Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
2dot5
ClickHouse
提交
957d2326
C
ClickHouse
项目概览
2dot5
/
ClickHouse
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
C
ClickHouse
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
957d2326
编写于
3月 29, 2019
作者:
I
Ivan
提交者:
GitHub
3月 29, 2019
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Minimal implementation of row-level security CLICKHOUSE-4315 (#4792)
For detailed description see the related PR
上级
5588618c
变更
23
展开全部
隐藏空白更改
内联
并排
Showing
23 changed file
with
447 addition
and
143 deletion
+447
-143
dbms/programs/server/users.xml
dbms/programs/server/users.xml
+20
-0
dbms/src/DataStreams/BlockIO.cpp
dbms/src/DataStreams/BlockIO.cpp
+0
-11
dbms/src/DataStreams/BlockIO.h
dbms/src/DataStreams/BlockIO.h
+8
-14
dbms/src/Interpreters/Context.cpp
dbms/src/Interpreters/Context.cpp
+36
-8
dbms/src/Interpreters/Context.h
dbms/src/Interpreters/Context.h
+4
-0
dbms/src/Interpreters/IRuntimeComponentsFactory.h
dbms/src/Interpreters/IRuntimeComponentsFactory.h
+4
-4
dbms/src/Interpreters/IUsersManager.h
dbms/src/Interpreters/IUsersManager.h
+4
-4
dbms/src/Interpreters/InterpreterSelectQuery.cpp
dbms/src/Interpreters/InterpreterSelectQuery.cpp
+208
-62
dbms/src/Interpreters/InterpreterSelectQuery.h
dbms/src/Interpreters/InterpreterSelectQuery.h
+5
-4
dbms/src/Interpreters/RuntimeComponentsFactory.h
dbms/src/Interpreters/RuntimeComponentsFactory.h
+4
-4
dbms/src/Interpreters/Users.cpp
dbms/src/Interpreters/Users.cpp
+28
-0
dbms/src/Interpreters/Users.h
dbms/src/Interpreters/Users.h
+9
-2
dbms/src/Interpreters/UsersManager.cpp
dbms/src/Interpreters/UsersManager.cpp
+7
-6
dbms/src/Interpreters/UsersManager.h
dbms/src/Interpreters/UsersManager.h
+7
-7
dbms/src/Interpreters/tests/users.cpp
dbms/src/Interpreters/tests/users.cpp
+4
-4
dbms/src/Storages/IStorage.h
dbms/src/Storages/IStorage.h
+2
-2
dbms/src/Storages/Kafka/StorageKafka.h
dbms/src/Storages/Kafka/StorageKafka.h
+1
-1
dbms/src/Storages/SelectQueryInfo.h
dbms/src/Storages/SelectQueryInfo.h
+9
-0
dbms/src/Storages/StorageMergeTree.h
dbms/src/Storages/StorageMergeTree.h
+2
-5
dbms/src/Storages/StorageReplicatedMergeTree.h
dbms/src/Storages/StorageReplicatedMergeTree.h
+3
-5
dbms/tests/queries/0_stateless/00927_table_filter.reference
dbms/tests/queries/0_stateless/00927_table_filter.reference
+32
-0
dbms/tests/queries/0_stateless/00927_table_filter.sql
dbms/tests/queries/0_stateless/00927_table_filter.sql
+44
-0
dbms/tests/queries/bugs/prewhere_with_alias.sql
dbms/tests/queries/bugs/prewhere_with_alias.sql
+6
-0
未找到文件。
dbms/programs/server/users.xml
浏览文件 @
957d2326
...
@@ -74,6 +74,26 @@
...
@@ -74,6 +74,26 @@
<!-- Quota for user. -->
<!-- Quota for user. -->
<quota>
default
</quota>
<quota>
default
</quota>
<!-- For testing the table filters -->
<databases>
<test>
<!-- Simple expression filter -->
<filtered_table1>
<filter>
a = 1
</filter>
</filtered_table1>
<!-- Complex expression filter -->
<filtered_table2>
<filter>
a + b
<
1 or c - d
>
5
</filter>
</filtered_table2>
<!-- Filter with ALIAS column -->
<filtered_table3>
<filter>
c = 1
</filter>
</filtered_table3>
</test>
</databases>
</default>
</default>
<!-- Example of user with readonly access. -->
<!-- Example of user with readonly access. -->
...
...
dbms/src/DataStreams/BlockIO.cpp
已删除
100644 → 0
浏览文件 @
5588618c
#include <Interpreters/ProcessList.h>
#include <DataStreams/BlockIO.h>
namespace
DB
{
BlockIO
::~
BlockIO
()
=
default
;
BlockIO
::
BlockIO
()
=
default
;
BlockIO
::
BlockIO
(
const
BlockIO
&
)
=
default
;
}
dbms/src/DataStreams/BlockIO.h
浏览文件 @
957d2326
...
@@ -11,15 +11,19 @@ class ProcessListEntry;
...
@@ -11,15 +11,19 @@ class ProcessListEntry;
struct
BlockIO
struct
BlockIO
{
{
BlockIO
()
=
default
;
BlockIO
(
const
BlockIO
&
)
=
default
;
~
BlockIO
()
=
default
;
BlockOutputStreamPtr
out
;
BlockInputStreamPtr
in
;
/** process_list_entry should be destroyed after in and after out,
/** process_list_entry should be destroyed after in and after out,
* since in and out contain pointer to objects inside process_list_entry (query-level MemoryTracker for example),
* since in and out contain pointer to objects inside process_list_entry (query-level MemoryTracker for example),
* which could be used before destroying of in and out.
