Fix privilege check in CreateDatabaseBackendHandler (#32)

apache · Nov 1, 2024 · 8324e65 · 8324e65
1 parent 1e156c9
commit 8324e65
Show file tree

Hide file tree

Showing 17 changed files with 311 additions and 13 deletions.
diff --git a/...ority/core/src/main/java/com/sphereex/dbplusengine/authority/obj/domain/RALACLObject.java b/...ority/core/src/main/java/com/sphereex/dbplusengine/authority/obj/domain/RALACLObject.java
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.sphereex.dbplusengine.authority.obj.domain;
+
+import com.sphereex.dbplusengine.authority.model.obj.ACLObject;
+
+/**
+ * RAL ACL object.
+ */
+public final class RALACLObject implements ACLObject {
+}
diff --git a/...hereex/dbplusengine/authority/obj/extractor/type/dal/dialect/MySQLACLObjectExtractor.java b/...hereex/dbplusengine/authority/obj/extractor/type/dal/dialect/MySQLACLObjectExtractor.java
@@ -18,9 +18,12 @@
 package com.sphereex.dbplusengine.authority.obj.extractor.type.dal.dialect;
 
 import com.sphereex.dbplusengine.authority.model.obj.ACLObject;
+import com.sphereex.dbplusengine.authority.obj.domain.TableACLObject;
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
 import org.apache.shardingsphere.sql.parser.statement.mysql.MySQLStatement;
+import org.apache.shardingsphere.sql.parser.statement.mysql.dal.MySQLShowCreateTableStatement;
+import org.apache.shardingsphere.sql.parser.statement.mysql.ddl.MySQLDropIndexStatement;
 
 import java.util.Collection;
 import java.util.Collections;
@@ -39,7 +42,27 @@ public final class MySQLACLObjectExtractor {
      * @return extracted ACL objects
      */
     public static Collection<ACLObject> extract(final String currentDatabase, final MySQLStatement sqlStatement) {
-        // TODO
+        if (sqlStatement instanceof MySQLShowCreateTableStatement) {
+            return extractSowCreateTableStatement(currentDatabase, (MySQLShowCreateTableStatement) sqlStatement);
+        }
+        if (sqlStatement instanceof MySQLDropIndexStatement) {
+            return extractDropIndexStatement(currentDatabase, (MySQLDropIndexStatement) sqlStatement);
+        }
         return Collections.emptyList();
     }
+
+    private static Collection<ACLObject> extractSowCreateTableStatement(final String currentDatabase, final MySQLShowCreateTableStatement sqlStatement) {
+        String database = sqlStatement.getTable().getOwner().map(optional -> optional.getIdentifier().getValue()).orElse(currentDatabase);
+        String table = sqlStatement.getTable().getTableName().getIdentifier().getValue();
+        return Collections.singleton(new TableACLObject(database, table));
+    }
+
+    private static Collection<ACLObject> extractDropIndexStatement(final String currentDatabase, final MySQLDropIndexStatement sqlStatement) {
+        if (!sqlStatement.getSimpleTable().isPresent()) {
+            return Collections.emptyList();
+        }
+        String database = sqlStatement.getSimpleTable().get().getOwner().map(optional -> optional.getIdentifier().getValue()).orElse(currentDatabase);
+        String table = sqlStatement.getSimpleTable().get().getTableName().getIdentifier().getValue();
+        return Collections.singleton(new TableACLObject(database, table));
+    }
 }
diff --git a/...ava/com/sphereex/dbplusengine/authority/obj/extractor/type/ddl/DDLACLObjectExtractor.java b/...ava/com/sphereex/dbplusengine/authority/obj/extractor/type/ddl/DDLACLObjectExtractor.java
@@ -19,16 +19,22 @@
 
