Skip to content

Commit

Permalink
executor, privileges: Add dynamic privileges to SHOW PRIVILEGES (#24646)
Browse files Browse the repository at this point in the history
  • Loading branch information
@morgo
morgo authored May 14, 2021
1 parent ea7f0ca commit d9f28c7
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 1 deletion.
9 changes: 8 additions & 1 deletion executor/executor_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -350,7 +350,14 @@ func (s *testSuiteP1) TestShow(c *C) {
"Trigger Tables To use triggers",
"Create tablespace Server Admin To create/alter/drop tablespaces",
"Update Tables To update existing rows",
"Usage Server Admin No privileges - allow connect only"))
"Usage Server Admin No privileges - allow connect only",
"BACKUP_ADMIN Server Admin ",
"SYSTEM_VARIABLES_ADMIN Server Admin ",
"ROLE_ADMIN Server Admin ",
"CONNECTION_ADMIN Server Admin ",
"RESTRICTED_TABLES_ADMIN Server Admin ",
"RESTRICTED_STATUS_ADMIN Server Admin ",
))
c.Assert(len(tk.MustQuery("show table status").Rows()), Equals, 1)
}

Expand Down
4 changes: 4 additions & 0 deletions executor/show.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1412,6 +1412,10 @@ func (e *ShowExec) fetchShowPrivileges() error {
e.appendRow([]interface{}{"Create tablespace", "Server Admin", "To create/alter/drop tablespaces"})
e.appendRow([]interface{}{"Update", "Tables", "To update existing rows"})
e.appendRow([]interface{}{"Usage", "Server Admin", "No privileges - allow connect only"})

for _, priv := range privileges.GetDynamicPrivileges() {
e.appendRow([]interface{}{priv, "Server Admin", ""})
}
return nil
}

Expand Down
11 changes: 11 additions & 0 deletions privilege/privileges/privileges.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -535,3 +535,14 @@ func RegisterDynamicPrivilege(privNameInUpper string) error {
dynamicPrivs = append(dynamicPrivs, privNameInUpper)
return nil
}

// GetDynamicPrivileges returns the list of registered DYNAMIC privileges
// for use in meta data commands (i.e. SHOW PRIVILEGES)
func GetDynamicPrivileges() []string {
dynamicPrivLock.Lock()
defer dynamicPrivLock.Unlock()

privCopy := make([]string, len(dynamicPrivs))
copy(privCopy, dynamicPrivs)
return privCopy
}
12 changes: 12 additions & 0 deletions privilege/privileges/privileges_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1427,3 +1427,15 @@ func (s *testPrivilegeSuite) TestViewDefiner(c *C) {
tk.MustExec("select * from test_view")
tk.MustExec("select * from test_view2")
}

func (s *testPrivilegeSuite) TestDynamicPrivsRegistration(c *C) {
se := newSession(c, s.store, s.dbName)
pm := privilege.GetPrivilegeManager(se)

count := len(privileges.GetDynamicPrivileges())

c.Assert(pm.IsDynamicPrivilege("ACDC_ADMIN"), IsFalse)
privileges.RegisterDynamicPrivilege("ACDC_ADMIN")
c.Assert(pm.IsDynamicPrivilege("ACDC_ADMIN"), IsTrue)
c.Assert(len(privileges.GetDynamicPrivileges()), Equals, count+1)
}

0 comments on commit d9f28c7

Please sign in to comment.