mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-09-19 16:20:50 +00:00
make sure all alters except id related are allowed even if state of user is invalid afterwards
This commit is contained in:
parent
4fd19c3ad9
commit
d7d40db036
@ -82,19 +82,6 @@ namespace
|
||||
user.authentication_methods.clear();
|
||||
}
|
||||
|
||||
auto number_of_authentication_methods = user.authentication_methods.size() + authentication_methods.size();
|
||||
if (number_of_authentication_methods > max_number_of_authentication_methods)
|
||||
{
|
||||
throw Exception(ErrorCodes::BAD_ARGUMENTS,
|
||||
"User can not be created/updated because it exceeds the allowed quantity of authentication methods per user."
|
||||
"Check the `max_authentication_methods_per_user` setting");
|
||||
}
|
||||
|
||||
for (const auto & authentication_method : authentication_methods)
|
||||
{
|
||||
user.authentication_methods.emplace_back(authentication_method);
|
||||
}
|
||||
|
||||
// drop existing ones and keep the most recent
|
||||
if (reset_authentication_methods)
|
||||
{
|
||||
@ -103,6 +90,24 @@ namespace
|
||||
user.authentication_methods.emplace_back(backup_authentication_method);
|
||||
}
|
||||
|
||||
if (!authentication_methods.empty())
|
||||
{
|
||||
// we only check if user exceeds the allowed quantity of authentication methods in case the create/alter query includes
|
||||
// authentication information. Otherwise, we can bypass this check to avoid blocking non-authentication related alters.
|
||||
auto number_of_authentication_methods = user.authentication_methods.size() + authentication_methods.size();
|
||||
if (number_of_authentication_methods > max_number_of_authentication_methods)
|
||||
{
|
||||
throw Exception(ErrorCodes::BAD_ARGUMENTS,
|
||||
"User can not be created/updated because it exceeds the allowed quantity of authentication methods per user."
|
||||
"Check the `max_authentication_methods_per_user` setting");
|
||||
}
|
||||
}
|
||||
|
||||
for (const auto & authentication_method : authentication_methods)
|
||||
{
|
||||
user.authentication_methods.emplace_back(authentication_method);
|
||||
}
|
||||
|
||||
if (!query.alter)
|
||||
{
|
||||
for (const auto & authentication_method : user.authentication_methods)
|
||||
|
Loading…
Reference in New Issue
Block a user