tristaZero commented on a change in pull request #9743:
URL: https://github.com/apache/shardingsphere/pull/9743#discussion_r597505817
##########
File path:
shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
##########
@@ -48,7 +47,11 @@ public void execute(final BackendConnection
backendConnection) {
private boolean isAuthorizedSchema(final BackendConnection
backendConnection, final String schema) {
Optional<ShardingSpherePrivilege> privilege =
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findPrivilege(backendConnection.getGrantee());
- // TODO : Need to check whether PrivilegeType.USAGE is correct or
enough?
- return privilege.isPresent() && privilege.get().hasPrivileges(schema,
Collections.emptyList());
+ if (privilege.isPresent()) {
+ if (privilege.get().hasPrivileges(schema)) {
Review comment:
if (privilege.isPresent() && privilege.get().hasPrivileges(schema))
##########
File path:
shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
##########
@@ -54,10 +54,14 @@ public void execute(final BackendConnection
backendConnection) {
return Collections.emptyList();
}
Collection<Object> result = new LinkedList<>();
- for (String each : ProxyContext.getInstance().getAllSchemaNames()) {
- // TODO : Need to check whether PrivilegeType.SHOW_DB is correct
or enough?
- if (privilege.get().hasPrivileges(each,
Collections.singletonList(PrivilegeType.SHOW_DB))) {
- result.add(each);
+
if(privilege.get().getAdministrativePrivilege().hasPrivileges(Collections.singletonList(PrivilegeType.SUPER))
+ ||
privilege.get().getAdministrativePrivilege().hasPrivileges(Collections.singletonList(PrivilegeType.SHOW_DB)))
{
Review comment:
Do you think `hasPrivileges(final String schema, final
Collection<PrivilegeType> privileges)` can replace these statements?
##########
File path:
shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
##########
@@ -57,11 +55,12 @@
return Optional.of(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR);
}
ShardingSpherePrivilege privilege =
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().getAuthentication().get(user.get());
- // TODO :
privilege.getDataPrivilege().getSpecificPrivileges().containsKey(database) is
bound to be replaced with privilege.hasPrivileges(schema, xxx) (xxx means the
privileges needed here)
- if
(!privilege.hasPrivileges(Collections.singletonList(PrivilegeType.SUPER)) &&
!privilege.getDatabasePrivilege().getSpecificPrivileges().containsKey(database))
{
- return Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
+ if (null != privilege) {
Review comment:
if (privilege.isPresent() && privilege.get().hasPrivileges(schema))
##########
File path:
shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/ShardingSpherePrivilege.java
##########
@@ -63,6 +63,25 @@ public boolean hasPrivileges(final String schema, final
Collection<PrivilegeType
return hasPrivileges(privileges) ||
databasePrivilege.hasPrivileges(schema, privileges);
}
+ /**
+ * Has privilege for login and use db.
+ *
+ * @param schema schema
+ * @return has or not
+ */
+ public boolean hasPrivileges(final String schema) {
+ if
(administrativePrivilege.getPrivileges().contains(PrivilegeType.SUPER)) {
+ return true;
+ }
+ if (!databasePrivilege.getGlobalPrivileges().isEmpty()) {
+ return true;
+ }
+ if (databasePrivilege.getSpecificPrivileges().containsKey(schema)) {
+ return true;
+ }
+ return false;
+ }
Review comment:
return
administrativePrivilege.getPrivileges().contains(PrivilegeType.SUPER) ||
!databasePrivilege.getGlobalPrivileges().isEmpty()
||
databasePrivilege.getSpecificPrivileges().containsKey(schema);
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
