Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
2dot5
ClickHouse
提交
2d12b4d3
C
ClickHouse
项目概览
2dot5
/
ClickHouse
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
C
ClickHouse
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
2d12b4d3
编写于
5月 29, 2020
作者:
V
Vitaly Baranov
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix crash when SET DEFAULT ROLE is called with wrong arguments.
上级
3ff28d0a
变更
7
显示空白变更内容
内联
并排
Showing
7 changed file
with
103 addition
and
8 deletion
+103
-8
src/Access/ExtendedRoleSet.cpp
src/Access/ExtendedRoleSet.cpp
+18
-6
src/Interpreters/InterpreterSetRoleQuery.cpp
src/Interpreters/InterpreterSetRoleQuery.cpp
+1
-1
src/Parsers/ASTExtendedRoleSet.h
src/Parsers/ASTExtendedRoleSet.h
+4
-1
src/Parsers/ParserCreateUserQuery.cpp
src/Parsers/ParserCreateUserQuery.cpp
+1
-0
src/Parsers/ParserSetRoleQuery.cpp
src/Parsers/ParserSetRoleQuery.cpp
+2
-0
tests/integration/test_default_role/__init__.py
tests/integration/test_default_role/__init__.py
+0
-0
tests/integration/test_default_role/test.py
tests/integration/test_default_role/test.py
+77
-0
未找到文件。
src/Access/ExtendedRoleSet.cpp
浏览文件 @
2d12b4d3
...
...
@@ -68,15 +68,27 @@ void ExtendedRoleSet::init(const ASTExtendedRoleSet & ast, const AccessControlMa
{
all
=
ast
.
all
;
auto
name_to_id
=
[
id_mode
{
ast
.
id_mode
}
,
manager
](
const
String
&
name
)
->
UUID
auto
name_to_id
=
[
&
ast
,
manager
](
const
String
&
name
)
->
UUID
{
if
(
id_mode
)
if
(
ast
.
id_mode
)
return
parse
<
UUID
>
(
name
);
assert
(
manager
);
if
(
ast
.
can_contain_users
&&
ast
.
can_contain_roles
)
{
auto
id
=
manager
->
find
<
User
>
(
name
);
if
(
id
)
return
*
id
;
return
manager
->
getID
<
Role
>
(
name
);
}
else
if
(
ast
.
can_contain_users
)
{
return
manager
->
getID
<
User
>
(
name
);
}
else
{
assert
(
ast
.
can_contain_roles
);
return
manager
->
getID
<
Role
>
(
name
);
}
};
if
(
!
ast
.
names
.
empty
()
&&
!
all
)
...
...
src/Interpreters/InterpreterSetRoleQuery.cpp
浏览文件 @
2d12b4d3
...
...
@@ -62,7 +62,7 @@ void InterpreterSetRoleQuery::setRole(const ASTSetRoleQuery & query)
void
InterpreterSetRoleQuery
::
setDefaultRole
(
const
ASTSetRoleQuery
&
query
)
{
context
.
checkAccess
(
AccessType
::
CREATE_USER
|
AccessType
::
DROP
_USER
);
context
.
checkAccess
(
AccessType
::
ALTER
_USER
);
auto
&
access_control
=
context
.
getAccessControlManager
();
std
::
vector
<
UUID
>
to_users
=
ExtendedRoleSet
{
*
query
.
to_users
,
access_control
,
context
.
getUserID
()}.
getMatchingIDs
(
access_control
);
...
...
src/Parsers/ASTExtendedRoleSet.h
浏览文件 @
2d12b4d3
...
...
@@ -15,7 +15,10 @@ public:
bool
all
=
false
;
Strings
except_names
;
bool
except_current_user
=
false
;
bool
id_mode
=
false
;
/// If true then `names` and `except_names` keeps UUIDs, not names.
bool
id_mode
=
false
;
/// true if `names` and `except_names` keep UUIDs, not names.
bool
can_contain_roles
=
true
;
/// true if this set can contain names of roles.
bool
can_contain_users
=
true
;
/// true if this set can contain names of users.
bool
empty
()
const
{
return
names
.
empty
()
&&
!
current_user
&&
!
all
;
}
void
replaceCurrentUserTagWithName
(
const
String
&
current_user_name
);
...
...
src/Parsers/ParserCreateUserQuery.cpp
浏览文件 @
2d12b4d3
...
...
