just drop old privileges and assign new

2024-11-25 17:12:03 +00:00 · 2021-07-16 14:39:14 +08:00 · 2021-07-16 14:39:14 +08:00 · 6a05a7d51a
commit 6a05a7d51a
parent 869f70d28f
3 changed files with 8 additions and 53 deletions
--- a/src/Access/GrantedRoles.cpp
+++ b/src/Access/GrantedRoles.cpp
@ -2,7 +2,6 @@
 #include <Access/RolesOrUsersSet.h>
 #include <boost/range/algorithm/set_algorithm.hpp>
 #include <boost/range/algorithm_ext/erase.hpp>
-#include <set>

 namespace DB
 {
@ -167,36 +166,4 @@ void GrantedRoles::makeIntersection(const GrantedRoles & other)
        return other.roles_with_admin_option.find(id) == other.roles_with_admin_option.end();
    });
 }
-
-void GrantedRoles::grantByReplace(const std::vector<UUID> & roles_)
-{
-    eraseExcept(roles, roles_);
-}
-
-void GrantedRoles::grantByReplaceWithAdminOption(const std::vector<UUID> & roles_)
-{
-    eraseExcept(roles_with_admin_option, roles_);
-}
-
-void eraseExcept(boost::container::flat_set<UUID> & data_set, const std::vector<UUID> & ids)
-{
-    if (ids.size() == 0)
-    {
-        data_set.clear();
-        return;
-    }
-
-    std::set<UUID> t;
-    for (const UUID & id : ids)
-    {
-        t.insert(id);
-        if (data_set.count(id) == 0)
-            data_set.insert(id);
-    }
-
-    for (const UUID & role : data_set)
-        if (!t.contains(role))
-            data_set.erase(role);
-}
-
 }
--- a/src/Access/GrantedRoles.h
+++ b/src/Access/GrantedRoles.h
@ -18,8 +18,6 @@ public:
    void grant(const std::vector<UUID> & roles_);
    void grantWithAdminOption(const UUID & role_);
    void grantWithAdminOption(const std::vector<UUID> & roles_);
-    void grantByReplace(const std::vector<UUID> & roles_);
-    void grantByReplaceWithAdminOption(const std::vector<UUID> & roles_);

    void revoke(const UUID & role_);
    void revoke(const std::vector<UUID> & roles_);
@ -60,6 +58,4 @@ private:
    boost::container::flat_set<UUID> roles;
    boost::container::flat_set<UUID> roles_with_admin_option;
 };
-
-void eraseExcept(boost::container::flat_set<UUID> & data_set, const std::vector<UUID> & ids);
 }
--- a/src/Interpreters/InterpreterGrantQuery.cpp
+++ b/src/Interpreters/InterpreterGrantQuery.cpp
@ -35,14 +35,9 @@ namespace
            else
            {
                if (query.is_replace)
-                {
-                    AccessRights tmp;
-                    tmp.grant(query.access_rights_elements);
-                    grantee.access.makeIntersection(tmp);
-                    grantee.access.grant(query.access_rights_elements);
-                }
-                else
-                    grantee.access.grant(query.access_rights_elements);
+                    grantee.access = {};
+
+                grantee.access.grant(query.access_rights_elements);
            }
        }

@ -57,16 +52,13 @@ namespace
            }
            else
            {
+                if (query.is_replace)
+                    grantee.granted_roles = {};
+
                if (query.admin_option)
-                    if (query.is_replace)
-                        grantee.granted_roles.grantByReplaceWithAdminOption(roles_to_grant_or_revoke);
-                    else
-                        grantee.granted_roles.grantWithAdminOption(roles_to_grant_or_revoke);
+                    grantee.granted_roles.grantWithAdminOption(roles_to_grant_or_revoke);
                else
-                    if (query.is_replace)
-                        grantee.granted_roles.grantByReplace(roles_to_grant_or_revoke);
-                    else
-                        grantee.granted_roles.grant(roles_to_grant_or_revoke);
+                    grantee.granted_roles.grant(roles_to_grant_or_revoke);
            }
        }
    }