Add access right GenericList

author: molotkov-and <molotkov-and@ydb.tech> 2023-01-10 12:48:17 +0300
committer: molotkov-and <molotkov-and@ydb.tech> 2023-01-10 12:48:17 +0300
commit: c28586c3736da502ce58e08c5410768106e81ef4 (patch)
tree: 551517392ac9c509e40628ca8a602a8e2fa04874
parent: fd0193e834ffea41a37811faad606672fe8707cd (diff)
download: ydb-c28586c3736da502ce58e08c5410768106e81ef4.tar.gz
10 files changed, 52 insertions, 2 deletions
diff --git a/ydb/core/protos/flat_scheme_op.proto b/ydb/core/protos/flat_scheme_op.proto
index 8e62aad979e..21511d4c1c1 100644
--- a/ydb/core/protos/flat_scheme_op.proto
+++ b/ydb/core/protos/flat_scheme_op.proto
@@ -1398,6 +1398,7 @@ message TDescribeOptions {
     optional bool ReturnBoundaries = 6 [default = false];
     optional bool ShowPrivateTable = 7 [default = false];
     optional bool ReturnChannelsBinding = 8 [default = false];
+    optional bool ReturnRangeKey = 9 [default = true];
 }
 
 // Request to read scheme for a specific path
diff --git a/ydb/core/tx/schemeshard/schemeshard_impl.cpp b/ydb/core/tx/schemeshard/schemeshard_impl.cpp
index 7435757d273..1b72fc3edf7 100644
--- a/ydb/core/tx/schemeshard/schemeshard_impl.cpp
+++ b/ydb/core/tx/schemeshard/schemeshard_impl.cpp
@@ -509,6 +509,7 @@ void TSchemeShard::ClearDescribePathCaches(const TPathElement::TPtr node, bool f
         Y_VERIFY(Tables.contains(node->PathId));
         TTableInfo::TPtr tabletInfo = Tables.at(node->PathId);
         tabletInfo->PreSerializedPathDescription.clear();
+        tabletInfo->PreSerializedPathDescriptionWithoutRangeKey.clear();
     }
 }
 
diff --git a/ydb/core/tx/schemeshard/schemeshard_info_types.cpp b/ydb/core/tx/schemeshard/schemeshard_info_types.cpp
index 401d2dff5b3..5366f47b72e 100644
--- a/ydb/core/tx/schemeshard/schemeshard_info_types.cpp
+++ b/ydb/core/tx/schemeshard/schemeshard_info_types.cpp
@@ -1291,6 +1291,7 @@ void TTableInfo::SetPartitioning(TVector<TTableShardInfo>&& newPartitioning) {
     Stats.Aggregated = newAggregatedStats;
     Partitions.swap(newPartitioning);
     PreSerializedPathDescription.clear();
+    PreSerializedPathDescriptionWithoutRangeKey.clear();
 
     CondEraseSchedule.clear();
     InFlightCondErase.clear();
diff --git a/ydb/core/tx/schemeshard/schemeshard_info_types.h b/ydb/core/tx/schemeshard/schemeshard_info_types.h
index d1549cdbe1a..4292ead6b92 100644
--- a/ydb/core/tx/schemeshard/schemeshard_info_types.h
+++ b/ydb/core/tx/schemeshard/schemeshard_info_types.h
@@ -407,6 +407,7 @@ struct TTableInfo : public TSimpleRefCount<TTableInfo> {
     TMap<TTxId, TBackupRestoreResult> RestoreHistory;
 
     TString PreSerializedPathDescription;
+    TString PreSerializedPathDescriptionWithoutRangeKey;
 
     THashMap<TShardIdx, NKikimrSchemeOp::TPartitionConfig> PerShardPartitionConfig;
 
diff --git a/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp b/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp
index b7709e7ca1b..bb6c2e20c5e 100644
--- a/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp
+++ b/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp
@@ -204,11 +204,13 @@ void TPathDescriber::DescribeTable(const TActorContext& ctx, TPathId pathId, TPa
     bool returnPartitionStats = Params.GetOptions().GetReturnPartitionStats();
     bool returnBackupInfo = Params.GetBackupInfo();
     bool returnBoundaries = false;
+    bool returnRangeKey = true;
     if (Params.HasOptions()) {
         returnConfig = Params.GetOptions().GetReturnPartitionConfig();
         returnPartitioning = Params.GetOptions().GetReturnPartitioningInfo();
         returnBackupInfo = Params.GetOptions().GetBackupInfo();
         returnBoundaries = Params.GetOptions().GetReturnBoundaries();
+        returnRangeKey = Params.GetOptions().GetReturnRangeKey();
     }
 
