From 223db31cb62356b9676929cf1be03fe45767bff1 Mon Sep 17 00:00:00 2001
From: Salvatore Mesoraca <salvatore.mesoraca@aiven.io>
Date: Wed, 29 Nov 2023 14:37:28 +0100
Subject: [PATCH] Prevent dictionary ACL bypass via dictionary table function

---
 src/TableFunctions/TableFunctionDictionary.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/TableFunctions/TableFunctionDictionary.cpp b/src/TableFunctions/TableFunctionDictionary.cpp
index 5249487f1f5..867fbf5b11e 100644
--- a/src/TableFunctions/TableFunctionDictionary.cpp
+++ b/src/TableFunctions/TableFunctionDictionary.cpp
@@ -2,6 +2,8 @@
 
 #include <Parsers/ASTLiteral.h>
 
+#include <Access/Common/AccessFlags.h>
+
 #include <DataTypes/DataTypeArray.h>
 #include <DataTypes/DataTypeString.h>
 #include <DataTypes/DataTypesNumber.h>
@@ -78,6 +80,7 @@ ColumnsDescription TableFunctionDictionary::getActualTableStructure(ContextPtr c
 StoragePtr TableFunctionDictionary::executeImpl(
     const ASTPtr &, ContextPtr context, const std::string & table_name, ColumnsDescription, bool is_insert_query) const
 {
+    context->checkAccess(AccessType::dictGet, getDatabaseName(), table_name);
     StorageID dict_id(getDatabaseName(), table_name);
     auto dictionary_table_structure = getActualTableStructure(context, is_insert_query);