public static PermissionsAnalysis RecheckDatabasePermissions()
{
while (_testReadCredentials == null || _testWriteCredentials == null || _testAdminCredentials == null)
{
Thread.Sleep(100);
// A couple of async race conditions happen as this is called, we need to wait for credentials
}
PermissionsAnalysis result = new PermissionsAnalysis();
// First, test ADMIN
SwarmDb adminDb = SwarmDb.GetTestDatabase(_testAdminCredentials);
// Drop table, procedure first just in case there's garbage left behind. Ignore result.
adminDb.TestDropTable();
adminDb.TestDropProcedure();
// All these should pass.
result.AdminCredentialsCanLogin = adminDb.TestLogin();
result.AdminCredentialsCanAdmin = adminDb.TestCreateTable();
result.AdminCredentialsCanAdmin &= adminDb.TestDropTable();
result.AdminCredentialsCanAdmin &= adminDb.TestCreateTable();
result.AdminCredentialsCanAdmin &= adminDb.TestAlterTable();
result.AdminCredentialsCanAdmin &= adminDb.TestCreateProcedure(); // AND -- all must succeed
result.AdminCredentialsCanAdmin &= adminDb.TestDropProcedure();
// Test DROP before we mess up the state of the table, procedure
result.AdminCredentialsCanAdmin &= adminDb.TestCreateProcedure(); // therefore, recreate it after the drop
if (result.AdminCredentialsCanAdmin) // if we have a created table and procedure, otherwise default fail
{
result.AdminCredentialsCanExecute = adminDb.TestExecute("Admin Execute");
result.AdminCredentialsCanSelect = adminDb.TestSelect();
}
// Within the created table, test WRITE and READ accounts before testing them on excessive rights.
SwarmDb writeDb = SwarmDb.GetTestDatabase(_testWriteCredentials);
result.WriteCredentialsCanLogin = writeDb.TestLogin();
if (result.WriteCredentialsCanLogin && result.AdminCredentialsCanAdmin)
{
result.WriteCredentialsCanExecute = writeDb.TestExecute("Write Execute");
result.WriteCredentialsCanSelect = writeDb.TestSelect();
}
SwarmDb readDb = SwarmDb.GetTestDatabase(_testReadCredentials);
result.ReadCredentialsCanLogin = readDb.TestLogin();
if (result.ReadCredentialsCanLogin && result.AdminCredentialsCanAdmin)
{
result.ReadCredentialsCanExecute = readDb.TestExecute("Read Execute");
result.ReadCredentialsCanSelect = readDb.TestSelect();
}
// Finally, test the write and read accounts for admin rights. Note the "OR" here rather than "AND" -
// any one of these rights present should return a true, because it's a fail.
if (result.ReadCredentialsCanLogin)
{
result.ReadCredentialsCanAdmin = readDb.TestDropProcedure();
result.ReadCredentialsCanAdmin |= readDb.TestDropTable();
result.ReadCredentialsCanAdmin |= readDb.TestCreateTable();
result.ReadCredentialsCanAdmin |= readDb.TestCreateProcedure();
}
if (result.WriteCredentialsCanLogin)
{
result.WriteCredentialsCanAdmin = writeDb.TestDropProcedure();
result.WriteCredentialsCanAdmin |= writeDb.TestDropTable();
result.WriteCredentialsCanAdmin |= writeDb.TestCreateTable();
result.WriteCredentialsCanAdmin |= writeDb.TestCreateProcedure();
}
// Clean up
adminDb.TestDropTable(); // ignore result
adminDb.TestDropProcedure();
result.AllPermissionsOk =
result.AdminCredentialsCanLogin &&
result.AdminCredentialsCanSelect &&
result.AdminCredentialsCanExecute &&
result.AdminCredentialsCanAdmin &&
result.WriteCredentialsCanLogin &&
result.WriteCredentialsCanSelect &&
result.WriteCredentialsCanExecute &&
!result.WriteCredentialsCanAdmin && // not this
result.ReadCredentialsCanLogin &&
result.ReadCredentialsCanSelect &&
!result.ReadCredentialsCanExecute && // not this
!result.ReadCredentialsCanAdmin; // not this
return(result);
}
