feat: table level privilege

source/dnode/mnode/impl/src/mndPrivilege.c

@@ -35,6 +35,7 @@ int32_t mndCheckTopicPrivilegeByName(SMnode *pMnode, const char *user, EOperType
 int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp) {
   memcpy(pRsp->user, pUser->user, TSDB_USER_LEN);
   pRsp->superAuth = 1;
+  pRsp->enable = pUser->enable;
   pRsp->version = pUser->authVersion;
   return 0;
 }

source/dnode/mnode/impl/src/mndUser.c

@@ -18,10 +18,10 @@
 #include "mndDb.h"
 #include "mndPrivilege.h"
 #include "mndShow.h"
+#include "mndStb.h"
 #include "mndTopic.h"
 #include "mndTrans.h"
 #include "tbase64.h"
-#include "mndStb.h"
 
 #define USER_VER_NUMBER   3
 #define USER_RESERVE_SIZE 64
@@ -128,8 +128,7 @@ SSdbRaw *mndUserActionEncode(SUserObj *pUser) {
   int32_t numOfReadStbs = taosHashGetSize(pUser->readTbs);
   int32_t numOfWriteStbs = taosHashGetSize(pUser->writeTbs);
   int32_t numOfTopics = taosHashGetSize(pUser->topics);
-  int32_t size = sizeof(SUserObj) + USER_RESERVE_SIZE + 
-                (numOfReadDbs + numOfWriteDbs ) * TSDB_DB_FNAME_LEN +
+  int32_t size = sizeof(SUserObj) + USER_RESERVE_SIZE + (numOfReadDbs + numOfWriteDbs) * TSDB_DB_FNAME_LEN +
                  numOfTopics * TSDB_TOPIC_FNAME_LEN;
 
   char *stb = taosHashIterate(pUser->readTbs, NULL);
@@ -206,7 +205,7 @@ SSdbRaw *mndUserActionEncode(SUserObj *pUser) {
     SDB_SET_BINARY(pRaw, dataPos, key, keyLen, _OVER);
 
     size_t valueLen = 0;
-    valueLen = strlen(stb)+1;
+    valueLen = strlen(stb) + 1;
     SDB_SET_INT32(pRaw, dataPos, valueLen, _OVER)
     SDB_SET_BINARY(pRaw, dataPos, stb, valueLen, _OVER);
     stb = taosHashIterate(pUser->readTbs, stb);
@@ -220,7 +219,7 @@ SSdbRaw *mndUserActionEncode(SUserObj *pUser) {
     SDB_SET_BINARY(pRaw, dataPos, key, keyLen, _OVER);
 
     size_t valueLen = 0;
-    valueLen = strlen(stb)+1;
+    valueLen = strlen(stb) + 1;
     SDB_SET_INT32(pRaw, dataPos, valueLen, _OVER)
     SDB_SET_BINARY(pRaw, dataPos, stb, valueLen, _OVER);
     stb = taosHashIterate(pUser->writeTbs, stb);
@@ -283,7 +282,7 @@ static SSdbRow *mndUserActionDecode(SSdbRaw *pRaw) {
   if (sver >= 2) {
     SDB_GET_INT32(pRaw, dataPos, &numOfTopics, _OVER)
   }
-  if(sver >= 3){
+  if (sver >= 3) {
     SDB_GET_INT32(pRaw, dataPos, &numOfReadStbs, _OVER)
     SDB_GET_INT32(pRaw, dataPos, &numOfWriteStbs, _OVER)
   }
@@ -292,7 +291,8 @@ static SSdbRow *mndUserActionDecode(SSdbRaw *pRaw) {
   pUser->writeDbs =
       taosHashInit(numOfWriteDbs, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_ENTRY_LOCK);
   pUser->topics = taosHashInit(numOfTopics, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_ENTRY_LOCK);
-  pUser->readTbs = taosHashInit(numOfReadStbs, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_ENTRY_LOCK);
+  pUser->readTbs =
+      taosHashInit(numOfReadStbs, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_ENTRY_LOCK);
   pUser->writeTbs =
       taosHashInit(numOfWriteStbs, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_ENTRY_LOCK);
   if (pUser->readDbs == NULL || pUser->writeDbs == NULL || pUser->topics == NULL) goto _OVER;
@@ -320,7 +320,7 @@ static SSdbRow *mndUserActionDecode(SSdbRaw *pRaw) {
     }
   }
 
