Skip to content

Commit

Permalink
commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@HangyuanLiu
HangyuanLiu committed Dec 17, 2024
1 parent 556e91a commit 1cc553e
Show file tree
Hide file tree
Showing 10 changed files with 95 additions and 34 deletions.
14 changes: 14 additions & 0 deletions fe/fe-core/src/main/java/com/starrocks/authorization/ColumnPrivilege.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,15 @@

import com.google.common.collect.Maps;
import com.starrocks.analysis.TableName;
import com.starrocks.catalog.BasicTable;
import com.starrocks.catalog.Column;
import com.starrocks.catalog.InternalCatalog;
import com.starrocks.catalog.Table;
import com.starrocks.catalog.View;
import com.starrocks.catalog.system.SystemTable;
import com.starrocks.connector.metadata.MetadataTable;
import com.starrocks.qe.ConnectContext;
import com.starrocks.server.GlobalStateMgr;
import com.starrocks.sql.StatementPlanner;
import com.starrocks.sql.analyzer.Authorizer;
import com.starrocks.sql.ast.AstTraverser;
Expand Down Expand Up @@ -147,6 +149,18 @@ public static void check(ConnectContext context, QueryStatement stmt, List<Table
Authorizer.checkTableAction(context.getCurrentUserIdentity(), context.getCurrentRoleIds(),
tableName, PrivilegeType.SELECT);
} else {
View view = (View) table;
if (view.isSecurity()) {
List<TableName> allTables = view.getTableRefs();
for (TableName t : allTables) {
BasicTable basicTable = GlobalStateMgr.getCurrentState().getMetadataMgr().getBasicTable(
t.getCatalog(), t.getDb(), t.getTbl());

Authorizer.checkAnyActionOnTableLikeObject(context.getCurrentUserIdentity(),
null, t.getDb(), basicTable);
}
}

Authorizer.checkViewAction(context.getCurrentUserIdentity(), context.getCurrentRoleIds(),
tableName, PrivilegeType.SELECT);
}
Expand Down
2 changes: 2 additions & 0 deletions fe/fe-core/src/main/java/com/starrocks/catalog/BasicTable.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
public interface BasicTable {
String getCatalogName();

String getDbName();

String getName();

String getComment();
Expand Down
5 changes: 5 additions & 0 deletions fe/fe-core/src/main/java/com/starrocks/catalog/ExternalCatalogTableBasicInfo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,11 @@ public String getCatalogName() {
return catalogName;
}

@Override
public String getDbName() {
return dbName;
}

@Override
public String getName() {
return tableName;
Expand Down
11 changes: 11 additions & 0 deletions fe/fe-core/src/main/java/com/starrocks/catalog/View.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,9 @@ public class View extends Table {
@SerializedName(value = "m")
private long sqlMode = 0L;

@SerializedName(value = "s")
private boolean security = false;

// cache used table names
private List<TableName> tableRefsCache = Lists.newArrayList();

Expand Down Expand Up @@ -136,6 +139,14 @@ public long getSqlMode() {
return sqlMode;
}

public void setSecurity(boolean security) {
this.security = security;
}

public boolean isSecurity() {
return security;
}

/**
* Initializes the originalViewDef, inlineViewDef, and queryStmt members
* by parsing the expanded view definition SQL-string.
Expand Down
5 changes: 5 additions & 0 deletions fe/fe-core/src/main/java/com/starrocks/server/LocalMetastore.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4233,6 +4233,11 @@ public void createView(CreateViewStmt stmt) throws DdlException {
view.setInlineViewDefWithSqlMode(stmt.getInlineViewDef(),
ConnectContext.get().getSessionVariable().getSqlMode());
// init here in case the stmt string from view.toSql() has some syntax error.

if (stmt.isSecurity()) {
view.setSecurity(stmt.isSecurity());
}

try {
view.init();
} catch (StarRocksException e) {
Expand Down
4 changes: 2 additions & 2 deletions fe/fe-core/src/main/java/com/starrocks/sql/analyzer/Authorizer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ public static void checkAnyActionOnTableLikeObject(UserIdentity currentUser, Set
doCheckTableLikeObject(currentUser, roleIds, dbName, tableBasicInfo, null);
}

