From 6a05a7d51aaf069772a525ff10cedcbc4fe191f3 Mon Sep 17 00:00:00 2001 From: caspian Date: Fri, 16 Jul 2021 14:39:14 +0800 Subject: [PATCH] just drop old privileges and assign new --- src/Access/GrantedRoles.cpp | 33 ---------------------- src/Access/GrantedRoles.h | 4 --- src/Interpreters/InterpreterGrantQuery.cpp | 24 ++++++---------- 3 files changed, 8 insertions(+), 53 deletions(-) diff --git a/src/Access/GrantedRoles.cpp b/src/Access/GrantedRoles.cpp index c6d4d8561c3..f4df92770d6 100644 --- a/src/Access/GrantedRoles.cpp +++ b/src/Access/GrantedRoles.cpp @@ -2,7 +2,6 @@ #include #include #include -#include namespace DB { @@ -167,36 +166,4 @@ void GrantedRoles::makeIntersection(const GrantedRoles & other) return other.roles_with_admin_option.find(id) == other.roles_with_admin_option.end(); }); } - -void GrantedRoles::grantByReplace(const std::vector & roles_) -{ - eraseExcept(roles, roles_); -} - -void GrantedRoles::grantByReplaceWithAdminOption(const std::vector & roles_) -{ - eraseExcept(roles_with_admin_option, roles_); -} - -void eraseExcept(boost::container::flat_set & data_set, const std::vector & ids) -{ - if (ids.size() == 0) - { - data_set.clear(); - return; - } - - std::set t; - for (const UUID & id : ids) - { - t.insert(id); - if (data_set.count(id) == 0) - data_set.insert(id); - } - - for (const UUID & role : data_set) - if (!t.contains(role)) - data_set.erase(role); -} - } diff --git a/src/Access/GrantedRoles.h b/src/Access/GrantedRoles.h index 27919da15d9..75ea56aba96 100644 --- a/src/Access/GrantedRoles.h +++ b/src/Access/GrantedRoles.h @@ -18,8 +18,6 @@ public: void grant(const std::vector & roles_); void grantWithAdminOption(const UUID & role_); void grantWithAdminOption(const std::vector & roles_); - void grantByReplace(const std::vector & roles_); - void grantByReplaceWithAdminOption(const std::vector & roles_); void revoke(const UUID & role_); void revoke(const std::vector & roles_); @@ -60,6 +58,4 @@ private: boost::container::flat_set roles; boost::container::flat_set roles_with_admin_option; }; - -void eraseExcept(boost::container::flat_set & data_set, const std::vector & ids); } diff --git a/src/Interpreters/InterpreterGrantQuery.cpp b/src/Interpreters/InterpreterGrantQuery.cpp index 195f88eb1d3..10b35ec5921 100644 --- a/src/Interpreters/InterpreterGrantQuery.cpp +++ b/src/Interpreters/InterpreterGrantQuery.cpp @@ -35,14 +35,9 @@ namespace else { if (query.is_replace) - { - AccessRights tmp; - tmp.grant(query.access_rights_elements); - grantee.access.makeIntersection(tmp); - grantee.access.grant(query.access_rights_elements); - } - else - grantee.access.grant(query.access_rights_elements); + grantee.access = {}; + + grantee.access.grant(query.access_rights_elements); } } @@ -57,16 +52,13 @@ namespace } else { + if (query.is_replace) + grantee.granted_roles = {}; + if (query.admin_option) - if (query.is_replace) - grantee.granted_roles.grantByReplaceWithAdminOption(roles_to_grant_or_revoke); - else - grantee.granted_roles.grantWithAdminOption(roles_to_grant_or_revoke); + grantee.granted_roles.grantWithAdminOption(roles_to_grant_or_revoke); else - if (query.is_replace) - grantee.granted_roles.grantByReplace(roles_to_grant_or_revoke); - else - grantee.granted_roles.grant(roles_to_grant_or_revoke); + grantee.granted_roles.grant(roles_to_grant_or_revoke); } } }