 import com.sphereex.dbplusengine.authority.model.obj.ACLObject;
 import com.sphereex.dbplusengine.authority.obj.extractor.type.ddl.type.AlterTableACLObjectExtractor;
+import com.sphereex.dbplusengine.authority.obj.extractor.type.ddl.type.CreateDatabaseACLObjectExtractor;
+import com.sphereex.dbplusengine.authority.obj.extractor.type.ddl.type.CreateIndexACLObjectExtractor;
 import com.sphereex.dbplusengine.authority.obj.extractor.type.ddl.type.CreateTableACLObjectExtractor;
 import com.sphereex.dbplusengine.authority.obj.extractor.type.ddl.type.DropDatabaseACLObjectExtractor;
+import com.sphereex.dbplusengine.authority.obj.extractor.type.ddl.type.DropIndexACLObjectExtractor;
 import com.sphereex.dbplusengine.authority.obj.extractor.type.ddl.type.DropTableACLObjectExtractor;
 import com.sphereex.dbplusengine.authority.obj.extractor.type.ddl.type.TruncateTableACLObjectExtractor;
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.SQLStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.AlterTableStatement;
+import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.CreateDatabaseStatement;
+import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.CreateIndexStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.CreateTableStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.DropDatabaseStatement;
+import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.DropIndexStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.DropTableStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.TruncateStatement;
 
@@ -58,9 +64,18 @@ public static Collection<ACLObject> extract(final String currentDatabase, final
         if (sqlStatement instanceof DropTableStatement) {
             return DropTableACLObjectExtractor.extract(currentDatabase, (DropTableStatement) sqlStatement);
         }
+        if (sqlStatement instanceof CreateIndexStatement) {
+            return CreateIndexACLObjectExtractor.extract(currentDatabase, (CreateIndexStatement) sqlStatement);
+        }
+        if (sqlStatement instanceof DropIndexStatement) {
+            return DropIndexACLObjectExtractor.extract(currentDatabase, (DropIndexStatement) sqlStatement);
+        }
         if (sqlStatement instanceof TruncateStatement) {
             return TruncateTableACLObjectExtractor.extract(currentDatabase, (TruncateStatement) sqlStatement);
         }
+        if (sqlStatement instanceof CreateDatabaseStatement) {
+            return CreateDatabaseACLObjectExtractor.extract((CreateDatabaseStatement) sqlStatement);
+        }
         if (sqlStatement instanceof DropDatabaseStatement) {
             return DropDatabaseACLObjectExtractor.extract((DropDatabaseStatement) sqlStatement);
         }