private static void doCheckTableLikeObject(UserIdentity currentUser, Set<Long> roleIds, String dbName,
private static void doCheckTableLikeObject(UserIdentity currentUser, Set<Long> roleIds,
BasicTable tbl, PrivilegeType privilegeType) throws AccessDeniedException {
if (tbl == null) {
return;
Expand All @@ -210,7 +210,7 @@ private static void doCheckTableLikeObject(UserIdentity currentUser, Set<Long> r
case KUDU:
// `privilegeType == null` meaning we don't check specified action, just any action
if (privilegeType == null) {
checkAnyActionOnTable(currentUser, roleIds, new TableName(tbl.getCatalogName(), dbName, tbl.getName()));
checkAnyActionOnTable(currentUser, roleIds, new TableName(tbl.getCatalogName(), tbl.get, tbl.getName()));
} else {
checkTableAction(currentUser, roleIds, dbName, tbl.getName(), privilegeType);
}
Expand Down
13 changes: 11 additions & 2 deletions fe/fe-core/src/main/java/com/starrocks/sql/ast/CreateViewStmt.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,19 @@ public class CreateViewStmt extends DdlStmt {
private final boolean ifNotExists;
private final boolean replace;
private final String comment;
private final boolean security;
protected QueryStatement queryStatement;

//Resolved by Analyzer
protected List<Column> columns;
private String inlineViewDef;

public CreateViewStmt(boolean ifNotExists, boolean replace,
TableName tableName, List<ColWithComment> colWithComments,
public CreateViewStmt(boolean ifNotExists,
boolean replace,
TableName tableName,
List<ColWithComment> colWithComments,
String comment,
boolean security,
QueryStatement queryStmt,
NodePosition pos) {
super(pos);
Expand All @@ -44,6 +48,7 @@ public CreateViewStmt(boolean ifNotExists, boolean replace,
this.tableName = tableName;
this.colWithComments = colWithComments;
this.comment = Strings.nullToEmpty(comment);
this.security = security;
this.queryStatement = queryStmt;
}

Expand Down Expand Up @@ -79,6 +84,10 @@ public String getComment() {
return comment;
}

public boolean isSecurity() {
return security;
}

public QueryStatement getQueryStatement() {
return queryStatement;
}
Expand Down
65 changes: 38 additions & 27 deletions fe/fe-core/src/main/java/com/starrocks/sql/parser/AstBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1608,12 +1608,23 @@ public ParseNode visitCreateViewStatement(StarRocksParser.CreateViewStatementCon
throw new ParsingException(PARSER_ERROR_MSG.conflictedOptions("if not exists", "or replace"),
createPos(context));
}

boolean isSecurity = false;
if (context.SECURITY() != null) {
if (context.NONE() != null) {
isSecurity = false;
} else if (context.INVOKER() != null) {
isSecurity = true;
}
}

return new CreateViewStmt(
context.IF() != null,
context.REPLACE() != null,
targetTableName,
colWithComments,
context.comment() == null ? null : ((StringLiteral) visit(context.comment())).getStringValue(),
isSecurity,
(QueryStatement) visit(context.queryStatement()), createPos(context));
}

Expand Down Expand Up @@ -3395,7 +3406,7 @@ public ParseNode visitHelpStatement(StarRocksParser.HelpStatementContext context

// ------------------------------------------- Backup Store Statement ----------------------------------------------
private ParseNode getFunctionRef(StarRocksParser.QualifiedNameContext qualifiedNameContext,
String alias, NodePosition position) {
String alias, NodePosition position) {
String functionName = getQualifiedName(qualifiedNameContext).toString();
FunctionName fnName = FunctionName.createFnName(functionName);
return new FunctionRef(fnName, alias, position);
Expand Down Expand Up @@ -3424,30 +3435,30 @@ private ParseNode parseBackupRestoreStatement(ParserRuleContext context) {

List<CatalogRef> externalCatalogRefs = new ArrayList<>();
boolean allExternalCatalog = backupContext != null ?
(backupContext.ALL() != null) : (restoreContext.ALL() != null);
(backupContext.ALL() != null) : (restoreContext.ALL() != null);
if (!allExternalCatalog && (backupContext != null ?
(backupContext.CATALOG() != null || backupContext.CATALOGS() != null) :
(restoreContext.CATALOG() != null || restoreContext.CATALOGS() != null))) {
(backupContext.CATALOG() != null || backupContext.CATALOGS() != null) :
(restoreContext.CATALOG() != null || restoreContext.CATALOGS() != null))) {
if (backupContext != null) {
StarRocksParser.IdentifierListContext identifierListContext = backupContext.identifierList();
externalCatalogRefs = visit(identifierListContext.identifier(), Identifier.class)
.stream().map(Identifier::getValue)
.map(x -> new CatalogRef(x)).collect(Collectors.toList());
.stream().map(Identifier::getValue)
.map(x -> new CatalogRef(x)).collect(Collectors.toList());
} else {
List<StarRocksParser.IdentifierWithAliasContext> identifierWithAliasList =
restoreContext.identifierWithAliasList().identifierWithAlias();
restoreContext.identifierWithAliasList().identifierWithAlias();
for (StarRocksParser.IdentifierWithAliasContext identifierWithAliasContext : identifierWithAliasList) {
String originalName = getIdentifierName(identifierWithAliasContext.originalName);
String alias = identifierWithAliasContext.AS() != null ?
getIdentifierName(identifierWithAliasContext.alias) : "";
getIdentifierName(identifierWithAliasContext.alias) : "";
externalCatalogRefs.add(new CatalogRef(originalName, alias));
}
}
}
boolean containsExternalCatalog = allExternalCatalog || !externalCatalogRefs.isEmpty();

