mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-22 15:42:02 +00:00
Rename ExtendedRoleSet => RolesOrUsersSet.
This commit is contained in:
parent
9f31184d76
commit
92b9f4a88d
@ -64,19 +64,23 @@ namespace
|
||||
|
||||
bool parseImpl(Pos & pos, ASTPtr & node, Expected & expected) override
|
||||
{
|
||||
if (ParserCreateUserQuery{}.enableAttachMode(true).parse(pos, node, expected))
|
||||
return true;
|
||||
if (ParserCreateRoleQuery{}.enableAttachMode(true).parse(pos, node, expected))
|
||||
return true;
|
||||
if (ParserCreateRowPolicyQuery{}.enableAttachMode(true).parse(pos, node, expected))
|
||||
return true;
|
||||
if (ParserCreateQuotaQuery{}.enableAttachMode(true).parse(pos, node, expected))
|
||||
return true;
|
||||
if (ParserCreateSettingsProfileQuery{}.enableAttachMode(true).parse(pos, node, expected))
|
||||
return true;
|
||||
if (ParserGrantQuery{}.enableAttachMode(true).parse(pos, node, expected))
|
||||
return true;
|
||||
return false;
|
||||
ParserCreateUserQuery create_user_p;
|
||||
ParserCreateRoleQuery create_role_p;
|
||||
ParserCreateRowPolicyQuery create_policy_p;
|
||||
ParserCreateQuotaQuery create_quota_p;
|
||||
ParserCreateSettingsProfileQuery create_profile_p;
|
||||
ParserGrantQuery grant_p;
|
||||
|
||||
create_user_p.useAttachMode();
|
||||
create_role_p.useAttachMode();
|
||||
create_policy_p.useAttachMode();
|
||||
create_quota_p.useAttachMode();
|
||||
create_profile_p.useAttachMode();
|
||||
grant_p.useAttachMode();
|
||||
|
||||
return create_user_p.parse(pos, node, expected) || create_role_p.parse(pos, node, expected)
|
||||
|| create_policy_p.parse(pos, node, expected) || create_quota_p.parse(pos, node, expected)
|
||||
|| create_profile_p.parse(pos, node, expected) || grant_p.parse(pos, node, expected);
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#pragma once
|
||||
|
||||
#include <Access/IAccessEntity.h>
|
||||
#include <Access/ExtendedRoleSet.h>
|
||||
#include <Access/RolesOrUsersSet.h>
|
||||
#include <boost/lexical_cast.hpp>
|
||||
#include <chrono>
|
||||
|
||||
@ -91,7 +91,7 @@ struct Quota : public IAccessEntity
|
||||
KeyType key_type = KeyType::NONE;
|
||||
|
||||
/// Which roles or users should use this quota.
|
||||
ExtendedRoleSet to_roles;
|
||||
RolesOrUsersSet to_roles;
|
||||
|
||||
bool equal(const IAccessEntity & other) const override;
|
||||
std::shared_ptr<IAccessEntity> clone() const override { return cloneImpl<Quota>(); }
|
||||
|
@ -39,7 +39,7 @@ private:
|
||||
|
||||
QuotaPtr quota;
|
||||
UUID quota_id;
|
||||
const ExtendedRoleSet * roles = nullptr;
|
||||
const RolesOrUsersSet * roles = nullptr;
|
||||
std::unordered_map<String /* quota key */, boost::shared_ptr<const Intervals>> key_to_intervals;
|
||||
};
|
||||
|
||||
|
@ -1,9 +1,8 @@
|
||||
|
||||
#include <Access/ExtendedRoleSet.h>
|
||||
#include <Access/RolesOrUsersSet.h>
|
||||
#include <Access/AccessControlManager.h>
|
||||
#include <Access/User.h>
|
||||
#include <Access/Role.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/formatAST.h>
|
||||
#include <IO/ReadHelpers.h>
|
||||
#include <IO/WriteHelpers.h>
|
||||
@ -20,51 +19,51 @@ namespace ErrorCodes
|
||||
}
|
||||
|
||||
|
||||
ExtendedRoleSet::ExtendedRoleSet() = default;
|
||||
ExtendedRoleSet::ExtendedRoleSet(const ExtendedRoleSet & src) = default;
|
||||
ExtendedRoleSet & ExtendedRoleSet::operator =(const ExtendedRoleSet & src) = default;
|
||||
ExtendedRoleSet::ExtendedRoleSet(ExtendedRoleSet && src) = default;
|
||||
ExtendedRoleSet & ExtendedRoleSet::operator =(ExtendedRoleSet && src) = default;
|
||||
RolesOrUsersSet::RolesOrUsersSet() = default;
|
||||
RolesOrUsersSet::RolesOrUsersSet(const RolesOrUsersSet & src) = default;
|
||||
RolesOrUsersSet & RolesOrUsersSet::operator =(const RolesOrUsersSet & src) = default;
|
||||
RolesOrUsersSet::RolesOrUsersSet(RolesOrUsersSet && src) = default;
|
||||
RolesOrUsersSet & RolesOrUsersSet::operator =(RolesOrUsersSet && src) = default;
|
||||
|
||||
|
||||
ExtendedRoleSet::ExtendedRoleSet(AllTag)
|
||||
RolesOrUsersSet::RolesOrUsersSet(AllTag)
|
||||
{
|
||||
all = true;
|
||||
}
|
||||
|
||||
ExtendedRoleSet::ExtendedRoleSet(const UUID & id)
|
||||
RolesOrUsersSet::RolesOrUsersSet(const UUID & id)
|
||||
{
|
||||
add(id);
|
||||
}
|
||||
|
||||
|
||||
ExtendedRoleSet::ExtendedRoleSet(const std::vector<UUID> & ids_)
|
||||
RolesOrUsersSet::RolesOrUsersSet(const std::vector<UUID> & ids_)
|
||||
{
|
||||
add(ids_);
|
||||
}
|
||||
|
||||
|
||||
ExtendedRoleSet::ExtendedRoleSet(const ASTExtendedRoleSet & ast)
|
||||
RolesOrUsersSet::RolesOrUsersSet(const ASTRolesOrUsersSet & ast)
|
||||
{
|
||||
init(ast, nullptr);
|
||||
}
|
||||
|
||||
ExtendedRoleSet::ExtendedRoleSet(const ASTExtendedRoleSet & ast, const std::optional<UUID> & current_user_id)
|
||||
RolesOrUsersSet::RolesOrUsersSet(const ASTRolesOrUsersSet & ast, const std::optional<UUID> & current_user_id)
|
||||
{
|
||||
init(ast, nullptr, current_user_id);
|
||||
}
|
||||
|
||||
ExtendedRoleSet::ExtendedRoleSet(const ASTExtendedRoleSet & ast, const AccessControlManager & manager)
|
||||
RolesOrUsersSet::RolesOrUsersSet(const ASTRolesOrUsersSet & ast, const AccessControlManager & manager)
|
||||
{
|
||||
init(ast, &manager);
|
||||
}
|
||||
|
||||
ExtendedRoleSet::ExtendedRoleSet(const ASTExtendedRoleSet & ast, const AccessControlManager & manager, const std::optional<UUID> & current_user_id)
|
||||
RolesOrUsersSet::RolesOrUsersSet(const ASTRolesOrUsersSet & ast, const AccessControlManager & manager, const std::optional<UUID> & current_user_id)
|
||||
{
|
||||
init(ast, &manager, current_user_id);
|
||||
}
|
||||
|
||||
void ExtendedRoleSet::init(const ASTExtendedRoleSet & ast, const AccessControlManager * manager, const std::optional<UUID> & current_user_id)
|
||||
void RolesOrUsersSet::init(const ASTRolesOrUsersSet & ast, const AccessControlManager * manager, const std::optional<UUID> & current_user_id)
|
||||
{
|
||||
all = ast.all;
|
||||
|
||||
@ -73,20 +72,20 @@ void ExtendedRoleSet::init(const ASTExtendedRoleSet & ast, const AccessControlMa
|
||||
if (ast.id_mode)
|
||||
return parse<UUID>(name);
|
||||
assert(manager);
|
||||
if (ast.can_contain_users && ast.can_contain_roles)
|
||||
if (ast.allow_user_names && ast.allow_role_names)
|
||||
{
|
||||
auto id = manager->find<User>(name);
|
||||
if (id)
|
||||
return *id;
|
||||
return manager->getID<Role>(name);
|
||||
}
|
||||
else if (ast.can_contain_users)
|
||||
else if (ast.allow_user_names)
|
||||
{
|
||||
return manager->getID<User>(name);
|
||||
}
|
||||
else
|
||||
{
|
||||
assert(ast.can_contain_roles);
|
||||
assert(ast.allow_role_names);
|
||||
return manager->getID<Role>(name);
|
||||
}
|
||||
};
|
||||
@ -122,9 +121,9 @@ void ExtendedRoleSet::init(const ASTExtendedRoleSet & ast, const AccessControlMa
|
||||
}
|
||||
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> ExtendedRoleSet::toAST() const
|
||||
std::shared_ptr<ASTRolesOrUsersSet> RolesOrUsersSet::toAST() const
|
||||
{
|
||||
auto ast = std::make_shared<ASTExtendedRoleSet>();
|
||||
auto ast = std::make_shared<ASTRolesOrUsersSet>();
|
||||
ast->id_mode = true;
|
||||
ast->all = all;
|
||||
|
||||
@ -148,9 +147,9 @@ std::shared_ptr<ASTExtendedRoleSet> ExtendedRoleSet::toAST() const
|
||||
}
|
||||
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> ExtendedRoleSet::toASTWithNames(const AccessControlManager & manager) const
|
||||
std::shared_ptr<ASTRolesOrUsersSet> RolesOrUsersSet::toASTWithNames(const AccessControlManager & manager) const
|
||||
{
|
||||
auto ast = std::make_shared<ASTExtendedRoleSet>();
|
||||
auto ast = std::make_shared<ASTRolesOrUsersSet>();
|
||||
ast->all = all;
|
||||
|
||||
if (!ids.empty())
|
||||
@ -181,21 +180,21 @@ std::shared_ptr<ASTExtendedRoleSet> ExtendedRoleSet::toASTWithNames(const Access
|
||||
}
|
||||
|
||||
|
||||
String ExtendedRoleSet::toString() const
|
||||
String RolesOrUsersSet::toString() const
|
||||
{
|
||||
auto ast = toAST();
|
||||
return serializeAST(*ast);
|
||||
}
|
||||
|
||||
|
||||
String ExtendedRoleSet::toStringWithNames(const AccessControlManager & manager) const
|
||||
String RolesOrUsersSet::toStringWithNames(const AccessControlManager & manager) const
|
||||
{
|
||||
auto ast = toASTWithNames(manager);
|
||||
return serializeAST(*ast);
|
||||
}
|
||||
|
||||
|
||||
