mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-12-20 05:05:38 +00:00
ca0da7a481
Introduced two additional columns in the system.query_log: used_privileges and missing_privileges. Used_privileges is populated with the privileges that were checked during query execution, and missing_privileges contains required privileges that are missing.
45 lines
984 B
C++
45 lines
984 B
C++
#include <Access/CachedAccessChecking.h>
|
|
#include <Access/ContextAccess.h>
|
|
|
|
|
|
namespace DB
|
|
{
|
|
CachedAccessChecking::CachedAccessChecking(const std::shared_ptr<const ContextAccessWrapper> & access_, AccessFlags access_flags_)
|
|
: CachedAccessChecking(access_, AccessRightsElement{access_flags_})
|
|
{
|
|
}
|
|
|
|
CachedAccessChecking::CachedAccessChecking(const std::shared_ptr<const ContextAccessWrapper> & access_, const AccessRightsElement & element_)
|
|
: access(access_), element(element_)
|
|
{
|
|
}
|
|
|
|
CachedAccessChecking::~CachedAccessChecking() = default;
|
|
|
|
bool CachedAccessChecking::checkAccess(bool throw_if_denied)
|
|
{
|
|
if (checked)
|
|
return result;
|
|
if (throw_if_denied)
|
|
{
|
|
try
|
|
{
|
|
access->checkAccess(element);
|
|
result = true;
|
|
}
|
|
catch (...)
|
|
{
|
|
result = false;
|
|
throw;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
result = access->isGranted(element);
|
|
}
|
|
checked = true;
|
|
return result;
|
|
}
|
|
|
|
}
|