diff options
| author | molotkov-and <molotkov-and@ydb.tech> | 2022-12-01 13:48:44 +0300 |
|---|---|---|
| committer | molotkov-and <molotkov-and@ydb.tech> | 2022-12-01 13:48:44 +0300 |
| commit | 396667015e8cef458140fd0f4916883892dd56de (patch) | |
| tree | d334ac51e06ab8969be3da4569908e2736ab1974 | |
| parent | 760ddc6f72eee80407863ad3dd82fc4dd6c3d18b (diff) | |
| download | ydb-396667015e8cef458140fd0f4916883892dd56de.tar.gz | |
Include the right CONNECT to USE and create right USE_LEGACY the same as old USE
| -rw-r--r-- | ydb/core/viewer/browse.h | 3 | ||||
| -rw-r--r-- | ydb/core/viewer/json_acl.h | 2 | ||||
| -rw-r--r-- | ydb/core/ydb_convert/ydb_convert.cpp | 4 | ||||
| -rw-r--r-- | ydb/library/aclib/aclib.cpp | 24 | ||||
| -rw-r--r-- | ydb/library/aclib/aclib.h | 6 |
5 files changed, 33 insertions, 6 deletions
diff --git a/ydb/core/viewer/browse.h b/ydb/core/viewer/browse.h index 88816955c3b..51a587b248b 100644 --- a/ydb/core/viewer/browse.h +++ b/ydb/core/viewer/browse.h @@ -580,6 +580,9 @@ public: if (ar == NACLib::EAccessRights::GenericFull) { pbAce.SetAccessRule("Full"); } + if (ar == NACLib::EAccessRights::GenericFullLegacy) { + pbAce.SetAccessRule("FullLegacy"); + } pbAce.SetSubject(ace.GetSID()); auto inht = ace.GetInheritanceType(); if ((inht & NACLib::EInheritanceType::InheritObject) != 0) { diff --git a/ydb/core/viewer/json_acl.h b/ydb/core/viewer/json_acl.h index 43034830fc4..c234b04df82 100644 --- a/ydb/core/viewer/json_acl.h +++ b/ydb/core/viewer/json_acl.h @@ -125,7 +125,7 @@ public: {NACLib::EAccessRights::ReadStream, "ReadStream"}, {NACLib::EAccessRights::WriteStream, "WriteStream"}, {NACLib::EAccessRights::ReadTopic, "ReadTopic"}, - {NACLib::EAccessRights::WritTopic, "WriteTopic"} + {NACLib::EAccessRights::WriteTopic, "WriteTopic"} }; auto ar = ace.GetAccessRight(); int shift = 0; diff --git a/ydb/core/ydb_convert/ydb_convert.cpp b/ydb/core/ydb_convert/ydb_convert.cpp index 5cea073e515..4676765f0e2 100644 --- a/ydb/core/ydb_convert/ydb_convert.cpp +++ b/ydb/core/ydb_convert/ydb_convert.cpp @@ -721,8 +721,10 @@ const THashMap<TString, TACLAttrs> AccessMap_ = { { "ydb.tables.read", TACLAttrs(EAccessRights::SelectRow | EAccessRights::ReadAttributes) }, { "ydb.generic.read", EAccessRights::GenericRead }, { "ydb.generic.write", EAccessRights::GenericWrite }, - { "ydb.generic.use", EAccessRights::GenericUse }, + { "ydb.generic.use_legacy", EAccessRights::GenericUseLegacy }, + { "ydb.generic.use", EAccessRights::GenericUse}, { "ydb.generic.manage", EAccessRights::GenericManage }, + { "ydb.generic.full_legacy", EAccessRights::GenericFullLegacy}, { "ydb.generic.full", EAccessRights::GenericFull }, { "ydb.database.create", EAccessRights::CreateDatabase }, { "ydb.database.drop", EAccessRights::DropDatabase }, diff --git a/ydb/library/aclib/aclib.cpp b/ydb/library/aclib/aclib.cpp index c7e95b42155..7340473880b 100644 --- a/ydb/library/aclib/aclib.cpp +++ b/ydb/library/aclib/aclib.cpp @@ -422,12 +422,18 @@ TString TACL::ToString(const NACLibProto::TACE& ace) { case EAccessRights::GenericWrite: str << 'W'; break; + case EAccessRights::GenericFullLegacy: + str << "FL"; + break; case EAccessRights::GenericFull: str << 'F'; break; case EAccessRights::GenericManage: str << 'M'; break; + case EAccessRights::GenericUseLegacy: + str << "UL"; + break; case EAccessRights::GenericUse: str << 'U'; break; @@ -583,13 +589,25 @@ void TACL::FromString(NACLibProto::TACE& ace, const TString& string) { ace.SetAccessRight(EAccessRights::GenericWrite); break; case 'F': - ace.SetAccessRight(EAccessRights::GenericFull); + ++it; + if (it != string.end() && *it == 'L') { + ace.SetAccessRight(EAccessRights::GenericFullLegacy); + } else { + ace.SetAccessRight(EAccessRights::GenericFull); + --it; + } break; case 'M': ace.SetAccessRight(EAccessRights::GenericManage); break; case 'U': - ace.SetAccessRight(EAccessRights::GenericUse); + ++it; + if (it != string.end() && *it == 'L') { + ace.SetAccessRight(EAccessRights::GenericUseLegacy); + } else { + ace.SetAccessRight(EAccessRights::GenericUse); + --it; + } break; case '(': { ++it; @@ -711,10 +729,12 @@ void TDiffACL::ClearAccessForSid(const NACLib::TSID& sid) { TString AccessRightsToString(ui32 accessRights) { switch (accessRights) { + case EAccessRights::GenericFullLegacy: return "FullLegacy"; case EAccessRights::GenericFull: return "Full"; case EAccessRights::GenericWrite: return "Write"; case EAccessRights::GenericRead: return "Read"; case EAccessRights::GenericManage: return "Manage"; + case EAccessRights::GenericUseLegacy: return "UseLegacy"; case EAccessRights::GenericUse: return "Use"; } TVector<TStringBuf> rights; diff --git a/ydb/library/aclib/aclib.h b/ydb/library/aclib/aclib.h index d82ebbb80b0..5fe9fce4e85 100644 --- a/ydb/library/aclib/aclib.h +++ b/ydb/library/aclib/aclib.h @@ -39,12 +39,14 @@ enum EAccessRights : ui32 { // bitmask ReadStream = 0x00010000, // reading streams WriteStream = 0x00020000, // writing streams ReadTopic = 0x00040000, // reading topics - WritTopic = 0x00080000, // writing topics + WriteTopic = 0x00080000, // writing topics GenericRead = SelectRow | ReadAttributes | DescribeSchema, GenericWrite = UpdateRow | EraseRow | WriteAttributes | CreateDirectory | CreateTable | CreateQueue | RemoveSchema | AlterSchema | WriteUserAttributes, - GenericUse = GenericRead | GenericWrite | GrantAccessRights, + GenericUseLegacy = GenericRead | GenericWrite | GrantAccessRights, + GenericUse = GenericUseLegacy | ConnectDatabase, GenericManage = CreateDatabase | DropDatabase, + GenericFullLegacy = GenericUseLegacy | GenericManage, GenericFull = GenericUse | GenericManage, }; |