Strings ExtendedRoleSet::toStringsWithNames(const AccessControlManager & manager) const
|
||||
Strings RolesOrUsersSet::toStringsWithNames(const AccessControlManager & manager) const
|
||||
{
|
||||
if (!all && ids.empty())
|
||||
return {};
|
||||
@ -233,13 +232,13 @@ Strings ExtendedRoleSet::toStringsWithNames(const AccessControlManager & manager
|
||||
}
|
||||
|
||||
|
||||
bool ExtendedRoleSet::empty() const
|
||||
bool RolesOrUsersSet::empty() const
|
||||
{
|
||||
return ids.empty() && !all;
|
||||
}
|
||||
|
||||
|
||||
void ExtendedRoleSet::clear()
|
||||
void RolesOrUsersSet::clear()
|
||||
{
|
||||
ids.clear();
|
||||
all = false;
|
||||
@ -247,26 +246,26 @@ void ExtendedRoleSet::clear()
|
||||
}
|
||||
|
||||
|
||||
void ExtendedRoleSet::add(const UUID & id)
|
||||
void RolesOrUsersSet::add(const UUID & id)
|
||||
{
|
||||
ids.insert(id);
|
||||
}
|
||||
|
||||
|
||||
void ExtendedRoleSet::add(const std::vector<UUID> & ids_)
|
||||
void RolesOrUsersSet::add(const std::vector<UUID> & ids_)
|
||||
{
|
||||
for (const auto & id : ids_)
|
||||
add(id);
|
||||
}
|
||||
|
||||
|
||||
bool ExtendedRoleSet::match(const UUID & id) const
|
||||
bool RolesOrUsersSet::match(const UUID & id) const
|
||||
{
|
||||
return (all || ids.count(id)) && !except_ids.count(id);
|
||||
}
|
||||
|
||||
|
||||
bool ExtendedRoleSet::match(const UUID & user_id, const boost::container::flat_set<UUID> & enabled_roles) const
|
||||
bool RolesOrUsersSet::match(const UUID & user_id, const boost::container::flat_set<UUID> & enabled_roles) const
|
||||
{
|
||||
if (!all && !ids.count(user_id))
|
||||
{
|
||||
@ -285,7 +284,7 @@ bool ExtendedRoleSet::match(const UUID & user_id, const boost::container::flat_s
|
||||
}
|
||||
|
||||
|
||||
std::vector<UUID> ExtendedRoleSet::getMatchingIDs() const
|
||||
std::vector<UUID> RolesOrUsersSet::getMatchingIDs() const
|
||||
{
|
||||
if (all)
|
||||
throw Exception("getAllMatchingIDs() can't get ALL ids without manager", ErrorCodes::LOGICAL_ERROR);
|
||||
@ -295,7 +294,7 @@ std::vector<UUID> ExtendedRoleSet::getMatchingIDs() const
|
||||
}
|
||||
|
||||
|
||||
std::vector<UUID> ExtendedRoleSet::getMatchingIDs(const AccessControlManager & manager) const
|
||||
std::vector<UUID> RolesOrUsersSet::getMatchingIDs(const AccessControlManager & manager) const
|
||||
{
|
||||
if (!all)
|
||||
return getMatchingIDs();
|
||||
@ -316,7 +315,7 @@ std::vector<UUID> ExtendedRoleSet::getMatchingIDs(const AccessControlManager & m
|
||||
}
|
||||
|
||||
|
||||
bool operator ==(const ExtendedRoleSet & lhs, const ExtendedRoleSet & rhs)
|
||||
bool operator ==(const RolesOrUsersSet & lhs, const RolesOrUsersSet & rhs)
|
||||
{
|
||||
return (lhs.all == rhs.all) && (lhs.ids == rhs.ids) && (lhs.except_ids == rhs.except_ids);
|
||||
}
|
@ -8,35 +8,35 @@
|
||||
|
||||
namespace DB
|
||||
{
|
||||
class ASTExtendedRoleSet;
|
||||
class ASTRolesOrUsersSet;
|
||||
class AccessControlManager;
|
||||
|
||||
|
||||
/// Represents a set of users/roles like
|
||||
/// {user_name | role_name | CURRENT_USER} [,...] | NONE | ALL | ALL EXCEPT {user_name | role_name | CURRENT_USER} [,...]
|
||||
/// Similar to ASTExtendedRoleSet, but with IDs instead of names.
|
||||
struct ExtendedRoleSet
|
||||
/// Similar to ASTRolesOrUsersSet, but with IDs instead of names.
|
||||
struct RolesOrUsersSet
|
||||
{
|
||||
ExtendedRoleSet();
|
||||
ExtendedRoleSet(const ExtendedRoleSet & src);
|
||||
ExtendedRoleSet & operator =(const ExtendedRoleSet & src);
|
||||
ExtendedRoleSet(ExtendedRoleSet && src);
|
||||
ExtendedRoleSet & operator =(ExtendedRoleSet && src);
|
||||
RolesOrUsersSet();
|
||||
RolesOrUsersSet(const RolesOrUsersSet & src);
|
||||
RolesOrUsersSet & operator =(const RolesOrUsersSet & src);
|
||||
RolesOrUsersSet(RolesOrUsersSet && src);
|
||||
RolesOrUsersSet & operator =(RolesOrUsersSet && src);
|
||||
|
||||
struct AllTag {};
|
||||
ExtendedRoleSet(AllTag);
|
||||
RolesOrUsersSet(AllTag);
|
||||
|
||||
ExtendedRoleSet(const UUID & id);
|
||||
ExtendedRoleSet(const std::vector<UUID> & ids_);
|
||||
RolesOrUsersSet(const UUID & id);
|
||||
RolesOrUsersSet(const std::vector<UUID> & ids_);
|
||||
|
||||
/// The constructor from AST requires the AccessControlManager if `ast.id_mode == false`.
|
||||
ExtendedRoleSet(const ASTExtendedRoleSet & ast);
|
||||
ExtendedRoleSet(const ASTExtendedRoleSet & ast, const std::optional<UUID> & current_user_id);
|
||||
ExtendedRoleSet(const ASTExtendedRoleSet & ast, const AccessControlManager & manager);
|
||||
ExtendedRoleSet(const ASTExtendedRoleSet & ast, const AccessControlManager & manager, const std::optional<UUID> & current_user_id);
|
||||
RolesOrUsersSet(const ASTRolesOrUsersSet & ast);
|
||||
RolesOrUsersSet(const ASTRolesOrUsersSet & ast, const std::optional<UUID> & current_user_id);
|
||||
RolesOrUsersSet(const ASTRolesOrUsersSet & ast, const AccessControlManager & manager);
|
||||
RolesOrUsersSet(const ASTRolesOrUsersSet & ast, const AccessControlManager & manager, const std::optional<UUID> & current_user_id);
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> toAST() const;
|
||||
std::shared_ptr<ASTExtendedRoleSet> toASTWithNames(const AccessControlManager & manager) const;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> toAST() const;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> toASTWithNames(const AccessControlManager & manager) const;
|
||||
|
||||
String toString() const;
|
||||
String toStringWithNames(const AccessControlManager & manager) const;
|
||||
@ -47,7 +47,7 @@ struct ExtendedRoleSet
|
||||
void add(const UUID & id);
|
||||
void add(const std::vector<UUID> & ids_);
|
||||
|
||||
/// Checks if a specified ID matches this ExtendedRoleSet.
|
||||
/// Checks if a specified ID matches this RolesOrUsersSet.
|
||||
bool match(const UUID & id) const;
|
||||
bool match(const UUID & user_id, const boost::container::flat_set<UUID> & enabled_roles) const;
|
||||
|
||||
@ -57,15 +57,15 @@ struct ExtendedRoleSet
|
||||
/// Returns a list of matching users and roles.
|
||||
std::vector<UUID> getMatchingIDs(const AccessControlManager & manager) const;
|
||||
|
||||
friend bool operator ==(const ExtendedRoleSet & lhs, const ExtendedRoleSet & rhs);
|
||||
friend bool operator !=(const ExtendedRoleSet & lhs, const ExtendedRoleSet & rhs) { return !(lhs == rhs); }
|
||||
friend bool operator ==(const RolesOrUsersSet & lhs, const RolesOrUsersSet & rhs);
|
||||
friend bool operator !=(const RolesOrUsersSet & lhs, const RolesOrUsersSet & rhs) { return !(lhs == rhs); }
|
||||
|
||||
boost::container::flat_set<UUID> ids;
|
||||
bool all = false;
|
||||
boost::container::flat_set<UUID> except_ids;
|
||||
|
||||
private:
|
||||
void init(const ASTExtendedRoleSet & ast, const AccessControlManager * manager = nullptr, const std::optional<UUID> & current_user_id = {});
|
||||
void init(const ASTRolesOrUsersSet & ast, const AccessControlManager * manager = nullptr, const std::optional<UUID> & current_user_id = {});
|
||||
};
|
||||
|
||||
}
|
@ -1,7 +1,7 @@
|
||||
#pragma once
|
||||
|
||||
#include <Access/IAccessEntity.h>
|
||||
#include <Access/ExtendedRoleSet.h>
|
||||
#include <Access/RolesOrUsersSet.h>
|
||||
#include <array>
|
||||
|
||||
|
||||
@ -91,7 +91,7 @@ struct RowPolicy : public IAccessEntity
|
||||
Type getType() const override { return TYPE; }
|
||||
|
||||
/// Which roles or users should use this row policy.
|
||||
ExtendedRoleSet to_roles;
|
||||
RolesOrUsersSet to_roles;
|
||||
|
||||
private:
|
||||
void setName(const String & name_) override;
|
||||
|
@ -27,7 +27,7 @@ private:
|
||||
void setPolicy(const RowPolicyPtr & policy_);
|
||||
|
||||
RowPolicyPtr policy;
|
||||
const ExtendedRoleSet * roles = nullptr;
|
||||
const RolesOrUsersSet * roles = nullptr;
|
||||
std::shared_ptr<const std::pair<String, String>> database_and_table_name;
|
||||
ASTPtr parsed_conditions[RowPolicy::MAX_CONDITION_TYPE];
|
||||
};
|
||||
|
@ -1,7 +1,7 @@
|
||||
#pragma once
|
||||
|
||||
#include <Access/IAccessEntity.h>
|
||||
#include <Access/ExtendedRoleSet.h>
|
||||
#include <Access/RolesOrUsersSet.h>
|
||||
#include <Access/SettingsProfileElement.h>
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@ struct SettingsProfile : public IAccessEntity
|
||||
SettingsProfileElements elements;
|
||||
|
||||
/// Which roles or users should use this settings profile.
