thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-21 15:12:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix using the current database for access checking when the database isn't specified.

Browse Source
This commit is contained in:
Vitaly Baranov 2020-04-11 01:23:27 +03:00
parent 1b6b9e77fe
commit 2e55d44e57
2 changed files with 27 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/Access/ContextAccess.cpp
View File

@ -196,7 +196,7 @@ bool ContextAccess::isClientHostAllowed() const
template <int mode, bool grant_option, typename... Args>
bool ContextAccess::checkAccessImpl(Poco::Logger * log_, const AccessFlags & flags, const Args &... args) const
bool ContextAccess::calculateResultAccessAndCheck(Poco::Logger * log_, const AccessFlags & flags, const Args &... args) const
{
auto access = calculateResultAccess(grant_option);
bool is_granted = access->isGranted(flags, args...);
@ -267,6 +267,22 @@ bool ContextAccess::checkAccessImpl(Poco::Logger * log_, const AccessFlags & fla
}
template <int mode, bool grant_option>
bool ContextAccess::checkAccessImpl(Poco::Logger * log_, const AccessFlags & flags) const
{
return calculateResultAccessAndCheck<mode, grant_option>(log_, flags);
}
template <int mode, bool grant_option, typename... Args>
bool ContextAccess::checkAccessImpl(Poco::Logger * log_, const AccessFlags & flags, const std::string_view & database, const Args &... args) const
{
if (database.empty())
return calculateResultAccessAndCheck<mode, grant_option>(log_, flags, params.current_database, args...);
else
return calculateResultAccessAndCheck<mode, grant_option>(log_, flags, database, args...);
}
template <int mode, bool grant_option>
bool ContextAccess::checkAccessImpl(Poco::Logger * log_, const AccessRightsElement & element) const
{
@ -276,24 +292,15 @@ bool ContextAccess::checkAccessImpl(Poco::Logger * log_, const AccessRightsEleme
}
else if (element.any_table)
{
if (element.database.empty())
return checkAccessImpl<mode, grant_option>(log_, element.access_flags, params.current_database);
else
return checkAccessImpl<mode, grant_option>(log_, element.access_flags, element.database);
return checkAccessImpl<mode, grant_option>(log_, element.access_flags, element.database);
}
else if (element.any_column)
{
if (element.database.empty())
return checkAccessImpl<mode, grant_option>(log_, element.access_flags, params.current_database, element.table);
else
return checkAccessImpl<mode, grant_option>(log_, element.access_flags, element.database, element.table);
return checkAccessImpl<mode, grant_option>(log_, element.access_flags, element.database, element.table);
}
else
{
if (element.database.empty())
return checkAccessImpl<mode, grant_option>(log_, element.access_flags, params.current_database, element.table, element.columns);
else
return checkAccessImpl<mode, grant_option>(log_, element.access_flags, element.database, element.table, element.columns);
return checkAccessImpl<mode, grant_option>(log_, element.access_flags, element.database, element.table, element.columns);
}
}

8
src/Access/ContextAccess.h
View File

@ -130,8 +130,11 @@ private:
void setRolesInfo(const std::shared_ptr<const EnabledRolesInfo> & roles_info_) const;
void setSettingsAndConstraints() const;
template <int mode, bool grant_option>
bool checkAccessImpl(Poco::Logger * log_, const AccessFlags & flags) const;
template <int mode, bool grant_option, typename... Args>
bool checkAccessImpl(Poco::Logger * log_, const AccessFlags & flags, const Args &... args) const;
bool checkAccessImpl(Poco::Logger * log_, const AccessFlags & flags, const std::string_view & database, const Args &... args) const;
template <int mode, bool grant_option>
bool checkAccessImpl(Poco::Logger * log_, const AccessRightsElement & element) const;
@ -139,6 +142,9 @@ private:
template <int mode, bool grant_option>
bool checkAccessImpl(Poco::Logger * log_, const AccessRightsElements & elements) const;
template <int mode, bool grant_option, typename... Args>
bool calculateResultAccessAndCheck(Poco::Logger * log_, const AccessFlags & flags, const Args &... args) const;
boost::shared_ptr<const AccessRights> calculateResultAccess(bool grant_option) const;
boost::shared_ptr<const AccessRights> calculateResultAccess(bool grant_option, UInt64 readonly_, bool allow_ddl_, bool allow_introspection_) const;