This is an automated email from the ASF dual-hosted git repository. jiangmaolin pushed a commit to branch dev-5.5.1 in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
commit 3b90c5994d88e22c4b1932e950a8a600d1805647 Author: RaigorJiang <[email protected]> AuthorDate: Fri Nov 1 01:03:52 2024 +0800 Add privilege check for ShowTablesExecutor --- .../handler/query/ShowDistUsersExecutor.java | 9 +++++-- .../handler/admin/executor/ShowTablesExecutor.java | 28 ++++++++++++++++++---- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/query/ShowDistUsersExecutor.java b/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/query/ShowDistUsersExecutor.java index 9efb28195f8..4b1fb8ae161 100644 --- a/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/query/ShowDistUsersExecutor.java +++ b/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/query/ShowDistUsersExecutor.java @@ -19,6 +19,7 @@ package com.sphereex.dbplusengine.authority.distsql.handler.query; import com.sphereex.dbplusengine.authority.distsql.statement.user.ShowDistUsersStatement; import lombok.Setter; +import org.apache.shardingsphere.authority.config.UserConfiguration; import org.apache.shardingsphere.authority.rule.AuthorityRule; import org.apache.shardingsphere.distsql.handler.aware.DistSQLExecutorRuleAware; import org.apache.shardingsphere.distsql.handler.engine.query.DistSQLQueryExecutor; @@ -39,12 +40,16 @@ public final class ShowDistUsersExecutor implements DistSQLQueryExecutor<ShowDis @Override public Collection<String> getColumnNames(final ShowDistUsersStatement sqlStatement) { - return Arrays.asList("host", "user"); + return Arrays.asList("host", "user", "is_admin"); } @Override public Collection<LocalDataQueryResultRow> getRows(final ShowDistUsersStatement sqlStatement, final ContextManager contextManager) { - return rule.getGrantees().stream().map(each -> new LocalDataQueryResultRow(each.getHostname(), each.getUsername())).collect(Collectors.toList()); + return rule.getConfiguration().getUsers().stream().map(this::getRow).collect(Collectors.toList()); + } + + private LocalDataQueryResultRow getRow(final UserConfiguration user) { + return new LocalDataQueryResultRow(user.getHostname(), user.getUsername(), user.isAdmin() ? "Y" : "N"); } @Override diff --git a/proxy/backend/type/mysql/src/main/java/org/apache/shardingsphere/proxy/backend/mysql/handler/admin/executor/ShowTablesExecutor.java b/proxy/backend/type/mysql/src/main/java/org/apache/shardingsphere/proxy/backend/mysql/handler/admin/executor/ShowTablesExecutor.java index ac28c0643b6..e14de5ec342 100644 --- a/proxy/backend/type/mysql/src/main/java/org/apache/shardingsphere/proxy/backend/mysql/handler/admin/executor/ShowTablesExecutor.java +++ b/proxy/backend/type/mysql/src/main/java/org/apache/shardingsphere/proxy/backend/mysql/handler/admin/executor/ShowTablesExecutor.java @@ -17,8 +17,12 @@ package org.apache.shardingsphere.proxy.backend.mysql.handler.admin.executor; +import com.sphereex.dbplusengine.SphereEx; +import com.sphereex.dbplusengine.SphereEx.Type; import lombok.Getter; import lombok.RequiredArgsConstructor; +import org.apache.shardingsphere.authority.checker.AuthorityChecker; +import org.apache.shardingsphere.authority.rule.AuthorityRule; import org.apache.shardingsphere.infra.database.core.metadata.database.system.SystemDatabase; import org.apache.shardingsphere.infra.database.core.type.DatabaseType; import org.apache.shardingsphere.infra.executor.sql.execute.result.query.QueryResult; @@ -30,6 +34,7 @@ import org.apache.shardingsphere.infra.executor.sql.execute.result.query.type.me import org.apache.shardingsphere.infra.merge.result.MergedResult; import org.apache.shardingsphere.infra.merge.result.impl.transparent.TransparentMergedResult; import org.apache.shardingsphere.infra.metadata.database.schema.model.ShardingSphereTable; +import