|
||||
ExtendedRoleSet to_roles;
|
||||
RolesOrUsersSet to_roles;
|
||||
|
||||
bool equal(const IAccessEntity & other) const override;
|
||||
std::shared_ptr<IAccessEntity> clone() const override { return cloneImpl<SettingsProfile>(); }
|
||||
|
@ -5,7 +5,7 @@
|
||||
#include <Access/AllowedClientHosts.h>
|
||||
#include <Access/GrantedAccess.h>
|
||||
#include <Access/GrantedRoles.h>
|
||||
#include <Access/ExtendedRoleSet.h>
|
||||
#include <Access/RolesOrUsersSet.h>
|
||||
#include <Access/SettingsProfileElement.h>
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ struct User : public IAccessEntity
|
||||
AllowedClientHosts allowed_client_hosts = AllowedClientHosts::AnyHostTag{};
|
||||
GrantedAccess access;
|
||||
GrantedRoles granted_roles;
|
||||
ExtendedRoleSet default_roles = ExtendedRoleSet::AllTag{};
|
||||
RolesOrUsersSet default_roles = RolesOrUsersSet::AllTag{};
|
||||
SettingsProfileElements settings;
|
||||
|
||||
bool equal(const IAccessEntity & other) const override;
|
||||
|
@ -17,7 +17,6 @@ SRCS(
|
||||
EnabledRolesInfo.cpp
|
||||
EnabledRowPolicies.cpp
|
||||
EnabledSettings.cpp
|
||||
ExtendedRoleSet.cpp
|
||||
GrantedAccess.cpp
|
||||
GrantedRoles.cpp
|
||||
IAccessEntity.cpp
|
||||
@ -29,6 +28,7 @@ SRCS(
|
||||
QuotaUsage.cpp
|
||||
Role.cpp
|
||||
RoleCache.cpp
|
||||
RolesOrUsersSet.cpp
|
||||
RowPolicy.cpp
|
||||
RowPolicyCache.cpp
|
||||
SettingsConstraints.cpp
|
||||
|
@ -1,6 +1,6 @@
|
||||
#include <Interpreters/InterpreterCreateQuotaQuery.h>
|
||||
#include <Parsers/ASTCreateQuotaQuery.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Interpreters/Context.h>
|
||||
#include <Interpreters/DDLWorker.h>
|
||||
#include <Access/AccessControlManager.h>
|
||||
@ -19,7 +19,7 @@ namespace
|
||||
Quota & quota,
|
||||
const ASTCreateQuotaQuery & query,
|
||||
const String & override_name,
|
||||
const std::optional<ExtendedRoleSet> & override_to_roles)
|
||||
const std::optional<RolesOrUsersSet> & override_to_roles)
|
||||
{
|
||||
if (!override_name.empty())
|
||||
quota.setName(override_name);
|
||||
@ -82,9 +82,9 @@ BlockIO InterpreterCreateQuotaQuery::execute()
|
||||
return executeDDLQueryOnCluster(query_ptr, context);
|
||||
}
|
||||
|
||||
std::optional<ExtendedRoleSet> roles_from_query;
|
||||
std::optional<RolesOrUsersSet> roles_from_query;
|
||||
if (query.roles)
|
||||
roles_from_query = ExtendedRoleSet{*query.roles, access_control, context.getUserID()};
|
||||
roles_from_query = RolesOrUsersSet{*query.roles, access_control, context.getUserID()};
|
||||
|
||||
if (query.alter)
|
||||
{
|
||||
|
@ -1,7 +1,7 @@
|
||||
#include <Interpreters/InterpreterCreateRowPolicyQuery.h>
|
||||
#include <Parsers/ASTCreateRowPolicyQuery.h>
|
||||
#include <Parsers/ASTRowPolicyName.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/formatAST.h>
|
||||
#include <Interpreters/Context.h>
|
||||
#include <Interpreters/DDLWorker.h>
|
||||
@ -18,7 +18,7 @@ namespace
|
||||
RowPolicy & policy,
|
||||
const ASTCreateRowPolicyQuery & query,
|
||||
const RowPolicy::NameParts & override_name,
|
||||
const std::optional<ExtendedRoleSet> & override_to_roles)
|
||||
const std::optional<RolesOrUsersSet> & override_to_roles)
|
||||
{
|
||||
if (!override_name.empty())
|
||||
policy.setNameParts(override_name);
|
||||
@ -58,9 +58,9 @@ BlockIO InterpreterCreateRowPolicyQuery::execute()
|
||||
}
|
||||
|
||||
assert(query.names->cluster.empty());
|
||||
std::optional<ExtendedRoleSet> roles_from_query;
|
||||
std::optional<RolesOrUsersSet> roles_from_query;
|
||||
if (query.roles)
|
||||
roles_from_query = ExtendedRoleSet{*query.roles, access_control, context.getUserID()};
|
||||
roles_from_query = RolesOrUsersSet{*query.roles, access_control, context.getUserID()};
|
||||
|
||||
query.replaceEmptyDatabaseWithCurrent(context.getCurrentDatabase());
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
#include <Interpreters/InterpreterCreateSettingsProfileQuery.h>
|
||||
#include <Parsers/ASTCreateSettingsProfileQuery.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Interpreters/Context.h>
|
||||
#include <Interpreters/DDLWorker.h>
|
||||
#include <Access/AccessControlManager.h>
|
||||
@ -17,7 +17,7 @@ namespace
|
||||
const ASTCreateSettingsProfileQuery & query,
|
||||
const String & override_name,
|
||||
const std::optional<SettingsProfileElements> & override_settings,
|
||||
const std::optional<ExtendedRoleSet> & override_to_roles)
|
||||
const std::optional<RolesOrUsersSet> & override_to_roles)
|
||||
{
|
||||
if (!override_name.empty())
|
||||
profile.setName(override_name);
|
||||
@ -58,9 +58,9 @@ BlockIO InterpreterCreateSettingsProfileQuery::execute()
|
||||
if (query.settings)
|
||||
settings_from_query = SettingsProfileElements{*query.settings, access_control};
|
||||
|
||||
std::optional<ExtendedRoleSet> roles_from_query;
|
||||
std::optional<RolesOrUsersSet> roles_from_query;
|
||||
if (query.to_roles)
|
||||
roles_from_query = ExtendedRoleSet{*query.to_roles, access_control, context.getUserID()};
|
||||
roles_from_query = RolesOrUsersSet{*query.to_roles, access_control, context.getUserID()};
|
||||
|
||||
if (query.alter)
|
||||
{
|
||||
|
@ -4,7 +4,7 @@
|
||||
#include <Interpreters/DDLWorker.h>
|
||||
#include <Parsers/ASTCreateUserQuery.h>
|
||||
#include <Parsers/ASTUserNameWithHost.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Access/AccessControlManager.h>
|
||||
#include <Access/User.h>
|
||||
#include <Access/ContextAccess.h>
|
||||
@ -19,7 +19,7 @@ namespace
|
||||
User & user,
|
||||
const ASTCreateUserQuery & query,
|
||||
const std::shared_ptr<ASTUserNameWithHost> & override_name,
|
||||
const std::optional<ExtendedRoleSet> & override_default_roles,
|
||||
const std::optional<RolesOrUsersSet> & override_default_roles,
|
||||
const std::optional<SettingsProfileElements> & override_settings)
|
||||
{
|
||||
if (override_name)
|
||||
@ -45,7 +45,7 @@ namespace
|
||||
if (query.add_hosts)
|
||||
user.allowed_client_hosts.add(*query.add_hosts);
|
||||
|
||||
auto set_default_roles = [&](const ExtendedRoleSet & default_roles_)
|
||||
auto set_default_roles = [&](const RolesOrUsersSet & default_roles_)
|
||||
{
|
||||
if (!query.alter && !default_roles_.all)
|
||||
user.granted_roles.grant(default_roles_.getMatchingIDs());
|
||||
@ -73,10 +73,10 @@ BlockIO InterpreterCreateUserQuery::execute()
|
||||
auto access = context.getAccess();
|
||||
access->checkAccess(query.alter ? AccessType::ALTER_USER : AccessType::CREATE_USER);
|
||||
|
||||
std::optional<ExtendedRoleSet> default_roles_from_query;
|
||||
std::optional<RolesOrUsersSet> default_roles_from_query;
|
||||
if (query.default_roles)
|
||||
{
|
||||
default_roles_from_query = ExtendedRoleSet{*query.default_roles, access_control};
|
||||
default_roles_from_query = RolesOrUsersSet{*query.default_roles, access_control};
|
||||
if (!query.alter && !default_roles_from_query->all)
|
||||
{
|
||||
for (const UUID & role : default_roles_from_query->getMatchingIDs())
|
||||
|
@ -1,11 +1,11 @@
|
||||
#include <Interpreters/InterpreterGrantQuery.h>
|
||||
#include <Parsers/ASTGrantQuery.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Interpreters/Context.h>
|
||||
#include <Interpreters/DDLWorker.h>
|
||||
#include <Access/AccessControlManager.h>
|
||||
#include <Access/ContextAccess.h>
|
||||
#include <Access/ExtendedRoleSet.h>
|
||||
#include <Access/RolesOrUsersSet.h>
|
||||
#include <Access/User.h>
|
||||
#include <Access/Role.h>
|
||||
#include <boost/range/algorithm/copy.hpp>
|
||||
@ -74,7 +74,7 @@ BlockIO InterpreterGrantQuery::execute()
|
||||
std::vector<UUID> roles_from_query;
|
||||
if (query.roles)
|
||||
{
|
||||
roles_from_query = ExtendedRoleSet{*query.roles, access_control}.getMatchingIDs(access_control);
|
||||
roles_from_query = RolesOrUsersSet{*query.roles, access_control}.getMatchingIDs(access_control);
|
||||
for (const UUID & role_from_query : roles_from_query)
|
||||
access->checkAdminOption(role_from_query);
|
||||
}
|
||||
@ -85,7 +85,7 @@ BlockIO InterpreterGrantQuery::execute()
|
||||
return executeDDLQueryOnCluster(query_ptr, context);
|
||||
}
|
||||
|
||||
std::vector<UUID> to_roles = ExtendedRoleSet{*query.to_roles, access_control, context.getUserID()}.getMatchingIDs(access_control);
|
||||
std::vector<UUID> to_roles = RolesOrUsersSet{*query.to_roles, access_control, context.getUserID()}.getMatchingIDs(access_control);
|
||||
String current_database = context.getCurrentDatabase();
|
||||
|
||||
auto update_func = [&](const AccessEntityPtr & entity) -> AccessEntityPtr
|
||||
@ -115,7 +115,7 @@ void InterpreterGrantQuery::updateUserFromQuery(User & user, const ASTGrantQuery
|
||||
{
|
||||
std::vector<UUID> roles_from_query;
|
||||
if (query.roles)
|
||||
roles_from_query = ExtendedRoleSet{*query.roles}.getMatchingIDs();
|
||||
roles_from_query = RolesOrUsersSet{*query.roles}.getMatchingIDs();
|
||||
updateFromQueryImpl(user, query, roles_from_query, {});
|
||||
}
|
||||
|
||||
@ -124,7 +124,7 @@ void InterpreterGrantQuery::updateRoleFromQuery(Role & role, const ASTGrantQuery
|
||||
{
|
||||
std::vector<UUID> roles_from_query;
|
||||
if (query.roles)
|
||||
roles_from_query = ExtendedRoleSet{*query.roles}.getMatchingIDs();
|
||||
roles_from_query = RolesOrUsersSet{*query.roles}.getMatchingIDs();
|
||||
updateFromQueryImpl(role, query, roles_from_query, {});
|
||||
}
|
||||
|
||||
|
@ -1,8 +1,8 @@
|
||||
#include <Interpreters/InterpreterSetRoleQuery.h>
|
||||
#include <Parsers/ASTSetRoleQuery.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Interpreters/Context.h>
|
||||
#include <Access/ExtendedRoleSet.h>
|
||||
#include <Access/RolesOrUsersSet.h>
|
||||
#include <Access/AccessControlManager.h>
|
||||
#include <Access/User.h>
|
||||
|
||||
@ -38,7 +38,7 @@ void InterpreterSetRoleQuery::setRole(const ASTSetRoleQuery & query)
|
||||
}
|
||||
else
|
||||
{
|
||||
ExtendedRoleSet roles_from_query{*query.roles, access_control};
|
||||
RolesOrUsersSet roles_from_query{*query.roles, access_control};
|
||||
boost::container::flat_set<UUID> new_current_roles;
|
||||
if (roles_from_query.all)
|
||||
{
|
||||
@ -65,8 +65,8 @@ void InterpreterSetRoleQuery::setDefaultRole(const ASTSetRoleQuery & query)
|
||||
context.checkAccess(AccessType::ALTER_USER);
|
||||
|
||||
auto & access_control = context.getAccessControlManager();
|
||||
std::vector<UUID> to_users = ExtendedRoleSet{*query.to_users, access_control, context.getUserID()}.getMatchingIDs(access_control);
|
||||
ExtendedRoleSet roles_from_query{*query.roles, access_control};
