From 0f4766e38e1f688c1a46fc4a624294d722f33342 Mon Sep 17 00:00:00 2001 From: dapan1121 Date: Fri, 20 Oct 2023 18:22:30 +0800 Subject: [PATCH] feat: add view cases --- source/common/src/tmsg.c | 14 ++--- source/libs/parser/src/parAuthenticator.c | 7 +++ source/libs/parser/src/parTranslater.c | 40 +++++++------- tests/script/tsim/view/privilege_view.sim | 66 +++++++++++++++++++++++ tests/script/tsim/view/view.sim | 5 +- 5 files changed, 105 insertions(+), 27 deletions(-) create mode 100644 tests/script/tsim/view/privilege_view.sim diff --git a/source/common/src/tmsg.c b/source/common/src/tmsg.c index 603e7e7021..46cf561893 100644 --- a/source/common/src/tmsg.c +++ b/source/common/src/tmsg.c @@ -2023,7 +2023,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs value = taosMemoryCalloc(valuelen + 1, sizeof(char)); if (tDecodeCStrTo(pDecoder, value) < 0) goto _err; - taosHashPut(pRsp->readTbs, key, strlen(key), value, valuelen + 1); + taosHashPut(pRsp->readTbs, key, keyLen, value, valuelen + 1); taosMemoryFreeClear(key); taosMemoryFreeClear(value); @@ -2042,7 +2042,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs value = taosMemoryCalloc(valuelen + 1, sizeof(char)); if (tDecodeCStrTo(pDecoder, value) < 0) goto _err; - taosHashPut(pRsp->writeTbs, key, strlen(key), value, valuelen + 1); + taosHashPut(pRsp->writeTbs, key, keyLen, value, valuelen + 1); taosMemoryFreeClear(key); taosMemoryFreeClear(value); @@ -2061,7 +2061,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs value = taosMemoryCalloc(valuelen + 1, sizeof(char)); if (tDecodeCStrTo(pDecoder, value) < 0) goto _err; - taosHashPut(pRsp->alterTbs, key, strlen(key), value, valuelen + 1); + taosHashPut(pRsp->alterTbs, key, keyLen, value, valuelen + 1); taosMemoryFreeClear(key); taosMemoryFreeClear(value); @@ -2080,7 +2080,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs value = taosMemoryCalloc(valuelen + 1, sizeof(char)); if (tDecodeCStrTo(pDecoder, value) < 0) goto _err; - taosHashPut(pRsp->readViews, key, strlen(key), value, valuelen + 1); + taosHashPut(pRsp->readViews, key, keyLen, value, valuelen + 1); taosMemoryFreeClear(key); taosMemoryFreeClear(value); @@ -2099,7 +2099,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs value = taosMemoryCalloc(valuelen + 1, sizeof(char)); if (tDecodeCStrTo(pDecoder, value) < 0) goto _err; - taosHashPut(pRsp->writeViews, key, strlen(key), value, valuelen + 1); + taosHashPut(pRsp->writeViews, key, keyLen, value, valuelen + 1); taosMemoryFreeClear(key); taosMemoryFreeClear(value); @@ -2118,7 +2118,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs value = taosMemoryCalloc(valuelen + 1, sizeof(char)); if (tDecodeCStrTo(pDecoder, value) < 0) goto _err; - taosHashPut(pRsp->alterViews, key, strlen(key), value, valuelen + 1); + taosHashPut(pRsp->alterViews, key, keyLen, value, valuelen + 1); taosMemoryFreeClear(key); taosMemoryFreeClear(value); @@ -2134,7 +2134,7 @@ int32_t tDeserializeSGetUserAuthRspImpl(SDecoder *pDecoder, SGetUserAuthRsp *pRs int32_t ref = 0; if (tDecodeI32(pDecoder, &ref) < 0) goto _err; - taosHashPut(pRsp->useDbs, key, strlen(key), &ref, sizeof(ref)); + taosHashPut(pRsp->useDbs, key, keyLen, &ref, sizeof(ref)); taosMemoryFreeClear(key); } // since 3.0.7.0 diff --git a/source/libs/parser/src/parAuthenticator.c b/source/libs/parser/src/parAuthenticator.c index 1d2e8eb229..dee53ef0af 100644 --- a/source/libs/parser/src/parAuthenticator.c +++ b/source/libs/parser/src/parAuthenticator.c @@ -88,6 +88,10 @@ static int32_t checkAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabNa return checkAuthImpl(pCxt, pDbName, pTabName, type, pCond, false, false); } +static int32_t checkEffectiveAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, SNode** pCond) { + return checkAuthImpl(pCxt, pDbName, pTabName, type, NULL, false, true); +} + static int32_t checkViewAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, SNode** pCond) { return checkAuthImpl(pCxt, pDbName, pTabName, type, NULL, true, false); } @@ -175,6 +179,9 @@ static EDealRes authSelectImpl(SNode* pNode, void* pContext) { #endif if (!isView) { pAuthCxt->errCode = checkAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, &pTagCond); + if (TSDB_CODE_SUCCESS != pAuthCxt->errCode && NULL != pAuthCxt->pParseCxt->pEffectiveUser) { + pAuthCxt->errCode = checkEffectiveAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, NULL); + } if (TSDB_CODE_SUCCESS == pAuthCxt->errCode && NULL != pTagCond) { pAuthCxt->errCode = rewriteAppendStableTagCond(&pCxt->pSelect->pWhere, pTagCond, pTable); } diff --git a/source/libs/parser/src/parTranslater.c b/source/libs/parser/src/parTranslater.c index 97c172f70d..180ccd7798 100644 --- a/source/libs/parser/src/parTranslater.c +++ b/source/libs/parser/src/parTranslater.c @@ -7799,17 +7799,19 @@ static int32_t translateGrant(STranslateContext* pCxt, SGrantStmt* pStmt) { req.alterType = TSDB_ALTER_USER_ADD_PRIVILEGES; req.privileges = pStmt->privileges; #ifdef TD_ENTERPRISE - SName name; - STableMeta* pTableMeta = NULL; - code = getTargetMeta(pCxt, toName(pCxt->pParseCxt->acctId, pStmt->objName, pStmt->tabName, &name), &pTableMeta, true); - if (TSDB_CODE_SUCCESS != code) { - if (TSDB_CODE_PAR_TABLE_NOT_EXIST != code) { - return generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_GET_META_ERROR, tstrerror(code)); + if (0 != pStmt->tabName[0]) { + SName name; + STableMeta* pTableMeta = NULL; + code = getTargetMeta(pCxt, toName(pCxt->pParseCxt->acctId, pStmt->objName, pStmt->tabName, &name), &pTableMeta, true); + if (TSDB_CODE_SUCCESS != code) { + if (TSDB_CODE_PAR_TABLE_NOT_EXIST != code) { + return generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_GET_META_ERROR, tstrerror(code)); + } + } else if (TSDB_VIEW_TABLE == pTableMeta->tableType) { + req.isView = true; } - } else if (TSDB_VIEW_TABLE == pTableMeta->tableType) { - req.isView = true; + taosMemoryFree(pTableMeta); } - taosMemoryFree(pTableMeta); #endif strcpy(req.user, pStmt->userName); @@ -7832,17 +7834,19 @@ static int32_t translateRevoke(STranslateContext* pCxt, SRevokeStmt* pStmt) { req.privileges = pStmt->privileges; #ifdef TD_ENTERPRISE - SName name; - STableMeta* pTableMeta = NULL; - code = getTargetMeta(pCxt, toName(pCxt->pParseCxt->acctId, pStmt->objName, pStmt->tabName, &name), &pTableMeta, true); - if (TSDB_CODE_SUCCESS != code) { - if (TSDB_CODE_PAR_TABLE_NOT_EXIST != code) { - return generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_GET_META_ERROR, tstrerror(code)); + if (0 != pStmt->tabName[0]) { + SName name; + STableMeta* pTableMeta = NULL; + code = getTargetMeta(pCxt, toName(pCxt->pParseCxt->acctId, pStmt->objName, pStmt->tabName, &name), &pTableMeta, true); + if (TSDB_CODE_SUCCESS != code) { + if (TSDB_CODE_PAR_TABLE_NOT_EXIST != code) { + return generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_GET_META_ERROR, tstrerror(code)); + } + } else if (TSDB_VIEW_TABLE == pTableMeta->tableType) { + req.isView = true; } - } else if (TSDB_VIEW_TABLE == pTableMeta->tableType) { - req.isView = true; + taosMemoryFree(pTableMeta); } - taosMemoryFree(pTableMeta); #endif strcpy(req.user, pStmt->userName); diff --git a/tests/script/tsim/view/privilege_view.sim b/tests/script/tsim/view/privilege_view.sim new file mode 100644 index 0000000000..d0502dd71d --- /dev/null +++ b/tests/script/tsim/view/privilege_view.sim @@ -0,0 +1,66 @@ +sql connect +sql use testa; + +sql create user u1 pass "taosdata" +sql create user u2 pass "taosdata" +sql create user u3 pass "taosdata" + +print == root create views == +sql create view view1 as select * from sta1; +sql create view view2 as select * from view1; +sql create view view3 as select * from view2; + +sql_error grant all on view1 to root; +sql_error revoke all on view1 from root; + +sql_error grant read on view1 to u1; +sql grant read on testa.view1 to u1; + +sql select * from information_schema.ins_user_privileges order by user_name, privilege; +if $rows != 2 then + return -1 +endi +if $data10 != u1 then + return -1 +endi +if $data11 != read then + return -1 +endi + +sql connect u1 +sql use testa +sql_error select * from sta1; +sql select * from view1; +sql_error select * from view2; +sql_error select * from testb.view1; +sql_error insert into view1 values (now, 1); +sql_error create or replace view1 as select * from sta2; +sql_error create viewa as select * from sta1; +sql_error drop view view1; +sql show views; +sql show create view view1; +sql desc view1; +sql select * from information_schema.ins_views; +if $rows != 3 then + return -1 +endi +sql_error grant read on testa.view1 to u2; +sql_error revoke read on testa.view1 from u1; + +sql connect root +sql use testa +sql drop view testa.view1; +sql select * from information_schema.ins_user_privileges order by user_name, privilege; +if $rows != 1 then + return -1 +endi +if $data00 != root then + return -1 +endi + +sql drop user u1; +sql drop user u2; +sql drop user u3; +sql drop view testa.view2; +sql drop view testa.view3; + diff --git a/tests/script/tsim/view/view.sim b/tests/script/tsim/view/view.sim index bb08ca1bca..be4b73e30f 100644 --- a/tests/script/tsim/view/view.sim +++ b/tests/script/tsim/view/view.sim @@ -34,8 +34,9 @@ sql insert into ctb22 using stb2 tags(2) values('2023-10-16 09:10:12', 110222); sql insert into ctb23 using stb2 tags(3) values('2023-10-16 09:10:13', 110223); sql insert into ctb24 using stb2 tags(4) values('2023-10-16 09:10:14', 110224); -run tsim/view/create_drop_view.sim -run tsim/view/query_view.sim +run tsim/view/privilege_view.sim +#run tsim/view/create_drop_view.sim +#run tsim/view/query_view.sim print ================== restart server to commit data into disk system sh/exec.sh -n dnode1 -s stop -x SIGINT