org.apache.shardingsphere.infra.metadata.user.Grantee; import org.apache.shardingsphere.infra.util.regex.RegexUtils; import org.apache.shardingsphere.proxy.backend.context.ProxyContext; import org.apache.shardingsphere.proxy.backend.handler.admin.executor.DatabaseAdminQueryExecutor; @@ -67,7 +72,9 @@ public final class ShowTablesExecutor implements DatabaseAdminQueryExecutor { public void execute(final ConnectionSession connectionSession) { String databaseName = sqlStatement.getFromDatabase().map(schema -> schema.getDatabase().getIdentifier().getValue()).orElseGet(connectionSession::getUsedDatabaseName); queryResultMetaData = createQueryResultMetaData(databaseName); - mergedResult = new TransparentMergedResult(getQueryResult(databaseName)); + // SPEX CHANGED: BEGIN + mergedResult = new TransparentMergedResult(getQueryResult(databaseName, connectionSession.getConnectionContext().getGrantee())); + // SPEX CHANGED: END } private QueryResultMetaData createQueryResultMetaData(final String databaseName) { @@ -80,12 +87,14 @@ public final class ShowTablesExecutor implements DatabaseAdminQueryExecutor { return new RawQueryResultMetaData(columnNames); } - private QueryResult getQueryResult(final String databaseName) { + private QueryResult getQueryResult(final String databaseName, @SphereEx final Grantee grantee) { SystemDatabase systemDatabase = new SystemDatabase(databaseType); if (!systemDatabase.getSystemSchemas().contains(databaseName) && !ProxyContext.getInstance().getContextManager().getDatabase(databaseName).isComplete()) { return new RawMemoryQueryResult(queryResultMetaData, Collections.emptyList()); } - List<MemoryQueryResultDataRow> rows = getTables(databaseName).stream().map(this::getRow).collect(Collectors.toList()); + // SPEX CHANGED: BEGIN + List<MemoryQueryResultDataRow> rows = getTables(databaseName, grantee).stream().map(this::getRow).collect(Collectors.toList()); + // SPEX CHANGED: END return new RawMemoryQueryResult(queryResultMetaData, rows); } @@ -95,9 +104,13 @@ public final class ShowTablesExecutor implements DatabaseAdminQueryExecutor { : new MemoryQueryResultDataRow(Collections.singletonList(table.getName())); } - private Collection<ShardingSphereTable> getTables(final String databaseName) { + private Collection<ShardingSphereTable> getTables(final String databaseName, @SphereEx final Grantee grantee) { + @SphereEx(Type.MODIFY) Collection<ShardingSphereTable> tables = ProxyContext.getInstance().getContextManager().getDatabase(databaseName).getSchema(databaseName).getTables().values(); Collection<ShardingSphereTable> filteredTables = filterByLike(tables); + // SPEX ADDED: BEGIN + filteredTables = filterByPrivilege(databaseName, grantee, filteredTables); + // SPEX ADDED: END return filteredTables.stream().sorted(Comparator.comparing(ShardingSphereTable::getName)).collect(Collectors.toList()); } @@ -106,6 +119,13 @@ public final class ShowTablesExecutor implements DatabaseAdminQueryExecutor { return likePattern.isPresent() ? tables.stream().filter(each -> likePattern.get().matcher(each.getName()).matches()).collect(Collectors.toList()) : tables; } + @SphereEx + private Collection<ShardingSphereTable> filterByPrivilege(final String databaseName, final Grantee grantee, final Collection<ShardingSphereTable> tables) { + AuthorityRule authorityRule = ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getGlobalRuleMetaData().getSingleRule(AuthorityRule.class); + AuthorityChecker authorityChecker = new AuthorityChecker(authorityRule, grantee); + return tables.stream().filter(each -> authorityChecker.isAuthorized(databaseName, each.getName())).collect(Collectors.toList()); + } + private Optional<Pattern> getLikePattern() { if (!sqlStatement.getFilter().isPresent()) { return Optional.empty();