|
||||
std::vector<UUID> to_users = RolesOrUsersSet{*query.to_users, access_control, context.getUserID()}.getMatchingIDs(access_control);
|
||||
RolesOrUsersSet roles_from_query{*query.roles, access_control};
|
||||
|
||||
auto update_func = [&](const AccessEntityPtr & entity) -> AccessEntityPtr
|
||||
{
|
||||
@ -79,7 +79,7 @@ void InterpreterSetRoleQuery::setDefaultRole(const ASTSetRoleQuery & query)
|
||||
}
|
||||
|
||||
|
||||
void InterpreterSetRoleQuery::updateUserSetDefaultRoles(User & user, const ExtendedRoleSet & roles_from_query)
|
||||
void InterpreterSetRoleQuery::updateUserSetDefaultRoles(User & user, const RolesOrUsersSet & roles_from_query)
|
||||
{
|
||||
if (!roles_from_query.all)
|
||||
{
|
||||
|
@ -9,7 +9,7 @@ namespace DB
|
||||
|
||||
class Context;
|
||||
class ASTSetRoleQuery;
|
||||
struct ExtendedRoleSet;
|
||||
struct RolesOrUsersSet;
|
||||
struct User;
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ public:
|
||||
|
||||
BlockIO execute() override;
|
||||
|
||||
static void updateUserSetDefaultRoles(User & user, const ExtendedRoleSet & roles_from_query);
|
||||
static void updateUserSetDefaultRoles(User & user, const RolesOrUsersSet & roles_from_query);
|
||||
|
||||
private:
|
||||
void setRole(const ASTSetRoleQuery & query);
|
||||
|
@ -7,7 +7,7 @@
|
||||
#include <Parsers/ASTCreateSettingsProfileQuery.h>
|
||||
#include <Parsers/ASTShowCreateAccessEntityQuery.h>
|
||||
#include <Parsers/ASTUserNameWithHost.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/ASTSettingsProfileElement.h>
|
||||
#include <Parsers/ASTRowPolicyName.h>
|
||||
#include <Parsers/ExpressionListParsers.h>
|
||||
@ -51,7 +51,7 @@ namespace
|
||||
if (user.allowed_client_hosts != AllowedClientHosts::AnyHostTag{})
|
||||
query->hosts = user.allowed_client_hosts;
|
||||
|
||||
if (user.default_roles != ExtendedRoleSet::AllTag{})
|
||||
if (user.default_roles != RolesOrUsersSet::AllTag{})
|
||||
{
|
||||
if (attach_mode)
|
||||
query->default_roles = user.default_roles.toAST();
|
||||
|
@ -1,7 +1,7 @@
|
||||
#include <Interpreters/InterpreterShowGrantsQuery.h>
|
||||
#include <Parsers/ASTShowGrantsQuery.h>
|
||||
#include <Parsers/ASTGrantQuery.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/formatAST.h>
|
||||
#include <Interpreters/Context.h>
|
||||
#include <Columns/ColumnString.h>
|
||||
@ -29,7 +29,7 @@ namespace
|
||||
{
|
||||
ASTs res;
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> to_roles = std::make_shared<ASTExtendedRoleSet>();
|
||||
std::shared_ptr<ASTRolesOrUsersSet> to_roles = std::make_shared<ASTRolesOrUsersSet>();
|
||||
to_roles->names.push_back(grantee.getName());
|
||||
|
||||
auto grants_and_partial_revokes = grantee.access.getGrantsAndPartialRevokes();
|
||||
@ -87,9 +87,9 @@ namespace
|
||||
grant_query->admin_option = admin_option;
|
||||
grant_query->to_roles = to_roles;
|
||||
if (attach_mode)
|
||||
grant_query->roles = ExtendedRoleSet{roles}.toAST();
|
||||
grant_query->roles = RolesOrUsersSet{roles}.toAST();
|
||||
else
|
||||
grant_query->roles = ExtendedRoleSet{roles}.toASTWithNames(*manager);
|
||||
grant_query->roles = RolesOrUsersSet{roles}.toASTWithNames(*manager);
|
||||
res.push_back(std::move(grant_query));
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
#include <Parsers/ASTCreateQuotaQuery.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Common/quoteString.h>
|
||||
#include <Common/IntervalKind.h>
|
||||
#include <ext/range.h>
|
||||
@ -104,7 +104,7 @@ namespace
|
||||
}
|
||||
}
|
||||
|
||||
void formatToRoles(const ASTExtendedRoleSet & roles, const IAST::FormatSettings & settings)
|
||||
void formatToRoles(const ASTRolesOrUsersSet & roles, const IAST::FormatSettings & settings)
|
||||
{
|
||||
settings.ostr << (settings.hilite ? IAST::hilite_keyword : "") << " TO " << (settings.hilite ? IAST::hilite_none : "");
|
||||
roles.format(settings);
|
||||
|
@ -7,7 +7,7 @@
|
||||
|
||||
namespace DB
|
||||
{
|
||||
class ASTExtendedRoleSet;
|
||||
class ASTRolesOrUsersSet;
|
||||
|
||||
|
||||
/** CREATE QUOTA [IF NOT EXISTS | OR REPLACE] name
|
||||
@ -51,7 +51,7 @@ public:
|
||||
};
|
||||
std::vector<Limits> all_limits;
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> roles;
|
||||
|
||||
String getID(char) const override;
|
||||
ASTPtr clone() const override;
|
||||
|
@ -1,6 +1,6 @@
|
||||
#include <Parsers/ASTCreateRowPolicyQuery.h>
|
||||
#include <Parsers/ASTRowPolicyName.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/formatAST.h>
|
||||
#include <Common/quoteString.h>
|
||||
#include <ext/range.h>
|
||||
@ -116,7 +116,7 @@ namespace
|
||||
}
|
||||
|
||||
|
||||
void formatToRoles(const ASTExtendedRoleSet & roles, const IAST::FormatSettings & settings)
|
||||
void formatToRoles(const ASTRolesOrUsersSet & roles, const IAST::FormatSettings & settings)
|
||||
{
|
||||
settings.ostr << (settings.hilite ? IAST::hilite_keyword : "") << " TO " << (settings.hilite ? IAST::hilite_none : "");
|
||||
roles.format(settings);
|
||||
|
@ -10,7 +10,7 @@
|
||||
namespace DB
|
||||
{
|
||||
class ASTRowPolicyNames;
|
||||
class ASTExtendedRoleSet;
|
||||
class ASTRolesOrUsersSet;
|
||||
|
||||
/** CREATE [ROW] POLICY [IF NOT EXISTS | OR REPLACE] name ON [database.]table
|
||||
* [AS {PERMISSIVE | RESTRICTIVE}]
|
||||
@ -43,7 +43,7 @@ public:
|
||||
std::optional<bool> is_restrictive;
|
||||
std::array<std::optional<ASTPtr>, RowPolicy::MAX_CONDITION_TYPE> conditions; /// `nullopt` means "not set", `nullptr` means set to NONE.
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> roles;
|
||||
|
||||
String getID(char) const override;
|
||||
ASTPtr clone() const override;
|
||||
|
@ -1,6 +1,6 @@
|
||||
#include <Parsers/ASTCreateSettingsProfileQuery.h>
|
||||
#include <Parsers/ASTSettingsProfileElement.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Common/quoteString.h>
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@ namespace
|
||||
settings.format(format);
|
||||
}
|
||||
|
||||
void formatToRoles(const ASTExtendedRoleSet & roles, const IAST::FormatSettings & settings)
|
||||
void formatToRoles(const ASTRolesOrUsersSet & roles, const IAST::FormatSettings & settings)
|
||||
{
|
||||
settings.ostr << (settings.hilite ? IAST::hilite_keyword : "") << " TO " << (settings.hilite ? IAST::hilite_none : "");
|
||||
roles.format(settings);
|
||||
|
@ -7,7 +7,7 @@
|
||||
namespace DB
|
||||
{
|
||||
class ASTSettingsProfileElements;
|
||||
class ASTExtendedRoleSet;
|
||||
class ASTRolesOrUsersSet;
|
||||
|
||||
|
||||
/** CREATE SETTINGS PROFILE [IF NOT EXISTS | OR REPLACE] name
|
||||
@ -34,7 +34,7 @@ public:
|
||||
|
||||
std::shared_ptr<ASTSettingsProfileElements> settings;
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> to_roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> to_roles;
|
||||
|
||||
String getID(char) const override;
|
||||
ASTPtr clone() const override;
|
||||
|
@ -1,6 +1,6 @@
|
||||
#include <Parsers/ASTCreateUserQuery.h>
|
||||
#include <Parsers/ASTUserNameWithHost.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/ASTSettingsProfileElement.h>
|
||||
#include <Common/quoteString.h>
|
||||
|
||||
@ -167,7 +167,7 @@ namespace
|
||||
}
|
||||
|
||||
|
||||
void formatDefaultRoles(const ASTExtendedRoleSet & default_roles, const IAST::FormatSettings & settings)
|
||||
void formatDefaultRoles(const ASTRolesOrUsersSet & default_roles, const IAST::FormatSettings & settings)
|
||||
{
|
||||
settings.ostr << (settings.hilite ? IAST::hilite_keyword : "") << " DEFAULT ROLE " << (settings.hilite ? IAST::hilite_none : "");
|
||||
default_roles.format(settings);
|
||||
|
@ -9,7 +9,7 @@
|
||||
namespace DB
|
||||
{
|
||||
class ASTUserNamesWithHost;
|
||||
class ASTExtendedRoleSet;
|
||||
class ASTRolesOrUsersSet;
|
||||
class ASTSettingsProfileElements;
|
||||
|
||||
/** CREATE USER [IF NOT EXISTS | OR REPLACE] name
|
||||
@ -45,7 +45,7 @@ public:
|
||||
std::optional<AllowedClientHosts> add_hosts;
|
||||
std::optional<AllowedClientHosts> remove_hosts;
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> default_roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> default_roles;
|
||||
|
||||
std::shared_ptr<ASTSettingsProfileElements> settings;
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
#include <Parsers/ASTGrantQuery.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Common/quoteString.h>
|
||||
|
||||
|
||||
@ -75,7 +75,7 @@ namespace
|
||||
}
|
||||
|
||||
|
||||
void formatToRoles(const ASTExtendedRoleSet & to_roles, ASTGrantQuery::Kind kind, const IAST::FormatSettings & settings)
|
||||
void formatToRoles(const ASTRolesOrUsersSet & to_roles, ASTGrantQuery::Kind kind, const IAST::FormatSettings & settings)
|
||||
{
|
||||
using Kind = ASTGrantQuery::Kind;
|
||||
settings.ostr << (settings.hilite ? IAST::hilite_keyword : "") << ((kind == Kind::GRANT) ? " TO " : " FROM ")
|
||||
|
@ -7,7 +7,7 @@
|
||||
|
||||
namespace DB
|
||||
{
|
||||
class ASTExtendedRoleSet;
|
||||
class ASTRolesOrUsersSet;
|
||||
|
||||
|
||||
/** GRANT access_type[(column_name [,...])] [,...] ON {db.table|db.*|*.*|table|*} TO {user_name | CURRENT_USER} [,...] [WITH GRANT OPTION]
|
||||
@ -27,8 +27,8 @@ public:
|
||||
Kind kind = Kind::GRANT;
|
||||
bool attach = false;
|
||||
AccessRightsElements access_rights_elements;
|
||||
std::shared_ptr<ASTExtendedRoleSet> roles;
|
||||
std::shared_ptr<ASTExtendedRoleSet> to_roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> to_roles;
|
||||
bool grant_option = false;
|
||||
bool admin_option = false;
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Common/quoteString.h>
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ namespace
|
||||
}
|
||||
}
|
||||
|
||||
void ASTExtendedRoleSet::formatImpl(const FormatSettings & settings, FormatState &, FormatStateStacked) const
|
||||
void ASTRolesOrUsersSet::formatImpl(const FormatSettings & settings, FormatState &, FormatStateStacked) const
|
||||
{
|
||||
if (empty())
|
||||
{
|
||||
@ -74,7 +74,7 @@ void ASTExtendedRoleSet::formatImpl(const FormatSettings & settings, FormatState
|
||||
}
|
||||
|
||||
|
||||
void ASTExtendedRoleSet::replaceCurrentUserTagWithName(const String & current_user_name)
|
||||
void ASTRolesOrUsersSet::replaceCurrentUserTagWithName(const String & current_user_name)
|
||||
{
|
||||
if (current_user)
|
||||
{
|
@ -7,7 +7,7 @@ namespace DB
|
||||
{
|
||||
/// Represents a set of users/roles like
|
||||
/// {user_name | role_name | CURRENT_USER} [,...] | NONE | ALL | ALL EXCEPT {user_name | role_name | CURRENT_USER} [,...]
