[shardingsphere] branch master updated: More todo items on privileges (#9708)

menghaoran Wed, 17 Mar 2021 03:19:11 -0700

This is an automated email from the ASF dual-hosted git repository.

menghaoran pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git



The following commit(s) were added to refs/heads/master by this push:
     new bb677a7  More todo items on privileges (#9708)
bb677a7 is described below

commit bb677a71afaffe888e22e2a4f940b40f22bab1f8
Author: Juan Pan(Trista) <[email protected]>
AuthorDate: Wed Mar 17 18:18:32 2021 +0800

    More todo items on privileges (#9708)
---
 .../backend/text/admin/mysql/executor/ShowDatabasesExecutor.java      | 4 +++-
 .../proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java  | 4 +++-
 .../proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java         | 1 +
 .../frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java   | 1 +
 .../frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java     | 1 +
 5 files changed, 9 insertions(+), 2 deletions(-)

diff --git 
a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
 
b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
index 0468079c..87ee6f2 100644
--- 
a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
+++ 
b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
@@ -18,6 +18,7 @@
 package org.apache.shardingsphere.proxy.backend.text.admin.mysql.executor;
 
 import lombok.Getter;
+import 
org.apache.shardingsphere.infra.metadata.auth.model.privilege.PrivilegeType;
 import 
org.apache.shardingsphere.infra.metadata.auth.model.privilege.ShardingSpherePrivilege;
 import 
org.apache.shardingsphere.infra.executor.sql.execute.result.query.QueryResultMetaData;
 import 
org.apache.shardingsphere.infra.executor.sql.execute.result.query.impl.raw.metadata.RawQueryResultColumnMetaData;
@@ -54,7 +55,8 @@ public final class ShowDatabasesExecutor implements 
DatabaseAdminQueryExecutor {
         }
         Collection<Object> result = new LinkedList<>();
         for (String each : ProxyContext.getInstance().getAllSchemaNames()) {
-            if (privilege.get().getDataPrivilege().hasPrivileges(each, 
Collections.emptyList())) {
+            // TODO : Need to check whether PrivilegeType.SHOW_DB is correct 
or enough?
+            if (privilege.get().getDataPrivilege().hasPrivileges(each, 
Collections.singletonList(PrivilegeType.SHOW_DB))) {
                 result.add(each);
             }
         }
diff --git 
a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
 
b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
index f0a0390..17aa2dc 100644
--- 
a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
+++ 
b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
@@ -18,6 +18,7 @@
 package org.apache.shardingsphere.proxy.backend.text.admin.mysql.executor;
 
 import lombok.RequiredArgsConstructor;
+import 
org.apache.shardingsphere.infra.metadata.auth.model.privilege.PrivilegeType;
 import 
org.apache.shardingsphere.infra.metadata.auth.model.privilege.ShardingSpherePrivilege;
 import 
org.apache.shardingsphere.proxy.backend.communication.jdbc.connection.BackendConnection;
 import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
@@ -48,6 +49,7 @@ public final class UseDatabaseExecutor implements 
DatabaseAdminExecutor {
     
     private boolean isAuthorizedSchema(final BackendConnection 
backendConnection, final String schema) {
         Optional<ShardingSpherePrivilege> privilege = 
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findPrivilege(backendConnection.getGrantee());
-        return privilege.isPresent() && 
privilege.get().getDataPrivilege().hasPrivileges(schema, 
Collections.emptyList());
+        // TODO : Need to check whether PrivilegeType.USAGE is correct or 
enough?
+        return privilege.isPresent() && 
privilege.get().getDataPrivilege().hasPrivileges(schema, 
Collections.singletonList(PrivilegeType.USAGE));
     }
 }
diff --git 
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
 
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
index d9439cc..0670219 100644
--- 
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
+++ 
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
@@ -57,6 +57,7 @@ public final class MySQLAuthenticationHandler {
             return Optional.of(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR);
         }
         ShardingSpherePrivilege privilege = 
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().getAuthentication().get(user.get());
+        // TODO : 
privilege.getDataPrivilege().getSpecificPrivileges().containsKey(database) is 
bound to be replaced with privilege.hasPrivileges(schema, xxx) (xxx means the 
privileges needed here)
         if 
(!privilege.getAdministrationPrivilege().hasPrivileges(Collections.singletonList(PrivilegeType.SUPER))
 && 
!privilege.getDataPrivilege().getSpecificPrivileges().containsKey(database)) {
             return Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
         }
diff --git 
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java
 
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java
index 0d8de49..c61256b 100644
--- 
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java
+++ 
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java
@@ -54,6 +54,7 @@ public final class MySQLComInitDbExecutor implements 
CommandExecutor {
     
     private boolean isAuthorizedSchema(final String schema) {
         Optional<ShardingSpherePrivilege> privilege = 
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findPrivilege(backendConnection.getGrantee());
+        // TODO : privilege.hasPrivileges(schema, xxx) (xxx means the 
privileges needed here), rather than Collections.emptyList()
         return privilege.isPresent() && 
privilege.get().getDataPrivilege().hasPrivileges(schema, 
Collections.emptyList());
     }
 }
diff --git 
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
 
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
index 299fa4a..43baaa4 100644
--- 
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
+++ 
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
@@ -56,6 +56,7 @@ public final class PostgreSQLAuthenticationHandler {
         if (!expectedMd5Digest.equals(md5Digest)) {
             return new 
PostgreSQLLoginResult(PostgreSQLErrorCode.INVALID_PASSWORD, 
String.format("password authentication failed for user \"%s\"", username));
         }
+        // TODO : privilege.hasPrivileges(schema, xxx) (xxx means the 
privileges needed here), rather than Collections.emptyList()
         if 
(!ProxyContext.getInstance().getMetaDataContexts().getAuthentication().getAuthentication().get(user.get()).getDataPrivilege().hasPrivileges(databaseName,
 Collections.emptyList())) {
             return new 
PostgreSQLLoginResult(PostgreSQLErrorCode.PRIVILEGE_NOT_GRANTED, 
String.format("Access denied for user '%s' to database '%s'", username, 
databaseName));
         }

[shardingsphere] branch master updated: More todo items on privileges (#9708)

Reply via email to