2021-10-31 08:51:20 +00:00
|
|
|
#include <Interpreters/Access/InterpreterCreateRowPolicyQuery.h>
|
|
|
|
#include <Parsers/Access/ASTCreateRowPolicyQuery.h>
|
|
|
|
#include <Parsers/Access/ASTRowPolicyName.h>
|
|
|
|
#include <Parsers/Access/ASTRolesOrUsersSet.h>
|
2019-11-29 17:22:56 +00:00
|
|
|
#include <Parsers/formatAST.h>
|
2021-11-02 11:06:20 +00:00
|
|
|
#include <Access/AccessControl.h>
|
2021-10-31 08:51:20 +00:00
|
|
|
#include <Access/Common/AccessFlags.h>
|
2019-11-29 17:22:56 +00:00
|
|
|
#include <Interpreters/Context.h>
|
2020-11-03 13:47:26 +00:00
|
|
|
#include <Interpreters/executeDDLQueryOnCluster.h>
|
2019-11-29 17:22:56 +00:00
|
|
|
#include <boost/range/algorithm/sort.hpp>
|
|
|
|
|
|
|
|
|
|
|
|
namespace DB
|
|
|
|
{
|
2020-02-21 19:27:12 +00:00
|
|
|
namespace
|
|
|
|
{
|
|
|
|
void updateRowPolicyFromQueryImpl(
|
|
|
|
RowPolicy & policy,
|
|
|
|
const ASTCreateRowPolicyQuery & query,
|
2021-11-18 07:45:52 +00:00
|
|
|
const RowPolicyName & override_name,
|
2020-05-30 20:10:45 +00:00
|
|
|
const std::optional<RolesOrUsersSet> & override_to_roles)
|
2020-02-21 19:27:12 +00:00
|
|
|
{
|
2020-05-30 14:18:08 +00:00
|
|
|
if (!override_name.empty())
|
2021-11-18 07:45:52 +00:00
|
|
|
policy.setFullName(override_name);
|
2020-05-30 14:18:08 +00:00
|
|
|
else if (!query.new_short_name.empty())
|
|
|
|
policy.setShortName(query.new_short_name);
|
2021-11-18 07:45:52 +00:00
|
|
|
else if (query.names->full_names.size() == 1)
|
|
|
|
policy.setFullName(query.names->full_names.front());
|
2020-02-21 19:27:12 +00:00
|
|
|
|
|
|
|
if (query.is_restrictive)
|
|
|
|
policy.setRestrictive(*query.is_restrictive);
|
|
|
|
|
2020-06-05 18:56:33 +00:00
|
|
|
for (const auto & [condition_type, condition] : query.conditions)
|
|
|
|
policy.conditions[condition_type] = condition ? serializeAST(*condition) : String{};
|
2020-02-21 19:27:12 +00:00
|
|
|
|
2020-05-30 14:18:08 +00:00
|
|
|
if (override_to_roles)
|
|
|
|
policy.to_roles = *override_to_roles;
|
2020-02-21 19:27:12 +00:00
|
|
|
else if (query.roles)
|
2020-05-30 14:18:08 +00:00
|
|
|
policy.to_roles = *query.roles;
|
2020-02-21 19:27:12 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-11-29 17:22:56 +00:00
|
|
|
BlockIO InterpreterCreateRowPolicyQuery::execute()
|
|
|
|
{
|
2020-04-05 23:03:20 +00:00
|
|
|
auto & query = query_ptr->as<ASTCreateRowPolicyQuery &>();
|
2021-11-02 11:06:20 +00:00
|
|
|
auto & access_control = getContext()->getAccessControl();
|
2021-04-10 23:33:54 +00:00
|
|
|
getContext()->checkAccess(query.alter ? AccessType::ALTER_ROW_POLICY : AccessType::CREATE_ROW_POLICY);
|
2019-11-29 17:22:56 +00:00
|
|
|
|
2020-04-05 23:03:20 +00:00
|
|
|
if (!query.cluster.empty())
|
|
|
|
{
|
2021-04-10 23:33:54 +00:00
|
|
|
query.replaceCurrentUserTag(getContext()->getUserName());
|
|
|
|
return executeDDLQueryOnCluster(query_ptr, getContext());
|