|
||||
class ASTExtendedRoleSet : public IAST
|
||||
class ASTRolesOrUsersSet : public IAST
|
||||
{
|
||||
public:
|
||||
Strings names;
|
||||
@ -17,14 +17,14 @@ public:
|
||||
bool except_current_user = false;
|
||||
|
||||
bool id_mode = false; /// true if `names` and `except_names` keep UUIDs, not names.
|
||||
bool can_contain_roles = true; /// true if this set can contain names of roles.
|
||||
bool can_contain_users = true; /// true if this set can contain names of users.
|
||||
bool allow_role_names = true; /// true if this set can contain names of roles.
|
||||
bool allow_user_names = true; /// true if this set can contain names of users.
|
||||
|
||||
bool empty() const { return names.empty() && !current_user && !all; }
|
||||
void replaceCurrentUserTagWithName(const String & current_user_name);
|
||||
|
||||
String getID(char) const override { return "ExtendedRoleSet"; }
|
||||
ASTPtr clone() const override { return std::make_shared<ASTExtendedRoleSet>(*this); }
|
||||
String getID(char) const override { return "RolesOrUsersSet"; }
|
||||
ASTPtr clone() const override { return std::make_shared<ASTRolesOrUsersSet>(*this); }
|
||||
void formatImpl(const FormatSettings & settings, FormatState &, FormatStateStacked) const override;
|
||||
};
|
||||
}
|
@ -1,5 +1,5 @@
|
||||
#include <Parsers/ASTSetRoleQuery.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Common/quoteString.h>
|
||||
|
||||
|
||||
|
@ -5,7 +5,7 @@
|
||||
|
||||
namespace DB
|
||||
{
|
||||
class ASTExtendedRoleSet;
|
||||
class ASTRolesOrUsersSet;
|
||||
|
||||
/** SET ROLE {DEFAULT | NONE | role [,...] | ALL | ALL EXCEPT role [,...]}
|
||||
* SET DEFAULT ROLE {NONE | role [,...] | ALL | ALL EXCEPT role [,...]} TO {user|CURRENT_USER} [,...]
|
||||
@ -21,8 +21,8 @@ public:
|
||||
};
|
||||
Kind kind = Kind::SET_ROLE;
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> roles;
|
||||
std::shared_ptr<ASTExtendedRoleSet> to_users;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> to_users;
|
||||
|
||||
String getID(char) const override;
|
||||
ASTPtr clone() const override;
|
||||
|
@ -3,10 +3,10 @@
|
||||
#include <Parsers/CommonParsers.h>
|
||||
#include <Parsers/parseIntervalKind.h>
|
||||
#include <Parsers/parseIdentifierOrStringLiteral.h>
|
||||
#include <Parsers/ParserExtendedRoleSet.h>
|
||||
#include <Parsers/ParserRolesOrUsersSet.h>
|
||||
#include <Parsers/ExpressionElementParsers.h>
|
||||
#include <Parsers/ASTLiteral.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <ext/range.h>
|
||||
#include <boost/algorithm/string/predicate.hpp>
|
||||
|
||||
@ -185,15 +185,17 @@ namespace
|
||||
});
|
||||
}
|
||||
|
||||
bool parseToRoles(IParserBase::Pos & pos, Expected & expected, bool id_mode, std::shared_ptr<ASTExtendedRoleSet> & roles)
|
||||
bool parseToRoles(IParserBase::Pos & pos, Expected & expected, bool id_mode, std::shared_ptr<ASTRolesOrUsersSet> & roles)
|
||||
{
|
||||
return IParserBase::wrapParseImpl(pos, [&]
|
||||
{
|
||||
ASTPtr node;
|
||||
if (roles || !ParserKeyword{"TO"}.ignore(pos, expected) || !ParserExtendedRoleSet{}.useIDMode(id_mode).parse(pos, node, expected))
|
||||
ParserRolesOrUsersSet roles_p;
|
||||
roles_p.allowAll().allowRoleNames().allowUserNames().allowCurrentUser().useIDMode(id_mode);
|
||||
if (roles || !ParserKeyword{"TO"}.ignore(pos, expected) || !roles_p.parse(pos, node, expected))
|
||||
return false;
|
||||
|
||||
roles = std::static_pointer_cast<ASTExtendedRoleSet>(node);
|
||||
roles = std::static_pointer_cast<ASTRolesOrUsersSet>(node);
|
||||
return true;
|
||||
});
|
||||
}
|
||||
@ -266,7 +268,7 @@ bool ParserCreateQuotaQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expe
|
||||
break;
|
||||
}
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> roles;
|
||||
parseToRoles(pos, expected, attach_mode, roles);
|
||||
|
||||
if (cluster.empty())
|
||||
|
@ -24,7 +24,7 @@ namespace DB
|
||||
class ParserCreateQuotaQuery : public IParserBase
|
||||
{
|
||||
public:
|
||||
ParserCreateQuotaQuery & enableAttachMode(bool enable_) { attach_mode = enable_; return *this; }
|
||||
void useAttachMode(bool attach_mode_ = true) { attach_mode = attach_mode_; }
|
||||
|
||||
protected:
|
||||
const char * getName() const override { return "CREATE QUOTA or ALTER QUOTA query"; }
|
||||
|
@ -31,7 +31,9 @@ namespace
|
||||
return false;
|
||||
|
||||
ASTPtr new_settings_ast;
|
||||
if (!ParserSettingsProfileElements{}.useIDMode(id_mode).parse(pos, new_settings_ast, expected))
|
||||
ParserSettingsProfileElements elements_p;
|
||||
elements_p.useIDMode(id_mode);
|
||||
if (!elements_p.parse(pos, new_settings_ast, expected))
|
||||
return false;
|
||||
|
||||
if (!settings)
|
||||
|
@ -16,7 +16,7 @@ namespace DB
|
||||
class ParserCreateRoleQuery : public IParserBase
|
||||
{
|
||||
public:
|
||||
ParserCreateRoleQuery & enableAttachMode(bool enable) { attach_mode = enable; return *this; }
|
||||
void useAttachMode(bool attach_mode_ = true) { attach_mode = attach_mode_; }
|
||||
|
||||
protected:
|
||||
const char * getName() const override { return "CREATE ROLE or ALTER ROLE query"; }
|
||||
|
@ -3,8 +3,8 @@
|
||||
#include <Access/RowPolicy.h>
|
||||
#include <Parsers/ASTRowPolicyName.h>
|
||||
#include <Parsers/ParserRowPolicyName.h>
|
||||
#include <Parsers/ParserExtendedRoleSet.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ParserRolesOrUsersSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/parseIdentifierOrStringLiteral.h>
|
||||
#include <Parsers/parseDatabaseAndTableName.h>
|
||||
#include <Parsers/ExpressionListParsers.h>
|
||||
@ -173,16 +173,20 @@ namespace
|
||||
});
|
||||
}
|
||||
|
||||
bool parseToRoles(IParserBase::Pos & pos, Expected & expected, bool id_mode, std::shared_ptr<ASTExtendedRoleSet> & roles)
|
||||
bool parseToRoles(IParserBase::Pos & pos, Expected & expected, bool id_mode, std::shared_ptr<ASTRolesOrUsersSet> & roles)
|
||||
{
|
||||
return IParserBase::wrapParseImpl(pos, [&]
|
||||
{
|
||||
ASTPtr ast;
|
||||
if (roles || !ParserKeyword{"TO"}.ignore(pos, expected)
|
||||
|| !ParserExtendedRoleSet{}.useIDMode(id_mode).parse(pos, ast, expected))
|
||||
if (roles || !ParserKeyword{"TO"}.ignore(pos, expected))
|
||||
return false;
|
||||
|
||||
roles = std::static_pointer_cast<ASTExtendedRoleSet>(ast);
|
||||
ParserRolesOrUsersSet roles_p;
|
||||
roles_p.allowAll().allowRoleNames().allowUserNames().allowCurrentUser().useIDMode(id_mode);
|
||||
if (!roles_p.parse(pos, ast, expected))
|
||||
return false;
|
||||
|
||||
roles = std::static_pointer_cast<ASTRolesOrUsersSet>(ast);
|
||||
return true;
|
||||
});
|
||||
}
|
||||
