#include #include #include #include #include #include #include #include #include #include #include namespace DB { namespace { void updateUserFromQueryImpl( User & user, const ASTCreateUserQuery & query, const std::shared_ptr & override_name, const std::optional & override_default_roles, const std::optional & override_settings) { if (override_name) user.setName(override_name->toString()); else if (!query.new_name.empty()) user.setName(query.new_name); else if (query.names->size() == 1) user.setName(query.names->front()->toString()); if (query.authentication) user.authentication = *query.authentication; if (override_name && !override_name->host_pattern.empty()) { user.allowed_client_hosts = AllowedClientHosts{}; user.allowed_client_hosts.addLikePattern(override_name->host_pattern); } else if (query.hosts) user.allowed_client_hosts = *query.hosts; if (query.remove_hosts) user.allowed_client_hosts.remove(*query.remove_hosts); if (query.add_hosts) user.allowed_client_hosts.add(*query.add_hosts); auto set_default_roles = [&](const RolesOrUsersSet & default_roles_) { if (!query.alter && !default_roles_.all) user.granted_roles.grant(default_roles_.getMatchingIDs()); InterpreterSetRoleQuery::updateUserSetDefaultRoles(user, default_roles_); }; if (override_default_roles) set_default_roles(*override_default_roles); else if (query.default_roles) set_default_roles(*query.default_roles); if (override_settings) user.settings = *override_settings; else if (query.settings) user.settings = *query.settings; } } BlockIO InterpreterCreateUserQuery::execute() { const auto & query = query_ptr->as(); auto & access_control = context.getAccessControlManager(); auto access = context.getAccess(); access->checkAccess(query.alter ? AccessType::ALTER_USER : AccessType::CREATE_USER); std::optional default_roles_from_query; if (query.default_roles) { default_roles_from_query = RolesOrUsersSet{*query.default_roles, access_control}; if (!query.alter && !default_roles_from_query->all) { for (const UUID & role : default_roles_from_query->getMatchingIDs()) access->checkAdminOption(role); } } if (!query.cluster.empty()) return executeDDLQueryOnCluster(query_ptr, context); std::optional settings_from_query; if (query.settings) settings_from_query = SettingsProfileElements{*query.settings, access_control}; if (query.alter) { auto update_func = [&](const AccessEntityPtr & entity) -> AccessEntityPtr { auto updated_user = typeid_cast>(entity->clone()); updateUserFromQueryImpl(*updated_user, query, {}, default_roles_from_query, settings_from_query); return updated_user; }; Strings names = query.names->toStrings(); if (query.if_exists) { auto ids = access_control.find(names); access_control.tryUpdate(ids, update_func); } else access_control.update(access_control.getIDs(names), update_func); } else { std::vector new_users; for (const auto & name : *query.names) { auto new_user = std::make_shared(); updateUserFromQueryImpl(*new_user, query, name, default_roles_from_query, settings_from_query); new_users.emplace_back(std::move(new_user)); } if (query.if_not_exists) access_control.tryInsert(new_users); else if (query.or_replace) access_control.insertOrReplace(new_users); else access_control.insert(new_users); } return {}; } void InterpreterCreateUserQuery::updateUserFromQuery(User & user, const ASTCreateUserQuery & query) { updateUserFromQueryImpl(user, query, {}, {}, {}); } }