Merge pull request #24979 from nvartolomei/nv/parts-uuid-move-shard-acl

Part movement between shards ACL
2024-11-24 16:42:05 +00:00 · 2021-06-15 17:19:10 +03:00 · 2021-06-15 17:19:10 +03:00 · d68338a792
commit d68338a792
parent ca4628d31c af311c8642
3 changed files with 19 additions and 8 deletions
--- a/src/Access/AccessType.h
+++ b/src/Access/AccessType.h
@ -102,6 +102,9 @@ enum class AccessType
    M(KILL_QUERY, "", GLOBAL, ALL) /* allows to kill a query started by another user
                                      (anyone can kill his own queries) */\
    \
+    M(MOVE_PARTITION_BETWEEN_SHARDS, "", GLOBAL, ALL) /* required to be able to move a part/partition to a table
+                                                         identified by it's ZooKeeper path */\
+    \
    M(CREATE_USER, "", GLOBAL, ACCESS_MANAGEMENT) \
    M(ALTER_USER, "", GLOBAL, ACCESS_MANAGEMENT) \
    M(DROP_USER, "", GLOBAL, ACCESS_MANAGEMENT) \
--- a/src/Interpreters/InterpreterAlterQuery.cpp
+++ b/src/Interpreters/InterpreterAlterQuery.cpp
@ -288,15 +288,22 @@ AccessRightsElements InterpreterAlterQuery::getRequiredAccessForCommand(const AS
        }
        case ASTAlterCommand::MOVE_PARTITION:
        {
-            if ((command.move_destination_type == DataDestinationType::DISK)
-                || (command.move_destination_type == DataDestinationType::VOLUME))
+            switch (command.move_destination_type)
            {
+                case DataDestinationType::DISK: [[fallthrough]];
+                case DataDestinationType::VOLUME:
                    required_access.emplace_back(AccessType::ALTER_MOVE_PARTITION, database, table);
-            }
-            else if (command.move_destination_type == DataDestinationType::TABLE)
-            {
+                    break;
+                case DataDestinationType::TABLE:
                    required_access.emplace_back(AccessType::SELECT | AccessType::ALTER_DELETE, database, table);
                    required_access.emplace_back(AccessType::INSERT, command.to_database, command.to_table);
+                    break;
+                case DataDestinationType::SHARD:
+                    required_access.emplace_back(AccessType::SELECT | AccessType::ALTER_DELETE, database, table);
+                    required_access.emplace_back(AccessType::MOVE_PARTITION_BETWEEN_SHARDS);
+                    break;
+                case DataDestinationType::DELETE:
+                    throw Exception(ErrorCodes::LOGICAL_ERROR, "Unexpected destination type for command.");
            }
            break;
        }
--- a/tests/queries/0_stateless/01271_show_privileges.reference
+++ b/tests/queries/0_stateless/01271_show_privileges.reference
@ -54,6 +54,7 @@ DROP	[]	\N	ALL
 TRUNCATE	['TRUNCATE TABLE']	TABLE	ALL
 OPTIMIZE	['OPTIMIZE TABLE']	TABLE	ALL
 KILL QUERY	[]	GLOBAL	ALL
+MOVE PARTITION BETWEEN SHARDS	[]	GLOBAL	ALL
 CREATE USER	[]	GLOBAL	ACCESS MANAGEMENT
 ALTER USER	[]	GLOBAL	ACCESS MANAGEMENT
 DROP USER	[]	GLOBAL	ACCESS MANAGEMENT