groups table range

kungasc · kungasc · commit 3e4b81cc6c1d · 2025-01-30T17:59:17.000+03:00
diff --git a/ydb/core/sys_view/auth/groups.cpp b/ydb/core/sys_view/auth/groups.cpp
@@ -33,6 +33,9 @@ class TGroupsScan : public TAuthScanBase<TGroupsScan> {
 
         TVector<const TDomainInfo::TGroup*> groups(::Reserve(entry.DomainInfo->Groups.size()));
         for (const auto& group : entry.DomainInfo->Groups) {
+            if (!OneCellStringKeyIsInTableRange(group.Sid)) {
+                continue;
+            }
             groups.push_back(&group);
         }
         SortBatch(groups, [](const auto* left, const auto* right) {
diff --git a/ydb/core/sys_view/auth/owners.cpp b/ydb/core/sys_view/auth/owners.cpp
@@ -34,17 +34,7 @@ class TOwnersScan : public TAuthScanBase<TOwnersScan> {
 
         auto entryPath = CanonizePath(entry.Path);
 
-        bool isInRange = true;
-        if (auto pathFrom = GetCellFrom(0); pathFrom) {
-            int cmp = pathFrom->AsBuf().compare(entryPath);
-            isInRange &= cmp < 0 || cmp == 0 && TableRange.FromInclusive;
-        }
-        if (auto pathTo = GetCellTo(0); pathTo) {
-            int cmp = pathTo->AsBuf().compare(entryPath);
-            isInRange &= cmp > 0 || cmp == 0 && TableRange.ToInclusive;
-        }
-
-        if (isInRange) {
+        if (OneCellStringKeyIsInTableRange(entryPath)) {
             for (auto& column : Columns) {
                 switch (column.Tag) {
                 case Schema::AuthOwners::Path::ColumnId:
diff --git a/ydb/core/sys_view/auth/users.cpp b/ydb/core/sys_view/auth/users.cpp
@@ -89,6 +89,9 @@ class TUsersScan : public TScanActorBase<TUsersScan> {
             if (!user.HasName() || !CanAccessUser(user.GetName())) {
                 continue;
             }
+            if (!OneCellStringKeyIsInTableRange(user.GetName())) {
+                continue;
+            }
             users.push_back(&user);
         }
         SortBatch(users, [](const auto* left, const auto* right) {
@@ -98,19 +101,6 @@ class TUsersScan : public TScanActorBase<TUsersScan> {
         TVector<TCell> cells(::Reserve(Columns.size()));
         
         for (const auto* user : users) {
-            bool isInRange = true;
-            if (auto pathFrom = GetCellFrom(0); pathFrom) {
-                int cmp = pathFrom->AsBuf().compare(user->GetName());
-                isInRange &= cmp < 0 || cmp == 0 && TableRange.FromInclusive;
-            }
-            if (auto pathTo = GetCellTo(0); pathTo) {
-                int cmp = pathTo->AsBuf().compare(user->GetName());
-                isInRange &= cmp > 0 || cmp == 0 && TableRange.ToInclusive;
-            }
-            if (!isInRange) {
-                continue;
-            }
-
             for (auto& column : Columns) {
                 switch (column.Tag) {
                 case Schema::AuthUsers::Sid::ColumnId:
diff --git a/ydb/core/sys_view/common/scan_actor_base_impl.h b/ydb/core/sys_view/common/scan_actor_base_impl.h
@@ -170,6 +170,20 @@ class TScanActorBase : public TActorBootstrapped<TDerived> {
         return GetCell(TableRange.To.GetCells(), index);
     }
 
+    bool OneCellStringKeyIsInTableRange(const TString value) const {
+        if (auto pathFrom = GetCellFrom(0); pathFrom) {
+            if (int cmp = pathFrom->AsBuf().compare(value); cmp > 0 || cmp == 0 && !TableRange.FromInclusive) {
+                return false;
+            }
+        }
+        if (auto pathTo = GetCellTo(0); pathTo) {
+            if (int cmp = pathTo->AsBuf().compare(value); cmp < 0 || cmp == 0 && !TableRange.ToInclusive) {
+                return false;
+            }
+        }
+        return true;
+    }
+
 private:
     virtual void ProceedToScan() = 0;
 
diff --git a/ydb/core/sys_view/ut_kqp.cpp b/ydb/core/sys_view/ut_kqp.cpp
@@ -2690,6 +2690,36 @@ Y_UNIT_TEST_SUITE(SystemView) {
         NKqp::CompareYson(expected, NKqp::StreamResultToYson(it));
     }
 
+    Y_UNIT_TEST(AuthGroups_TableRange) {
+        TTestEnv env;
+        SetupAuthEnvironment(env);
+        TTableClient client(env.GetDriver());
+
+        for (auto group : {
+            "group1",
+            "group2",
+            "group3",
+            "group4",
+        }) {
+            env.GetClient().CreateGroup("/Root", group);
+        }
+
+        {
+            auto it = client.StreamExecuteScanQuery(R"(
+                SELECT Sid
+                FROM `Root/.sys/auth_groups`
+                WHERE Sid > "group1" AND Sid <= "group3"
+            )").GetValueSync();
+
+            auto expected = R"([
+                [["group2"]];
+                [["group3"]];
+            ])";
+
+            NKqp::CompareYson(expected, NKqp::StreamResultToYson(it));
+        }
+    }
+
     Y_UNIT_TEST(AuthGroupMembers) {
         TTestEnv env;
         SetupAuthEnvironment(env);

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,9 @@ class TGroupsScan : public TAuthScanBase<TGroupsScan> {`
`33`	`33`
`34`	`34`	`TVector<const TDomainInfo::TGroup*> groups(::Reserve(entry.DomainInfo->Groups.size()));`
`35`	`35`	`for (const auto& group : entry.DomainInfo->Groups) {`
	`36`	`+ if (!OneCellStringKeyIsInTableRange(group.Sid)) {`
	`37`	`+ continue;`
	`38`	`+ }`
`36`	`39`	`groups.push_back(&group);`
`37`	`40`	`}`
`38`	`41`	`SortBatch(groups, [](const auto* left, const auto* right) {`