-  if(sver >= 3){
+  if (sver >= 3) {
     for (int32_t i = 0; i < numOfReadStbs; ++i) {
       int32_t keyLen = 0;
       SDB_GET_INT32(pRaw, dataPos, &keyLen, _OVER);
@@ -647,7 +647,7 @@ SHashObj *mndDupDbHash(SHashObj *pOld) { return mndDupObjHash(pOld, TSDB_DB_FNAM
 
 SHashObj *mndDupTopicHash(SHashObj *pOld) { return mndDupObjHash(pOld, TSDB_TOPIC_FNAME_LEN); }
 
-static int32_t mndTagPriviledge(SMnode *pMnode, SHashObj *hash, SAlterUserReq *alterReq){
+static int32_t mndTagPriviledge(SMnode *pMnode, SHashObj *hash, SAlterUserReq *alterReq) {
   char tbFName[TSDB_TABLE_FNAME_LEN] = {0};
   snprintf(tbFName, TSDB_TABLE_FNAME_LEN, "%s.%s", alterReq->objname, alterReq->tabName);
   int32_t len = strlen(tbFName) + 1;
@@ -657,13 +657,13 @@ static int32_t mndTagPriviledge(SMnode *pMnode, SHashObj *hash, SAlterUserReq *a
     mndReleaseStb(pMnode, pStb);
     return -1;
   }
-  if(alterReq->tagCond == NULL){
+  if (alterReq->tagCond == NULL) {
     mndReleaseStb(pMnode, pStb);
     return -1;
   }
 
   char *value = taosHashGet(hash, tbFName, len);
-  if(value != NULL){
+  if (value != NULL) {
     mndReleaseStb(pMnode, pStb);
     terrno = TSDB_CODE_MND_PRIVILEDGE_EXIST;
     return -1;
@@ -678,16 +678,16 @@ static int32_t mndTagPriviledge(SMnode *pMnode, SHashObj *hash, SAlterUserReq *a
   return 0;
 }
 
-static int32_t mndTablePriviledge(SMnode *pMnode, SHashObj *hash, SAlterUserReq *alterReq, SSdb *pSdb){
+static int32_t mndTablePriviledge(SMnode *pMnode, SHashObj *hash, SAlterUserReq *alterReq, SSdb *pSdb) {
   void *pIter = NULL;
   char  tbFName[TSDB_TABLE_FNAME_LEN] = {0};
 
   snprintf(tbFName, sizeof(tbFName), "%s.%s", alterReq->objname, alterReq->tabName);
   int32_t len = strlen(tbFName) + 1;
 
-  if(alterReq->tagCond != NULL && alterReq->tagCondLen != 0){
+  if (alterReq->tagCond != NULL && alterReq->tagCondLen != 0) {
     char *value = taosHashGet(hash, tbFName, len);
-    if(value != NULL){
+    if (value != NULL) {
       terrno = TSDB_CODE_MND_PRIVILEDGE_EXIST;
       return -1;
     }
@@ -696,8 +696,7 @@ static int32_t mndTablePriviledge(SMnode *pMnode, SHashObj *hash, SAlterUserReq
     if (taosHashPut(hash, tbFName, len, alterReq->tagCond, condLen) != 0) {
       return -1;
     }
-  }
-  else{
+  } else {
     if (taosHashPut(hash, tbFName, len, "t", 2) != 0) {
       return -1;
     }
@@ -706,7 +705,7 @@ static int32_t mndTablePriviledge(SMnode *pMnode, SHashObj *hash, SAlterUserReq
   return 0;
 }
 
-static int32_t mndRemoveTablePriviledge(SMnode *pMnode, SHashObj *hash, SAlterUserReq *alterReq, SSdb *pSdb){
+static int32_t mndRemoveTablePriviledge(SMnode *pMnode, SHashObj *hash, SAlterUserReq *alterReq, SSdb *pSdb) {
   void *pIter = NULL;
   char  tbFName[TSDB_TABLE_FNAME_LEN] = {0};
   snprintf(tbFName, sizeof(tbFName), "%s.%s", alterReq->objname, alterReq->tabName);
@@ -859,21 +858,21 @@ static int32_t mndProcessAlterUserReq(SRpcMsg *pReq) {
   }
 
   if (alterReq.alterType == TSDB_ALTER_USER_ADD_READ_TABLE) {
-    if(mndTablePriviledge(pMnode, newUser.readTbs, &alterReq, pSdb) != 0) goto _OVER;
+    if (mndTablePriviledge(pMnode, newUser.readTbs, &alterReq, pSdb) != 0) goto _OVER;
   }
 
