提交 890030e8 编写于 作者: D dapan1121

fix: table level privilege for query issue

上级 878a63f2
......@@ -28,6 +28,10 @@ typedef struct SSelectAuthCxt {
SSelectStmt* pSelect;
} SSelectAuthCxt;
typedef struct SAuthRewriteCxt {
STableNode* pTarget;
} SAuthRewriteCxt;
static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt);
static void setUserAuthInfo(SParseContext* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type,
......@@ -90,12 +94,26 @@ static int32_t mergeStableTagCond(SNode** pWhere, SNode* pTagCond) {
return code;
}
static int32_t appendStableTagCond(SNode** pWhere, SNode* pTagCond) {
EDealRes rewriteAuthTable(SNode* pNode, void* pContext) {
if (QUERY_NODE_COLUMN == nodeType(pNode)) {
SColumnNode* pCol = (SColumnNode*)pNode;
SAuthRewriteCxt* pCxt = (SAuthRewriteCxt*)pContext;
strcpy(pCol->tableName, pCxt->pTarget->tableName);
strcpy(pCol->tableAlias, pCxt->pTarget->tableAlias);
}
return DEAL_RES_CONTINUE;
}
static int32_t rewriteAppendStableTagCond(SNode** pWhere, SNode* pTagCond, STableNode* pTable) {
SNode* pTagCondCopy = nodesCloneNode(pTagCond);
if (NULL == pTagCondCopy) {
return TSDB_CODE_OUT_OF_MEMORY;
}
SAuthRewriteCxt cxt = {.pTarget = pTable};
nodesWalkExpr(pTagCondCopy, rewriteAuthTable, &cxt);
if (NULL == *pWhere) {
*pWhere = pTagCondCopy;
return TSDB_CODE_SUCCESS;
......@@ -117,7 +135,7 @@ static EDealRes authSelectImpl(SNode* pNode, void* pContext) {
STableNode* pTable = (STableNode*)pNode;
pAuthCxt->errCode = checkAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, &pTagCond);
if (TSDB_CODE_SUCCESS == pAuthCxt->errCode && NULL != pTagCond) {
pAuthCxt->errCode = appendStableTagCond(&pCxt->pSelect->pWhere, pTagCond);
pAuthCxt->errCode = rewriteAppendStableTagCond(&pCxt->pSelect->pWhere, pTagCond, pTable);
}
return TSDB_CODE_SUCCESS == pAuthCxt->errCode ? DEAL_RES_CONTINUE : DEAL_RES_ERROR;
} else if (QUERY_NODE_TEMP_TABLE == nodeType(pNode)) {
......@@ -152,7 +170,7 @@ static int32_t authDelete(SAuthCxt* pCxt, SDeleteStmt* pDelete) {
STableNode* pTable = (STableNode*)pDelete->pFromTable;
int32_t code = checkAuth(pCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_WRITE, &pTagCond);
if (TSDB_CODE_SUCCESS == code && NULL != pTagCond) {
code = appendStableTagCond(&pDelete->pWhere, pTagCond);
code = rewriteAppendStableTagCond(&pDelete->pWhere, pTagCond, pTable);
}
return code;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册