* which could be used before destroying of in and out.
*/
*/
std
::
shared_ptr
<
ProcessListEntry
>
process_list_entry
;
std
::
shared_ptr
<
ProcessListEntry
>
process_list_entry
;
BlockInputStreamPtr
in
;
BlockOutputStreamPtr
out
;
/// Callbacks for query logging could be set here.
/// Callbacks for query logging could be set here.
std
::
function
<
void
(
IBlockInputStream
*
,
IBlockOutputStream
*
)
>
finish_callback
;
std
::
function
<
void
(
IBlockInputStream
*
,
IBlockOutputStream
*
)
>
finish_callback
;
std
::
function
<
void
()
>
exception_callback
;
std
::
function
<
void
()
>
exception_callback
;
...
@@ -37,17 +41,11 @@ struct BlockIO
...
@@ -37,17 +41,11 @@ struct BlockIO
exception_callback
();
exception_callback
();
}
}
/// We provide the correct order of destruction.
BlockIO
&
operator
=
(
const
BlockIO
&
rhs
)
void
reset
()
{
{
out
.
reset
();
out
.
reset
();
in
.
reset
();
in
.
reset
();
process_list_entry
.
reset
();
process_list_entry
.
reset
();
}
BlockIO
&
operator
=
(
const
BlockIO
&
rhs
)
{
reset
();
process_list_entry
=
rhs
.
process_list_entry
;
process_list_entry
=
rhs
.
process_list_entry
;
in
=
rhs
.
in
;
in
=
rhs
.
in
;
...
@@ -58,10 +56,6 @@ struct BlockIO
...
@@ -58,10 +56,6 @@ struct BlockIO
return
*
this
;
return
*
this
;
}
}
~
BlockIO
();
BlockIO
();
BlockIO
(
const
BlockIO
&
);
};
};
}
}
dbms/src/Interpreters/Context.cpp
浏览文件 @
957d2326
...
@@ -26,7 +26,7 @@
...
@@ -26,7 +26,7 @@
#include <Core/Settings.h>
#include <Core/Settings.h>
#include <Interpreters/ExpressionJIT.h>
#include <Interpreters/ExpressionJIT.h>
#include <Interpreters/RuntimeComponentsFactory.h>
#include <Interpreters/RuntimeComponentsFactory.h>
#include <Interpreters/I
Security
Manager.h>
#include <Interpreters/I
Users
Manager.h>
#include <Interpreters/Quota.h>
#include <Interpreters/Quota.h>
#include <Interpreters/EmbeddedDictionaries.h>
#include <Interpreters/EmbeddedDictionaries.h>
#include <Interpreters/ExternalDictionaries.h>
#include <Interpreters/ExternalDictionaries.h>
...
@@ -129,7 +129,7 @@ struct ContextShared
...
@@ -129,7 +129,7 @@ struct ContextShared
mutable
std
::
optional
<
ExternalModels
>
external_models
;
mutable
std
::
optional
<
ExternalModels
>
external_models
;
String
default_profile_name
;
/// Default profile name used for default values.
String
default_profile_name
;
/// Default profile name used for default values.
String
system_profile_name
;
/// Profile used by system processes
String
system_profile_name
;
/// Profile used by system processes
std
::
unique_ptr
<
I
SecurityManager
>
security_manager
;
/// Known users.
std
::
unique_ptr
<
I
UsersManager
>
users_manager
;
/// Known users.
Quotas
quotas
;
/// Known quotas for resource use.
Quotas
quotas
;
/// Known quotas for resource use.
mutable
UncompressedCachePtr
uncompressed_cache
;
/// The cache of decompressed blocks.
mutable
UncompressedCachePtr
uncompressed_cache
;
/// The cache of decompressed blocks.
mutable
MarkCachePtr
mark_cache
;
/// Cache of marks in compressed files.
mutable
MarkCachePtr
mark_cache
;
/// Cache of marks in compressed files.
...
@@ -291,7 +291,7 @@ struct ContextShared
...
@@ -291,7 +291,7 @@ struct ContextShared
private:
private:
void
initialize
()
void
initialize
()
{
{
security_manager
=
runtime_components_factory
->
createSecurity
Manager
();
users_manager
=
runtime_components_factory
->
createUsers
Manager
();
}
}
};
};
...
@@ -571,7 +571,7 @@ void Context::setUsersConfig(const ConfigurationPtr & config)
...
@@ -571,7 +571,7 @@ void Context::setUsersConfig(const ConfigurationPtr & config)
{
{
auto
lock
=
getLock
();
auto
lock
=
getLock
();
shared
->
users_config
=
config
;
shared
->
users_config
=
config
;
shared
->
security
_manager
->
loadFromConfig
(
*
shared
->
users_config
);
shared
->
users
_manager
->
loadFromConfig
(
*
shared
->
users_config
);
shared
->
quotas
.
loadFromConfig
(
*
shared
->
users_config
);
shared
->
quotas
.
loadFromConfig
(
*
shared
->
users_config
);
}
}
...
@@ -581,11 +581,39 @@ ConfigurationPtr Context::getUsersConfig()
...
