thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-12-14 02:12:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
117,050 Commits 9,330 Branches 1,783 Tags 2.1 GiB
05811d3dd8
Commit Graph

47 Commits

Author SHA1 Message Date
serxa
006af1b6a4 constraints on merge tree settings 2022-12-02 19:30:14 +00:00
Vladimir Chebotaryov
d17b7387f9 Reworked changes to std::shared_ptr<const RowPolicyFilter>. 2022-10-27 10:42:55 +03:00
Vladimir Chebotaryov
4cabe1f57c Added applied row-level policies to system.query_log. 2022-10-27 10:41:47 +03:00
Robert Schulze
c185353bf0
Minor: remove unnecessary ContextAccess::make() method 2022-08-30 08:06:42 +00:00
Konstantin Morozov
d185b7a332 refactoring: public ctors 2022-08-29 20:19:20 +03:00
Konstantin Morozov
6636bdec2a refactoring: fix format 2022-08-29 07:44:40 +03:00
Konstantin Morozov
38a85ade27 refactoring: small up 2022-08-28 22:33:12 +03:00
Konstantin Morozov
08e9e799d0 refactoring: fix 2022-08-28 20:53:00 +03:00
Konstantin Morozov
75bd61fad5 Merge remote-tracking branch 'origin/ref/remove-unnecessary-allocation' into ref/remove-unnecessary-allocation 
# Conflicts:
#	src/Access/ContextAccess.cpp
#	src/Access/ContextAccess.h
 2022-08-28 20:50:29 +03:00
Konstantin Morozov
7cd2821aed refactoring: template make helper 2022-08-28 20:42:55 +03:00
Konstantin Morozov
4050ab819e refactoring: remove unnecessary allocation 2022-08-28 17:23:17 +03:00
Konstantin Morozov
d4d80dd3c1 refactoring: remove unnecessary allocation 2022-08-28 17:09:13 +03:00
avogar
9291d33080 Pass const std::string_view & by value, not by reference 2022-07-14 16:11:57 +00:00
Alexander Tokmakov
3d346c766a better code 2022-06-01 16:49:26 +02:00
Alexander Tokmakov
4e52f45695 Merge branch 'master' into fix_trash 2022-05-28 19:43:19 +02:00
Alexander Tokmakov
779e6ea0b9 make it better, fix on cluster queries 2022-05-25 20:17:49 +02:00
Vitaly Baranov
58f4a86ec7 Rework notifications used in access management. 2022-05-21 10:15:39 +02:00
Azat Khuzhin
01e1c5345a Add separate CLUSTER grant 
In case you have different roles for the same user on multiple clusters,
ON CLUSTER query can help to overcome some limitations.

Consider the following example:
- cluster_with_data, dev_user (readonly=2)
- stage_cluster, dev_user (readonly=0)

So when you will execute the following query from stage_cluster, it will
be successfully executed, since ON CLUSTER queries has different system
profile:

    DROP DATABASE default ON CLUSTER cluster_with_data

This is not 100% safe, but at least something.

Note, that right now only ON CLUSTER query it self is supported, but
separate clusters are not (i.e. GRANT CLUSTER some_cluster_name TO
default), since right now grants sticked to database+.

v2: on_cluster_queries_require_cluster_grant
v3: fix test and process flags as bit mask
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
 2022-05-16 13:57:45 +03:00
Robert Schulze
330212e0f4
Remove inherited create() method + disallow copying 
The original motivation for this commit was that shared_ptr_helper used
std::shared_ptr<>() which does two heap allocations instead of
make_shared<>() which does a single allocation. Turned out that
1. the affected code (--> Storages/) is not on a hot path (rendering the
performance argument moot ...)
2. yet copying Storage objects is potentially dangerous and was
   previously allowed.

Hence, this change

- removes shared_ptr_helper and as a result all inherited create() methods,

- instead, Storage objects are now created using make_shared<>() by the
  caller (for that to work, many constructors had to be made public), and

- all Storage classes were marked as noncopyable using boost::noncopyable.