   if (alterReq.alterType == TSDB_ALTER_USER_ADD_WRITE_TABLE) {
-    if(mndTablePriviledge(pMnode, newUser.writeTbs, &alterReq, pSdb) != 0) goto _OVER;
+    if (mndTablePriviledge(pMnode, newUser.writeTbs, &alterReq, pSdb) != 0) goto _OVER;
   }
 
   if (alterReq.alterType == TSDB_ALTER_USER_REMOVE_READ_TABLE ||
       alterReq.alterType == TSDB_ALTER_USER_REMOVE_READ_TAG) {
-    if(mndRemoveTablePriviledge(pMnode, newUser.readTbs, &alterReq, pSdb) != 0) goto _OVER;
+    if (mndRemoveTablePriviledge(pMnode, newUser.readTbs, &alterReq, pSdb) != 0) goto _OVER;
   }
 
   if (alterReq.alterType == TSDB_ALTER_USER_REMOVE_WRITE_TABLE ||
-      alterReq.alterType == TSDB_ALTER_USER_REMOVE_WRITE_TAG ) {
-    if(mndRemoveTablePriviledge(pMnode, newUser.writeTbs, &alterReq, pSdb) != 0) goto _OVER;
+      alterReq.alterType == TSDB_ALTER_USER_REMOVE_WRITE_TAG) {
+    if (mndRemoveTablePriviledge(pMnode, newUser.writeTbs, &alterReq, pSdb) != 0) goto _OVER;
   }
 
   if (alterReq.alterType == TSDB_ALTER_USER_ADD_SUBSCRIBE_TOPIC) {
@@ -887,11 +886,11 @@ static int32_t mndProcessAlterUserReq(SRpcMsg *pReq) {
   }
 
   if (alterReq.alterType == TSDB_ALTER_USER_ADD_READ_TAG) {
-    if(mndTagPriviledge(pMnode, newUser.readTbs, &alterReq) != 0) goto _OVER;
+    if (mndTagPriviledge(pMnode, newUser.readTbs, &alterReq) != 0) goto _OVER;
   }
 
   if (alterReq.alterType == TSDB_ALTER_USER_ADD_WRITE_TAG) {
-    if(mndTagPriviledge(pMnode, newUser.writeTbs, &alterReq) != 0) goto _OVER;
+    if (mndTagPriviledge(pMnode, newUser.writeTbs, &alterReq) != 0) goto _OVER;
   }
 
   if (alterReq.alterType == TSDB_ALTER_USER_REMOVE_SUBSCRIBE_TOPIC) {
@@ -1077,7 +1076,8 @@ static void mndCancelGetNextUser(SMnode *pMnode, void *pIter) {
   sdbCancelFetch(pSdb, pIter);
 }
 
-static void mndLoopHash(SHashObj * hash, char *priType, SSDataBlock *pBlock, int32_t *numOfRows, char *user, SShowObj *pShow){
+static void mndLoopHash(SHashObj *hash, char *priType, SSDataBlock *pBlock, int32_t *numOfRows, char *user,
+                        SShowObj *pShow) {
   char   *value = taosHashIterate(hash, NULL);
   int32_t cols = 0;
 
@@ -1110,29 +1110,27 @@ static void mndLoopHash(SHashObj * hash, char *priType, SSDataBlock *pBlock, int
     pColInfo = taosArrayGet(pBlock->pDataBlock, cols++);
     colDataSetVal(pColInfo, *numOfRows, (const char *)tableNameContent, false);
 
-    if(strcmp("t", value) != 0){
+    if (strcmp("t", value) != 0) {
       SNode  *pAst = NULL;
       int32_t sqlLen = 0;
       char    sql[TSDB_EXPLAIN_RESULT_ROW_SIZE] = {0};
 
-      if(nodesStringToNode(value, &pAst) == 0) {
+      if (nodesStringToNode(value, &pAst) == 0) {
         nodesNodeToSQL(pAst, sql, TSDB_EXPLAIN_RESULT_ROW_SIZE, &sqlLen);
         nodesDestroyNode(pAst);
-      }
-      else{
+      } else {
         sqlLen = 5;
         sprintf(sql, "error");
       }
 