@@ -581,11 +581,39 @@ ConfigurationPtr Context::getUsersConfig()
return
shared
->
users_config
;
return
shared
->
users_config
;
}
}
bool
Context
::
hasUserProperty
(
const
String
&
database
,
const
String
&
table
,
const
String
&
name
)
const
{
auto
lock
=
getLock
();
// No user - no properties.
if
(
client_info
.
current_user
.
empty
())
return
false
;
const
auto
&
props
=
shared
->
users_manager
->
getUser
(
client_info
.
current_user
)
->
table_props
;
auto
db
=
props
.
find
(
database
);
if
(
db
==
props
.
end
())
return
false
;
auto
table_props
=
db
->
second
.
find
(
table
);
if
(
table_props
==
db
->
second
.
end
())
return
false
;
return
!!
table_props
->
second
.
count
(
name
);
}
const
String
&
Context
::
getUserProperty
(
const
String
&
database
,
const
String
&
table
,
const
String
&
name
)
const
{
auto
lock
=
getLock
();
const
auto
&
props
=
shared
->
users_manager
->
getUser
(
client_info
.
current_user
)
->
table_props
;
return
props
.
at
(
database
).
at
(
table
).
at
(
name
);
}
void
Context
::
calculateUserSettings
()
void
Context
::
calculateUserSettings
()
{
{
auto
lock
=
getLock
();
auto
lock
=
getLock
();
String
profile
=
shared
->
security
_manager
->
getUser
(
client_info
.
current_user
)
->
profile
;
String
profile
=
shared
->
users
_manager
->
getUser
(
client_info
.
current_user
)
->
profile
;
/// 1) Set default settings (hardcoded values)
/// 1) Set default settings (hardcoded values)
/// NOTE: we ignore global_context settings (from which it is usually copied)
/// NOTE: we ignore global_context settings (from which it is usually copied)
...
@@ -606,7 +634,7 @@ void Context::setUser(const String & name, const String & password, const Poco::
...
@@ -606,7 +634,7 @@ void Context::setUser(const String & name, const String & password, const Poco::
{
{
auto
lock
=
getLock
();
auto
lock
=
getLock
();
auto
user_props
=
shared
->
security
_manager
->
authorizeAndGetUser
(
name
,
password
,
address
.
host
());
auto
user_props
=
shared
->
users
_manager
->
authorizeAndGetUser
(
name
,
password
,
address
.
host
());
client_info
.
current_user
=
name
;
client_info
.
current_user
=
name
;
client_info
.
current_address
=
address
;
client_info
.
current_address
=
address
;
...
@@ -644,7 +672,7 @@ bool Context::hasDatabaseAccessRights(const String & database_name) const
...
@@ -644,7 +672,7 @@ bool Context::hasDatabaseAccessRights(const String & database_name) const
{
{
auto
lock
=
getLock
();
auto
lock
=
getLock
();
return
client_info
.
current_user
.
empty
()
||
(
database_name
==
"system"
)
||
return
client_info
.
current_user
.
empty
()
||
(
database_name
==
"system"
)
||
shared
->
security
_manager
->
hasAccessToDatabase
(
client_info
.
current_user
,
database_name
);
shared
->
users
_manager
->
hasAccessToDatabase
(
client_info
.
current_user
,
database_name
);
}
}
void
Context
::
checkDatabaseAccessRightsImpl
(
const
std
::
string
&
database_name
)
const
void
Context
::
checkDatabaseAccessRightsImpl
(
const
std
::
string
&
database_name
)
const
...
@@ -655,7 +683,7 @@ void Context::checkDatabaseAccessRightsImpl(const std::string & database_name) c
...
@@ -655,7 +683,7 @@ void Context::checkDatabaseAccessRightsImpl(const std::string & database_name) c
/// All users have access to the database system.
/// All users have access to the database system.
return
;
return
;
}
}
if
(
!
shared
->
security
_manager
->
hasAccessToDatabase
(
client_info
.
current_user
,
database_name
))
if
(
!
shared
->
users
_manager
->
hasAccessToDatabase
(
client_info
.
current_user
,
database_name
))
throw
Exception
(
"Access denied to database "
+
database_name
+
" for user "
+
client_info
.
current_user
,
ErrorCodes
::
DATABASE_ACCESS_DENIED
);
throw
Exception
(
"Access denied to database "
+
database_name
+
" for user "
+
client_info
.
current_user
,
ErrorCodes
::
DATABASE_ACCESS_DENIED
);
}
}
...
...
dbms/src/Interpreters/Context.h
浏览文件 @
957d2326
...
@@ -188,6 +188,10 @@ public:
...
@@ -188,6 +188,10 @@ public:
void
setUsersConfig
(
const
ConfigurationPtr
&
config
);
void
setUsersConfig
(
const
ConfigurationPtr
&
config
);
ConfigurationPtr
getUsersConfig
();
ConfigurationPtr
getUsersConfig
();
// User property is a key-value pair from the configuration entry: users.<username>.databases.<db_name>.<table_name>.<key_name>
bool
hasUserProperty
(
const
String
&
database
,
const
String
&
table
,
const
String
&
name
)
const
;
const
String
&
getUserProperty
(
const
String
&
database
,
const
String
&
table
,
const
String
&
name
)
const
;
/// Must be called before getClientInfo.
/// Must be called before getClientInfo.
void
setUser
(
const
String
&
name
,
const
String
&
password
,
const
Poco
::
Net
::
SocketAddress
&
address
,
const
String
&
quota_key
);
void
setUser
(
const
String
&
name
,
const
String
&
password
,
const
Poco
::
Net
::
SocketAddress
&
address
,
const
String
&
quota_key
);
/// Compute and set actual user settings, client_info.current_user should be set
/// Compute and set actual user settings, client_info.current_user should be set
...
