feat: add view cases

2023-10-20 18:22:30 +08:00 · 2023-10-20 18:22:30 +08:00 · 0f4766e38e
parent 42f440b0fb
commit 0f4766e38e
5 changed files with 105 additions and 27 deletions
--- a/source/common/src/tmsg.c
+++ b/source/common/src/tmsg.c
@ -2023,7 +2023,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs
      value = taosMemoryCalloc(valuelen + 1, sizeof(char));
      if (tDecodeCStrTo(pDecoder, value) < 0) goto _err;

-      taosHashPut(pRsp->readTbs, key, strlen(key), value, valuelen + 1);
+      taosHashPut(pRsp->readTbs, key, keyLen, value, valuelen + 1);

      taosMemoryFreeClear(key);
      taosMemoryFreeClear(value);
@ -2042,7 +2042,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs
      value = taosMemoryCalloc(valuelen + 1, sizeof(char));
      if (tDecodeCStrTo(pDecoder, value) < 0) goto _err;

-      taosHashPut(pRsp->writeTbs, key, strlen(key), value, valuelen + 1);
+      taosHashPut(pRsp->writeTbs, key, keyLen, value, valuelen + 1);

      taosMemoryFreeClear(key);
      taosMemoryFreeClear(value);
@ -2061,7 +2061,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs
      value = taosMemoryCalloc(valuelen + 1, sizeof(char));
      if (tDecodeCStrTo(pDecoder, value) < 0) goto _err;

-      taosHashPut(pRsp->alterTbs, key, strlen(key), value, valuelen + 1);
+      taosHashPut(pRsp->alterTbs, key, keyLen, value, valuelen + 1);

      taosMemoryFreeClear(key);
      taosMemoryFreeClear(value);
@ -2080,7 +2080,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs
      value = taosMemoryCalloc(valuelen + 1, sizeof(char));
      if (tDecodeCStrTo(pDecoder, value) < 0) goto _err;

-      taosHashPut(pRsp->readViews, key, strlen(key), value, valuelen + 1);
+      taosHashPut(pRsp->readViews, key, keyLen, value, valuelen + 1);

      taosMemoryFreeClear(key);
      taosMemoryFreeClear(value);
@ -2099,7 +2099,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs
      value = taosMemoryCalloc(valuelen + 1, sizeof(char));
      if (tDecodeCStrTo(pDecoder, value) < 0) goto _err;

-      taosHashPut(pRsp->writeViews, key, strlen(key), value, valuelen + 1);
+      taosHashPut(pRsp->writeViews, key, keyLen, value, valuelen + 1);

      taosMemoryFreeClear(key);
      taosMemoryFreeClear(value);
@ -2118,7 +2118,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs
      value = taosMemoryCalloc(valuelen + 1, sizeof(char));
      if (tDecodeCStrTo(pDecoder, value) < 0) goto _err;

-      taosHashPut(pRsp->alterViews, key, strlen(key), value, valuelen + 1);
+      taosHashPut(pRsp->alterViews, key, keyLen, value, valuelen + 1);

      taosMemoryFreeClear(key);
      taosMemoryFreeClear(value);
@ -2134,7 +2134,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs
      int32_t ref = 0;
      if (tDecodeI32(pDecoder, &ref) < 0) goto _err;

-      taosHashPut(pRsp->useDbs, key, strlen(key), &ref, sizeof(ref));
+      taosHashPut(pRsp->useDbs, key, keyLen, &ref, sizeof(ref));
      taosMemoryFreeClear(key);
    }
    // since 3.0.7.0
--- a/source/libs/parser/src/parAuthenticator.c
+++ b/source/libs/parser/src/parAuthenticator.c
@ -88,6 +88,10 @@ static int32_t checkAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabNa
  return checkAuthImpl(pCxt, pDbName, pTabName, type, pCond, false, false);
 }

+static int32_t checkEffectiveAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, SNode** pCond) {
+  return checkAuthImpl(pCxt, pDbName, pTabName, type, NULL, false, true);
+}
+
 static int32_t checkViewAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, SNode** pCond) {
  return checkAuthImpl(pCxt, pDbName, pTabName, type, NULL, true, false);
 }
@ -175,6 +179,9 @@ static EDealRes authSelectImpl(SNode* pNode, void* pContext) {
 #endif
    if (!isView) {
      pAuthCxt->errCode = checkAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, &pTagCond);
+      if (TSDB_CODE_SUCCESS != pAuthCxt->errCode && NULL != pAuthCxt->pParseCxt->pEffectiveUser) {
+        pAuthCxt->errCode = checkEffectiveAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, NULL);
+      }
      if (TSDB_CODE_SUCCESS == pAuthCxt->errCode && NULL != pTagCond) {
        pAuthCxt->errCode = rewriteAppendStableTagCond(&pCxt->pSelect->pWhere, pTagCond, pTable);
      }
--- a/source/libs/parser/src/parTranslater.c
+++ b/source/libs/parser/src/parTranslater.c
@ -7799,17 +7799,19 @@ static int32_t translateGrant(STranslateContext* pCxt, SGrantStmt* pStmt) {
  req.alterType = TSDB_ALTER_USER_ADD_PRIVILEGES;
  req.privileges = pStmt->privileges;
 #ifdef TD_ENTERPRISE
-  SName name;
-  STableMeta* pTableMeta = NULL;
-  code = getTargetMeta(pCxt, toName(pCxt->pParseCxt->acctId, pStmt->objName, pStmt->tabName, &name), &pTableMeta, true);
-  if (TSDB_CODE_SUCCESS != code) {
-    if (TSDB_CODE_PAR_TABLE_NOT_EXIST != code) {
-      return generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_GET_META_ERROR, tstrerror(code));
+  if (0 != pStmt->tabName[0]) {
+    SName name;
+    STableMeta* pTableMeta = NULL;
+    code = getTargetMeta(pCxt, toName(pCxt->pParseCxt->acctId, pStmt->objName, pStmt->tabName, &name), &pTableMeta, true);
+    if (TSDB_CODE_SUCCESS != code) {
+      if (TSDB_CODE_PAR_TABLE_NOT_EXIST != code) {
+        return generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_GET_META_ERROR, tstrerror(code));
+      }
+    } else if (TSDB_VIEW_TABLE == pTableMeta->tableType) {
+      req.isView = true;
    }
-  } else if (TSDB_VIEW_TABLE == pTableMeta->tableType) {
-    req.isView = true;
+    taosMemoryFree(pTableMeta);
  }
-  taosMemoryFree(pTableMeta);
 #endif