2020-04-05 23:03:20 +00:00
|
|
|
}
|
|
|
|
|
2020-05-30 14:18:08 +00:00
|
|
|
assert(query.names->cluster.empty());
|
2020-05-30 20:10:45 +00:00
|
|
|
std::optional<RolesOrUsersSet> roles_from_query;
|
2020-02-10 02:26:56 +00:00
|
|
|
if (query.roles)
|
2021-04-10 23:33:54 +00:00
|
|
|
roles_from_query = RolesOrUsersSet{*query.roles, access_control, getContext()->getUserID()};
|
2020-02-10 02:26:56 +00:00
|
|
|
|
2021-04-10 23:33:54 +00:00
|
|
|
query.replaceEmptyDatabase(getContext()->getCurrentDatabase());
|
2020-02-21 19:27:12 +00:00
|
|
|
|
2019-11-29 17:22:56 +00:00
|
|
|
if (query.alter)
|
|
|
|
{
|
|
|
|
auto update_func = [&](const AccessEntityPtr & entity) -> AccessEntityPtr
|
|
|
|
{
|
|
|
|
auto updated_policy = typeid_cast<std::shared_ptr<RowPolicy>>(entity->clone());
|
2020-05-30 14:18:08 +00:00
|
|
|
updateRowPolicyFromQueryImpl(*updated_policy, query, {}, roles_from_query);
|
2019-11-29 17:22:56 +00:00
|
|
|
return updated_policy;
|
|
|
|
};
|
2020-05-30 14:18:08 +00:00
|
|
|
Strings names = query.names->toStrings();
|
2019-11-29 17:22:56 +00:00
|
|
|
if (query.if_exists)
|
|
|
|
{
|
2020-05-30 14:18:08 +00:00
|
|
|
auto ids = access_control.find<RowPolicy>(names);
|
|
|
|
access_control.tryUpdate(ids, update_func);
|
2019-11-29 17:22:56 +00:00
|
|
|
}
|
|
|
|
else
|
2020-05-30 14:18:08 +00:00
|
|
|
access_control.update(access_control.getIDs<RowPolicy>(names), update_func);
|
2019-11-29 17:22:56 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2020-05-30 14:18:08 +00:00
|
|
|
std::vector<AccessEntityPtr> new_policies;
|
2021-11-18 07:45:52 +00:00
|
|
|
for (const auto & full_name : query.names->full_names)
|
2020-05-30 14:18:08 +00:00
|
|
|
{
|
|
|
|
auto new_policy = std::make_shared<RowPolicy>();
|
2021-11-18 07:45:52 +00:00
|
|
|
updateRowPolicyFromQueryImpl(*new_policy, query, full_name, roles_from_query);
|
2020-05-30 14:18:08 +00:00
|
|
|
new_policies.emplace_back(std::move(new_policy));
|
|
|
|
}
|
2019-11-29 17:22:56 +00:00
|
|
|
|
|
|
|
if (query.if_not_exists)
|
2020-05-30 14:18:08 +00:00
|
|
|
access_control.tryInsert(new_policies);
|
2019-11-29 17:22:56 +00:00
|
|
|
else if (query.or_replace)
|
2020-05-30 14:18:08 +00:00
|
|
|
access_control.insertOrReplace(new_policies);
|
2019-11-29 17:22:56 +00:00
|
|
|
else
|
2020-05-30 14:18:08 +00:00
|
|
|
access_control.insert(new_policies);
|
2019-11-29 17:22:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return {};
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-02-21 19:27:12 +00:00
|
|
|
void InterpreterCreateRowPolicyQuery::updateRowPolicyFromQuery(RowPolicy & policy, const ASTCreateRowPolicyQuery & query)
|
2019-11-29 17:22:56 +00:00
|
|
|
{
|
2020-05-30 14:18:08 +00:00
|
|
|
updateRowPolicyFromQueryImpl(policy, query, {}, {});
|
2019-11-29 17:22:56 +00:00
|
|
|
}
|
2020-02-21 19:27:12 +00:00
|
|
|
|
2019-11-29 17:22:56 +00:00
|
|
|
}
|