...
dbms/src/Interpreters/IRuntimeComponentsFactory.h
浏览文件 @
957d2326
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
#include <Dictionaries/Embedded/IGeoDictionariesLoader.h>
#include <Dictionaries/Embedded/IGeoDictionariesLoader.h>
#include <Interpreters/IExternalLoaderConfigRepository.h>
#include <Interpreters/IExternalLoaderConfigRepository.h>
#include <Interpreters/I
Security
Manager.h>
#include <Interpreters/I
Users
Manager.h>
#include <memory>
#include <memory>
...
@@ -16,7 +16,9 @@ namespace DB
...
@@ -16,7 +16,9 @@ namespace DB
class
IRuntimeComponentsFactory
class
IRuntimeComponentsFactory
{
{
public:
public:
virtual
std
::
unique_ptr
<
ISecurityManager
>
createSecurityManager
()
=
0
;
virtual
~
IRuntimeComponentsFactory
()
=
default
;
virtual
std
::
unique_ptr
<
IUsersManager
>
createUsersManager
()
=
0
;
virtual
std
::
unique_ptr
<
IGeoDictionariesLoader
>
createGeoDictionariesLoader
()
=
0
;
virtual
std
::
unique_ptr
<
IGeoDictionariesLoader
>
createGeoDictionariesLoader
()
=
0
;
...
@@ -24,8 +26,6 @@ public:
...
@@ -24,8 +26,6 @@ public:
virtual
std
::
unique_ptr
<
IExternalLoaderConfigRepository
>
createExternalDictionariesConfigRepository
()
=
0
;
virtual
std
::
unique_ptr
<
IExternalLoaderConfigRepository
>
createExternalDictionariesConfigRepository
()
=
0
;
virtual
std
::
unique_ptr
<
IExternalLoaderConfigRepository
>
createExternalModelsConfigRepository
()
=
0
;
virtual
std
::
unique_ptr
<
IExternalLoaderConfigRepository
>
createExternalModelsConfigRepository
()
=
0
;
virtual
~
IRuntimeComponentsFactory
()
{}
};
};
}
}
dbms/src/Interpreters/I
Security
Manager.h
→
dbms/src/Interpreters/I
Users
Manager.h
浏览文件 @
957d2326
...
@@ -5,16 +5,18 @@
...
@@ -5,16 +5,18 @@
namespace
DB
namespace
DB
{
{
/** Duties of
security
manager:
/** Duties of
users
manager:
* 1) Authenticate users
* 1) Authenticate users
* 2) Provide user settings (profile, quota, ACLs)
* 2) Provide user settings (profile, quota, ACLs)
* 3) Grant access to databases
* 3) Grant access to databases
*/
*/
class
I
Security
Manager
class
I
Users
Manager
{
{
public:
public:
using
UserPtr
=
std
::
shared_ptr
<
const
User
>
;
using
UserPtr
=
std
::
shared_ptr
<
const
User
>
;
virtual
~
IUsersManager
()
=
default
;
virtual
void
loadFromConfig
(
const
Poco
::
Util
::
AbstractConfiguration
&
config
)
=
0
;
virtual
void
loadFromConfig
(
const
Poco
::
Util
::
AbstractConfiguration
&
config
)
=
0
;
/// Find user and make authorize checks
/// Find user and make authorize checks
...
@@ -28,8 +30,6 @@ public:
...
@@ -28,8 +30,6 @@ public:
/// Check if the user has access to the database.
/// Check if the user has access to the database.
virtual
bool
hasAccessToDatabase
(
const
String
&
user_name
,
const
String
&
database_name
)
const
=
0
;
virtual
bool
hasAccessToDatabase
(
const
String
&
user_name
,
const
String
&
database_name
)
const
=
0
;
virtual
~
ISecurityManager
()
{}
};
};
}
}
dbms/src/Interpreters/InterpreterSelectQuery.cpp
浏览文件 @
957d2326
此差异已折叠。
点击以展开。
dbms/src/Interpreters/InterpreterSelectQuery.h
浏览文件 @
957d2326
...
@@ -104,13 +104,13 @@ private:
...
@@ -104,13 +104,13 @@ private:
BlockInputStreamPtr
&
firstStream
()
{
return
streams
.
at
(
0
);
}
BlockInputStreamPtr
&
firstStream
()
{
return
streams
.
at
(
0
);
}
template
<
typename
Transform
>
template
<
typename
Transform
>
void
transform
(
Transform
&&
transform
)
void
transform
(
Transform
&&
transform
ation
)
{
{
for
(
auto
&
stream
:
streams
)
for
(
auto
&
stream
:
streams
)
transform
(
stream
);
transform
ation
(
stream
);
if
(
stream_with_non_joined_data
)
if
(
stream_with_non_joined_data
)
transform
(
stream_with_non_joined_data
);
transform
ation
(
stream_with_non_joined_data
);
}
}
bool
hasMoreThanOneStream
()
const
bool
hasMoreThanOneStream
()
const
...
@@ -154,9 +154,10 @@ private:
...
@@ -154,9 +154,10 @@ private:
SubqueriesForSets
subqueries_for_sets
;
SubqueriesForSets
subqueries_for_sets
;
PrewhereInfoPtr
prewhere_info
;
PrewhereInfoPtr
prewhere_info
;
FilterInfoPtr
filter_info
;
};
};
AnalysisResult
analyzeExpressions
(
QueryProcessingStage
::
Enum
from_stage
,
bool
dry_run
);
AnalysisResult
analyzeExpressions
(
QueryProcessingStage
::
Enum
from_stage
,
bool
dry_run
,
const
FilterInfoPtr
&
filter_info
);
/** From which table to read. With JOIN, the "left" table is returned.
