Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privilege: alter table && rename privilege make same with MySQL #9872

Merged
merged 25 commits into from
Apr 4, 2019
Merged

privilege: alter table && rename privilege make same with MySQL #9872

Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
58e7cf5
ALTER TABLE PRIV
xiekeyi98 Mar 24, 2019
ab01070
Create database priv
xiekeyi98 Mar 24, 2019
4028a79
Rename priv
xiekeyi98 Mar 24, 2019
22da92c
buildDDL Finsh
xiekeyi98 Mar 24, 2019
458fc0a
alter table rename ( ugly )
xiekeyi98 Mar 24, 2019
d68640a
Merge remote-tracking branch 'upstream/master' into TiDB-3397
xiekeyi98 Mar 24, 2019
30554f5
apply comment
xiekeyi98 Mar 25, 2019
4003b21
alter table drop partition
xiekeyi98 Mar 25, 2019
51baf39
Merge remote-tracking branch 'upstream/master' into TiDB-3397
xiekeyi98 Mar 25, 2019
89c099b
Merge remote-tracking branch 'upstream/master' into TiDB-3397
xiekeyi98 Mar 27, 2019
0f8049e
use iter
xiekeyi98 Mar 27, 2019
82ee3d1
Merge branch 'master' into TiDB-3397
winkyao Mar 31, 2019
abd0b46
replace to appendVisitinfo
xiekeyi98 Mar 31, 2019
bca1c9e
Merge remote-tracking branch 'upstream/master' into TiDB-3397
xiekeyi98 Mar 31, 2019
32fd19f
add error
xiekeyi98 Mar 31, 2019
2595458
fix CI
xiekeyi98 Mar 31, 2019
9f251e6
add Err DBaccessDenied
xiekeyi98 Apr 1, 2019
e3a2fdf
Merge remote-tracking branch 'upstream/master' into TiDB-3397
xiekeyi98 Apr 1, 2019
7ced1f0
delete CREATE INSERT when ALTER
xiekeyi98 Apr 1, 2019
33b4acb
Merge remote-tracking branch 'upstream/master' into TiDB-3397
xiekeyi98 Apr 1, 2019
44142ea
Merge branch 'master' into TiDB-3397
xiekeyi98 Apr 3, 2019
3ba732d
Merge branch 'master' into TiDB-3397
xiekeyi98 Apr 4, 2019
bd45535
Merge branch 'master' into TiDB-3397
xiekeyi98 Apr 4, 2019
425ac14
Merge branch 'master' into TiDB-3397
xiekeyi98 Apr 4, 2019
295e3ad
Merge branch 'master' into TiDB-3397
xiekeyi98 Apr 4, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions planner/core/logical_plan_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1640,6 +1640,39 @@ func (s *testPlanSuite) TestVisitInfo(c *C) {
{mysql.AllPrivMask, "test", "ttt", "", nil},
},
},
{
sql: "alter table t add column a int(4)",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remember to update our document.

Copy link
Contributor Author

@xiekeyi98 xiekeyi98 Mar 27, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pingcap/docs-cn#1192

ans: []visitInfo{
{mysql.AlterPriv, "test", "t", "", nil},
{mysql.InsertPriv, "test", "t", "", nil},
{mysql.CreatePriv, "test", "", "", nil},
},
},
{
sql: "rename table t_old to t_new",
ans: []visitInfo{
{mysql.AlterPriv, "test", "t_old", "", nil},
{mysql.DropPriv, "test", "t_old", "", nil},
{mysql.CreatePriv, "test", "t_new", "", nil},
{mysql.InsertPriv, "test", "t_new", "", nil},
},
},
{
sql: "alter table t_old rename to t_new",
ans: []visitInfo{
{mysql.AlterPriv, "test", "t_old", "", nil},
{mysql.DropPriv, "test", "t_old", "", nil},
{mysql.CreatePriv, "test", "t_new", "", nil},
{mysql.InsertPriv, "test", "t_new", "", nil},
},
},
{
sql: "alter table t drop partition p0;",
ans: []visitInfo{
{mysql.AlterPriv, "test", "t", "", nil},
{mysql.DropPriv, "test", "t", "", nil},
},
},
}

for _, tt := range tests {
Expand Down
212 changes: 134 additions & 78 deletions planner/core/planbuilder.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1201,12 +1201,14 @@ func (b *PlanBuilder) buildInsert(insert *ast.InsertStmt) (Plan, error) {
IsReplace: insert.IsReplace,
}.Init(b.ctx)

b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.InsertPriv,
db: tn.DBInfo.Name.L,
table: tableInfo.Name.L,
err: nil,
})
var authErr error
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("INSERT", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, tableInfo.Name.L)
}

b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, tn.DBInfo.Name.L,
tableInfo.Name.L, "", authErr)

mockTablePlan := LogicalTableDual{}.Init(b.ctx)
mockTablePlan.SetSchema(insertPlan.tableSchema)
Expand Down Expand Up @@ -1510,41 +1512,82 @@ func (b *PlanBuilder) buildLoadStats(ld *ast.LoadStatsStmt) Plan {
}

func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) {
var authErr error
switch v := node.(type) {
case *ast.AlterTableStmt:
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.AlterPriv,
db: v.Table.Schema.L,
table: v.Table.Name.L,
err: nil,
})
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("ALTER", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.Table.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.AlterPriv, v.Table.Schema.L,
v.Table.Name.L, "", authErr)
for _, spec := range v.Specs {
if spec.Tp == ast.AlterTableRenameTable {
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("DROP", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.Table.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Table.Schema.L,
v.Table.Name.L, "", authErr)