boolean specifyDbExplicitly =
backupContext != null ? (backupContext.DATABASE() != null) : (restoreContext.DATABASE() != null);
backupContext != null ? (backupContext.DATABASE() != null) : (restoreContext.DATABASE() != null);

if (specifyDbExplicitly && containsExternalCatalog) {
throw new ParsingException(PARSER_ERROR_MSG.unsupportedSepcifyDbForExternalCatalog());
Expand All @@ -3474,7 +3485,7 @@ private ParseNode parseBackupRestoreStatement(ParserRuleContext context) {
}

labelName = qualifiedNameToLabelName(getQualifiedName(backupContext != null ?
backupContext.qualifiedName() : restoreContext.qualifiedName()));
backupContext.qualifiedName() : restoreContext.qualifiedName()));
if (specifyDbExplicitly) {
if (labelName.getDbName() != null) {
throw new ParsingException(PARSER_ERROR_MSG.unsupportedSepcifyDbNameAfterSnapshotName());
Expand All @@ -3496,16 +3507,16 @@ private ParseNode parseBackupRestoreStatement(ParserRuleContext context) {

for (StarRocksParser.BackupRestoreObjectDescContext backupRestoreObjectDescContext : backupRestoreObjectDescContexts) {
boolean specifiedFunction = backupRestoreObjectDescContext.FUNCTION() != null ||
backupRestoreObjectDescContext.FUNCTIONS() != null;
backupRestoreObjectDescContext.FUNCTIONS() != null;
boolean specifiedMV = backupRestoreObjectDescContext.MATERIALIZED() != null;
boolean specifiedView = !specifiedMV && (backupRestoreObjectDescContext.VIEW() != null ||
backupRestoreObjectDescContext.VIEWS() != null);
backupRestoreObjectDescContext.VIEWS() != null);
boolean specifiedTable = backupRestoreObjectDescContext.TABLE() != null ||
backupRestoreObjectDescContext.TABLES() != null;
backupRestoreObjectDescContext.TABLES() != null;

if (backupContext != null && (backupRestoreObjectDescContext.AS() != null ||
(backupRestoreObjectDescContext.backupRestoreTableDesc() != null &&
backupRestoreObjectDescContext.backupRestoreTableDesc().AS() != null))) {
(backupRestoreObjectDescContext.backupRestoreTableDesc() != null &&
backupRestoreObjectDescContext.backupRestoreTableDesc().AS() != null))) {
throw new ParsingException(PARSER_ERROR_MSG.unsupportedSepcifyAliasInBackupStmt());
}

Expand All @@ -3516,7 +3527,7 @@ private ParseNode parseBackupRestoreStatement(ParserRuleContext context) {
if (backupRestoreObjectDescContext.AS() != null) {
alias = getIdentifierName(backupRestoreObjectDescContext.identifier());
} else if (backupRestoreObjectDescContext.backupRestoreTableDesc() != null &&
backupRestoreObjectDescContext.backupRestoreTableDesc().AS() != null) {
backupRestoreObjectDescContext.backupRestoreTableDesc().AS() != null) {
alias = getIdentifierName(backupRestoreObjectDescContext.backupRestoreTableDesc().identifier());
}
}
Expand All @@ -3528,36 +3539,36 @@ private ParseNode parseBackupRestoreStatement(ParserRuleContext context) {
}

fnRefs.add((FunctionRef) getFunctionRef(backupRestoreObjectDescContext.qualifiedName(),
alias, createPos(backupRestoreObjectDescContext)));
alias, createPos(backupRestoreObjectDescContext)));
} else if (specifiedMV) {
if (backupRestoreObjectDescContext.ALL() != null) {
allMarker.add(BackupObjectType.MV);
continue;
}

mvRefs.add((TableRef) getTableRef(backupRestoreObjectDescContext.qualifiedName(),
null, alias, createPos(backupRestoreObjectDescContext)));
null, alias, createPos(backupRestoreObjectDescContext)));
} else if (specifiedView) {
if (backupRestoreObjectDescContext.ALL() != null) {
allMarker.add(BackupObjectType.VIEW);
continue;
}