diff --git a/.../dbplusengine/authority/obj/extractor/type/ddl/type/CreateDatabaseACLObjectExtractor.java b/.../dbplusengine/authority/obj/extractor/type/ddl/type/CreateDatabaseACLObjectExtractor.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.sphereex.dbplusengine.authority.obj.extractor.type.ddl.type;
+
+import com.sphereex.dbplusengine.authority.model.obj.ACLObject;
+import com.sphereex.dbplusengine.authority.obj.domain.TableACLObject;
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
+import org.apache.shardingsphere.authority.constant.AuthorityConstants;
+import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.CreateDatabaseStatement;
+
+import java.util.Collection;
+import java.util.Collections;
+
+/**
+ * Create database ACL object extractor.
+ */
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
+public final class CreateDatabaseACLObjectExtractor {
+
+    /**
+     * Extract ACL objects.
+     *
+     * @param sqlStatement create database statement
+     * @return extracted ACL objects
+     */
+    public static Collection<ACLObject> extract(final CreateDatabaseStatement sqlStatement) {
+        return Collections.singleton(new TableACLObject(sqlStatement.getDatabaseName(), AuthorityConstants.PRIVILEGE_WILDCARD));
+    }
+}
diff --git a/...eex/dbplusengine/authority/obj/extractor/type/ddl/type/CreateIndexACLObjectExtractor.java b/...eex/dbplusengine/authority/obj/extractor/type/ddl/type/CreateIndexACLObjectExtractor.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.sphereex.dbplusengine.authority.obj.extractor.type.ddl.type;
+
+import com.sphereex.dbplusengine.authority.model.obj.ACLObject;
+import com.sphereex.dbplusengine.authority.obj.domain.TableACLObject;
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
+import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.CreateIndexStatement;
+
+import java.util.Collection;
+import java.util.Collections;
+
+/**
+ * Create index ACL object extractor.
+ */
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
+public final class CreateIndexACLObjectExtractor {
+
+    /**
+     * Extract ACL objects.
+     *
+     * @param currentDatabase current database name
+     * @param sqlStatement create index statement
+     * @return extracted ACL objects
+     */
+    public static Collection<ACLObject> extract(final String currentDatabase, final CreateIndexStatement sqlStatement) {
+        if (null == sqlStatement.getTable()) {
+            return Collections.emptyList();
+        }
+        String database = sqlStatement.getTable().getOwner().map(optional -> optional.getIdentifier().getValue()).orElse(currentDatabase);
+        String table = sqlStatement.getTable().getTableName().getIdentifier().getValue();
+        return Collections.singleton(new TableACLObject(database, table));
+    }
+}
diff --git a/...ereex/dbplusengine/authority/obj/extractor/type/ddl/type/DropIndexACLObjectExtractor.java b/...ereex/dbplusengine/authority/obj/extractor/type/ddl/type/DropIndexACLObjectExtractor.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.sphereex.dbplusengine.authority.obj.extractor.type.ddl.type;
+
+import com.sphereex.dbplusengine.authority.model.obj.ACLObject;
+import com.sphereex.dbplusengine.authority.obj.extractor.type.dal.dialect.MySQLACLObjectExtractor;
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
+import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.DropIndexStatement;
+import org.apache.shardingsphere.sql.parser.statement.mysql.MySQLStatement;
+
+import java.util.Collection;
+import java.util.Collections;
+
+/**
+ * Drop index ACL object extractor.
+ */
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
+public final class DropIndexACLObjectExtractor {
+
+    /**
+     * Extract ACL objects.
+     *
+     * @param currentDatabase current database name
+     * @param sqlStatement drop index statement
+     * @return extracted ACL objects
+     */
+    public static Collection<ACLObject> extract(final String currentDatabase, final DropIndexStatement sqlStatement) {
+        return sqlStatement instanceof MySQLStatement ? MySQLACLObjectExtractor.extract(currentDatabase, (MySQLStatement) sqlStatement) : Collections.emptyList();
+    }
+}
diff --git a/...sphereex/dbplusengine/authority/obj/extractor/type/distsql/DistSQLACLObjectExtractor.java b/...sphereex/dbplusengine/authority/obj/extractor/type/distsql/DistSQLACLObjectExtractor.java
@@ -20,12 +20,16 @@
 import com.sphereex.dbplusengine.authority.model.obj.ACLObject;
 import com.sphereex.dbplusengine.authority.obj.domain.DCLACLObject;
 import com.sphereex.dbplusengine.authority.obj.domain.DistSQLACLObject;
+import com.sphereex.dbplusengine.authority.obj.domain.RALACLObject;
 import com.sphereex.dbplusengine.distsql.acl.DistSQLACLObjectUtils;
 import com.sphereex.dbplusengine.distsql.extractor.DistSQLResourceIdentifierExtractor;
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
 import org.apache.shardingsphere.authority.constant.AuthorityConstants;
 import org.apache.shardingsphere.distsql.statement.DistSQLStatement;
+import org.apache.shardingsphere.distsql.statement.ral.RALStatement;
+import org.apache.shardingsphere.distsql.statement.rdl.rule.global.GlobalRuleDefinitionStatement;
+import org.apache.shardingsphere.distsql.statement.rql.rule.global.ShowGlobalRulesStatement;
 import org.apache.shardingsphere.infra.spi.type.typed.TypedSPILoader;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.dcl.DCLStatement;
 
