Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
taosdata
TDengine
提交
5babaf9e
T
TDengine
项目概览
taosdata
/
TDengine
1 年多 前同步成功
通知
1185
Star
22016
Fork
4786
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
1
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
TDengine
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
1
Issue
1
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
5babaf9e
编写于
3月 31, 2023
作者:
X
Xiaoyu Wang
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
feat: table level read privilege check
上级
824c87a6
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
61 addition
and
6 deletion
+61
-6
source/libs/parser/src/parAstParser.c
source/libs/parser/src/parAstParser.c
+9
-0
source/libs/parser/src/parAuthenticator.c
source/libs/parser/src/parAuthenticator.c
+52
-6
未找到文件。
source/libs/parser/src/parAstParser.c
浏览文件 @
5babaf9e
...
...
@@ -610,6 +610,13 @@ static int32_t collectMetaKeyFromCompactDatabase(SCollectMetaKeyCxt* pCxt, SComp
return
reserveDbCfgInCache
(
pCxt
->
pParseCxt
->
acctId
,
pStmt
->
dbName
,
pCxt
->
pMetaCache
);
}
static
int32_t
collectMetaKeyFromGrant
(
SCollectMetaKeyCxt
*
pCxt
,
SGrantStmt
*
pStmt
)
{
if
(
'\0'
==
pStmt
->
tabName
[
0
])
{
return
TSDB_CODE_SUCCESS
;
}
return
reserveTableMetaInCache
(
pCxt
->
pParseCxt
->
acctId
,
pStmt
->
objName
,
pStmt
->
tabName
,
pCxt
->
pMetaCache
);
}
static
int32_t
collectMetaKeyFromQuery
(
SCollectMetaKeyCxt
*
pCxt
,
SNode
*
pStmt
)
{
pCxt
->
pStmt
=
pStmt
;
switch
(
nodeType
(
pStmt
))
{
...
...
@@ -645,6 +652,8 @@ static int32_t collectMetaKeyFromQuery(SCollectMetaKeyCxt* pCxt, SNode* pStmt) {
return
collectMetaKeyFromCompactDatabase
(
pCxt
,
(
SCompactDatabaseStmt
*
)
pStmt
);
case
QUERY_NODE_CREATE_STREAM_STMT
:
return
collectMetaKeyFromCreateStream
(
pCxt
,
(
SCreateStreamStmt
*
)
pStmt
);
case
QUERY_NODE_GRANT_STMT
:
return
collectMetaKeyFromGrant
(
pCxt
,
(
SGrantStmt
*
)
pStmt
);
case
QUERY_NODE_SHOW_DNODES_STMT
:
return
collectMetaKeyFromShowDnodes
(
pCxt
,
(
SShowStmt
*
)
pStmt
);
case
QUERY_NODE_SHOW_MNODES_STMT
:
...
...
source/libs/parser/src/parAuthenticator.c
浏览文件 @
5babaf9e
...
...
@@ -23,6 +23,11 @@ typedef struct SAuthCxt {
int32_t
errCode
;
}
SAuthCxt
;
typedef
struct
SSelectAuthCxt
{
SAuthCxt
*
pAuthCxt
;
SSelectStmt
*
pSelect
;
}
SSelectAuthCxt
;
static
int32_t
authQuery
(
SAuthCxt
*
pCxt
,
SNode
*
pStmt
);
static
int32_t
checkAuth
(
SAuthCxt
*
pCxt
,
const
char
*
pDbName
,
AUTH_TYPE
type
)
{
...
...
@@ -53,19 +58,60 @@ static EDealRes authSubquery(SAuthCxt* pCxt, SNode* pStmt) {
return
TSDB_CODE_SUCCESS
==
authQuery
(
pCxt
,
pStmt
)
?
DEAL_RES_CONTINUE
:
DEAL_RES_ERROR
;
}
static
int32_t
mergeStableTagCond
(
SNode
**
pWhere
,
SNode
**
pTagCond
)
{
SLogicConditionNode
*
pLogicCond
=
(
SLogicConditionNode
*
)
nodesMakeNode
(
QUERY_NODE_LOGIC_CONDITION
);
if
(
NULL
==
pLogicCond
)
{
return
TSDB_CODE_OUT_OF_MEMORY
;
}
pLogicCond
->
node
.
resType
.
type
=
TSDB_DATA_TYPE_BOOL
;
pLogicCond
->
node
.
resType
.
bytes
=
tDataTypes
[
TSDB_DATA_TYPE_BOOL
].