if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("CREATE", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, spec.NewTable.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, spec.NewTable.Schema.L,
spec.NewTable.Name.L, "", authErr)

if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("INSERT", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, spec.NewTable.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, spec.NewTable.Schema.L,
spec.NewTable.Name.L, "", authErr)
} else if spec.Tp == ast.AlterTableDropPartition {
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("DROP", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.Table.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Table.Schema.L,
v.Table.Name.L, "", authErr)
} else {
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("INSERT", b.ctx.GetSessionVars().User.Hostname,
zz-jason marked this conversation as resolved.
Show resolved Hide resolved
b.ctx.GetSessionVars().User.Username, v.Table.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, v.Table.Schema.L,
v.Table.Name.L, "", authErr)

// TODO: Add authErr
xiekeyi98 marked this conversation as resolved.
Show resolved Hide resolved
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Table.Schema.L,
"", "", nil)
}
}
case *ast.CreateDatabaseStmt:
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.CreatePriv,
db: v.Name,
err: nil,
})
// TODO: Add authErr
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Name,
"", "", nil)
case *ast.CreateIndexStmt:
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.IndexPriv,
db: v.Table.Schema.L,
table: v.Table.Name.L,
err: nil,
})
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("INDEX", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.Table.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.IndexPriv, v.Table.Schema.L,
v.Table.Name.L, "", authErr)
case *ast.CreateTableStmt:
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.CreatePriv,
db: v.Table.Schema.L,
table: v.Table.Name.L,
err: nil,
})
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("CREATE", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.Table.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.Table.Schema.L,
v.Table.Name.L, "", authErr)
if v.ReferTable != nil {
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.SelectPriv,
db: v.ReferTable.Schema.L,
table: v.ReferTable.Name.L,
err: nil,
})
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("CREATE", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.ReferTable.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SelectPriv, v.ReferTable.Schema.L,
v.ReferTable.Name.L, "", nil)
}
case *ast.CreateViewStmt:
plan, err := b.Build(v.Select)
Expand All @@ -1562,64 +1605,77 @@ func (b *PlanBuilder) buildDDL(node ast.DDLNode) (Plan, error) {
}
v.Select.(*ast.SelectStmt).Fields.Fields = fieldList
if _, ok := plan.(LogicalPlan); ok {
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.CreateViewPriv,
db: v.ViewName.Schema.L,
table: v.ViewName.Name.L,
err: nil,
})
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("CREATE VIEW", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.ViewName.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreateViewPriv, v.ViewName.Schema.L,
v.ViewName.Name.L, "", authErr)
}
if v.Definer.CurrentUser {
v.Definer = b.ctx.GetSessionVars().User
}
if b.ctx.GetSessionVars().User != nil && v.Definer.String() != b.ctx.GetSessionVars().User.String() {
err = ErrSpecificAccessDenied.GenWithStackByArgs("SUPER")
b.visitInfo = append(b.visitInfo, visitInfo{privilege: mysql.SuperPriv, db: "", table: "", err: err})
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SuperPriv, "",
"", "", err)
}
case *ast.DropDatabaseStmt:
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.DropPriv,
db: v.Name,
err: nil,
})
// TODO: add authErr
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Name,
"", "", nil)
case *ast.DropIndexStmt:
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.IndexPriv,
db: v.Table.Schema.L,
table: v.Table.Name.L,
err: nil,
})
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("INDEx", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.Table.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.IndexPriv, v.Table.Schema.L,
v.Table.Name.L, "", authErr)
case *ast.DropTableStmt:
for _, tableVal := range v.Tables {
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.DropPriv,
db: tableVal.Schema.L,
table: tableVal.Name.L,
err: nil,
})
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("DROP", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, tableVal.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, tableVal.Schema.L,
tableVal.Name.L, "", authErr)
}
case *ast.TruncateTableStmt:
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.DropPriv,
db: v.Table.Schema.L,
table: v.Table.Name.L,
err: nil,
})
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("DROP", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.Table.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.Table.Schema.L,
v.Table.Name.L, "", nil)
case *ast.RenameTableStmt:
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.AlterPriv,
db: v.OldTable.Schema.L,
table: v.OldTable.Name.L,
err: nil,
})
b.visitInfo = append(b.visitInfo, visitInfo{
privilege: mysql.AlterPriv,
db: v.NewTable.Schema.L,
table: v.NewTable.Name.L,
err: nil,
})
}
if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("ALTER", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.OldTable.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.AlterPriv, v.OldTable.Schema.L,
v.OldTable.Name.L, "", nil)

if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("DROP", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.OldTable.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.DropPriv, v.OldTable.Schema.L,
v.OldTable.Name.L, "", nil)

if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("CREATE", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.NewTable.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.CreatePriv, v.NewTable.Schema.L,
v.NewTable.Name.L, "", nil)

if b.ctx.GetSessionVars().User != nil {
authErr = ErrTableaccessDenied.GenWithStackByArgs("INSERT", b.ctx.GetSessionVars().User.Hostname,
b.ctx.GetSessionVars().User.Username, v.NewTable.Name.L)
}
b.visitInfo = appendVisitInfo(b.visitInfo, mysql.InsertPriv, v.NewTable.Schema.L,
v.NewTable.Name.L, "", nil)
}
p := &DDL{Statement: node}
return p, nil
}
Expand Down