fix: a privilege problem of show tables
This commit is contained in:
Xiaoyu Wang
parent
1289093b02
commit
af8fe3ada8
|
|
@ -1251,7 +1251,8 @@ SNode* createUseDatabaseStmt(SAstCreateContext* pCxt, SToken* pDbName) {
|
|||
|
||||
static bool needDbShowStmt(ENodeType type) {
|
||||
return QUERY_NODE_SHOW_TABLES_STMT == type || QUERY_NODE_SHOW_STABLES_STMT == type ||
|
||||
QUERY_NODE_SHOW_VGROUPS_STMT == type;
|
||||
QUERY_NODE_SHOW_VGROUPS_STMT == type || QUERY_NODE_SHOW_INDEXES_STMT == type ||
|
||||
QUERY_NODE_SHOW_TAGS_STMT == type;
|
||||
}
|
||||
|
||||
SNode* createShowStmt(SAstCreateContext* pCxt, ENodeType type) {
|
||||
|
|
@ -1264,7 +1265,7 @@ SNode* createShowStmt(SAstCreateContext* pCxt, ENodeType type) {
|
|||
SNode* createShowStmtWithCond(SAstCreateContext* pCxt, ENodeType type, SNode* pDbName, SNode* pTbName,
|
||||
EOperatorType tableCondType) {
|
||||
CHECK_PARSER_STATUS(pCxt);
|
||||
if (needDbShowStmt(type) && NULL == pDbName && NULL == pCxt->pQueryCxt->db) {
|
||||
if (needDbShowStmt(type) && NULL == pDbName) {
|
||||
snprintf(pCxt->pQueryCxt->pMsg, pCxt->pQueryCxt->msgLen, "db not specified");
|
||||
pCxt->errCode = TSDB_CODE_PAR_SYNTAX_ERROR;
|
||||
return NULL;
|
||||
|
|
|
|||
|
|
@ -374,8 +374,13 @@ static int32_t collectMetaKeyFromShowIndexes(SCollectMetaKeyCxt* pCxt, SShowStmt
|
|||
}
|
||||
|
||||
static int32_t collectMetaKeyFromShowStables(SCollectMetaKeyCxt* pCxt, SShowStmt* pStmt) {
|
||||
return reserveTableMetaInCache(pCxt->pParseCxt->acctId, TSDB_INFORMATION_SCHEMA_DB, TSDB_INS_TABLE_STABLES,
|
||||
pCxt->pMetaCache);
|
||||
int32_t code = reserveTableMetaInCache(pCxt->pParseCxt->acctId, TSDB_INFORMATION_SCHEMA_DB, TSDB_INS_TABLE_STABLES,
|
||||
pCxt->pMetaCache);
|
||||
if (TSDB_CODE_SUCCESS == code) {
|
||||
code = reserveUserAuthInCache(pCxt->pParseCxt->acctId, pCxt->pParseCxt->pUser,
|
||||
((SValueNode*)pStmt->pDbName)->literal, AUTH_TYPE_READ, pCxt->pMetaCache);
|
||||
}
|
||||
return code;
|
||||
}
|
||||
|
||||
static int32_t collectMetaKeyFromShowStreams(SCollectMetaKeyCxt* pCxt, SShowStmt* pStmt) {
|
||||
|
|
@ -387,11 +392,11 @@ static int32_t collectMetaKeyFromShowTables(SCollectMetaKeyCxt* pCxt, SShowStmt*
|
|||
int32_t code = reserveTableMetaInCache(pCxt->pParseCxt->acctId, TSDB_INFORMATION_SCHEMA_DB, TSDB_INS_TABLE_TABLES,
|
||||
pCxt->pMetaCache);
|
||||
if (TSDB_CODE_SUCCESS == code) {
|
||||
if (NULL != pStmt->pDbName) {
|
||||
code = reserveDbVgInfoInCache(pCxt->pParseCxt->acctId, ((SValueNode*)pStmt->pDbName)->literal, pCxt->pMetaCache);
|
||||
} else {
|
||||
code = reserveDbVgInfoInCache(pCxt->pParseCxt->acctId, TSDB_INFORMATION_SCHEMA_DB, pCxt->pMetaCache);
|
||||
}
|
||||
code = reserveDbVgInfoInCache(pCxt->pParseCxt->acctId, ((SValueNode*)pStmt->pDbName)->literal, pCxt->pMetaCache);
|
||||
}
|
||||
if (TSDB_CODE_SUCCESS == code) {
