Add permission-controlled SqlSrv database manager (#17)

* Add permission controleld MSSQL DB manager * Fix code style (php-cs-fixer) * Fix manager * Don't change databases when creating MSSQL user * Test permission controlled MSSQL DB manager * Fix code style (php-cs-fixer) * Delete redundant config resetting in tests * Grant user permissions insteead of making the user the database owner * Test that user gets created in the tenant DB * Test that the correct permissions are granted to the DB users * Fix code style (php-cs-fixer) * Update config comment * Fix typo * Add perm controlled sqlsr db manager to test dataset * Close all connections before deleting MSSQL DBs * Fix code style (php-cs-fixer) * Add explanation to deleteDatabase() * Update tests/DatabaseUsersTest.php Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com> * Fix code style (php-cs-fixer) --------- Co-authored-by: PHP CS Fixer <phpcsfixer@example.com> Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
2025-12-12 18:04:03 +00:00 · 2024-01-08 04:07:43 +01:00 · 2024-01-08 04:07:43 +01:00 · cf3d06c8ec
commit cf3d06c8ec
parent 9e4f33e5c5
4 changed files with 167 additions and 28 deletions
--- a/src/Database/TenantDatabaseManagers/PermissionControlledMicrosoftSQLServerDatabaseManager.php
+++ b/src/Database/TenantDatabaseManagers/PermissionControlledMicrosoftSQLServerDatabaseManager.php
@ -0,0 +1,65 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Stancl\Tenancy\Database\TenantDatabaseManagers;
+
+use Stancl\Tenancy\Database\Concerns\CreatesDatabaseUsers;
+use Stancl\Tenancy\Database\Contracts\ManagesDatabaseUsers;
+use Stancl\Tenancy\Database\Contracts\TenantWithDatabase;
+use Stancl\Tenancy\Database\DatabaseConfig;
+
+class PermissionControlledMicrosoftSQLServerDatabaseManager extends MicrosoftSQLDatabaseManager implements ManagesDatabaseUsers
+{
+    use CreatesDatabaseUsers;
+
+    /** @var string[] */
+    public static array $grants = [
+        'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'EXECUTE',
+    ];
+
+    public function createUser(DatabaseConfig $databaseConfig): bool
+    {
+        $database = $databaseConfig->getName();
+        $username = $databaseConfig->getUsername();
+        $password = $databaseConfig->getPassword();
+
+        // Create login
+        $this->database()->statement("CREATE LOGIN [$username] WITH PASSWORD = '$password'");
+
+        // Create user in the database
+        // Grant the user permissions specified in the $grants array
+        // The 'CONNECT' permission is granted automatically
+        $grants = implode(', ', static::$grants);
+
+        return $this->database()->statement("USE [$database]; CREATE USER [$username] FOR LOGIN [$username]; GRANT $grants TO [$username]");
+    }
+
+    public function deleteUser(DatabaseConfig $databaseConfig): bool
+    {
+        return $this->database()->statement("DROP LOGIN [{$databaseConfig->getUsername()}]");
+    }
+
+    public function userExists(string $username): bool
+    {
+        return (bool) $this->database()->select("SELECT sp.name as username FROM sys.server_principals sp WHERE sp.name = '{$username}'");
+    }
+
+    public function makeConnectionConfig(array $baseConfig, string $databaseName): array
+    {
+        $baseConfig['database'] = $databaseName;
+
+        return $baseConfig;
+    }
+
+    public function deleteDatabase(TenantWithDatabase $tenant): bool
+    {
+        // Close all connections to the database before deleting it
+        // Set the database to SINGLE_USER mode to ensure that
+        // No other connections are using the database while we're trying to delete it
+        // Rollback all active transactions
+        $this->database()->statement("ALTER DATABASE [{$tenant->database()->getName()}] SET SINGLE_USER WITH ROLLBACK IMMEDIATE;");
+
+        return parent::deleteDatabase($tenant);
+    }
+}