diff options
| author | vitalyisaev <vitalyisaev@ydb.tech> | 2023-11-14 09:58:56 +0300 |
|---|---|---|
| committer | vitalyisaev <vitalyisaev@ydb.tech> | 2023-11-14 10:20:20 +0300 |
| commit | c2b2dfd9827a400a8495e172a56343462e3ceb82 (patch) | |
| tree | cd4e4f597d01bede4c82dffeb2d780d0a9046bd0 /contrib/clickhouse/src/Storages/System/StorageSystemRoleGrants.cpp | |
| parent | d4ae8f119e67808cb0cf776ba6e0cf95296f2df7 (diff) | |
| download | ydb-c2b2dfd9827a400a8495e172a56343462e3ceb82.tar.gz | |
YQ Connector: move tests from yql to ydb (OSS)
Перенос папки с тестами на Коннектор из папки yql в папку ydb (синхронизируется с github).
Diffstat (limited to 'contrib/clickhouse/src/Storages/System/StorageSystemRoleGrants.cpp')
| -rw-r--r-- | contrib/clickhouse/src/Storages/System/StorageSystemRoleGrants.cpp | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/contrib/clickhouse/src/Storages/System/StorageSystemRoleGrants.cpp b/contrib/clickhouse/src/Storages/System/StorageSystemRoleGrants.cpp new file mode 100644 index 0000000000..8fcd0fd7cf --- /dev/null +++ b/contrib/clickhouse/src/Storages/System/StorageSystemRoleGrants.cpp @@ -0,0 +1,125 @@ +#include <Storages/System/StorageSystemRoleGrants.h> +#include <DataTypes/DataTypeEnum.h> +#include <DataTypes/DataTypeNullable.h> +#include <DataTypes/DataTypeString.h> +#include <DataTypes/DataTypesNumber.h> +#include <DataTypes/DataTypeUUID.h> +#include <Columns/ColumnString.h> +#include <Columns/ColumnNullable.h> +#include <Columns/ColumnsNumber.h> +#include <Access/AccessControl.h> +#include <Access/Role.h> +#include <Access/User.h> +#include <Interpreters/Context.h> +#include <boost/range/algorithm_ext/push_back.hpp> + + +namespace DB +{ + +NamesAndTypesList StorageSystemRoleGrants::getNamesAndTypes() +{ + NamesAndTypesList names_and_types{ + {"user_name", std::make_shared<DataTypeNullable>(std::make_shared<DataTypeString>())}, + {"role_name", std::make_shared<DataTypeNullable>(std::make_shared<DataTypeString>())}, + {"granted_role_name", std::make_shared<DataTypeString>()}, + {"granted_role_id", std::make_shared<DataTypeUUID>()}, + {"granted_role_is_default", std::make_shared<DataTypeUInt8>()}, + {"with_admin_option", std::make_shared<DataTypeUInt8>()}, + }; + return names_and_types; +} + + +void StorageSystemRoleGrants::fillData(MutableColumns & res_columns, ContextPtr context, const SelectQueryInfo &) const +{ + /// If "select_from_system_db_requires_grant" is enabled the access rights were already checked in InterpreterSelectQuery. + const auto & access_control = context->getAccessControl(); + if (!access_control.doesSelectFromSystemDatabaseRequireGrant()) + context->checkAccess(AccessType::SHOW_USERS | AccessType::SHOW_ROLES); + + std::vector<UUID> ids = access_control.findAll<User>(); + boost::range::push_back(ids, access_control.findAll<Role>()); + + size_t column_index = 0; + auto & column_user_name = assert_cast<ColumnString &>(assert_cast<ColumnNullable &>(*res_columns[column_index]).getNestedColumn()); + auto & column_user_name_null_map = assert_cast<ColumnNullable &>(*res_columns[column_index++]).getNullMapData(); + auto & column_role_name = assert_cast<ColumnString &>(assert_cast<ColumnNullable &>(*res_columns[column_index]).getNestedColumn()); + auto & column_role_name_null_map = assert_cast<ColumnNullable &>(*res_columns[column_index++]).getNullMapData(); + auto & column_granted_role_name = assert_cast<ColumnString &>(*res_columns[column_index++]); + auto & column_granted_role_id = assert_cast<ColumnUUID &>(*res_columns[column_index++]).getData(); + auto & column_is_default = assert_cast<ColumnUInt8 &>(*res_columns[column_index++]).getData(); + auto & column_admin_option = assert_cast<ColumnUInt8 &>(*res_columns[column_index++]).getData(); + + auto add_row = [&](const String & grantee_name, + AccessEntityType grantee_type, + const String & granted_role_name, + const UUID & granted_role_id, + bool is_default, + bool with_admin_option) + { + if (grantee_type == AccessEntityType::USER) + { + column_user_name.insertData(grantee_name.data(), grantee_name.length()); + column_user_name_null_map.push_back(false); + column_role_name.insertDefault(); + column_role_name_null_map.push_back(true); + } + else if (grantee_type == AccessEntityType::ROLE) + { + column_user_name.insertDefault(); + column_user_name_null_map.push_back(true); + column_role_name.insertData(grantee_name.data(), grantee_name.length()); + column_role_name_null_map.push_back(false); + } + else + assert(false); + + column_granted_role_name.insertData(granted_role_name.data(), granted_role_name.length()); + column_granted_role_id.push_back(granted_role_id.toUnderType()); + column_is_default.push_back(is_default); + column_admin_option.push_back(with_admin_option); + }; + + auto add_rows = [&](const String & grantee_name, + AccessEntityType grantee_type, + const GrantedRoles & granted_roles, + const RolesOrUsersSet * default_roles) + { + for (const auto & element : granted_roles.getElements()) + { + for (const auto & role_id : element.ids) + { + auto role_name = access_control.tryReadName(role_id); + if (!role_name) + continue; + + bool is_default = !default_roles || default_roles->match(role_id); + add_row(grantee_name, grantee_type, *role_name, role_id, is_default, element.admin_option); + } + } + }; + + for (const auto & id : ids) + { + auto entity = access_control.tryRead(id); + if (!entity) + continue; + + const GrantedRoles * granted_roles = nullptr; + const RolesOrUsersSet * default_roles = nullptr; + if (auto role = typeid_cast<RolePtr>(entity)) + granted_roles = &role->granted_roles; + else if (auto user = typeid_cast<UserPtr>(entity)) + { + granted_roles = &user->granted_roles; + default_roles = &user->default_roles; + } + else + continue; + + add_rows(entity->getName(), entity->getType(), *granted_roles, default_roles); + } +} + +} |