viewRefs.add((TableRef) getTableRef(backupRestoreObjectDescContext.qualifiedName(),
null, alias, createPos(backupRestoreObjectDescContext)));
null, alias, createPos(backupRestoreObjectDescContext)));
} else if (specifiedTable) {
if (backupRestoreObjectDescContext.ALL() != null) {
allMarker.add(BackupObjectType.TABLE);
continue;
}

tblRefs.add((TableRef) getTableRef(backupRestoreObjectDescContext.backupRestoreTableDesc().qualifiedName(),
backupRestoreObjectDescContext.backupRestoreTableDesc().partitionNames(),
alias, createPos(backupRestoreObjectDescContext)));
backupRestoreObjectDescContext.backupRestoreTableDesc().partitionNames(),
alias, createPos(backupRestoreObjectDescContext)));
} else {
mixTblRefs.add((TableRef) getTableRef(backupRestoreObjectDescContext.backupRestoreTableDesc().qualifiedName(),
backupRestoreObjectDescContext.backupRestoreTableDesc().partitionNames(),
alias, createPos(backupRestoreObjectDescContext)));
backupRestoreObjectDescContext.backupRestoreTableDesc().partitionNames(),
alias, createPos(backupRestoreObjectDescContext)));
}
}

Expand All @@ -3576,7 +3587,7 @@ private ParseNode parseBackupRestoreStatement(ParserRuleContext context) {

Map<String, String> properties = null;
StarRocksParser.PropertyListContext contextProperties =
(backupContext != null) ? backupContext.propertyList() : restoreContext.propertyList();
(backupContext != null) ? backupContext.propertyList() : restoreContext.propertyList();
if (contextProperties != null) {
properties = new HashMap<>();
List<Property> propertyList = visit(contextProperties.property(), Property.class);
Expand All @@ -3588,10 +3599,10 @@ private ParseNode parseBackupRestoreStatement(ParserRuleContext context) {
AbstractBackupStmt stmt = null;
if (backupContext != null) {
stmt = new BackupStmt(labelName, repoName, mixTblRefs, fnRefs, externalCatalogRefs, allMarker, withOnClause,
originDb != null ? originDb : "", properties, createPos(backupContext));
originDb != null ? originDb : "", properties, createPos(backupContext));
} else {
stmt = new RestoreStmt(labelName, repoName, mixTblRefs, fnRefs, externalCatalogRefs, allMarker, withOnClause,
originDb != null ? originDb : "", properties, createPos(restoreContext));
originDb != null ? originDb : "", properties, createPos(restoreContext));
}

return stmt;
Expand Down Expand Up @@ -3630,7 +3641,7 @@ public ParseNode visitCancelRestoreStatement(StarRocksParser.CancelRestoreStatem
if (context.CATALOG() == null && context.identifier() == null) {
throw new ParsingException(PARSER_ERROR_MSG.nullIdentifierCancelBackupRestore());
}
return new CancelBackupStmt(context.CATALOG() != null ? "" : ((Identifier) visit(context.identifier())).getValue(),
return new CancelBackupStmt(context.CATALOG() != null ? "" : ((Identifier) visit(context.identifier())).getValue(),
true, context.CATALOG() != null, createPos(context));
}

Expand Down
9 changes: 6 additions & 3 deletions fe/fe-core/src/main/java/com/starrocks/sql/parser/StarRocks.g4
View file
Original file line number Diff line number Diff line change
Expand Up @@ -597,12 +597,15 @@ recoverPartitionStatement

createViewStatement
: CREATE (OR REPLACE)? VIEW (IF NOT EXISTS)? qualifiedName
('(' columnNameWithComment (',' columnNameWithComment)* ')')?
comment? AS queryStatement
('(' columnNameWithComment (',' columnNameWithComment)* ')')?
comment?
(SECURITY (NONE | INVOKER))?
AS queryStatement
;

alterViewStatement
: ALTER VIEW qualifiedName ('(' columnNameWithComment (',' columnNameWithComment)* ')')? AS queryStatement
: ALTER VIEW qualifiedName ('(' columnNameWithComment (',' columnNameWithComment)* ')')? AS queryStatement
| ALTER VIEW qualifiedName SET SECURITY (NONE | INVOKER)
;

dropViewStatement
Expand Down
1 change: 1 addition & 0 deletions fe/fe-core/src/main/java/com/starrocks/sql/parser/StarRocksLex.g4
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,7 @@ INTERMEDIATE: 'INTERMEDIATE';
INTERSECT: 'INTERSECT';
INTERVAL: 'INTERVAL';
INTO: 'INTO';
INVOKER: 'INVOKER';
GIN: 'GIN';
OVERWRITE: 'OVERWRITE';
IS: 'IS';
Expand Down

0 comments on commit 1cc553e

Please sign in to comment.