-      //char *obj = taosMemoryMalloc(sqlLen + VARSTR_HEADER_SIZE + 1);
+      // char *obj = taosMemoryMalloc(sqlLen + VARSTR_HEADER_SIZE + 1);
       char obj[TSDB_PRIVILEDGE_CONDITION_LEN + VARSTR_HEADER_SIZE] = {0};
       STR_WITH_MAXSIZE_TO_VARSTR(obj, sql, pShow->pMeta->pSchemas[cols].bytes);
 
       pColInfo = taosArrayGet(pBlock->pDataBlock, cols++);
       colDataSetVal(pColInfo, *numOfRows, (const char *)obj, false);
-      //taosMemoryFree(obj);
-    }
-    else{
+      // taosMemoryFree(obj);
+    } else {
       char condition[20] = {0};
       STR_WITH_MAXSIZE_TO_VARSTR(condition, "", pShow->pMeta->pSchemas[cols].bytes);
       pColInfo = taosArrayGet(pBlock->pDataBlock, cols++);
@@ -1180,12 +1178,12 @@ static int32_t mndRetrievePrivileges(SRpcMsg *pReq, SShowObj *pShow, SSDataBlock
       pColInfo = taosArrayGet(pBlock->pDataBlock, cols++);
       colDataSetVal(pColInfo, numOfRows, (const char *)objName, false);
 
-      char tableName[20] = {0};
+      char tableName[TSDB_TABLE_NAME_LEN + VARSTR_HEADER_SIZE] = {0};
       STR_WITH_MAXSIZE_TO_VARSTR(tableName, "", pShow->pMeta->pSchemas[cols].bytes);
       pColInfo = taosArrayGet(pBlock->pDataBlock, cols++);
       colDataSetVal(pColInfo, numOfRows, (const char *)tableName, false);
 
-      char condition[20] = {0};
+      char condition[TSDB_PRIVILEDGE_CONDITION_LEN + VARSTR_HEADER_SIZE] = {0};
       STR_WITH_MAXSIZE_TO_VARSTR(condition, "", pShow->pMeta->pSchemas[cols].bytes);
       pColInfo = taosArrayGet(pBlock->pDataBlock, cols++);
       colDataSetVal(pColInfo, numOfRows, (const char *)condition, false);

source/libs/parser/src/parInsertSql.c

@@ -837,32 +837,31 @@ static int32_t parseUsingClauseBottom(SInsertParseContext* pCxt, SVnodeModifyOpS
   return code;
 }
 
+static void setUserAuthInfo(SParseContext* pCxt, SName* pTbName, SUserAuthInfo* pInfo) {
+  snprintf(pInfo->user, sizeof(pInfo->user), "%s", pCxt->pUser);
+  memcpy(&pInfo->tbName, pTbName, sizeof(SName));
+  pInfo->type = AUTH_TYPE_WRITE;
+}
+
 static int32_t checkAuth(SParseContext* pCxt, SName* pTbName, bool* pMissCache) {
-  char dbFName[TSDB_DB_FNAME_LEN];
-  tNameGetFullDbName(pTbName, dbFName);
   int32_t       code = TSDB_CODE_SUCCESS;
-  bool    pass = true;
-  bool    exists = true;
-  if (pCxt->async) {
   SUserAuthInfo authInfo = {0};
+  setUserAuthInfo(pCxt, pTbName, &authInfo);
   SUserAuthRes authRes = {0};
-//    code = catalogChkAuthFromCache(pCxt->pCatalog, pCxt->pUser, dbFName, AUTH_TYPE_WRITE, &pass, &exists);
+  bool         exists = true;
+  if (pCxt->async) {
     code = catalogChkAuthFromCache(pCxt->pCatalog, &authInfo, &authRes, &exists);
   } else {
     SRequestConnInfo conn = {.pTrans = pCxt->pTransporter,
                              .requestId = pCxt->requestId,
                              .requestObjRefId = pCxt->requestRid,
                              .mgmtEps = pCxt->mgmtEpSet};
-    SUserAuthInfo authInfo = {0};
-    SUserAuthRes  authRes = {0};
-    //code = catalogChkAuth(pCxt->pCatalog, &conn, pCxt->pUser, dbFName, AUTH_TYPE_WRITE, &pass);
     code = catalogChkAuth(pCxt->pCatalog, &conn, &authInfo, &authRes);
-
   }
   if (TSDB_CODE_SUCCESS == code) {
     if (!exists) {
       *pMissCache = true;
-    } else if (!pass) {
+    } else if (!authRes.pass) {
       code = TSDB_CODE_PAR_PERMISSION_DENIED;
     }
   }
@@ -2023,7 +2022,7 @@ static int32_t buildInsertUserAuthReq(const char* pUser, SName* pName, SArray**
 
