2020-02-04 22:37:04 +00:00
|
|
|
#include <Interpreters/InterpreterCreateUserQuery.h>
|
|
|
|
#include <Interpreters/Context.h>
|
2020-02-17 02:59:56 +00:00
|
|
|
#include <Interpreters/InterpreterSetRoleQuery.h>
|
|
|
|
#include <Parsers/ASTCreateUserQuery.h>
|
2020-02-04 22:37:04 +00:00
|
|
|
#include <Access/AccessControlManager.h>
|
|
|
|
#include <Access/User.h>
|
2020-03-07 17:37:38 +00:00
|
|
|
#include <Access/ExtendedRoleSet.h>
|
|
|
|
#include <Access/ContextAccess.h>
|
2020-02-17 02:59:56 +00:00
|
|
|
#include <boost/range/algorithm/copy.hpp>
|
2020-02-04 22:37:04 +00:00
|
|
|
|
|
|
|
|
|
|
|
namespace DB
|
|
|
|
{
|
2020-02-21 19:27:12 +00:00
|
|
|
namespace
|
2020-02-17 02:59:56 +00:00
|
|
|
{
|
2020-03-07 17:37:38 +00:00
|
|
|
void updateUserFromQueryImpl(User & user, const ASTCreateUserQuery & query, const std::optional<ExtendedRoleSet> & default_roles_from_query = {})
|
2020-02-21 19:27:12 +00:00
|
|
|
{
|
|
|
|
if (query.alter)
|
|
|
|
{
|
|
|
|
if (!query.new_name.empty())
|
|
|
|
user.setName(query.new_name);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
user.setName(query.name);
|
|
|
|
|
|
|
|
if (query.authentication)
|
|
|
|
user.authentication = *query.authentication;
|
|
|
|
|
|
|
|
if (query.hosts)
|
|
|
|
user.allowed_client_hosts = *query.hosts;
|
|
|
|
if (query.remove_hosts)
|
|
|
|
user.allowed_client_hosts.remove(*query.remove_hosts);
|
|
|
|
if (query.add_hosts)
|
|
|
|
user.allowed_client_hosts.add(*query.add_hosts);
|
|
|
|
|
2020-03-07 17:37:38 +00:00
|
|
|
const ExtendedRoleSet * default_roles = nullptr;
|
|
|
|
std::optional<ExtendedRoleSet> temp_role_set;
|
2020-02-27 20:55:16 +00:00
|
|
|
if (default_roles_from_query)
|
2020-02-21 19:27:12 +00:00
|
|
|
default_roles = &*default_roles_from_query;
|
|
|
|
else if (query.default_roles)
|
|
|
|
default_roles = &temp_role_set.emplace(*query.default_roles);
|
|
|
|
|
|
|
|
if (default_roles)
|
|
|
|
{
|
|
|
|
if (!query.alter && !default_roles->all)
|
|
|
|
boost::range::copy(default_roles->getMatchingIDs(), std::inserter(user.granted_roles, user.granted_roles.end()));
|
|
|
|
|
|
|
|
InterpreterSetRoleQuery::updateUserSetDefaultRoles(user, *default_roles);
|
|
|
|
}
|
|
|
|
}
|
2020-02-17 02:59:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-02-04 22:37:04 +00:00
|
|
|
BlockIO InterpreterCreateUserQuery::execute()
|
|
|
|
{
|
|
|
|
const auto & query = query_ptr->as<const ASTCreateUserQuery &>();
|
|
|
|
auto & access_control = context.getAccessControlManager();
|
2020-03-07 17:37:38 +00:00
|
|
|
auto access = context.getAccess();
|
|
|
|
access->checkAccess(query.alter ? AccessType::ALTER_USER : AccessType::CREATE_USER);
|
2020-02-04 22:37:04 +00:00
|
|
|
|
2020-03-07 17:37:38 +00:00
|
|
|
std::optional<ExtendedRoleSet> default_roles_from_query;
|
2020-02-17 02:59:56 +00:00
|
|
|
if (query.default_roles)
|
|
|
|
{
|
2020-03-07 17:37:38 +00:00
|
|
|
default_roles_from_query = ExtendedRoleSet{*query.default_roles, access_control};
|
2020-02-17 02:59:56 +00:00
|
|
|
if (!query.alter && !default_roles_from_query->all)
|
|
|
|
{
|
|
|
|
for (const UUID & role : default_roles_from_query->getMatchingIDs())
|
2020-03-07 17:37:38 +00:00
|
|
|
access->checkAdminOption(role);
|
2020-02-17 02:59:56 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-02-04 22:37:04 +00:00
|
|
|
if (query.alter)
|
|
|
|
{
|
|
|
|
auto update_func = [&](const AccessEntityPtr & entity) -> AccessEntityPtr
|
|
|
|
{
|
|
|
|
auto updated_user = typeid_cast<std::shared_ptr<User>>(entity->clone());
|
2020-02-21 19:27:12 +00:00
|
|
|
updateUserFromQueryImpl(*updated_user, query, default_roles_from_query);
|
2020-02-04 22:37:04 +00:00
|
|
|
return updated_user;
|
|
|
|
};
|
|
|
|
if (query.if_exists)
|
|
|
|
{
|
|
|
|
if (auto id = access_control.find<User>(query.name))
|
|
|
|
access_control.tryUpdate(*id, update_func);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
access_control.update(access_control.getID<User>(query.name), update_func);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
auto new_user = std::make_shared<User>();
|
2020-02-21 19:27:12 +00:00
|
|
|
updateUserFromQueryImpl(*new_user, query, default_roles_from_query);
|
2020-02-04 22:37:04 +00:00
|
|
|
|
|
|
|
if (query.if_not_exists)
|
|
|
|
access_control.tryInsert(new_user);
|
|
|
|
else if (query.or_replace)
|
|
|
|
access_control.insertOrReplace(new_user);
|
|
|
|
else
|
|
|
|
access_control.insert(new_user);
|
|
|
|
}
|
|
|
|
|
|
|
|
return {};
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-02-21 19:27:12 +00:00
|
|
|
void InterpreterCreateUserQuery::updateUserFromQuery(User & user, const ASTCreateUserQuery & query)
|
2020-02-04 22:37:04 +00:00
|
|
|
{
|
2020-02-21 19:27:12 +00:00
|
|
|
updateUserFromQueryImpl(user, query);
|
2020-02-04 22:37:04 +00:00
|
|
|
}
|
2020-02-17 02:59:56 +00:00
|
|
|
|
2020-02-04 22:37:04 +00:00
|
|
|
}
|