2019-11-29 17:22:56 +00:00
|
|
|
#include <Interpreters/InterpreterCreateRowPolicyQuery.h>
|
|
|
|
#include <Parsers/ASTCreateRowPolicyQuery.h>
|
2020-03-07 17:37:38 +00:00
|
|
|
#include <Parsers/ASTExtendedRoleSet.h>
|
2019-11-29 17:22:56 +00:00
|
|
|
#include <Parsers/formatAST.h>
|
|
|
|
#include <Interpreters/Context.h>
|
2020-04-05 23:03:20 +00:00
|
|
|
#include <Interpreters/DDLWorker.h>
|
2019-11-29 17:22:56 +00:00
|
|
|
#include <Access/AccessControlManager.h>
|
2020-01-26 09:49:53 +00:00
|
|
|
#include <Access/AccessFlags.h>
|
2019-11-29 17:22:56 +00:00
|
|
|
#include <boost/range/algorithm/sort.hpp>
|
|
|
|
|
|
|
|
|
|
|
|
namespace DB
|
|
|
|
{
|
2020-02-21 19:27:12 +00:00
|
|
|
namespace
|
|
|
|
{
|
|
|
|
void updateRowPolicyFromQueryImpl(
|
|
|
|
RowPolicy & policy,
|
|
|
|
const ASTCreateRowPolicyQuery & query,
|
2020-05-02 22:30:28 +00:00
|
|
|
const std::optional<ExtendedRoleSet> & roles_from_query = {})
|
2020-02-21 19:27:12 +00:00
|
|
|
{
|
|
|
|
if (query.alter)
|
|
|
|
{
|
2020-05-02 22:30:28 +00:00
|
|
|
if (!query.new_short_name.empty())
|
|
|
|
policy.setShortName(query.new_short_name);
|
2020-02-21 19:27:12 +00:00
|
|
|
}
|
|
|
|
else
|
2020-05-02 22:30:28 +00:00
|
|
|
policy.setNameParts(query.name_parts);
|
2020-02-21 19:27:12 +00:00
|
|
|
|
|
|
|
if (query.is_restrictive)
|
|
|
|
policy.setRestrictive(*query.is_restrictive);
|
|
|
|
|
2020-05-07 02:45:27 +00:00
|
|
|
for (auto condition_type : ext::range(RowPolicy::MAX_CONDITION_TYPE))
|
|
|
|
{
|
|
|
|
const auto & condition = query.conditions[condition_type];
|
|
|
|
if (condition)
|
|
|
|
policy.conditions[condition_type] = *condition ? serializeAST(**condition) : String{};
|
|
|
|
}
|
2020-02-21 19:27:12 +00:00
|
|
|
|
2020-03-07 17:37:38 +00:00
|
|
|
const ExtendedRoleSet * roles = nullptr;
|
|
|
|
std::optional<ExtendedRoleSet> temp_role_set;
|
2020-02-27 20:55:16 +00:00
|
|
|
if (roles_from_query)
|
2020-02-21 19:27:12 +00:00
|
|
|
roles = &*roles_from_query;
|
|
|
|
else if (query.roles)
|
|
|
|
roles = &temp_role_set.emplace(*query.roles);
|
|
|
|
|
|
|
|
if (roles)
|
2020-03-07 17:37:38 +00:00
|
|
|
policy.to_roles = *roles;
|
2020-02-21 19:27:12 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-11-29 17:22:56 +00:00
|
|
|
BlockIO InterpreterCreateRowPolicyQuery::execute()
|
|
|
|
{
|
2020-04-05 23:03:20 +00:00
|
|
|
auto & query = query_ptr->as<ASTCreateRowPolicyQuery &>();
|
2019-11-29 17:22:56 +00:00
|
|
|
auto & access_control = context.getAccessControlManager();
|
2020-04-02 18:31:59 +00:00
|
|
|
context.checkAccess(query.alter ? AccessType::ALTER_ROW_POLICY : AccessType::CREATE_ROW_POLICY);
|
2019-11-29 17:22:56 +00:00
|
|
|
|
2020-04-05 23:03:20 +00:00
|
|
|
if (!query.cluster.empty())
|
|
|
|
{
|
|
|
|
query.replaceCurrentUserTagWithName(context.getUserName());
|
|
|
|
return executeDDLQueryOnCluster(query_ptr, context);
|
|
|
|
}
|
|
|
|
|
2020-03-07 17:37:38 +00:00
|
|
|
std::optional<ExtendedRoleSet> roles_from_query;
|
2020-02-10 02:26:56 +00:00
|
|
|
if (query.roles)
|
2020-03-07 17:37:38 +00:00
|
|
|
roles_from_query = ExtendedRoleSet{*query.roles, access_control, context.getUserID()};
|
2020-02-10 02:26:56 +00:00
|
|
|
|
2020-05-02 22:30:28 +00:00
|
|
|
if (query.name_parts.database.empty())
|
|
|
|
query.name_parts.database = context.getCurrentDatabase();
|
2020-02-21 19:27:12 +00:00
|
|
|
|
2019-11-29 17:22:56 +00:00
|
|
|
if (query.alter)
|
|
|
|
{
|
|
|
|
auto update_func = [&](const AccessEntityPtr & entity) -> AccessEntityPtr
|
|
|
|
{
|
|
|
|
auto updated_policy = typeid_cast<std::shared_ptr<RowPolicy>>(entity->clone());
|
2020-05-02 22:30:28 +00:00
|
|
|
updateRowPolicyFromQueryImpl(*updated_policy, query, roles_from_query);
|
2019-11-29 17:22:56 +00:00
|
|
|
return updated_policy;
|
|
|
|
};
|
|
|
|
if (query.if_exists)
|
|
|
|
{
|
2020-05-02 22:30:28 +00:00
|
|
|
if (auto id = access_control.find<RowPolicy>(query.name_parts.getName()))
|
2019-11-29 17:22:56 +00:00
|
|
|
access_control.tryUpdate(*id, update_func);
|
|
|
|
}
|
|
|
|
else
|
2020-05-02 22:30:28 +00:00
|
|
|
access_control.update(access_control.getID<RowPolicy>(query.name_parts.getName()), update_func);
|
2019-11-29 17:22:56 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
auto new_policy = std::make_shared<RowPolicy>();
|
2020-05-02 22:30:28 +00:00
|
|
|
updateRowPolicyFromQueryImpl(*new_policy, query, roles_from_query);
|
2019-11-29 17:22:56 +00:00
|
|
|
|
|
|
|
if (query.if_not_exists)
|
|
|
|
access_control.tryInsert(new_policy);
|
|
|
|
else if (query.or_replace)
|
|
|
|
access_control.insertOrReplace(new_policy);
|
|
|
|
else
|
|
|
|
access_control.insert(new_policy);
|
|
|
|
}
|
|
|
|
|
|
|
|
return {};
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-02-21 19:27:12 +00:00
|
|
|
void InterpreterCreateRowPolicyQuery::updateRowPolicyFromQuery(RowPolicy & policy, const ASTCreateRowPolicyQuery & query)
|
2019-11-29 17:22:56 +00:00
|
|
|
{
|
2020-02-21 19:27:12 +00:00
|
|
|
updateRowPolicyFromQueryImpl(policy, query);
|
2019-11-29 17:22:56 +00:00
|
|
|
}
|
2020-02-21 19:27:12 +00:00
|
|
|
|
2019-11-29 17:22:56 +00:00
|
|
|
}
|