In sum, we are (likely) not making things faster but the code becomes
cleaner and harder to misuse.
 2022-05-02 08:46:52 +02:00
Maksim Kita
e14cfd5dcd Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
huzhichengdd
33348454e2
Update ContextAccess.h 2022-01-13 15:21:09 +08:00
huzhichengdd
11a3a7889b
Update ContextAccess.h 2022-01-12 16:44:02 +08:00
huzhichengdd
4ffc898063
Update ContextAccess.h 2022-01-12 15:37:16 +08:00
huzhichengdd
5ffa16a8a6 fix ContextAccess constructor to avoid coredump 2022-01-10 02:31:55 +00:00
Vitaly Baranov
af56b20da7 Rename IAccessEntity::Type -> AccessEntityType and move it to Access/Common. 2021-11-19 02:48:00 +03:00
Vitaly Baranov
33ea7a7262 Rename RowPolicy::ConditionType -> RowPolicyFilterType and move it to Access/Common. 2021-11-19 00:14:23 +03:00
Vitaly Baranov
cb05c0504e Move more implementations from headers to cpp. 2021-11-02 22:38:32 +03:00
Vitaly Baranov
afe2c9c040 Rename AccessControlManager -> AccessControl. 2021-11-02 14:06:20 +03:00
Alexey Milovidov
fe6b7c77c7 Rename "common" to "base" 2021-10-02 10:13:14 +03:00
Vitaly Baranov
fabd7193bd Code cleanups and improvements. 2021-08-18 14:24:52 +03:00
Vitaly Baranov
7afcc65060 Add new functions currentProfiles(), enabledProfiles(), defaultProfiles(). 2021-07-22 22:20:53 +03:00
Vasily Nemkov
41278db6c3 Added support for getting current profiles at start. 
This is required to add system.session_log table.
 2021-07-19 11:50:41 +03:00
Vitaly Baranov
6c74b44729 Fix possible crash when login as dropped user. 2021-07-15 19:01:34 +03:00
Maksim Kita
67e9b85951 Merge ext into common 2021-06-16 23:28:41 +03:00
Vitaly Baranov
d6e0342c30 Improvements in implementations of the classes AccessRights and GrantedRoles. 2021-03-14 19:12:35 +03:00
Vitaly Baranov
a98e2311f8
Merge pull request #17908 from vitlibar/fix-checking-introspection-grants 
Fix checking introspection grants
 2020-12-14 12:10:17 +03:00
Vitaly Baranov
710ba6f617 Simplify class ContextAccess. 2020-12-11 16:38:45 +03:00
Alexey Milovidov
c9aa412151 Allow quotas to be keyed by proxy-forwarded IP address 2020-12-02 00:09:16 +03:00
Vitaly Baranov
eddd26cf3a Fix deadlock in InterpreterGrantQuery. 2020-10-13 01:03:47 +03:00
Vitaly Baranov
dbc837c148 IAccessStorage now can override the login() function. 2020-09-19 01:04:20 +03:00
Vitaly Baranov
03b36c262e Improve REVOKE command: now it requires only grant/admin option for only 
access which will be revoked.
REVOKE ALL FROM user1 now revokes all granted roles.
 2020-07-02 12:54:24 +03:00
Vitaly Baranov
c39eb8f71b Fix partial revokes (complex cases). 2020-06-30 18:47:02 +03:00
Vitaly Baranov
5b84121d81 Improve system tables for quotas. Remove function currentQuota(). 2020-05-13 19:40:48 +03:00
Vitaly Baranov
e64e2ebdf6 Improve system table for row policies. Remove function currentRowPolicies(). 2020-05-13 19:40:48 +03:00
Vitaly Baranov
c7213ab607 Use boost::flat_set instead of vector to store current and enabled roles. 2020-05-13 19:40:48 +03:00
Vitaly Baranov
2e55d44e57 Fix using the current database for access checking when the database isn't specified. 2020-04-11 20:13:56 +03:00
Ivan Lezhankin
06446b4f08 dbms/ → src/ 2020-04-03 18:14:31 +03:00