bytes
;
pLogicCond
->
condType
=
LOGIC_COND_TYPE_AND
;
int32_t
code
=
nodesListMakeStrictAppend
(
&
pLogicCond
->
pParameterList
,
*
pTagCond
);
if
(
TSDB_CODE_SUCCESS
==
code
)
{
code
=
nodesListMakeAppend
(
&
pLogicCond
->
pParameterList
,
*
pWhere
);
}
if
(
TSDB_CODE_SUCCESS
==
code
)
{
*
pWhere
=
(
SNode
*
)
pLogicCond
;
}
else
{
nodesDestroyNode
((
SNode
*
)
pLogicCond
);
}
return
code
;
}
static
int32_t
appendStableTagCond
(
SSelectStmt
*
pSelect
,
SNode
*
pTagCond
)
{
SNode
*
pTagCondCopy
=
nodesCloneNode
(
pTagCond
);
if
(
NULL
==
pTagCondCopy
)
{
return
TSDB_CODE_OUT_OF_MEMORY
;
}
if
(
NULL
==
pSelect
->
pWhere
)
{
pSelect
->
pWhere
=
pTagCondCopy
;
return
TSDB_CODE_SUCCESS
;
}
if
(
QUERY_NODE_LOGIC_CONDITION
==
nodeType
(
pSelect
->
pWhere
)
&&
LOGIC_COND_TYPE_AND
==
((
SLogicConditionNode
*
)
pSelect
->
pWhere
)
->
condType
)
{
return
nodesListStrictAppend
(((
SLogicConditionNode
*
)
pSelect
->
pWhere
)
->
pParameterList
,
pTagCondCopy
);
}
return
mergeStableTagCond
(
&
pSelect
->
pWhere
,
&
pTagCondCopy
);
}
static
EDealRes
authSelectImpl
(
SNode
*
pNode
,
void
*
pContext
)
{
SAuthCxt
*
pCxt
=
pContext
;
SSelectAuthCxt
*
pCxt
=
pContext
;
SAuthCxt
*
pAuthCxt
=
pCxt
->
pAuthCxt
;
if
(
QUERY_NODE_REAL_TABLE
==
nodeType
(
pNode
))
{
p
Cxt
->
errCode
=
checkAuth
(
p
Cxt
,
((
SRealTableNode
*
)
pNode
)
->
table
.
dbName
,
AUTH_TYPE_READ
);
return
TSDB_CODE_SUCCESS
==
pCxt
->
errCode
?
DEAL_RES_CONTINUE
:
DEAL_RES_ERROR
;
p
AuthCxt
->
errCode
=
checkAuth
(
pAuth
Cxt
,
((
SRealTableNode
*
)
pNode
)
->
table
.
dbName
,
AUTH_TYPE_READ
);
return
TSDB_CODE_SUCCESS
==
p
Auth
Cxt
->
errCode
?
DEAL_RES_CONTINUE
:
DEAL_RES_ERROR
;
}
else
if
(
QUERY_NODE_TEMP_TABLE
==
nodeType
(
pNode
))
{
return
authSubquery
(
pCxt
,
((
STempTableNode
*
)
pNode
)
->
pSubquery
);
return
authSubquery
(
p
Auth
Cxt
,
((
STempTableNode
*
)
pNode
)
->
pSubquery
);
}
return
DEAL_RES_CONTINUE
;
}
static
int32_t
authSelect
(
SAuthCxt
*
pCxt
,
SSelectStmt
*
pSelect
)
{
nodesWalkSelectStmt
(
pSelect
,
SQL_CLAUSE_FROM
,
authSelectImpl
,
pCxt
);
SSelectAuthCxt
cxt
=
{.
pAuthCxt
=
pCxt
,
.
pSelect
=
pSelect
};
nodesWalkSelectStmt
(
pSelect
,
SQL_CLAUSE_FROM
,
authSelectImpl
,
&
cxt
);
return
pCxt
->
errCode
;
}
...
...
@@ -146,7 +192,7 @@ static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt) {
case
QUERY_NODE_SHOW_LICENCES_STMT
:
case
QUERY_NODE_SHOW_VGROUPS_STMT
:
case
QUERY_NODE_SHOW_DB_ALIVE_STMT
:
case
QUERY_NODE_SHOW_CLUSTER_ALIVE_STMT
:
case
QUERY_NODE_SHOW_CLUSTER_ALIVE_STMT
:
case
QUERY_NODE_SHOW_CREATE_DATABASE_STMT
:
case
QUERY_NODE_SHOW_TABLE_DISTRIBUTED_STMT
:
case
QUERY_NODE_SHOW_VNODES_STMT
:
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录