     Self->DescribeTable(tableInfo, typeRegistry, returnConfig, returnBoundaries, entry);
@@ -218,24 +220,42 @@ void TPathDescriber::DescribeTable(const TActorContext& ctx, TPathId pathId, TPa
         // partitions
         if (tableInfo->PreSerializedPathDescription.empty()) {
             NKikimrScheme::TEvDescribeSchemeResult preSerializedResult;
+            NKikimrScheme::TEvDescribeSchemeResult preSerializedResultWithoutRangeKey;
+
             NKikimrSchemeOp::TPathDescription& pathDescription = *preSerializedResult.MutablePathDescription();
+            NKikimrSchemeOp::TPathDescription& pathDescriptionWithoutRangeKey = *preSerializedResultWithoutRangeKey.MutablePathDescription();
+
             pathDescription.MutableTablePartitions()->Reserve(tableInfo->GetPartitions().size());
+            pathDescriptionWithoutRangeKey.MutableTablePartitions()->Reserve(tableInfo->GetPartitions().size());
             for (auto& p : tableInfo->GetPartitions()) {
                 auto part = pathDescription.AddTablePartitions();
+                auto partWithoutRangeKey = pathDescriptionWithoutRangeKey.AddTablePartitions();
                 auto datashardIdx = p.ShardIdx;
                 auto datashardTabletId = Self->ShardInfos[datashardIdx].TabletID;
                 // Currently we only support uniform partitioning where each range is [start, end)
                 // +inf as the end of the last range is represented by empty TCell vector
                 part->SetDatashardId(ui64(datashardTabletId));
+                partWithoutRangeKey->SetDatashardId(ui64(datashardTabletId));
+
                 part->SetIsPoint(false);
+                partWithoutRangeKey->SetIsPoint(false);
+
                 part->SetIsInclusive(false);
+                partWithoutRangeKey->SetIsInclusive(false);
+
                 part->SetEndOfRangeKeyPrefix(p.EndOfRange);
             }
             Y_PROTOBUF_SUPPRESS_NODISCARD preSerializedResult.SerializeToString(&tableInfo->PreSerializedPathDescription);
+            Y_PROTOBUF_SUPPRESS_NODISCARD preSerializedResultWithoutRangeKey.SerializeToString(&tableInfo->PreSerializedPathDescriptionWithoutRangeKey);
+        }
+        if (returnRangeKey) {
+            Result->PreSerializedData += tableInfo->PreSerializedPathDescription;
+        } else {
+            Result->PreSerializedData += tableInfo->PreSerializedPathDescriptionWithoutRangeKey;
         }
-        Result->PreSerializedData += tableInfo->PreSerializedPathDescription;
         if (!pathEl->IsCreateFinished()) {
             tableInfo->PreSerializedPathDescription.clear(); // KIKIMR-4337
+            tableInfo->PreSerializedPathDescriptionWithoutRangeKey.clear();
         }
     }
 
diff --git a/ydb/core/tx/tx_proxy/describe.cpp b/ydb/core/tx/tx_proxy/describe.cpp
index e718ac25204..ba4b6305065 100644
--- a/ydb/core/tx/tx_proxy/describe.cpp
+++ b/ydb/core/tx/tx_proxy/describe.cpp
@@ -374,6 +374,20 @@ void TDescribeReq::Handle(TEvTxProxySchemeCache::TEvNavigateKeySetResult::TPtr &
     TAutoPtr<NSchemeShard::TEvSchemeShard::TEvDescribeScheme> req(
         new NSchemeShard::TEvSchemeShard::TEvDescribeScheme(describePath));
 
+    auto& record = req.Get()->Record;
+    if (UserToken != nullptr) {
+        auto options = record.MutableOptions();
+        if (entry.SecurityObject != nullptr) {
+            options->SetReturnBoundaries(false);
+            options->SetReturnRangeKey(false);
+            ui32 access = NACLib::EAccessRights::SelectRow;
+            if (entry.SecurityObject->CheckAccess(access, *UserToken)) {
+                options->SetReturnBoundaries(true);
+                options->SetReturnRangeKey(true);
+            }
+        }
+    }
+
     LOG_DEBUG_S(ctx, NKikimrServices::TX_PROXY, "Actor# " << ctx.SelfID.ToString()
         << " SEND to# " << shardToRequest << " shardToRequest " << req->ToString());
 
