Merge pull request #21824 from taosdata/fix/TS-3573

fix: table level privilege for query issue

Merge pull request #21824 from taosdata/fix/TS-3573
fix: table level privilege for query issue
f66b1e77 · dapan1121 · GitHub · b607a782 · 890030e8 · f66b1e77
隐藏空白更改
内联并排

Showing with 21 addition and 3 deletion

source/libs/parser/src/parAuthenticator.c source/libs/parser/src/parAuthenticator.c +21 -3

未找到文件。
--- a/source/libs/parser/src/parAuthenticator.c
+++ b/source/libs/parser/src/parAuthenticator.c
@@ -28,6 +28,10 @@ typedef struct SSelectAuthCxt {
  SSelectStmt* pSelect;
 } SSelectAuthCxt;

+typedef struct SAuthRewriteCxt {
+  STableNode*  pTarget;
+} SAuthRewriteCxt;
+
 static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt);

 static void setUserAuthInfo(SParseContext* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type,
@@ -90,12 +94,26 @@ static int32_t mergeStableTagCond(SNode** pWhere, SNode* pTagCond) {
  return code;
 }

-static int32_t appendStableTagCond(SNode** pWhere, SNode* pTagCond) {
+EDealRes rewriteAuthTable(SNode* pNode, void* pContext) {
+  if (QUERY_NODE_COLUMN == nodeType(pNode)) {
+    SColumnNode* pCol = (SColumnNode*)pNode;
+    SAuthRewriteCxt* pCxt = (SAuthRewriteCxt*)pContext;
+    strcpy(pCol->tableName, pCxt->pTarget->tableName);
+    strcpy(pCol->tableAlias, pCxt->pTarget->tableAlias);
+  }
+
+  return DEAL_RES_CONTINUE;
+}
+
+static int32_t rewriteAppendStableTagCond(SNode** pWhere, SNode* pTagCond, STableNode* pTable) {
  SNode* pTagCondCopy = nodesCloneNode(pTagCond);
  if (NULL == pTagCondCopy) {
    return TSDB_CODE_OUT_OF_MEMORY;
  }

+  SAuthRewriteCxt cxt = {.pTarget = pTable};
+  nodesWalkExpr(pTagCondCopy, rewriteAuthTable, &cxt);
+
  if (NULL == *pWhere) {
    *pWhere = pTagCondCopy;
    return TSDB_CODE_SUCCESS;
@@ -117,7 +135,7 @@ static EDealRes authSelectImpl(SNode* pNode, void* pContext) {
    STableNode* pTable = (STableNode*)pNode;
    pAuthCxt->errCode = checkAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, &pTagCond);
    if (TSDB_CODE_SUCCESS == pAuthCxt->errCode && NULL != pTagCond) {
-      pAuthCxt->errCode = appendStableTagCond(&pCxt->pSelect->pWhere, pTagCond);
+      pAuthCxt->errCode = rewriteAppendStableTagCond(&pCxt->pSelect->pWhere, pTagCond, pTable);
    }
    return TSDB_CODE_SUCCESS == pAuthCxt->errCode ? DEAL_RES_CONTINUE : DEAL_RES_ERROR;
  } else if (QUERY_NODE_TEMP_TABLE == nodeType(pNode)) {
@@ -152,7 +170,7 @@ static int32_t authDelete(SAuthCxt* pCxt, SDeleteStmt* pDelete) {
  STableNode* pTable = (STableNode*)pDelete->pFromTable;
  int32_t     code = checkAuth(pCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_WRITE, &pTagCond);
  if (TSDB_CODE_SUCCESS == code && NULL != pTagCond) {
-    code = appendStableTagCond(&pDelete->pWhere, pTagCond);
+    code = rewriteAppendStableTagCond(&pDelete->pWhere, pTagCond, pTable);
  }
  return code;
 }