/** From which table to read. With JOIN, the "left" table is returned.
...
...
dbms/src/Interpreters/RuntimeComponentsFactory.h
浏览文件 @
957d2326
#pragma once
#pragma once
#include <Dictionaries/Embedded/GeoDictionariesLoader.h>
#include <Dictionaries/Embedded/GeoDictionariesLoader.h>
#include <Interpreters/IRuntimeComponentsFactory.h>
#include <Interpreters/ExternalLoaderConfigRepository.h>
#include <Interpreters/ExternalLoaderConfigRepository.h>
#include <Interpreters/SecurityManager.h>
#include <Interpreters/IRuntimeComponentsFactory.h>
#include <Interpreters/UsersManager.h>
namespace
DB
namespace
DB
{
{
...
@@ -14,9 +14,9 @@ namespace DB
...
@@ -14,9 +14,9 @@ namespace DB
class
RuntimeComponentsFactory
:
public
IRuntimeComponentsFactory
class
RuntimeComponentsFactory
:
public
IRuntimeComponentsFactory
{
{
public:
public:
std
::
unique_ptr
<
I
SecurityManager
>
createSecurity
Manager
()
override
std
::
unique_ptr
<
I
UsersManager
>
createUsers
Manager
()
override
{
{
return
std
::
make_unique
<
Security
Manager
>
();
return
std
::
make_unique
<
Users
Manager
>
();
}
}
std
::
unique_ptr
<
IGeoDictionariesLoader
>
createGeoDictionariesLoader
()
override
std
::
unique_ptr
<
IGeoDictionariesLoader
>
createGeoDictionariesLoader
()
override
...
...
dbms/src/Interpreters/Users.cpp
浏览文件 @
957d2326
...
@@ -315,6 +315,34 @@ User::User(const String & name_, const String & config_elem, const Poco::Util::A
...
@@ -315,6 +315,34 @@ User::User(const String & name_, const String & config_elem, const Poco::Util::A
databases
.
insert
(
database_name
);
databases
.
insert
(
database_name
);
}
}
}
}
/// Read properties per "database.table"
/// Only tables are expected to have properties, so that all the keys inside "database" are table names.
const
auto
config_databases
=
config_elem
+
".databases"
;
if
(
config
.
has
(
config_databases
))
{
Poco
::
Util
::
AbstractConfiguration
::
Keys
database_names
;
config
.
keys
(
config_databases
,
database_names
);
/// Read tables within databases
for
(
const
auto
&
database
:
database_names
)
{
const
auto
config_database
=
config_databases
+
"."
+
database
;
Poco
::
Util
::
AbstractConfiguration
::
Keys
table_names
;
config
.
keys
(
config_database
,
table_names
);
/// Read table properties
for
(
const
auto
&
table
:
table_names
)
{
const
auto
config_filter
=
config_database
+
"."
+
table
+
".filter"
;
if
(
config
.
has
(
config_filter
))
{
const
auto
filter_query
=
config
.
getString
(
config_filter
);
table_props
[
database
][
table
][
"filter"
]
=
filter_query
;
}
}
}
}
}
}
...
...
dbms/src/Interpreters/Users.h
浏览文件 @
957d2326
...
@@ -2,9 +2,10 @@
...
@@ -2,9 +2,10 @@
#include <Core/Types.h>
#include <Core/Types.h>
#include <vector>
#include <unordered_set>
#include <memory>
#include <memory>
#include <unordered_map>
#include <unordered_set>
#include <vector>
namespace
Poco
namespace
Poco
...
@@ -65,6 +66,12 @@ struct User
...
@@ -65,6 +66,12 @@ struct User
using
DatabaseSet
=
std
::
unordered_set
<
std
::
string
>
;
using
DatabaseSet
=
std
::
unordered_set
<
std
::
string
>
;
DatabaseSet
databases
;
DatabaseSet
databases
;
/// Table properties.
using
PropertyMap
=
std
::
unordered_map
<
std
::
string
/* name */
,
std
::
string
/* value */
>
;
using
TableMap
=
std
::
unordered_map
<
std
::
string
/* table */
,
PropertyMap
/* properties */
>
;
using
DatabaseMap
=
std
::
unordered_map
<
std
::
string
/* database */
,
TableMap
/* tables */
>
;
DatabaseMap
table_props
;
User
(
const
String
&
name_
,
const
String
&
config_elem
,
const
Poco
::
Util
::
AbstractConfiguration
&
config
);
User
(
const
String
&
name_
,
const
String
&
config_elem
,
const
Poco
::
Util
::
AbstractConfiguration
&
config
);
};
};
...
...
dbms/src/Interpreters/
Security
Manager.cpp
→
dbms/src/Interpreters/
Users
Manager.cpp
浏览文件 @
957d2326
#include "SecurityManager.h"
#include <Interpreters/UsersManager.h>
#include <Poco/Net/IPAddress.h>
#include <Poco/Net/IPAddress.h>
#include <Poco/Util/AbstractConfiguration.h>
#include <Poco/Util/AbstractConfiguration.h>
#include <Poco/String.h>
#include <Poco/String.h>
...
@@ -28,9 +29,9 @@ namespace ErrorCodes
...
