mysql.rb
@@ -183,10 +183,21 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
       stmt = 'update db set '
       where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ]
       all_privs = MYSQL_DB_PRIVS
-    when :table
-      stmt = 'update table_priv set '
-      where = ' where user="%s" and host="%s" and Db="%s"' % [ name[:user], name[:host], name[:db] ]
-      all_privs = MYSQL_DB_PRIVS    
+    when :tables_priv
+      currently_set = privileges
+      currently_set = currently_set.scan(/\w+/)
+      privs.map! {|i| i.to_s.downcase}
+      revoke = currently_set - privs
+
+      if !revoke.empty?
+         #puts "Revoking table privs: ", revoke
+         mysql "mysql", "-e", "REVOKE %s ON %s.%s FROM '%s'@'%s'" % [ revoke.join(", "), name[:db], name[:table_name], name[:user], name[:host] ]
+      end
+
+      set = privs - currently_set
+      stmt = 'GRANT '
+      where = ' ON %s.%s TO "%s"@"%s"' % [ name[:db], name[:table_name], name[:user], name[:host] ]
+      all_privs = MYSQL_TABLE_PRIVS    
     when :column
       stmt = 'update columns_priv set '
       where = ' where user="%s" and host="%s" and Db="%s" and Table="%s"' % [ name[:user], name[:host], name[:db], name[:table] ]
@@ -197,13 +208,23 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
       privs = all_privs
     end
   
-    # puts "stmt:", stmt
-    set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ')
-    # puts "set:", set
+    #puts "stmt:", stmt
+    case name[:type]
+    when :user
+      set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ')
+    when :db
+      set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ')
+    when :tables_priv
+      set = set.join(', ')
+    end
+
+    #puts "set:", set
     stmt = stmt << set << where
 
-    mysql "mysql", "-Be", stmt
-    mysql_flush
+    if !set.empty?
+      mysql "mysql", "-Be", stmt
+      mysql_flush
+    end
   end
 end
 
-- 
cgit v1.2.3