ClickHouse/src/Interpreters/Access/InterpreterCreateRowPolicyQuery.cpp

108 lines
3.6 KiB
C++
Raw Normal View History

#include <Interpreters/Access/InterpreterCreateRowPolicyQuery.h>
#include <Parsers/Access/ASTCreateRowPolicyQuery.h>
#include <Parsers/Access/ASTRowPolicyName.h>
#include <Parsers/Access/ASTRolesOrUsersSet.h>
2019-11-29 17:22:56 +00:00
#include <Parsers/formatAST.h>
#include <Access/AccessControl.h>
#include <Access/Common/AccessFlags.h>
2019-11-29 17:22:56 +00:00
#include <Interpreters/Context.h>
2020-11-03 13:47:26 +00:00
#include <Interpreters/executeDDLQueryOnCluster.h>
2019-11-29 17:22:56 +00:00
#include <boost/range/algorithm/sort.hpp>
namespace DB
{
namespace
{
void updateRowPolicyFromQueryImpl(
RowPolicy & policy,
const ASTCreateRowPolicyQuery & query,
const RowPolicyName & override_name,
const std::optional<RolesOrUsersSet> & override_to_roles)
{
if (!override_name.empty())
policy.setFullName(override_name);
else if (!query.new_short_name.empty())
policy.setShortName(query.new_short_name);
else if (query.names->full_names.size() == 1)
policy.setFullName(query.names->full_names.front());
if (query.is_restrictive)
policy.setRestrictive(*query.is_restrictive);
for (const auto & [condition_type, condition] : query.conditions)
policy.conditions[condition_type] = condition ? serializeAST(*condition) : String{};
if (override_to_roles)
policy.to_roles = *override_to_roles;
else if (query.roles)
policy.to_roles = *query.roles;
}
}
2019-11-29 17:22:56 +00:00
BlockIO InterpreterCreateRowPolicyQuery::execute()
{
auto & query = query_ptr->as<ASTCreateRowPolicyQuery &>();
auto & access_control = getContext()->getAccessControl();
getContext()->checkAccess(query.alter ? AccessType::ALTER_ROW_POLICY : AccessType::CREATE_ROW_POLICY);
2019-11-29 17:22:56 +00:00
if (!query.cluster.empty())
{
query.replaceCurrentUserTag(getContext()->getUserName());
return executeDDLQueryOnCluster(query_ptr, getContext());
}
assert(query.names->cluster.empty());
std::optional<RolesOrUsersSet> roles_from_query;
if (query.roles)
roles_from_query = RolesOrUsersSet{*query.roles, access_control, getContext()->getUserID()};
query.replaceEmptyDatabase(getContext()->getCurrentDatabase());
2019-11-29 17:22:56 +00:00
if (query.alter)
{
auto update_func = [&](const AccessEntityPtr & entity) -> AccessEntityPtr
{
auto updated_policy = typeid_cast<std::shared_ptr<RowPolicy>>(entity->clone());
updateRowPolicyFromQueryImpl(*updated_policy, query, {}, roles_from_query);
2019-11-29 17:22:56 +00:00
return updated_policy;
};
Strings names = query.names->toStrings();
2019-11-29 17:22:56 +00:00
if (query.if_exists)
{
auto ids = access_control.find<RowPolicy>(names);
access_control.tryUpdate(ids, update_func);
2019-11-29 17:22:56 +00:00
}
else
access_control.update(access_control.getIDs<RowPolicy>(names), update_func);
2019-11-29 17:22:56 +00:00
}
else
{
std::vector<AccessEntityPtr> new_policies;
for (const auto & full_name : query.names->full_names)
{
auto new_policy = std::make_shared<RowPolicy>();
updateRowPolicyFromQueryImpl(*new_policy, query, full_name, roles_from_query);
new_policies.emplace_back(std::move(new_policy));
}
2019-11-29 17:22:56 +00:00
if (query.if_not_exists)
access_control.tryInsert(new_policies);
2019-11-29 17:22:56 +00:00
else if (query.or_replace)
access_control.insertOrReplace(new_policies);
2019-11-29 17:22:56 +00:00
else
access_control.insert(new_policies);
2019-11-29 17:22:56 +00:00
}
return {};
}
void InterpreterCreateRowPolicyQuery::updateRowPolicyFromQuery(RowPolicy & policy, const ASTCreateRowPolicyQuery & query)
2019-11-29 17:22:56 +00:00
{
updateRowPolicyFromQueryImpl(policy, query, {}, {});
2019-11-29 17:22:56 +00:00
}
2019-11-29 17:22:56 +00:00
}