@@ -28,9 +29,9 @@ namespace ErrorCodes
extern
const
int
SUPPORT_IS_DISABLED
;
extern
const
int
SUPPORT_IS_DISABLED
;
}
}
using
UserPtr
=
Security
Manager
::
UserPtr
;
using
UserPtr
=
Users
Manager
::
UserPtr
;
void
Security
Manager
::
loadFromConfig
(
const
Poco
::
Util
::
AbstractConfiguration
&
config
)
void
Users
Manager
::
loadFromConfig
(
const
Poco
::
Util
::
AbstractConfiguration
&
config
)
{
{
Container
new_users
;
Container
new_users
;
...
@@ -46,7 +47,7 @@ void SecurityManager::loadFromConfig(const Poco::Util::AbstractConfiguration & c
...
@@ -46,7 +47,7 @@ void SecurityManager::loadFromConfig(const Poco::Util::AbstractConfiguration & c
users
=
std
::
move
(
new_users
);
users
=
std
::
move
(
new_users
);
}
}
UserPtr
Security
Manager
::
authorizeAndGetUser
(
UserPtr
Users
Manager
::
authorizeAndGetUser
(
const
String
&
user_name
,
const
String
&
user_name
,
const
String
&
password
,
const
String
&
password
,
const
Poco
::
Net
::
IPAddress
&
address
)
const
const
Poco
::
Net
::
IPAddress
&
address
)
const
...
@@ -100,7 +101,7 @@ UserPtr SecurityManager::authorizeAndGetUser(
...
@@ -100,7 +101,7 @@ UserPtr SecurityManager::authorizeAndGetUser(
return
it
->
second
;
return
it
->
second
;
}
}
UserPtr
Security
Manager
::
getUser
(
const
String
&
user_name
)
const
UserPtr
Users
Manager
::
getUser
(
const
String
&
user_name
)
const
{
{
auto
it
=
users
.
find
(
user_name
);
auto
it
=
users
.
find
(
user_name
);
...
@@ -110,7 +111,7 @@ UserPtr SecurityManager::getUser(const String & user_name) const
...
@@ -110,7 +111,7 @@ UserPtr SecurityManager::getUser(const String & user_name) const
return
it
->
second
;
return
it
->
second
;
}
}
bool
Security
Manager
::
hasAccessToDatabase
(
const
std
::
string
&
user_name
,
const
std
::
string
&
database_name
)
const
bool
Users
Manager
::
hasAccessToDatabase
(
const
std
::
string
&
user_name
,
const
std
::
string
&
database_name
)
const
{
{
auto
it
=
users
.
find
(
user_name
);
auto
it
=
users
.
find
(
user_name
);
...
...
dbms/src/Interpreters/
Security
Manager.h
→
dbms/src/Interpreters/
Users
Manager.h
浏览文件 @
957d2326
#pragma once
#pragma once
#include <Interpreters/I
Security
Manager.h>
#include <Interpreters/I
Users
Manager.h>
#include <map>
#include <map>
namespace
DB
namespace
DB
{
{
/** Default implementation of
security
manager used by native server application.
/** Default implementation of
users
manager used by native server application.
* Manages fixed set of users listed in 'Users' configuration file.
* Manages fixed set of users listed in 'Users' configuration file.
*/
*/
class
SecurityManager
:
public
ISecurity
Manager
class
UsersManager
:
public
IUsers
Manager
{
{
private:
using
Container
=
std
::
map
<
String
,
UserPtr
>
;
Container
users
;
public:
public:
void
loadFromConfig
(
const
Poco
::
Util
::
AbstractConfiguration
&
config
)
override
;
void
loadFromConfig
(
const
Poco
::
Util
::
AbstractConfiguration
&
config
)
override
;
...
@@ -27,6 +23,10 @@ public:
...
@@ -27,6 +23,10 @@ public:
UserPtr
getUser
(
const
String
&
user_name
)
const
override
;
UserPtr
getUser
(
const
String
&
user_name
)
const
override
;
bool
hasAccessToDatabase
(
const
String
&
user_name
,
const
String
&
database_name
)
const
override
;
bool
hasAccessToDatabase
(
const
String
&
user_name
,
const
String
&
database_name
)
const
override
;
private:
using
Container
=
std
::
map
<
String
,
UserPtr
>
;
Container
users
;
};
};
}
}
dbms/src/Interpreters/tests/users.cpp
浏览文件 @
957d2326
#include <Common/Config/ConfigProcessor.h>
#include <Common/Config/ConfigProcessor.h>
#include <Interpreters/
Security
Manager.h>
#include <Interpreters/
Users
Manager.h>
#include <boost/filesystem.hpp>
#include <boost/filesystem.hpp>
#include <vector>
#include <vector>
#include <string>
#include <string>
...
@@ -197,11 +197,11 @@ void runOneTest(const TestDescriptor & test_descriptor)
...
@@ -197,11 +197,11 @@ void runOneTest(const TestDescriptor & test_descriptor)
throw
std
::
runtime_error
(
os
.
str
());
throw
std
::
runtime_error
(
os
.
str
());
}
}
DB
::
SecurityManager
security
_manager
;
DB
::
UsersManager
users
_manager
;
try
try
{
{
security
_manager
.
loadFromConfig
(
*
config
);
users
_manager
.
loadFromConfig
(
*
config
);
}
}
catch
(
const
Poco
::
Exception
&
ex
)
catch
(
const
Poco
::
Exception
&
ex
)
{
{
...
@@ -216,7 +216,7 @@ void runOneTest(const TestDescriptor & test_descriptor)
...
