未验证 提交 f66b1e77 编写于 作者: D dapan1121 提交者: GitHub

Merge pull request #21824 from taosdata/fix/TS-3573

fix: table level privilege for query issue
...@@ -28,6 +28,10 @@ typedef struct SSelectAuthCxt { ...@@ -28,6 +28,10 @@ typedef struct SSelectAuthCxt {
SSelectStmt* pSelect; SSelectStmt* pSelect;
} SSelectAuthCxt; } SSelectAuthCxt;
typedef struct SAuthRewriteCxt {
STableNode* pTarget;
} SAuthRewriteCxt;
static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt); static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt);
static void setUserAuthInfo(SParseContext* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, static void setUserAuthInfo(SParseContext* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type,
...@@ -90,12 +94,26 @@ static int32_t mergeStableTagCond(SNode** pWhere, SNode* pTagCond) { ...@@ -90,12 +94,26 @@ static int32_t mergeStableTagCond(SNode** pWhere, SNode* pTagCond) {
return code; return code;
} }
static int32_t appendStableTagCond(SNode** pWhere, SNode* pTagCond) { EDealRes rewriteAuthTable(SNode* pNode, void* pContext) {
if (QUERY_NODE_COLUMN == nodeType(pNode)) {
SColumnNode* pCol = (SColumnNode*)pNode;
SAuthRewriteCxt* pCxt = (SAuthRewriteCxt*)pContext;
strcpy(pCol->tableName, pCxt->pTarget->tableName);
strcpy(pCol->tableAlias, pCxt->pTarget->tableAlias);
}
return DEAL_RES_CONTINUE;
}
static int32_t rewriteAppendStableTagCond(SNode** pWhere, SNode* pTagCond, STableNode* pTable) {
SNode* pTagCondCopy = nodesCloneNode(pTagCond); SNode* pTagCondCopy = nodesCloneNode(pTagCond);
if (NULL == pTagCondCopy) { if (NULL == pTagCondCopy) {
return TSDB_CODE_OUT_OF_MEMORY; return TSDB_CODE_OUT_OF_MEMORY;
} }
SAuthRewriteCxt cxt = {.pTarget = pTable};
nodesWalkExpr(pTagCondCopy, rewriteAuthTable, &cxt);
if (NULL == *pWhere) { if (NULL == *pWhere) {
*pWhere = pTagCondCopy; *pWhere = pTagCondCopy;
return TSDB_CODE_SUCCESS; return TSDB_CODE_SUCCESS;
...@@ -117,7 +135,7 @@ static EDealRes authSelectImpl(SNode* pNode, void* pContext) { ...@@ -117,7 +135,7 @@ static EDealRes authSelectImpl(SNode* pNode, void* pContext) {
STableNode* pTable = (STableNode*)pNode; STableNode* pTable = (STableNode*)pNode;
pAuthCxt->errCode = checkAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, &pTagCond); pAuthCxt->errCode = checkAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, &pTagCond);
if (TSDB_CODE_SUCCESS == pAuthCxt->errCode && NULL != pTagCond) { if (TSDB_CODE_SUCCESS == pAuthCxt->errCode && NULL != pTagCond) {
pAuthCxt->errCode = appendStableTagCond(&pCxt->pSelect->pWhere, pTagCond); pAuthCxt->errCode = rewriteAppendStableTagCond(&pCxt->pSelect->pWhere, pTagCond, pTable);
} }
return TSDB_CODE_SUCCESS == pAuthCxt->errCode ? DEAL_RES_CONTINUE : DEAL_RES_ERROR; return TSDB_CODE_SUCCESS == pAuthCxt->errCode ? DEAL_RES_CONTINUE : DEAL_RES_ERROR;
} else if (QUERY_NODE_TEMP_TABLE == nodeType(pNode)) { } else if (QUERY_NODE_TEMP_TABLE == nodeType(pNode)) {
...@@ -152,7 +170,7 @@ static int32_t authDelete(SAuthCxt* pCxt, SDeleteStmt* pDelete) { ...@@ -152,7 +170,7 @@ static int32_t authDelete(SAuthCxt* pCxt, SDeleteStmt* pDelete) {
STableNode* pTable = (STableNode*)pDelete->pFromTable; STableNode* pTable = (STableNode*)pDelete->pFromTable;
int32_t code = checkAuth(pCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_WRITE, &pTagCond); int32_t code = checkAuth(pCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_WRITE, &pTagCond);
if (TSDB_CODE_SUCCESS == code && NULL != pTagCond) { if (TSDB_CODE_SUCCESS == code && NULL != pTagCond) {
code = appendStableTagCond(&pDelete->pWhere, pTagCond); code = rewriteAppendStableTagCond(&pDelete->pWhere, pTagCond, pTable);
} }
return code; return code;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册