@ -259,7 +263,7 @@ bool ParserCreateRowPolicyQuery::parseImpl(Pos & pos, ASTPtr & node, Expected &
|
||||
break;
|
||||
}
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> roles;
|
||||
parseToRoles(pos, expected, attach_mode, roles);
|
||||
|
||||
if (cluster.empty())
|
||||
|
@ -24,7 +24,7 @@ namespace DB
|
||||
class ParserCreateRowPolicyQuery : public IParserBase
|
||||
{
|
||||
public:
|
||||
ParserCreateRowPolicyQuery & enableAttachMode(bool enable_) { attach_mode = enable_; return *this; }
|
||||
void useAttachMode(bool attach_mode_ = true) { attach_mode = attach_mode_; }
|
||||
|
||||
protected:
|
||||
const char * getName() const override { return "CREATE ROW POLICY or ALTER ROW POLICY query"; }
|
||||
|
@ -5,8 +5,8 @@
|
||||
#include <Parsers/ASTLiteral.h>
|
||||
#include <Parsers/ASTSettingsProfileElement.h>
|
||||
#include <Parsers/ParserSettingsProfileElement.h>
|
||||
#include <Parsers/ParserExtendedRoleSet.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ParserRolesOrUsersSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/parseIdentifierOrStringLiteral.h>
|
||||
|
||||
|
||||
@ -33,7 +33,9 @@ namespace
|
||||
return false;
|
||||
|
||||
ASTPtr new_settings_ast;
|
||||
if (!ParserSettingsProfileElements{}.useIDMode(id_mode).enableInheritKeyword(true).parse(pos, new_settings_ast, expected))
|
||||
ParserSettingsProfileElements elements_p;
|
||||
elements_p.useInheritKeyword(true).useIDMode(id_mode);
|
||||
if (!elements_p.parse(pos, new_settings_ast, expected))
|
||||
return false;
|
||||
|
||||
if (!settings)
|
||||
@ -44,16 +46,20 @@ namespace
|
||||
});
|
||||
}
|
||||
|
||||
bool parseToRoles(IParserBase::Pos & pos, Expected & expected, bool id_mode, std::shared_ptr<ASTExtendedRoleSet> & roles)
|
||||
bool parseToRoles(IParserBase::Pos & pos, Expected & expected, bool id_mode, std::shared_ptr<ASTRolesOrUsersSet> & roles)
|
||||
{
|
||||
return IParserBase::wrapParseImpl(pos, [&]
|
||||
{
|
||||
ASTPtr ast;
|
||||
if (roles || !ParserKeyword{"TO"}.ignore(pos, expected)
|
||||
|| !ParserExtendedRoleSet{}.useIDMode(id_mode).parse(pos, ast, expected))
|
||||
if (roles || !ParserKeyword{"TO"}.ignore(pos, expected))
|
||||
return false;
|
||||
|
||||
roles = std::static_pointer_cast<ASTExtendedRoleSet>(ast);
|
||||
ParserRolesOrUsersSet roles_p;
|
||||
roles_p.allowAll().allowRoleNames().allowUserNames().allowCurrentUser().useIDMode(id_mode);
|
||||
if (!roles_p.parse(pos, ast, expected))
|
||||
return false;
|
||||
|
||||
roles = std::static_pointer_cast<ASTRolesOrUsersSet>(ast);
|
||||
return true;
|
||||
});
|
||||
}
|
||||
@ -122,7 +128,7 @@ bool ParserCreateSettingsProfileQuery::parseImpl(Pos & pos, ASTPtr & node, Expec
|
||||
break;
|
||||
}
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> to_roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> to_roles;
|
||||
parseToRoles(pos, expected, attach_mode, to_roles);
|
||||
|
||||
if (cluster.empty())
|
||||
|
@ -16,7 +16,7 @@ namespace DB
|
||||
class ParserCreateSettingsProfileQuery : public IParserBase
|
||||
{
|
||||
public:
|
||||
ParserCreateSettingsProfileQuery & enableAttachMode(bool enable) { attach_mode = enable; return *this; }
|
||||
void useAttachMode(bool attach_mode_ = true) { attach_mode = attach_mode_; }
|
||||
|
||||
protected:
|
||||
const char * getName() const override { return "CREATE SETTINGS PROFILE or ALTER SETTINGS PROFILE query"; }
|
||||
|
@ -7,9 +7,9 @@
|
||||
#include <Parsers/ExpressionListParsers.h>
|
||||
#include <Parsers/ASTLiteral.h>
|
||||
#include <Parsers/ASTUserNameWithHost.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/ParserUserNameWithHost.h>
|
||||
#include <Parsers/ParserExtendedRoleSet.h>
|
||||
#include <Parsers/ParserRolesOrUsersSet.h>
|
||||
#include <Parsers/ASTSettingsProfileElement.h>
|
||||
#include <Parsers/ParserSettingsProfileElement.h>
|
||||
#include <ext/range.h>
|
||||
@ -186,7 +186,7 @@ namespace
|
||||
}
|
||||
|
||||
|
||||
bool parseDefaultRoles(IParserBase::Pos & pos, Expected & expected, bool id_mode, std::shared_ptr<ASTExtendedRoleSet> & default_roles)
|
||||
bool parseDefaultRoles(IParserBase::Pos & pos, Expected & expected, bool id_mode, std::shared_ptr<ASTRolesOrUsersSet> & default_roles)
|
||||
{
|
||||
return IParserBase::wrapParseImpl(pos, [&]
|
||||
{
|
||||
@ -194,11 +194,13 @@ namespace
|
||||
return false;
|
||||
|
||||
ASTPtr ast;
|
||||
if (!ParserExtendedRoleSet{}.enableCurrentUserKeyword(false).useIDMode(id_mode).parse(pos, ast, expected))
|
||||
ParserRolesOrUsersSet default_roles_p;
|
||||
default_roles_p.allowAll().allowRoleNames().useIDMode(id_mode);
|
||||
if (!default_roles_p.parse(pos, ast, expected))
|
||||
return false;
|
||||
|
||||
default_roles = typeid_cast<std::shared_ptr<ASTExtendedRoleSet>>(ast);
|
||||
default_roles->can_contain_users = false;
|
||||
default_roles = typeid_cast<std::shared_ptr<ASTRolesOrUsersSet>>(ast);
|
||||
default_roles->allow_user_names = false;
|
||||
return true;
|
||||
});
|
||||
}
|
||||
@ -212,7 +214,9 @@ namespace
|
||||
return false;
|
||||
|
||||
ASTPtr new_settings_ast;
|
||||
if (!ParserSettingsProfileElements{}.useIDMode(id_mode).parse(pos, new_settings_ast, expected))
|
||||
ParserSettingsProfileElements elements_p;
|
||||
elements_p.useInheritKeyword(true).useIDMode(id_mode);
|
||||
if (!elements_p.parse(pos, new_settings_ast, expected))
|
||||
return false;
|
||||
|
||||
if (!settings)
|
||||
@ -276,7 +280,7 @@ bool ParserCreateUserQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expec
|
||||
std::optional<AllowedClientHosts> hosts;
|
||||
std::optional<AllowedClientHosts> add_hosts;
|
||||
std::optional<AllowedClientHosts> remove_hosts;
|
||||
std::shared_ptr<ASTExtendedRoleSet> default_roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> default_roles;
|
||||
std::shared_ptr<ASTSettingsProfileElements> settings;
|
||||
String cluster;
|
||||
|
||||
|
@ -20,7 +20,7 @@ namespace DB
|
||||
class ParserCreateUserQuery : public IParserBase
|
||||
{
|
||||
public:
|
||||
ParserCreateUserQuery & enableAttachMode(bool enable) { attach_mode = enable; return *this; }
|
||||
ParserCreateUserQuery & useAttachMode(bool attach_mode_ = true) { attach_mode = attach_mode_; return *this; }
|
||||
|
||||
protected:
|
||||
const char * getName() const override { return "CREATE USER or ALTER USER query"; }
|
||||
|
@ -1,28 +0,0 @@
|
||||
#pragma once
|
||||
|
||||
#include <Parsers/IParserBase.h>
|
||||
|
||||
|
||||
namespace DB
|
||||
{
|
||||
/** Parses a string like this:
|
||||
* {role|CURRENT_USER} [,...] | NONE | ALL | ALL EXCEPT {role|CURRENT_USER} [,...]
