Merge pull request #70003 from ClickHouse/backport/24.9/69984

Backport #69984 to 24.9: Fix definers for parameterized views
This commit is contained in:
robot-clickhouse 2024-09-26 15:16:13 +02:00 committed by GitHub
commit 00bd70e69d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 19 additions and 2 deletions

View File

@ -2301,12 +2301,21 @@ StoragePtr Context::buildParametrizedViewStorage(const String & database_name, c
if (!storage_view || !storage_view->isParameterizedView())
return nullptr;
auto query = original_view->getInMemoryMetadataPtr()->getSelectQuery().inner_query->clone();
auto original_view_metadata = original_view->getInMemoryMetadataPtr();
auto query = original_view_metadata->getSelectQuery().inner_query->clone();
StorageView::replaceQueryParametersIfParametrizedView(query, param_values);
ASTCreateQuery create;
create.select = query->as<ASTSelectWithUnionQuery>();
auto sample_block = InterpreterSelectQueryAnalyzer::getSampleBlock(query, shared_from_this());
auto sql_security = std::make_shared<ASTSQLSecurity>();
sql_security->type = original_view_metadata->sql_security_type;
if (original_view_metadata->definer)
sql_security->definer = std::make_shared<ASTUserNameWithHost>(*original_view_metadata->definer);
create.sql_security = sql_security;
auto view_context = original_view_metadata->getSQLSecurityOverriddenContext(shared_from_this());
auto sample_block = InterpreterSelectQueryAnalyzer::getSampleBlock(query, view_context);
auto res = std::make_shared<StorageView>(StorageID(database_name, table_name),
create,
ColumnsDescription(sample_block.getNamesAndTypesList()),

View File

@ -11,6 +11,7 @@ OK
OK
2
2
1
OK
1
===== MaterializedView =====

View File

@ -58,6 +58,11 @@ AS SELECT * FROM $db.test_table;
CREATE VIEW $db.test_view_10 (s String)
SQL SECURITY DEFINER
AS SELECT * FROM $db.test_table;
CREATE VIEW $db.test_view_11 (s String)
SQL SECURITY DEFINER
AS SELECT * FROM $db.test_table
WHERE s = {param_id:String};
EOF
(( $(${CLICKHOUSE_CLIENT} --query "SHOW TABLE $db.test_view_5" 2>&1 | grep -c "INVOKER") >= 1 )) && echo "OK" || echo "UNEXPECTED"
@ -74,6 +79,7 @@ GRANT SELECT ON $db.test_view_7 TO $user2;
GRANT SELECT ON $db.test_view_8 TO $user2;
GRANT SELECT ON $db.test_view_9 TO $user2;
GRANT SELECT ON $db.test_view_10 TO $user2;
GRANT SELECT ON $db.test_view_11 TO $user2;
EOF
${CLICKHOUSE_CLIENT} --query "INSERT INTO $db.test_table VALUES ('foo'), ('bar');"
@ -88,6 +94,7 @@ ${CLICKHOUSE_CLIENT} --user $user2 --query "SELECT count() FROM $db.test_view_7"
(( $(${CLICKHOUSE_CLIENT} --user $user2 --query "SELECT * FROM $db.test_view_8" 2>&1 | grep -c "Not enough privileges") >= 1 )) && echo "OK" || echo "UNEXPECTED"
${CLICKHOUSE_CLIENT} --user $user2 --query "SELECT count() FROM $db.test_view_9"
${CLICKHOUSE_CLIENT} --user $user2 --query "SELECT count() FROM $db.test_view_10"
${CLICKHOUSE_CLIENT} --user $user2 --query "SELECT count() FROM $db.test_view_11(param_id='foo')"
${CLICKHOUSE_CLIENT} --query "ALTER TABLE $db.test_view_10 MODIFY SQL SECURITY INVOKER"
(( $(${CLICKHOUSE_CLIENT} --user $user2 --query "SELECT * FROM $db.test_view_10" 2>&1 | grep -c "Not enough privileges") >= 1 )) && echo "OK" || echo "UNEXPECTED"