@@ -216,7 +216,7 @@ void runOneTest(const TestDescriptor & test_descriptor)
try
try
{
{
res
=
security
_manager
.
hasAccessToDatabase
(
entry
.
user_name
,
entry
.
database_name
);
res
=
users
_manager
.
hasAccessToDatabase
(
entry
.
user_name
,
entry
.
database_name
);
}
}
catch
(
const
Poco
::
Exception
&
)
catch
(
const
Poco
::
Exception
&
)
{
{
...
...
dbms/src/Storages/IStorage.h
浏览文件 @
957d2326
...
@@ -61,9 +61,9 @@ public:
...
@@ -61,9 +61,9 @@ public:
/// The main name of the table type (for example, StorageMergeTree).
/// The main name of the table type (for example, StorageMergeTree).
virtual
std
::
string
getName
()
const
=
0
;
virtual
std
::
string
getName
()
const
=
0
;
/** The name of the table.
/// The name of the table.
*/
virtual
std
::
string
getTableName
()
const
=
0
;
virtual
std
::
string
getTableName
()
const
=
0
;
virtual
std
::
string
getDatabaseName
()
const
{
return
{};
}
// FIXME: should be abstract method.
/** Returns true if the storage receives data from a remote server or servers. */
/** Returns true if the storage receives data from a remote server or servers. */
virtual
bool
isRemote
()
const
{
return
false
;
}
virtual
bool
isRemote
()
const
{
return
false
;
}
...
...
dbms/src/Storages/Kafka/StorageKafka.h
浏览文件 @
957d2326
...
@@ -27,7 +27,7 @@ friend class KafkaBlockOutputStream;
...
@@ -27,7 +27,7 @@ friend class KafkaBlockOutputStream;
public:
public:
std
::
string
getName
()
const
override
{
return
"Kafka"
;
}
std
::
string
getName
()
const
override
{
return
"Kafka"
;
}
std
::
string
getTableName
()
const
override
{
return
table_name
;
}
std
::
string
getTableName
()
const
override
{
return
table_name
;
}
std
::
string
getDatabaseName
()
const
{
return
database_name
;
}
std
::
string
getDatabaseName
()
const
override
{
return
database_name
;
}
void
startup
()
override
;
void
startup
()
override
;
void
shutdown
()
override
;
void
shutdown
()
override
;
...
...
dbms/src/Storages/SelectQueryInfo.h
浏览文件 @
957d2326
...
@@ -25,7 +25,16 @@ struct PrewhereInfo
...
@@ -25,7 +25,16 @@ struct PrewhereInfo
:
prewhere_actions
(
std
::
move
(
prewhere_actions_
)),
prewhere_column_name
(
std
::
move
(
prewhere_column_name_
))
{}
:
prewhere_actions
(
std
::
move
(
prewhere_actions_
)),
prewhere_column_name
(
std
::
move
(
prewhere_column_name_
))
{}
};
};
/// Helper struct to store all the information about the filter expression.
struct
FilterInfo
{
ExpressionActionsPtr
actions
;
String
column_name
;
bool
do_remove_column
=
false
;
};
using
PrewhereInfoPtr
=
std
::
shared_ptr
<
PrewhereInfo
>
;
using
PrewhereInfoPtr
=
std
::
shared_ptr
<
PrewhereInfo
>
;
using
FilterInfoPtr
=
std
::
shared_ptr
<
FilterInfo
>
;
struct
SyntaxAnalyzerResult
;
struct
SyntaxAnalyzerResult
;
using
SyntaxAnalyzerResultPtr
=
std
::
shared_ptr
<
const
SyntaxAnalyzerResult
>
;
using
SyntaxAnalyzerResultPtr
=
std
::
shared_ptr
<
const
SyntaxAnalyzerResult
>
;
...
...
dbms/src/Storages/StorageMergeTree.h
浏览文件 @
957d2326
...
@@ -27,12 +27,9 @@ public:
...
@@ -27,12 +27,9 @@ public:
void
shutdown
()
override
;
void
shutdown
()
override
;
~
StorageMergeTree
()
override
;
~
StorageMergeTree
()
override
;
std
::
string
getName
()
const
override
std
::
string
getName
()
const
override
{
return
data
.
merging_params
.
getModeName
()
+
"MergeTree"
;
}
{
return
data
.
merging_params
.
getModeName
()
+
"MergeTree"
;
}
std
::
string
getTableName
()
const
override
{
return
table_name
;
}
std
::
string
getTableName
()
const
override
{
return
table_name
;
}
std
::
string
getDatabaseName
()
const
override
{
return
database_name
;
}
bool
supportsSampling
()
const
override
{
return
data
.
supportsSampling
();
}
bool
supportsSampling
()
const
override
{
return
data
.
supportsSampling
();
}
bool
supportsPrewhere
()
const
override
{
return
data
.
supportsPrewhere
();
}
bool
supportsPrewhere
()
const
override
{
return
data
.
supportsPrewhere
();
}
...
...
dbms/src/Storages/StorageReplicatedMergeTree.h
浏览文件 @
957d2326
...
@@ -79,12 +79,10 @@ public:
...
