xxq250
/
homework-jianmu
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: table level privilege for query issue

This commit is contained in:
dapan1121 2023-06-25 11:39:22 +08:00
parent 878a63f2f2
commit 890030e820
1 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
source/libs/parser/src/parAuthenticator.c
View File

@ -28,6 +28,10 @@ typedef struct SSelectAuthCxt {
SSelectStmt* pSelect;
} SSelectAuthCxt;
typedef struct SAuthRewriteCxt {
STableNode* pTarget;
} SAuthRewriteCxt;
static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt);
static void setUserAuthInfo(SParseContext* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type,
@ -90,12 +94,26 @@ static int32_t mergeStableTagCond(SNode** pWhere, SNode* pTagCond) {
return code;
}
static int32_t appendStableTagCond(SNode** pWhere, SNode* pTagCond) {
EDealRes rewriteAuthTable(SNode* pNode, void* pContext) {
if (QUERY_NODE_COLUMN == nodeType(pNode)) {
SColumnNode* pCol = (SColumnNode*)pNode;
SAuthRewriteCxt* pCxt = (SAuthRewriteCxt*)pContext;
strcpy(pCol->tableName, pCxt->pTarget->tableName);
strcpy(pCol->tableAlias, pCxt->pTarget->tableAlias);
}
return DEAL_RES_CONTINUE;
}
static int32_t rewriteAppendStableTagCond(SNode** pWhere, SNode* pTagCond, STableNode* pTable) {
SNode* pTagCondCopy = nodesCloneNode(pTagCond);
if (NULL == pTagCondCopy) {
return TSDB_CODE_OUT_OF_MEMORY;
}
SAuthRewriteCxt cxt = {.pTarget = pTable};
nodesWalkExpr(pTagCondCopy, rewriteAuthTable, &cxt);
if (NULL == *pWhere) {
*pWhere = pTagCondCopy;
return TSDB_CODE_SUCCESS;
@ -117,7 +135,7 @@ static EDealRes authSelectImpl(SNode* pNode, void* pContext) {
STableNode* pTable = (STableNode*)pNode;
pAuthCxt->errCode = checkAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, &pTagCond);
if (TSDB_CODE_SUCCESS == pAuthCxt->errCode && NULL != pTagCond) {
pAuthCxt->errCode = appendStableTagCond(&pCxt->pSelect->pWhere, pTagCond);
pAuthCxt->errCode = rewriteAppendStableTagCond(&pCxt->pSelect->pWhere, pTagCond, pTable);
}
return TSDB_CODE_SUCCESS == pAuthCxt->errCode ? DEAL_RES_CONTINUE : DEAL_RES_ERROR;
} else if (QUERY_NODE_TEMP_TABLE == nodeType(pNode)) {
@ -152,7 +170,7 @@ static int32_t authDelete(SAuthCxt* pCxt, SDeleteStmt* pDelete) {
STableNode* pTable = (STableNode*)pDelete->pFromTable;
int32_t code = checkAuth(pCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_WRITE, &pTagCond);
if (TSDB_CODE_SUCCESS == code && NULL != pTagCond) {
code = appendStableTagCond(&pDelete->pWhere, pTagCond);
code = rewriteAppendStableTagCond(&pDelete->pWhere, pTagCond, pTable);
}
return code;
}