thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-24 18:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
c0a595355a
ClickHouse/dbms/Interpreters/InterpreterSetRoleQuery.cpp
Ivan 97f2a2213e
Move all folders inside /dbms one level up (#9974) 
* Move some code outside dbms/src folder
* Fix paths
2020-04-02 02:51:21 +03:00

96 lines
2.9 KiB
C++
Raw Blame History

#include <Interpreters/InterpreterSetRoleQuery.h>
#include <Parsers/ASTSetRoleQuery.h>
#include <Parsers/ASTExtendedRoleSet.h>
#include <Interpreters/Context.h>
#include <Access/ExtendedRoleSet.h>
#include <Access/AccessControlManager.h>
#include <Access/User.h>
namespace DB
{
namespace ErrorCodes
{
extern const int SET_NON_GRANTED_ROLE;
}
BlockIO InterpreterSetRoleQuery::execute()
{
const auto & query = query_ptr->as<const ASTSetRoleQuery &>();
if (query.kind == ASTSetRoleQuery::Kind::SET_DEFAULT_ROLE)
setDefaultRole(query);
else
setRole(query);
return {};
}
void InterpreterSetRoleQuery::setRole(const ASTSetRoleQuery & query)
{
auto & access_control = context.getAccessControlManager();
auto & session_context = context.getSessionContext();
auto user = session_context.getUser();
if (query.kind == ASTSetRoleQuery::Kind::SET_ROLE_DEFAULT)
{
session_context.setCurrentRolesDefault();
}
else
{
ExtendedRoleSet roles_from_query{*query.roles, access_control};
std::vector<UUID> new_current_roles;
if (roles_from_query.all)
{
for (const auto & id : user->granted_roles)
if (roles_from_query.match(id))
new_current_roles.push_back(id);
}
else
{
for (const auto & id : roles_from_query.getMatchingIDs())
{
if (!user->granted_roles.contains(id))
throw Exception("Role should be granted to set current", ErrorCodes::SET_NON_GRANTED_ROLE);
new_current_roles.push_back(id);
}
}
session_context.setCurrentRoles(new_current_roles);
}
}
void InterpreterSetRoleQuery::setDefaultRole(const ASTSetRoleQuery & query)
{
context.checkAccess(AccessType::CREATE_USER | AccessType::DROP_USER);
auto & access_control = context.getAccessControlManager();
std::vector<UUID> to_users = ExtendedRoleSet{*query.to_users, access_control, context.getUserID()}.getMatchingIDs(access_control);
ExtendedRoleSet roles_from_query{*query.roles, access_control};
auto update_func = [&](const AccessEntityPtr & entity) -> AccessEntityPtr
{
auto updated_user = typeid_cast<std::shared_ptr<User>>(entity->clone());
updateUserSetDefaultRoles(*updated_user, roles_from_query);
return updated_user;
};
access_control.update(to_users, update_func);
}
void InterpreterSetRoleQuery::updateUserSetDefaultRoles(User & user, const ExtendedRoleSet & roles_from_query)
{
if (!roles_from_query.all)
{
for (const auto & id : roles_from_query.getMatchingIDs())
{
if (!user.granted_roles.contains(id))
throw Exception("Role should be granted to set default", ErrorCodes::SET_NON_GRANTED_ROLE);
}
}
user.default_roles = roles_from_query;
}
}
Reference in New Issue View Git Blame Copy Permalink