xxq250
/
homework-jianmu
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request #21824 from taosdata/fix/TS-3573 

fix: table level privilege for query issue
This commit is contained in:
dapan1121 2023-06-25 17:17:49 +08:00 committed by GitHub
parent b607a78277 890030e820
commit f66b1e77fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
source/libs/parser/src/parAuthenticator.c
View File

@ -28,6 +28,10 @@ typedef struct SSelectAuthCxt {
SSelectStmt* pSelect; SSelectStmt* pSelect;
} SSelectAuthCxt; } SSelectAuthCxt;
typedef struct SAuthRewriteCxt {
STableNode* pTarget;
} SAuthRewriteCxt;
static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt); static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt);
static void setUserAuthInfo(SParseContext* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, static void setUserAuthInfo(SParseContext* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type,
@ -90,12 +94,26 @@ static int32_t mergeStableTagCond(SNode** pWhere, SNode* pTagCond) {
return code; return code;
} }
static int32_t appendStableTagCond(SNode** pWhere, SNode* pTagCond) { EDealRes rewriteAuthTable(SNode* pNode, void* pContext) {
if (QUERY_NODE_COLUMN == nodeType(pNode)) {
SColumnNode* pCol = (SColumnNode*)pNode;
SAuthRewriteCxt* pCxt = (SAuthRewriteCxt*)pContext;
strcpy(pCol->tableName, pCxt->pTarget->tableName);
strcpy(pCol->tableAlias, pCxt->pTarget->tableAlias);
}
return DEAL_RES_CONTINUE;
}
static int32_t rewriteAppendStableTagCond(SNode** pWhere, SNode* pTagCond, STableNode* pTable) {
SNode* pTagCondCopy = nodesCloneNode(pTagCond); SNode* pTagCondCopy = nodesCloneNode(pTagCond);
if (NULL == pTagCondCopy) { if (NULL == pTagCondCopy) {
return TSDB_CODE_OUT_OF_MEMORY; return TSDB_CODE_OUT_OF_MEMORY;
} }
SAuthRewriteCxt cxt = {.pTarget = pTable};
nodesWalkExpr(pTagCondCopy, rewriteAuthTable, &cxt);
if (NULL == *pWhere) { if (NULL == *pWhere) {
*pWhere = pTagCondCopy; *pWhere = pTagCondCopy;
return TSDB_CODE_SUCCESS; return TSDB_CODE_SUCCESS;
@ -117,7 +135,7 @@ static EDealRes authSelectImpl(SNode* pNode, void* pContext) {
STableNode* pTable = (STableNode*)pNode; STableNode* pTable = (STableNode*)pNode;
pAuthCxt->errCode = checkAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, &pTagCond); pAuthCxt->errCode = checkAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, &pTagCond);
if (TSDB_CODE_SUCCESS == pAuthCxt->errCode && NULL != pTagCond) { if (TSDB_CODE_SUCCESS == pAuthCxt->errCode && NULL != pTagCond) {
pAuthCxt->errCode = appendStableTagCond(&pCxt->pSelect->pWhere, pTagCond); pAuthCxt->errCode = rewriteAppendStableTagCond(&pCxt->pSelect->pWhere, pTagCond, pTable);
} }
return TSDB_CODE_SUCCESS == pAuthCxt->errCode ? DEAL_RES_CONTINUE : DEAL_RES_ERROR; return TSDB_CODE_SUCCESS == pAuthCxt->errCode ? DEAL_RES_CONTINUE : DEAL_RES_ERROR;
} else if (QUERY_NODE_TEMP_TABLE == nodeType(pNode)) { } else if (QUERY_NODE_TEMP_TABLE == nodeType(pNode)) {
@ -152,7 +170,7 @@ static int32_t authDelete(SAuthCxt* pCxt, SDeleteStmt* pDelete) {
STableNode* pTable = (STableNode*)pDelete->pFromTable; STableNode* pTable = (STableNode*)pDelete->pFromTable;
int32_t code = checkAuth(pCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_WRITE, &pTagCond); int32_t code = checkAuth(pCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_WRITE, &pTagCond);
if (TSDB_CODE_SUCCESS == code && NULL != pTagCond) { if (TSDB_CODE_SUCCESS == code && NULL != pTagCond) {
code = appendStableTagCond(&pDelete->pWhere, pTagCond); code = rewriteAppendStableTagCond(&pDelete->pWhere, pTagCond, pTable);
} }
return code; return code;
} }