diff options
| author | hcpp <hcpp@ydb.tech> | 2023-02-01 18:22:40 +0300 |
|---|---|---|
| committer | hcpp <hcpp@ydb.tech> | 2023-02-01 18:22:40 +0300 |
| commit | b9722f1ebf5791afad065aa91a31cbf025e3353f (patch) | |
| tree | 3364c5100077db375d99f161ed5329819d821ac4 | |
| parent | b3f36b1a35914a9e05875380b01a6b18f2bf2096 (diff) | |
| download | ydb-b9722f1ebf5791afad065aa91a31cbf025e3353f.tar.gz | |
abort/start permissions has been supported
| -rw-r--r-- | ydb/core/grpc_services/rpc_fq.cpp | 10 | ||||
| -rw-r--r-- | ydb/core/grpc_services/rpc_yq.cpp | 10 |
2 files changed, 16 insertions, 4 deletions
diff --git a/ydb/core/grpc_services/rpc_fq.cpp b/ydb/core/grpc_services/rpc_fq.cpp index 3010da09658..9748a18a320 100644 --- a/ydb/core/grpc_services/rpc_fq.cpp +++ b/ydb/core/grpc_services/rpc_fq.cpp @@ -531,12 +531,18 @@ std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryDeleteQueryRequestOper } std::unique_ptr<TEvProxyRuntimeEvent> CreateFederatedQueryControlQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { - static const std::function permissions{[](const FederatedQuery::ControlQueryRequest&) -> TVector<NPerms::TPermission> { - return { + static const std::function permissions{[](const FederatedQuery::ControlQueryRequest& request) -> TVector<NPerms::TPermission> { + TVector<NPerms::TPermission> basePermissions{ NPerms::Required("yq.queries.control"), NPerms::Optional("yq.resources.managePublic"), NPerms::Optional("yq.resources.managePrivate") }; + if (request.action() == FederatedQuery::RESUME) { + basePermissions.push_back(NPerms::Required("yq.queries.start")); + } else if (request.action() != FederatedQuery::QUERY_ACTION_UNSPECIFIED) { + basePermissions.push_back(NPerms::Required("yq.queries.abort")); + } + return basePermissions; }}; return std::make_unique<TGrpcFqRequestOperationCall<FederatedQuery::ControlQueryRequest, FederatedQuery::ControlQueryResponse>>(ctx.Release(), &DoFederatedQueryControlQueryRequest, permissions); diff --git a/ydb/core/grpc_services/rpc_yq.cpp b/ydb/core/grpc_services/rpc_yq.cpp index a5a06e26ea7..4b4d2290436 100644 --- a/ydb/core/grpc_services/rpc_yq.cpp +++ b/ydb/core/grpc_services/rpc_yq.cpp @@ -450,12 +450,18 @@ std::unique_ptr<TEvProxyRuntimeEvent> CreateDeleteQueryRequestOperationCall(TInt } std::unique_ptr<TEvProxyRuntimeEvent> CreateControlQueryRequestOperationCall(TIntrusivePtr<NGrpc::IRequestContextBase> ctx) { - static const std::function permissions{[](const YandexQuery::ControlQueryRequest&) -> TVector<NPerms::TPermission> { - return { + static const std::function permissions{[](const YandexQuery::ControlQueryRequest& request) -> TVector<NPerms::TPermission> { + TVector<NPerms::TPermission> basePermissions{ NPerms::Required("yq.queries.control"), NPerms::Optional("yq.resources.managePublic"), NPerms::Optional("yq.resources.managePrivate") }; + if (request.action() == YandexQuery::RESUME) { + basePermissions.push_back(NPerms::Required("yq.queries.start")); + } else if (request.action() != YandexQuery::QUERY_ACTION_UNSPECIFIED) { + basePermissions.push_back(NPerms::Required("yq.queries.abort")); + } + return basePermissions; }}; return std::make_unique<TGrpcYqRequestOperationCall<YandexQuery::ControlQueryRequest, YandexQuery::ControlQueryResponse>>(ctx.Release(), &DoYandexQueryControlQueryRequest, permissions); |