   SUserAuthInfo userAuth = {.type = AUTH_TYPE_WRITE};
   snprintf(userAuth.user, sizeof(userAuth.user), "%s", pUser);
-  //tNameGetFullDbName(pName, userAuth.dbFName);
+  // tNameGetFullDbName(pName, userAuth.dbFName);
   taosArrayPush(*pUserAuth, &userAuth);
 
   return TSDB_CODE_SUCCESS;

source/libs/parser/src/parTranslater.c

@@ -976,7 +976,8 @@ static EDealRes translateColumnUseAlias(STranslateContext* pCxt, SColumnNode** p
 }
 
 static EDealRes translateColumn(STranslateContext* pCxt, SColumnNode** pCol) {
-  if (NULL == pCxt->pCurrStmt || isSelectStmt(pCxt->pCurrStmt) && NULL == ((SSelectStmt*)pCxt->pCurrStmt)->pFromTable) {
+  if (NULL == pCxt->pCurrStmt ||
+      (isSelectStmt(pCxt->pCurrStmt) && NULL == ((SSelectStmt*)pCxt->pCurrStmt)->pFromTable)) {
     return generateDealNodeErrMsg(pCxt, TSDB_CODE_PAR_INVALID_COLUMN, (*pCol)->colName);
   }
 
@@ -6449,6 +6450,48 @@ static int32_t translateDropFunction(STranslateContext* pCxt, SDropFunctionStmt*
   return buildCmdMsg(pCxt, TDMT_MND_DROP_FUNC, (FSerializeFunc)tSerializeSDropFuncReq, &req);
 }
 
+static int32_t createRealTableForGrantTable(SGrantStmt* pStmt, SRealTableNode** pTable) {
+  SRealTableNode* pRealTable = (SRealTableNode*)nodesMakeNode(QUERY_NODE_REAL_TABLE);
+  if (NULL == pRealTable) {
+    return TSDB_CODE_OUT_OF_MEMORY;
+  }
+  strcpy(pRealTable->table.dbName, pStmt->objName);
+  strcpy(pRealTable->table.tableName, pStmt->tabName);
+  strcpy(pRealTable->table.tableAlias, pStmt->tabName);
+  *pTable = pRealTable;
+  return TSDB_CODE_SUCCESS;
+}
+
+static int32_t translateGrantTagCond(STranslateContext* pCxt, SGrantStmt* pStmt, SAlterUserReq* pReq) {
+  if (NULL == pStmt->pTagCond) {
+    return TSDB_CODE_SUCCESS;
+  }
+  if ('\0' == pStmt->tabName[0] || '*' == pStmt->tabName[0]) {
+    return generateSyntaxErrMsgExt(&pCxt->msgBuf, TSDB_CODE_PAR_SYNTAX_ERROR,
+                                   "The With clause can only be used for table level privilege");
+  }
+
+  pCxt->pCurrStmt = (SNode*)pStmt;
+  SRealTableNode* pTable = NULL;
+  int32_t         code = createRealTableForGrantTable(pStmt, &pTable);
+  if (TSDB_CODE_SUCCESS == code) {
+    SName name;
+    code = getTableMetaImpl(pCxt, toName(pCxt->pParseCxt->acctId, pTable->table.dbName, pTable->table.tableName, &name),
+                            &(pTable->pMeta));
+  }
+  if (TSDB_CODE_SUCCESS == code) {
+    code = addNamespace(pCxt, pTable);
+  }
+  if (TSDB_CODE_SUCCESS == code) {
+    code = translateExpr(pCxt, &pStmt->pTagCond);
+  }
+  if (TSDB_CODE_SUCCESS == code) {
+    code = nodesNodeToString(pStmt->pTagCond, false, &pReq->tagCond, &pReq->tagCondLen);
+  }
+  nodesDestroyNode((SNode*)pTable);
+  return code;
+}
+
 static int32_t translateGrant(STranslateContext* pCxt, SGrantStmt* pStmt) {
   SAlterUserReq req = {0};
   if (BIT_FLAG_TEST_MASK(pStmt->privileges, PRIVILEGE_TYPE_ALL) ||
@@ -6465,10 +6508,7 @@ static int32_t translateGrant(STranslateContext* pCxt, SGrantStmt* pStmt) {
   strcpy(req.user, pStmt->userName);
   sprintf(req.objname, "%d.%s", pCxt->pParseCxt->acctId, pStmt->objName);
   sprintf(req.tabName, "%s", pStmt->tabName);
-  int32_t code = TSDB_CODE_SUCCESS;
-  if (NULL != pStmt->pTagCond) {
-    code = nodesNodeToString(pStmt->pTagCond, false, &req.tagCond, &req.tagCondLen);
-  }
+  int32_t code = translateGrantTagCond(pCxt, pStmt, &req);
   if (TSDB_CODE_SUCCESS == code) {
     code = buildCmdMsg(pCxt, TDMT_MND_ALTER_USER, (FSerializeFunc)tSerializeSAlterUserReq, &req);
   }