@@ -79,12 +79,10 @@ public:
void
shutdown
()
override
;
void
shutdown
()
override
;
~
StorageReplicatedMergeTree
()
override
;
~
StorageReplicatedMergeTree
()
override
;
std
::
string
getName
()
const
override
std
::
string
getName
()
const
override
{
return
"Replicated"
+
data
.
merging_params
.
getModeName
()
+
"MergeTree"
;
}
{
return
"Replicated"
+
data
.
merging_params
.
getModeName
()
+
"MergeTree"
;
}
std
::
string
getTableName
()
const
override
{
return
table_name
;
}
std
::
string
getTableName
()
const
override
{
return
table_name
;
}
std
::
string
getDatabaseName
()
const
override
{
return
database_name
;
}
bool
supportsSampling
()
const
override
{
return
data
.
supportsSampling
();
}
bool
supportsSampling
()
const
override
{
return
data
.
supportsSampling
();
}
bool
supportsFinal
()
const
override
{
return
data
.
supportsFinal
();
}
bool
supportsFinal
()
const
override
{
return
data
.
supportsFinal
();
}
bool
supportsPrewhere
()
const
override
{
return
data
.
supportsPrewhere
();
}
bool
supportsPrewhere
()
const
override
{
return
data
.
supportsPrewhere
();
}
...
...
dbms/tests/queries/0_stateless/00927_table_filter.reference
0 → 100644
浏览文件 @
957d2326
-- PREWHERE should fail
1 0
1 1
0 0 0 0
0 0 6 0
0 1
1 0
1
1
0
1
1
1
1
1
0
1
1
0
1
1
1
1
0
1
1
1
1
1
1 0 1 1
1 1 1 1
1 1 1 0
dbms/tests/queries/0_stateless/00927_table_filter.sql
0 → 100644
浏览文件 @
957d2326
DROP
TABLE
IF
EXISTS
filtered_table1
;
DROP
TABLE
IF
EXISTS
filtered_table2
;
DROP
TABLE
IF
EXISTS
filtered_table3
;
-- Filter: a = 1, values: (1, 0), (1, 1)
CREATE
TABLE
test
.
filtered_table1
(
a
UInt8
,
b
UInt8
)
ENGINE
MergeTree
ORDER
BY
a
;
INSERT
INTO
test
.
filtered_table1
values
(
0
,
0
),
(
0
,
1
),
(
1
,
0
),
(
1
,
1
);
-- Filter: a + b < 1 or c - d > 5, values: (0, 0, 0, 0), (0, 0, 6, 0)
CREATE
TABLE
test
.
filtered_table2
(
a
UInt8
,
b
UInt8
,
c
UInt8
,
d
UInt8
)
ENGINE
MergeTree
ORDER
BY
a
;
INSERT
INTO
test
.
filtered_table2
values
(
0
,
0
,
0
,
0
),
(
1
,
2
,
3
,
4
),
(
4
,
3
,
2
,
1
),
(
0
,
0
,
6
,
0
);
-- Filter: c = 1, values: (0, 1), (1, 0)
CREATE
TABLE
test
.
filtered_table3
(
a
UInt8
,
b
UInt8
,
c
UInt16
ALIAS
a
+
b
)
ENGINE
MergeTree
ORDER
BY
a
;
INSERT
INTO
test
.
filtered_table3
values
(
0
,
0
),
(
0
,
1
),
(
1
,
0
),
(
1
,
1
);
SELECT
'-- PREWHERE should fail'
;
SELECT
*
FROM
test
.
filtered_table1
PREWHERE
1
;
-- { serverError 182 }
SELECT
*
FROM
test
.
filtered_table2
PREWHERE
1
;
-- { serverError 182 }
SELECT
*
FROM
test
.
filtered_table3
PREWHERE
1
;
-- { serverError 182 }
SELECT
*
FROM
test
.
filtered_table1
;
SELECT
*
FROM
test
.
filtered_table2
;
SELECT
*
FROM
test
.
filtered_table3
;
SELECT
a
FROM
test
.
filtered_table1
;
SELECT
b
FROM
test
.
filtered_table1
;
SELECT
a
FROM
test
.
filtered_table1
WHERE
a
=
1
;
SELECT
a
=
1
FROM
test
.
filtered_table1
;
SELECT
a
FROM
test
.
filtered_table3
;
SELECT
b
FROM
test
.
filtered_table3
;
SELECT
c
FROM
test
.
filtered_table3
;
SELECT
a
+
b
FROM
test
.
filtered_table3
;
SELECT
a
FROM
test
.
filtered_table3
WHERE
c
=
1
;
SELECT
c
=
1
FROM
test
.
filtered_table3
;
SELECT
a
+
b
=
1
FROM
test
.
filtered_table3
;
SELECT
*
FROM
test
.
filtered_table1
as
t1
ANY
LEFT
JOIN
test
.
filtered_table1
as
t2
ON
t1
.
a
=
t2
.
b
;
SELECT
*
FROM
test
.
filtered_table1
as
t2
ANY
RIGHT
JOIN
test
.
filtered_table1
as
t1
ON
t2
.
b
=
t1
.
a
;
DROP
TABLE
test
.
filtered_table1
;
DROP
TABLE
test
.
filtered_table2
;
DROP
TABLE
test
.
filtered_table3
;
dbms/tests/queries/bugs/prewhere_with_alias.sql
0 → 100644
浏览文件 @
957d2326
DROP
TABLE
IF
EXISTS
test
.
test
;
CREATE
TABLE
test
.
test
(
a
UInt8
,
b
UInt8
,
c
UInt16
ALIAS
a
+
b
)
ENGINE
=
MergeTree
ORDER
BY
a
;
SELECT
b
FROM
test
.
test
PREWHERE
c
=
1
;
DROP
TABLE
test
;
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录