thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-23 08:02:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

GRANT CURRENT GRANTS implementation

Browse Source
This commit is contained in:
pufit 2023-03-30 18:15:08 -04:00
parent 3e9f4750f3
commit dacdbe469e
4 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Interpreters/Access/InterpreterGrantQuery.cpp
View File

@ -366,6 +366,13 @@ BlockIO InterpreterGrantQuery::execute()
AccessRightsElements elements_to_grant, elements_to_revoke;
collectAccessRightsElementsToGrantOrRevoke(query, elements_to_grant, elements_to_revoke);
if (query.current_grants)
{
AccessRights new_rights(elements_to_grant);
new_rights.makeIntersection(*current_user_access->getAccessRightsWithImplicit());
elements_to_grant = new_rights.getElements();
}
std::vector<UUID> roles_to_grant;
RolesOrUsersSet roles_to_revoke;
collectRolesToGrantOrRevoke(access_control, query, roles_to_grant, roles_to_revoke);

2
src/Parsers/Access/ASTGrantQuery.cpp
View File

@ -147,6 +147,8 @@ void ASTGrantQuery::formatImpl(const FormatSettings & settings, FormatState &, F
"ASTGrantQuery can contain either roles or access rights elements "
"to grant or revoke, not both of them");
}
else if (current_grants)
settings.ostr << (settings.hilite ? hilite_keyword : "") << " CURRENT GRANTS" << (settings.hilite ? hilite_none : "");
else
formatElementsWithoutOptions(access_rights_elements, settings);

2
src/Parsers/Access/ASTGrantQuery.h
View File

@ -26,6 +26,8 @@ public:
bool admin_option = false;
bool replace_access = false;
bool replace_granted_roles = false;
bool current_grants = false;
std::shared_ptr<ASTRolesOrUsersSet> grantees;
String getID(char) const override;

16
src/Parsers/Access/ParserGrantQuery.cpp
View File

@ -43,7 +43,6 @@ namespace
{
if (!str.empty())
str += " ";
std::string_view word{pos->begin, pos->size()};
str += std::string_view(pos->begin, pos->size());
++pos;
}
@ -284,8 +283,18 @@ bool ParserGrantQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expected)
AccessRightsElements elements;
std::shared_ptr<ASTRolesOrUsersSet> roles;
if (!parseElementsWithoutOptions(pos, expected, elements) && !parseRoles(pos, expected, is_revoke, attach_mode, roles))
return false;
bool current_grants = false;
if (!is_revoke && ParserKeyword{"CURRENT GRANTS"}.ignore(pos, expected))
{
current_grants = true;
elements.emplace_back(AccessType::ALL);
}
else
{
if (!parseElementsWithoutOptions(pos, expected, elements) && !parseRoles(pos, expected, is_revoke, attach_mode, roles))
return false;
}
if (cluster.empty())
parseOnCluster(pos, expected, cluster);
@ -353,6 +362,7 @@ bool ParserGrantQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expected)
query->admin_option = admin_option;
query->replace_access = replace_access;
query->replace_granted_roles = replace_role;
query->current_grants = current_grants;
return true;
}