@@ -227,6 +227,7 @@ namespace
return
false
;
default_roles
=
typeid_cast
<
std
::
shared_ptr
<
ASTExtendedRoleSet
>>
(
ast
);
default_roles
->
can_contain_users
=
false
;
return
true
;
});
}
...
...
src/Parsers/ParserSetRoleQuery.cpp
浏览文件 @
2d12b4d3
...
...
@@ -18,6 +18,7 @@ namespace
return
false
;
roles
=
typeid_cast
<
std
::
shared_ptr
<
ASTExtendedRoleSet
>>
(
ast
);
roles
->
can_contain_users
=
false
;
return
true
;
});
}
...
...
@@ -34,6 +35,7 @@ namespace
return
false
;
to_users
=
typeid_cast
<
std
::
shared_ptr
<
ASTExtendedRoleSet
>>
(
ast
);
to_users
->
can_contain_roles
=
false
;
return
true
;
});
}
...
...
tests/integration/test_default_role/__init__.py
0 → 100644
浏览文件 @
2d12b4d3
tests/integration/test_default_role/test.py
0 → 100644
浏览文件 @
2d12b4d3
import
pytest
from
helpers.cluster
import
ClickHouseCluster
from
helpers.test_tools
import
TSV
import
re
cluster
=
ClickHouseCluster
(
__file__
)
instance
=
cluster
.
add_instance
(
'instance'
)
@
pytest
.
fixture
(
scope
=
"module"
,
autouse
=
True
)
def
started_cluster
():
try
:
cluster
.
start
()
instance
.
query
(
"CREATE USER john"
)
instance
.
query
(
"CREATE ROLE rx"
)
instance
.
query
(
"CREATE ROLE ry"
)
yield
cluster
finally
:
cluster
.
shutdown
()
@
pytest
.
fixture
(
autouse
=
True
)
def
reset_users_and_roles
():
instance
.
query
(
"CREATE USER OR REPLACE john"
)
yield
def
test_set_default_roles
():
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
""
instance
.
query
(
"GRANT rx, ry TO john"
)
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
TSV
(
[[
'rx'
,
0
,
1
],
[
'ry'
,
0
,
1
]]
)
instance
.
query
(
"SET DEFAULT ROLE NONE TO john"
)
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
""
instance
.
query
(
"SET DEFAULT ROLE rx TO john"
)
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
TSV
(
[[
'rx'
,
0
,
1
]]
)
instance
.
query
(
"SET DEFAULT ROLE ry TO john"
)
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
TSV
(
[[
'ry'
,
0
,
1
]]
)
instance
.
query
(
"SET DEFAULT ROLE ALL TO john"
)
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
TSV
(
[[
'rx'
,
0
,
1
],
[
'ry'
,
0
,
1
]]
)
instance
.
query
(
"SET DEFAULT ROLE ALL EXCEPT rx TO john"
)
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
TSV
(
[[
'ry'
,
0
,
1
]]
)
def
test_alter_user
():
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
""
instance
.
query
(
"GRANT rx, ry TO john"
)
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
TSV
(
[[
'rx'
,
0
,
1
],
[
'ry'
,
0
,
1
]]
)
instance
.
query
(
"ALTER USER john DEFAULT ROLE NONE"
)
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
""
instance
.
query
(
"ALTER USER john DEFAULT ROLE rx"
)
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
TSV
(
[[
'rx'
,
0
,
1
]]
)
instance
.
query
(
"ALTER USER john DEFAULT ROLE ALL"
)
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
TSV
(
[[
'rx'
,
0
,
1
],
[
'ry'
,
0
,
1
]]
)
instance
.
query
(
"ALTER USER john DEFAULT ROLE ALL EXCEPT rx"
)
assert
instance
.
query
(
"SHOW CURRENT ROLES"
,
user
=
"john"
)
==
TSV
(
[[
'ry'
,
0
,
1
]]
)
def
test_wrong_set_default_role
():
assert
"There is no user `rx`"
in
instance
.
query_and_get_error
(
"SET DEFAULT ROLE NONE TO rx"
)
assert
"There is no user `ry`"
in
instance
.
query_and_get_error
(
"SET DEFAULT ROLE rx TO ry"
)
assert
"There is no role `john`"
in
instance
.
query_and_get_error
(
"SET DEFAULT ROLE john TO john"
)
assert
"There is no role `john`"
in
instance
.
query_and_get_error
(
"ALTER USER john DEFAULT ROLE john"
)
assert
"There is no role `john`"
in
instance
.
query_and_get_error
(
"ALTER USER john DEFAULT ROLE ALL EXCEPT john"
)
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录