  strcpy(req.user, pStmt->userName);
@ -7832,17 +7834,19 @@ static int32_t translateRevoke(STranslateContext* pCxt, SRevokeStmt* pStmt) {
  req.privileges = pStmt->privileges;

 #ifdef TD_ENTERPRISE
-  SName name;
-  STableMeta* pTableMeta = NULL;
-  code = getTargetMeta(pCxt, toName(pCxt->pParseCxt->acctId, pStmt->objName, pStmt->tabName, &name), &pTableMeta, true);
-  if (TSDB_CODE_SUCCESS != code) {
-    if (TSDB_CODE_PAR_TABLE_NOT_EXIST != code) {
-      return generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_GET_META_ERROR, tstrerror(code));
+  if (0 != pStmt->tabName[0]) {
+    SName name;
+    STableMeta* pTableMeta = NULL;
+    code = getTargetMeta(pCxt, toName(pCxt->pParseCxt->acctId, pStmt->objName, pStmt->tabName, &name), &pTableMeta, true);
+    if (TSDB_CODE_SUCCESS != code) {
+      if (TSDB_CODE_PAR_TABLE_NOT_EXIST != code) {
+        return generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_GET_META_ERROR, tstrerror(code));
+      }
+    } else if (TSDB_VIEW_TABLE == pTableMeta->tableType) {
+      req.isView = true;
    }
-  } else if (TSDB_VIEW_TABLE == pTableMeta->tableType) {
-    req.isView = true;
+    taosMemoryFree(pTableMeta);
  }
-  taosMemoryFree(pTableMeta);
 #endif
  
  strcpy(req.user, pStmt->userName);
--- a/tests/script/tsim/view/privilege_view.sim
+++ b/tests/script/tsim/view/privilege_view.sim
@ -0,0 +1,66 @@
+sql connect
+sql use testa;
+
+sql create user u1 pass "taosdata"
+sql create user u2 pass "taosdata"
+sql create user u3 pass "taosdata"
+
+print == root create views == 
+sql create view view1 as select * from sta1;
+sql create view view2 as select * from view1;
+sql create view view3 as select * from view2;
+
+sql_error grant all on view1 to root;
+sql_error revoke all on view1 from root;
+
+sql_error grant read on view1 to u1;
+sql grant read on testa.view1 to u1;
+
+sql select * from information_schema.ins_user_privileges order by user_name, privilege;
+if $rows != 2 then
+  return -1
+endi
+if $data10 != u1 then
+  return -1
+endi
+if $data11 != read then
+  return -1
+endi
+
+sql connect u1
+sql use testa
+sql_error select * from sta1;
+sql select * from view1;
+sql_error select * from view2;
+sql_error select * from testb.view1;
+sql_error insert into view1 values (now, 1);
+sql_error create or replace view1 as select * from sta2;
+sql_error create viewa as select * from sta1;
+sql_error drop view view1;
+sql show views;
+sql show create view view1;
+sql desc view1;
+sql select * from information_schema.ins_views;
+if $rows != 3 then
+  return -1
+endi
+sql_error grant read on testa.view1 to u2;
+sql_error revoke read on testa.view1 from u1;
+
+sql connect root
+sql use testa
+sql drop view testa.view1;
+sql select * from information_schema.ins_user_privileges order by user_name, privilege;
+if $rows != 1 then
+  return -1
+endi
+if $data00 != root then
+  return -1
+endi
+
+sql drop user u1;
+sql drop user u2;
+sql drop user u3;
+sql drop view testa.view2;
+sql drop view testa.view3;
+
--- a/tests/script/tsim/view/view.sim
+++ b/tests/script/tsim/view/view.sim
@ -34,8 +34,9 @@ sql insert into ctb22 using stb2 tags(2) values('2023-10-16 09:10:12', 110222);
 sql insert into ctb23 using stb2 tags(3) values('2023-10-16 09:10:13', 110223);
 sql insert into ctb24 using stb2 tags(4) values('2023-10-16 09:10:14', 110224);

-run tsim/view/create_drop_view.sim
-run tsim/view/query_view.sim
+run tsim/view/privilege_view.sim
+#run tsim/view/create_drop_view.sim
+#run tsim/view/query_view.sim

 print ================== restart server to commit data into disk
 system sh/exec.sh -n dnode1 -s stop -x SIGINT