diff --git a/ydb/core/viewer/browse.h b/ydb/core/viewer/browse.h
index 51a587b248b..0ff4f33d946 100644
--- a/ydb/core/viewer/browse.h
+++ b/ydb/core/viewer/browse.h
@@ -571,6 +571,9 @@ public:
                         if ((ar & NACLib::EAccessRights::CreateQueue) != 0) {
                             pbAce.AddAccessRights("CreateQueue");
                         }
+                        if (ar == NACLib::EAccessRights::GenericList) {
+                            pbAce.SetAccessRule("List");
+                        }
                         if (ar == NACLib::EAccessRights::GenericRead) {
                             pbAce.SetAccessRule("Read");
                         }
diff --git a/ydb/core/ydb_convert/ydb_convert.cpp b/ydb/core/ydb_convert/ydb_convert.cpp
index cb5047bbd34..662cf036ff9 100644
--- a/ydb/core/ydb_convert/ydb_convert.cpp
+++ b/ydb/core/ydb_convert/ydb_convert.cpp
@@ -742,6 +742,7 @@ const THashMap<TString, TACLAttrs> AccessMap_  = {
     { "ydb.database.connect", TACLAttrs(EAccessRights::ConnectDatabase, EInheritanceType::InheritNone) },
     { "ydb.tables.modify", TACLAttrs(EAccessRights(UpdateRow | EraseRow)) },
     { "ydb.tables.read", TACLAttrs(EAccessRights::SelectRow | EAccessRights::ReadAttributes) },
+    { "ydb.generic.list", EAccessRights::GenericList},
     { "ydb.generic.read", EAccessRights::GenericRead },
     { "ydb.generic.write", EAccessRights::GenericWrite },
     { "ydb.generic.use_legacy", EAccessRights::GenericUseLegacy },
diff --git a/ydb/library/aclib/aclib.cpp b/ydb/library/aclib/aclib.cpp
index 47fd2ff491c..b04fcd0a9cd 100644
--- a/ydb/library/aclib/aclib.cpp
+++ b/ydb/library/aclib/aclib.cpp
@@ -422,6 +422,9 @@ TString TACL::ToString(const NACLibProto::TACE& ace) {
     }
     auto ar = ace.GetAccessRight();
     switch (ar) {
+        case EAccessRights::GenericList:
+            str << 'L';
+            break;
         case EAccessRights::GenericRead:
             str << 'R';
             break;
@@ -588,6 +591,9 @@ void TACL::FromString(NACLibProto::TACE& ace, const TString& string) {
         throw yexception() << "Invalid acl - no access rights";
     }
     switch (*it) {
+        case 'L':
+            ace.SetAccessRight(EAccessRights::GenericList);
+            break;
         case 'R':
             ace.SetAccessRight(EAccessRights::GenericRead);
             break;
@@ -739,6 +745,7 @@ TString AccessRightsToString(ui32 accessRights) {
     case EAccessRights::GenericFull: return "Full";
     case EAccessRights::GenericWrite: return "Write";
     case EAccessRights::GenericRead: return "Read";
+    case EAccessRights::GenericList: return "List";
     case EAccessRights::GenericManage: return "Manage";
     case EAccessRights::GenericUseLegacy: return "UseLegacy";
     case EAccessRights::GenericUse: return "Use";
diff --git a/ydb/library/aclib/aclib.h b/ydb/library/aclib/aclib.h
index 5fe9fce4e85..a3bbba19e10 100644
--- a/ydb/library/aclib/aclib.h
+++ b/ydb/library/aclib/aclib.h
@@ -41,7 +41,8 @@ enum EAccessRights : ui32 { // bitmask
     ReadTopic = 0x00040000, // reading topics
     WriteTopic = 0x00080000, // writing topics
 
-    GenericRead = SelectRow | ReadAttributes | DescribeSchema,
+    GenericList = ReadAttributes | DescribeSchema,
+    GenericRead = SelectRow | GenericList,
     GenericWrite = UpdateRow | EraseRow | WriteAttributes | CreateDirectory | CreateTable | CreateQueue | RemoveSchema | AlterSchema | WriteUserAttributes,
     GenericUseLegacy = GenericRead | GenericWrite | GrantAccessRights,
     GenericUse = GenericUseLegacy | ConnectDatabase,
author	molotkov-and <molotkov-and@ydb.tech>	2023-01-10 12:48:17 +0300
committer	molotkov-and <molotkov-and@ydb.tech>	2023-01-10 12:48:17 +0300
commit	c28586c3736da502ce58e08c5410768106e81ef4 (patch)
tree	551517392ac9c509e40628ca8a602a8e2fa04874
parent	fd0193e834ffea41a37811faad606672fe8707cd (diff)
download	ydb-c28586c3736da502ce58e08c5410768106e81ef4.tar.gz