|
||||
code = reserveUserAuthInCache(pCxt->pParseCxt->acctId, pCxt->pParseCxt->pUser,
|
||||
((SValueNode*)pStmt->pDbName)->literal, AUTH_TYPE_READ, pCxt->pMetaCache);
|
||||
}
|
||||
return code;
|
||||
}
|
||||
|
|
@ -400,11 +405,7 @@ static int32_t collectMetaKeyFromShowTags(SCollectMetaKeyCxt* pCxt, SShowStmt* p
|
|||
int32_t code = reserveTableMetaInCache(pCxt->pParseCxt->acctId, TSDB_INFORMATION_SCHEMA_DB, TSDB_INS_TABLE_TAGS,
|
||||
pCxt->pMetaCache);
|
||||
if (TSDB_CODE_SUCCESS == code) {
|
||||
if (NULL != pStmt->pDbName) {
|
||||
code = reserveDbVgInfoInCache(pCxt->pParseCxt->acctId, ((SValueNode*)pStmt->pDbName)->literal, pCxt->pMetaCache);
|
||||
} else {
|
||||
code = reserveDbVgInfoInCache(pCxt->pParseCxt->acctId, TSDB_INFORMATION_SCHEMA_DB, pCxt->pMetaCache);
|
||||
}
|
||||
code = reserveDbVgInfoInCache(pCxt->pParseCxt->acctId, ((SValueNode*)pStmt->pDbName)->literal, pCxt->pMetaCache);
|
||||
}
|
||||
return code;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -96,6 +96,10 @@ static int32_t authInsert(SAuthCxt* pCxt, SInsertStmt* pInsert) {
|
|||
return code;
|
||||
}
|
||||
|
||||
static int32_t authShowTables(SAuthCxt* pCxt, SShowStmt* pStmt) {
|
||||
return checkAuth(pCxt, ((SValueNode*)pStmt->pDbName)->literal, AUTH_TYPE_READ);
|
||||
}
|
||||
|
||||
static int32_t authShowCreateTable(SAuthCxt* pCxt, SShowCreateTableStmt* pStmt) {
|
||||
return checkAuth(pCxt, pStmt->dbName, AUTH_TYPE_READ);
|
||||
}
|
||||
|
|
@ -127,6 +131,9 @@ static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt) {
|
|||
case QUERY_NODE_SHOW_VNODES_STMT:
|
||||
case QUERY_NODE_SHOW_SCORES_STMT:
|
||||
return !pCxt->pParseCxt->enableSysInfo ? TSDB_CODE_PAR_PERMISSION_DENIED : TSDB_CODE_SUCCESS;
|
||||
case QUERY_NODE_SHOW_TABLES_STMT:
|
||||
case QUERY_NODE_SHOW_STABLES_STMT:
|
||||
return authShowTables(pCxt, (SShowStmt*)pStmt);
|
||||
case QUERY_NODE_SHOW_CREATE_TABLE_STMT:
|
||||
case QUERY_NODE_SHOW_CREATE_STABLE_STMT:
|
||||
return authShowCreateTable(pCxt, (SShowCreateTableStmt*)pStmt);
|
||||
|
|
|
|||
|
|
@ -282,12 +282,12 @@ class TDTestCase:
|
|||
use.error(f"insert into {DBNAME}.{CTBNAME} (ts) values (now())")
|
||||
elif check_priv == PRIVILEGES_WRITE:
|
||||
use.query(f"use {DBNAME}")
|
||||
use.query(f"show {DBNAME}.tables")
|
||||
use.error(f"show {DBNAME}.tables")
|
||||
use.error(f"select * from {DBNAME}.{CTBNAME}")
|
||||
use.query(f"insert into {DBNAME}.{CTBNAME} (ts) values (now())")
|
||||
elif check_priv is None:
|
||||
use.error(f"use {DBNAME}")
|
||||
# use.error(f"show {DBNAME}.tables")
|
||||
use.error(f"show {DBNAME}.tables")
|
||||
use.error(f"show tables")
|
||||
use.error(f"select * from {DBNAME}.{CTBNAME}")
|
||||
use.error(f"insert into {DBNAME}.{CTBNAME} (ts) values (now())")
|
||||
|
|
|
|||
Loading…
Reference in New Issue