|
||||
*/
|
||||
class ParserExtendedRoleSet : public IParserBase
|
||||
{
|
||||
public:
|
||||
ParserExtendedRoleSet & enableAllKeyword(bool enable_) { all_keyword = enable_; return *this; }
|
||||
ParserExtendedRoleSet & enableCurrentUserKeyword(bool enable_) { current_user_keyword = enable_; return *this; }
|
||||
ParserExtendedRoleSet & useIDMode(bool enable_) { id_mode = enable_; return *this; }
|
||||
|
||||
protected:
|
||||
const char * getName() const override { return "ExtendedRoleSet"; }
|
||||
bool parseImpl(Pos & pos, ASTPtr & node, Expected & expected) override;
|
||||
|
||||
private:
|
||||
bool all_keyword = true;
|
||||
bool current_user_keyword = true;
|
||||
bool id_mode = false;
|
||||
};
|
||||
|
||||
}
|
@ -1,10 +1,10 @@
|
||||
#include <Parsers/ParserGrantQuery.h>
|
||||
#include <Parsers/ASTGrantQuery.h>
|
||||
#include <Parsers/ASTIdentifier.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/CommonParsers.h>
|
||||
#include <Parsers/ExpressionElementParsers.h>
|
||||
#include <Parsers/ParserExtendedRoleSet.h>
|
||||
#include <Parsers/ParserRolesOrUsersSet.h>
|
||||
#include <boost/algorithm/string/predicate.hpp>
|
||||
|
||||
|
||||
@ -199,21 +199,23 @@ namespace
|
||||
}
|
||||
|
||||
|
||||
bool parseRoles(IParser::Pos & pos, Expected & expected, bool id_mode, std::shared_ptr<ASTExtendedRoleSet> & roles)
|
||||
bool parseRoles(IParser::Pos & pos, Expected & expected, bool id_mode, std::shared_ptr<ASTRolesOrUsersSet> & roles)
|
||||
{
|
||||
return IParserBase::wrapParseImpl(pos, [&]
|
||||
{
|
||||
ASTPtr ast;
|
||||
if (!ParserExtendedRoleSet{}.enableAllKeyword(false).enableCurrentUserKeyword(false).useIDMode(id_mode).parse(pos, ast, expected))
|
||||
ParserRolesOrUsersSet roles_p;
|
||||
roles_p.allowRoleNames().useIDMode(id_mode);
|
||||
if (!roles_p.parse(pos, ast, expected))
|
||||
return false;
|
||||
|
||||
roles = typeid_cast<std::shared_ptr<ASTExtendedRoleSet>>(ast);
|
||||
roles = typeid_cast<std::shared_ptr<ASTRolesOrUsersSet>>(ast);
|
||||
return true;
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
bool parseToRoles(IParser::Pos & pos, Expected & expected, ASTGrantQuery::Kind kind, std::shared_ptr<ASTExtendedRoleSet> & to_roles)
|
||||
bool parseToRoles(IParser::Pos & pos, Expected & expected, ASTGrantQuery::Kind kind, std::shared_ptr<ASTRolesOrUsersSet> & to_roles)
|
||||
{
|
||||
return IParserBase::wrapParseImpl(pos, [&]
|
||||
{
|
||||
@ -230,10 +232,12 @@ namespace
|
||||
}
|
||||
|
||||
ASTPtr ast;
|
||||
if (!ParserExtendedRoleSet{}.enableAllKeyword(kind == Kind::REVOKE).parse(pos, ast, expected))
|
||||
ParserRolesOrUsersSet roles_p;
|
||||
roles_p.allowRoleNames().allowUserNames().allowCurrentUser().allowAll(kind == Kind::REVOKE);
|
||||
if (!roles_p.parse(pos, ast, expected))
|
||||
return false;
|
||||
|
||||
to_roles = typeid_cast<std::shared_ptr<ASTExtendedRoleSet>>(ast);
|
||||
to_roles = typeid_cast<std::shared_ptr<ASTRolesOrUsersSet>>(ast);
|
||||
return true;
|
||||
});
|
||||
}
|
||||
@ -282,14 +286,14 @@ bool ParserGrantQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expected)
|
||||
}
|
||||
|
||||
AccessRightsElements elements;
|
||||
std::shared_ptr<ASTExtendedRoleSet> roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> roles;
|
||||
if (!parseAccessRightsElements(pos, expected, elements) && !parseRoles(pos, expected, attach, roles))
|
||||
return false;
|
||||
|
||||
if (cluster.empty())
|
||||
parseOnCluster(pos, expected, cluster);
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> to_roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> to_roles;
|
||||
if (!parseToRoles(pos, expected, kind, to_roles))
|
||||
return false;
|
||||
|
||||
|
@ -12,7 +12,7 @@ namespace DB
|
||||
class ParserGrantQuery : public IParserBase
|
||||
{
|
||||
public:
|
||||
ParserGrantQuery & enableAttachMode(bool enable) { attach_mode = enable; return *this; }
|
||||
ParserGrantQuery & useAttachMode(bool attach_mode_ = true) { attach_mode = attach_mode_; return *this; }
|
||||
|
||||
protected:
|
||||
const char * getName() const override { return "GRANT or REVOKE query"; }
|
||||
|
@ -1,8 +1,8 @@
|
||||
#include <Parsers/ParserExtendedRoleSet.h>
|
||||
#include <Parsers/ParserRolesOrUsersSet.h>
|
||||
#include <Parsers/CommonParsers.h>
|
||||
#include <Parsers/ExpressionElementParsers.h>
|
||||
#include <Parsers/ASTLiteral.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/parseUserName.h>
|
||||
#include <boost/range/algorithm/find.hpp>
|
||||
|
||||
@ -39,8 +39,8 @@ namespace
|
||||
IParserBase::Pos & pos,
|
||||
Expected & expected,
|
||||
bool id_mode,
|
||||
bool all_keyword_enabled,
|
||||
bool current_user_keyword_enabled,
|
||||
bool allow_all,
|
||||
bool allow_current_user_tag,
|
||||
Strings & names,
|
||||
bool & all,
|
||||
bool & current_user)
|
||||
@ -56,7 +56,7 @@ namespace
|
||||
{
|
||||
}
|
||||
else if (
|
||||
current_user_keyword_enabled
|
||||
allow_current_user_tag
|
||||
&& (ParserKeyword{"CURRENT_USER"}.ignore(pos, expected) || ParserKeyword{"currentUser"}.ignore(pos, expected)))
|
||||
{
|
||||
if (ParserToken{TokenType::OpeningRoundBracket}.ignore(pos, expected))
|
||||
@ -66,7 +66,7 @@ namespace
|
||||
}
|
||||
res_current_user = true;
|
||||
}
|
||||
else if (all_keyword_enabled && ParserKeyword{"ALL"}.ignore(pos, expected))
|
||||
else if (allow_all && ParserKeyword{"ALL"}.ignore(pos, expected))
|
||||
{
|
||||
res_all = true;
|
||||
}
|
||||
@ -93,7 +93,7 @@ namespace
|
||||
IParserBase::Pos & pos,
|
||||
Expected & expected,
|
||||
bool id_mode,
|
||||
bool current_user_keyword_enabled,
|
||||
bool allow_current_user_tag,
|
||||
Strings & except_names,
|
||||
bool & except_current_user)
|
||||
{
|
||||
@ -103,13 +103,13 @@ namespace
|
||||
return false;
|
||||
|
||||
bool dummy;
|
||||
return parseBeforeExcept(pos, expected, id_mode, false, current_user_keyword_enabled, except_names, dummy, except_current_user);
|
||||
return parseBeforeExcept(pos, expected, id_mode, false, allow_current_user_tag, except_names, dummy, except_current_user);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
bool ParserExtendedRoleSet::parseImpl(Pos & pos, ASTPtr & node, Expected & expected)
|
||||
bool ParserRolesOrUsersSet::parseImpl(Pos & pos, ASTPtr & node, Expected & expected)
|
||||
{
|
||||
Strings names;
|
||||
bool current_user = false;
|
||||
@ -117,21 +117,23 @@ bool ParserExtendedRoleSet::parseImpl(Pos & pos, ASTPtr & node, Expected & expec
|
||||
Strings except_names;
|
||||
bool except_current_user = false;
|
||||
|
||||
if (!parseBeforeExcept(pos, expected, id_mode, all_keyword, current_user_keyword, names, all, current_user))
|
||||
if (!parseBeforeExcept(pos, expected, id_mode, allow_all, allow_current_user, names, all, current_user))
|
||||
return false;
|
||||
|
||||
parseExceptAndAfterExcept(pos, expected, id_mode, current_user_keyword, except_names, except_current_user);
|
||||
parseExceptAndAfterExcept(pos, expected, id_mode, allow_current_user, except_names, except_current_user);
|
||||
|
||||
if (all)
|
||||
names.clear();
|
||||
|
||||
auto result = std::make_shared<ASTExtendedRoleSet>();
|
||||
auto result = std::make_shared<ASTRolesOrUsersSet>();
|
||||
result->names = std::move(names);
|
||||
result->current_user = current_user;
|
||||
result->all = all;
|
||||
result->except_names = std::move(except_names);
|
||||
result->except_current_user = except_current_user;
|
||||
result->id_mode = id_mode;
|
||||
result->allow_user_names = allow_user_names;
|
||||
result->allow_role_names = allow_role_names;
|
||||
node = result;
|
||||
return true;
|
||||
}
|
32
src/Parsers/ParserRolesOrUsersSet.h
Normal file
32
src/Parsers/ParserRolesOrUsersSet.h
Normal file
@ -0,0 +1,32 @@
|
||||
#pragma once
|
||||
|
||||
#include <Parsers/IParserBase.h>
|
||||
|
||||
|
||||
namespace DB
|
||||
{
|
||||
/** Parses a string like this:
|
||||
* {role|CURRENT_USER} [,...] | NONE | ALL | ALL EXCEPT {role|CURRENT_USER} [,...]
|
||||
*/
|
||||
class ParserRolesOrUsersSet : public IParserBase
|
||||
{
|
||||
public:
|
||||
ParserRolesOrUsersSet & allowAll(bool allow_all_ = true) { allow_all = allow_all_; return *this; }
|
||||
ParserRolesOrUsersSet & allowUserNames(bool allow_user_names_ = true) { allow_user_names = allow_user_names_; return *this; }
|
||||
ParserRolesOrUsersSet & allowRoleNames(bool allow_role_names_ = true) { allow_role_names = allow_role_names_; return *this; }
|
||||
ParserRolesOrUsersSet & allowCurrentUser(bool allow_current_user_ = true) { allow_current_user = allow_current_user_; return *this; }
|
||||
ParserRolesOrUsersSet & useIDMode(bool id_mode_ = true) { id_mode = id_mode_; return *this; }
|
||||
|
||||
protected:
|
||||
const char * getName() const override { return "RolesOrUsersSet"; }
|
||||
bool parseImpl(Pos & pos, ASTPtr & node, Expected & expected) override;
|
||||
|
||||
private:
|
||||
bool allow_all = false;
|
||||
bool allow_user_names = false;
|
||||
bool allow_role_names = false;
|
||||
bool allow_current_user = false;
|
||||
bool id_mode = false;
|
||||
};
|
||||
|
||||
}
|
@ -1,29 +1,31 @@
|
||||
#include <Parsers/ParserSetRoleQuery.h>
|
||||
#include <Parsers/ASTSetRoleQuery.h>
|
||||
#include <Parsers/CommonParsers.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ParserExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Parsers/ParserRolesOrUsersSet.h>
|
||||
|
||||
|
||||
namespace DB
|
||||
{
|
||||
namespace
|
||||
{
|
||||
bool parseRoles(IParserBase::Pos & pos, Expected & expected, std::shared_ptr<ASTExtendedRoleSet> & roles)
|
||||
bool parseRoles(IParserBase::Pos & pos, Expected & expected, std::shared_ptr<ASTRolesOrUsersSet> & roles)
|
||||
{
|
||||
return IParserBase::wrapParseImpl(pos, [&]
|
||||
{
|
||||
ASTPtr ast;
|
||||
if (!ParserExtendedRoleSet{}.enableCurrentUserKeyword(false).parse(pos, ast, expected))
|
||||
ParserRolesOrUsersSet roles_p;
|
||||
roles_p.allowRoleNames().allowAll();
|
||||
if (!roles_p.parse(pos, ast, expected))
|
||||
return false;
|
||||
|
||||
roles = typeid_cast<std::shared_ptr<ASTExtendedRoleSet>>(ast);
|
||||
