thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-26 01:22:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix default database with grant on cluster

Browse Source
This commit is contained in:
pufit 2024-06-03 18:43:08 -04:00
parent ecc6836dee
commit 62aacc5539
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Interpreters/Access/InterpreterGrantQuery.cpp
View File

@ -438,6 +438,11 @@ BlockIO InterpreterGrantQuery::execute()
RolesOrUsersSet roles_to_revoke;
collectRolesToGrantOrRevoke(access_control, query, roles_to_grant, roles_to_revoke);
/// Check if the current user has corresponding access rights granted with grant option.
String current_database = getContext()->getCurrentDatabase();
elements_to_grant.replaceEmptyDatabase(current_database);
elements_to_revoke.replaceEmptyDatabase(current_database);
/// Executing on cluster.
if (!query.cluster.empty())
{
@ -452,10 +457,6 @@ BlockIO InterpreterGrantQuery::execute()
return executeDDLQueryOnCluster(updated_query, getContext(), params);
}
/// Check if the current user has corresponding access rights granted with grant option.
String current_database = getContext()->getCurrentDatabase();
elements_to_grant.replaceEmptyDatabase(current_database);
elements_to_revoke.replaceEmptyDatabase(current_database);
bool need_check_grantees_are_allowed = true;
if (!query.current_grants)
checkGrantOption(access_control, *current_user_access, grantees, need_check_grantees_are_allowed, elements_to_grant, elements_to_revoke);

10
tests/integration/test_access_control_on_cluster/test.py
View File

@ -74,3 +74,13 @@ def test_grant_all_on_cluster():
assert ch2.query("SHOW GRANTS FOR Alex") == "GRANT ALL ON *.* TO Alex\n"
ch1.query("DROP USER Alex ON CLUSTER 'cluster'")
def test_grant_current_database_on_cluster():
ch1.query("CREATE DATABASE user_db ON CLUSTER 'cluster'")
ch1.query("CREATE USER IF NOT EXISTS test_user ON CLUSTER 'cluster' DEFAULT DATABASE user_db")
ch1.query("GRANT SELECT ON user_db.* TO test_user ON CLUSTER 'cluster' WITH GRANT OPTION")
assert ch1.query("SHOW DATABASES", user="test_user") == "user_db\n"
ch1.query("GRANT SELECT ON * TO test_user ON CLUSTER 'cluster'", user="test_user")
assert ch1.query("SHOW DATABASES", user="test_user") == "user_db\n"