roles->can_contain_users = false;
|
||||
roles = typeid_cast<std::shared_ptr<ASTRolesOrUsersSet>>(ast);
|
||||
roles->allow_user_names = false;
|
||||
return true;
|
||||
});
|
||||
}
|
||||
|
||||
bool parseToUsers(IParserBase::Pos & pos, Expected & expected, std::shared_ptr<ASTExtendedRoleSet> & to_users)
|
||||
bool parseToUsers(IParserBase::Pos & pos, Expected & expected, std::shared_ptr<ASTRolesOrUsersSet> & to_users)
|
||||
{
|
||||
return IParserBase::wrapParseImpl(pos, [&]
|
||||
{
|
||||
@ -31,11 +33,13 @@ namespace
|
||||
return false;
|
||||
|
||||
ASTPtr ast;
|
||||
if (!ParserExtendedRoleSet{}.enableAllKeyword(false).parse(pos, ast, expected))
|
||||
ParserRolesOrUsersSet users_p;
|
||||
users_p.allowUserNames().allowCurrentUser();
|
||||
if (!users_p.parse(pos, ast, expected))
|
||||
return false;
|
||||
|
||||
to_users = typeid_cast<std::shared_ptr<ASTExtendedRoleSet>>(ast);
|
||||
to_users->can_contain_roles = false;
|
||||
to_users = typeid_cast<std::shared_ptr<ASTRolesOrUsersSet>>(ast);
|
||||
to_users->allow_role_names = false;
|
||||
return true;
|
||||
});
|
||||
}
|
||||
@ -55,8 +59,8 @@ bool ParserSetRoleQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expected
|
||||
else
|
||||
return false;
|
||||
|
||||
std::shared_ptr<ASTExtendedRoleSet> roles;
|
||||
std::shared_ptr<ASTExtendedRoleSet> to_users;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> roles;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> to_users;
|
||||
|
||||
if ((kind == Kind::SET_ROLE) || (kind == Kind::SET_DEFAULT_ROLE))
|
||||
{
|
||||
|
@ -109,7 +109,7 @@ bool ParserSettingsProfileElement::parseImpl(Pos & pos, ASTPtr & node, Expected
|
||||
std::optional<bool> readonly;
|
||||
|
||||
if (ParserKeyword{"PROFILE"}.ignore(pos, expected) ||
|
||||
(enable_inherit_keyword && ParserKeyword{"INHERIT"}.ignore(pos, expected)))
|
||||
(use_inherit_keyword && ParserKeyword{"INHERIT"}.ignore(pos, expected)))
|
||||
{
|
||||
if (!parseProfileNameOrID(pos, expected, id_mode, parent_profile))
|
||||
return false;
|
||||
@ -140,7 +140,7 @@ bool ParserSettingsProfileElement::parseImpl(Pos & pos, ASTPtr & node, Expected
|
||||
result->max_value = std::move(max_value);
|
||||
result->readonly = readonly;
|
||||
result->id_mode = id_mode;
|
||||
result->use_inherit_keyword = enable_inherit_keyword;
|
||||
result->use_inherit_keyword = use_inherit_keyword;
|
||||
node = result;
|
||||
return true;
|
||||
}
|
||||
@ -155,10 +155,12 @@ bool ParserSettingsProfileElements::parseImpl(Pos & pos, ASTPtr & node, Expected
|
||||
}
|
||||
else
|
||||
{
|
||||
ParserSettingsProfileElement element_p;
|
||||
element_p.useIDMode(id_mode).useInheritKeyword(use_inherit_keyword);
|
||||
do
|
||||
{
|
||||
ASTPtr ast;
|
||||
if (!ParserSettingsProfileElement{}.useIDMode(id_mode).enableInheritKeyword(enable_inherit_keyword).parse(pos, ast, expected))
|
||||
if (!element_p.parse(pos, ast, expected))
|
||||
return false;
|
||||
auto element = typeid_cast<std::shared_ptr<ASTSettingsProfileElement>>(ast);
|
||||
elements.push_back(std::move(element));
|
||||
|
@ -11,8 +11,8 @@ namespace DB
|
||||
class ParserSettingsProfileElement : public IParserBase
|
||||
{
|
||||
public:
|
||||
ParserSettingsProfileElement & useIDMode(bool enable_) { id_mode = enable_; return *this; }
|
||||
ParserSettingsProfileElement & enableInheritKeyword(bool enable_) { enable_inherit_keyword = enable_; return *this; }
|
||||
ParserSettingsProfileElement & useIDMode(bool id_mode_ = true) { id_mode = id_mode_; return *this; }
|
||||
ParserSettingsProfileElement & useInheritKeyword(bool use_inherit_keyword_ = true) { use_inherit_keyword = use_inherit_keyword_; return *this; }
|
||||
|
||||
protected:
|
||||
const char * getName() const override { return "SettingsProfileElement"; }
|
||||
@ -20,15 +20,15 @@ protected:
|
||||
|
||||
private:
|
||||
bool id_mode = false;
|
||||
bool enable_inherit_keyword = false;
|
||||
bool use_inherit_keyword = false;
|
||||
};
|
||||
|
||||
|
||||
class ParserSettingsProfileElements : public IParserBase
|
||||
{
|
||||
public:
|
||||
ParserSettingsProfileElements & useIDMode(bool enable_) { id_mode = enable_; return *this; }
|
||||
ParserSettingsProfileElements & enableInheritKeyword(bool enable_) { enable_inherit_keyword = enable_; return *this; }
|
||||
ParserSettingsProfileElements & useIDMode(bool id_mode_ = true) { id_mode = id_mode_; return *this; }
|
||||
ParserSettingsProfileElements & useInheritKeyword(bool use_inherit_keyword_ = true) { use_inherit_keyword = use_inherit_keyword_; return *this; }
|
||||
|
||||
protected:
|
||||
const char * getName() const override { return "SettingsProfileElements"; }
|
||||
@ -36,7 +36,7 @@ protected:
|
||||
|
||||
private:
|
||||
bool id_mode = false;
|
||||
bool enable_inherit_keyword = false;
|
||||
bool use_inherit_keyword = false;
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -21,7 +21,6 @@ SRCS(
|
||||
ASTDropAccessEntityQuery.cpp
|
||||
ASTDropQuery.cpp
|
||||
ASTExpressionList.cpp
|
||||
ASTExtendedRoleSet.cpp
|
||||
ASTFunction.cpp
|
||||
ASTFunctionWithKeyValueArguments.cpp
|
||||
ASTGrantQuery.cpp
|
||||
@ -37,6 +36,7 @@ SRCS(
|
||||
ASTQueryWithOnCluster.cpp
|
||||
ASTQueryWithOutput.cpp
|
||||
ASTQueryWithTableAndOutput.cpp
|
||||
ASTRolesOrUsersSet.cpp
|
||||
ASTRowPolicyName.cpp
|
||||
ASTSampleRatio.cpp
|
||||
ASTSelectQuery.cpp
|
||||
@ -81,7 +81,6 @@ SRCS(
|
||||
ParserDictionaryAttributeDeclaration.cpp
|
||||
ParserDropAccessEntityQuery.cpp
|
||||
ParserDropQuery.cpp
|
||||
ParserExtendedRoleSet.cpp
|
||||
ParserGrantQuery.cpp
|
||||
ParserInsertQuery.cpp
|
||||
ParserKillQueryQuery.cpp
|
||||
@ -90,6 +89,7 @@ SRCS(
|
||||
ParserQuery.cpp
|
||||
ParserQueryWithOutput.cpp
|
||||
ParserRenameQuery.cpp
|
||||
ParserRolesOrUsersSet.cpp
|
||||
ParserRowPolicyName.cpp
|
||||
ParserSampleRatio.cpp
|
||||
ParserSelectQuery.cpp
|
||||
|
@ -9,7 +9,7 @@
|
||||
#include <Columns/ColumnsNumber.h>
|
||||
#include <Columns/ColumnNullable.h>
|
||||
#include <Interpreters/Context.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Access/AccessControlManager.h>
|
||||
#include <Access/SettingsProfile.h>
|
||||
#include <Access/AccessFlags.h>
|
||||
|
@ -8,7 +8,7 @@
|
||||
#include <Columns/ColumnString.h>
|
||||
#include <Columns/ColumnsNumber.h>
|
||||
#include <Interpreters/Context.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Access/AccessControlManager.h>
|
||||
#include <Access/Quota.h>
|
||||
#include <Access/AccessFlags.h>
|
||||
@ -72,7 +72,7 @@ void StorageSystemQuotas::fillData(MutableColumns & res_columns, const Context &
|
||||
const String & storage_name,
|
||||
const std::vector<Quota::Limits> & all_limits,
|
||||
KeyType key_type,
|
||||
const ExtendedRoleSet & apply_to)
|
||||
const RolesOrUsersSet & apply_to)
|
||||
{
|
||||
column_name.insertData(name.data(), name.length());
|
||||
column_id.push_back(id);
|
||||
|
@ -78,7 +78,7 @@ void StorageSystemRoleGrants::fillData(MutableColumns & res_columns, const Conte
|
||||
auto add_rows = [&](const String & grantee_name,
|
||||
IAccessEntity::Type grantee_type,
|
||||
const GrantedRoles & granted_roles,
|
||||
const ExtendedRoleSet * default_roles)
|
||||
const RolesOrUsersSet * default_roles)
|
||||
{
|
||||
for (const auto & role_id : granted_roles.roles)
|
||||
{
|
||||
@ -99,7 +99,7 @@ void StorageSystemRoleGrants::fillData(MutableColumns & res_columns, const Conte
|
||||
continue;
|
||||
|
||||
const GrantedRoles * granted_roles = nullptr;
|
||||
const ExtendedRoleSet * default_roles = nullptr;
|
||||
const RolesOrUsersSet * default_roles = nullptr;
|
||||
if (auto role = typeid_cast<RolePtr>(entity))
|
||||
granted_roles = &role->granted_roles;
|
||||
else if (auto user = typeid_cast<UserPtr>(entity))
|
||||
|
@ -9,7 +9,7 @@
|
||||
#include <Columns/ColumnArray.h>
|
||||
#include <Columns/ColumnNullable.h>
|
||||
#include <Interpreters/Context.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Access/AccessControlManager.h>
|
||||
#include <Access/RowPolicy.h>
|
||||
#include <Access/AccessFlags.h>
|
||||
@ -87,7 +87,7 @@ void StorageSystemRowPolicies::fillData(MutableColumns & res_columns, const Cont
|
||||
const String & storage_name,
|
||||
const std::array<String, MAX_CONDITION_TYPE> & conditions,
|
||||
bool is_restrictive,
|
||||
const ExtendedRoleSet & apply_to)
|
||||
const RolesOrUsersSet & apply_to)
|
||||
{
|
||||
column_name.insertData(name.data(), name.length());
|
||||
column_short_name.insertData(name_parts.short_name.data(), name_parts.short_name.length());
|
||||
|
@ -7,7 +7,7 @@
|
||||
#include <Columns/ColumnString.h>
|
||||
#include <Columns/ColumnsNumber.h>
|
||||
#include <Interpreters/Context.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Access/AccessControlManager.h>
|
||||
#include <Access/SettingsProfile.h>
|
||||
#include <Access/AccessFlags.h>
|
||||
@ -51,7 +51,7 @@ void StorageSystemSettingsProfiles::fillData(MutableColumns & res_columns, const
|
||||
const UUID & id,
|
||||
const String & storage_name,
|
||||
const SettingsProfileElements & elements,
|
||||
const ExtendedRoleSet & apply_to)
|
||||
const RolesOrUsersSet & apply_to)
|
||||
{
|
||||
column_name.insertData(name.data(), name.length());
|
||||
column_id.push_back(id);
|
||||
|
@ -8,7 +8,7 @@
|
||||
#include <Columns/ColumnString.h>
|
||||
#include <Columns/ColumnsNumber.h>
|
||||
#include <Interpreters/Context.h>
|
||||
#include <Parsers/ASTExtendedRoleSet.h>
|
||||
#include <Parsers/ASTRolesOrUsersSet.h>
|
||||
#include <Access/AccessControlManager.h>
|
||||
#include <Access/User.h>
|
||||
#include <Access/AccessFlags.h>
|
||||
@ -80,7 +80,7 @@ void StorageSystemUsers::fillData(MutableColumns & res_columns, const Context &
|
||||
const String & storage_name,
|
||||
const Authentication & authentication,
|
||||
const AllowedClientHosts & allowed_hosts,
|
||||
const ExtendedRoleSet & default_roles)
|
||||
const RolesOrUsersSet & default_roles)
|
||||
{
|
||||
column_name.insertData(name.data(), name.length());
|
||||
column_id.push_back(id);
|
||||
|
Loading…
Reference in New Issue
Block a user