@@ -51,6 +55,9 @@ public static Collection<ACLObject> extract(final String currentDatabase, final
         if (sqlStatement instanceof DCLStatement) {
             return Collections.singleton(new DCLACLObject());
         }
+        if (sqlStatement instanceof RALStatement || sqlStatement instanceof ShowGlobalRulesStatement || sqlStatement instanceof GlobalRuleDefinitionStatement) {
+            return Collections.singleton(new RALACLObject());
+        }
         Collection<String> aclObjectNames = TypedSPILoader.findService(DistSQLResourceIdentifierExtractor.class, sqlStatement.getClass())
                 .map(optional -> optional.extract(sqlStatement)).orElse(Collections.emptyList());
         String aclObjectTypeName = DistSQLACLObjectUtils.getACLObject(sqlStatement.getClass());

diff --git a/...re/src/main/java/com/sphereex/dbplusengine/authority/operation/ACLOperationExtractor.java b/...re/src/main/java/com/sphereex/dbplusengine/authority/operation/ACLOperationExtractor.java
@@ -22,25 +22,31 @@
 import lombok.NoArgsConstructor;
 import org.apache.shardingsphere.distsql.statement.DistSQLStatement;
 import org.apache.shardingsphere.distsql.statement.ral.RALStatement;
+import org.apache.shardingsphere.distsql.statement.rdl.resource.unit.type.AlterStorageUnitStatement;
 import org.apache.shardingsphere.distsql.statement.rdl.resource.unit.type.RegisterStorageUnitStatement;
 import org.apache.shardingsphere.distsql.statement.rdl.resource.unit.type.UnregisterStorageUnitStatement;
 import org.apache.shardingsphere.distsql.statement.rdl.rule.database.type.AlterRuleStatement;
 import org.apache.shardingsphere.distsql.statement.rdl.rule.database.type.CreateRuleStatement;
 import org.apache.shardingsphere.distsql.statement.rdl.rule.database.type.DropRuleStatement;
+import org.apache.shardingsphere.distsql.statement.rdl.rule.global.GlobalRuleDefinitionStatement;
 import org.apache.shardingsphere.distsql.statement.rql.resource.ShowStorageUnitsStatement;
 import org.apache.shardingsphere.distsql.statement.rql.rule.database.ShowDatabaseRulesStatement;
+import org.apache.shardingsphere.distsql.statement.rql.rule.global.ShowGlobalRulesStatement;
 import org.apache.shardingsphere.distsql.statement.rul.sql.FormatStatement;
 import org.apache.shardingsphere.distsql.statement.rul.sql.ParseStatement;
 import org.apache.shardingsphere.distsql.statement.rul.sql.PreviewStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.SQLStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.dcl.DCLStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.AlterDatabaseStatement;
+import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.AlterIndexStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.AlterTableStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.CreateDatabaseStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.CreateFunctionStatement;
+import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.CreateIndexStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.CreateTableStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.DDLStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.DropDatabaseStatement;
+import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.DropIndexStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.DropTableStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.ddl.TruncateStatement;
 import org.apache.shardingsphere.sql.parser.statement.core.statement.dml.DMLStatement;
@@ -102,7 +108,7 @@ private static ACLOperation extractDDL(final DDLStatement sqlStatement) {
         if (sqlStatement instanceof AlterDatabaseStatement) {
             return ACLOperation.ALTER_ANY_DATABASE;
         }
-        if (sqlStatement instanceof AlterTableStatement) {
+        if (sqlStatement instanceof AlterTableStatement || isIndexDDLStatement(sqlStatement)) {
             return ACLOperation.ALTER;
         }
         if (sqlStatement instanceof CreateFunctionStatement) {
@@ -114,6 +120,10 @@ private static ACLOperation extractDDL(final DDLStatement sqlStatement) {
         return ACLOperation.UNKNOWN;
     }
 
+    private static boolean isIndexDDLStatement(final SQLStatement sqlStatement) {
+        return sqlStatement instanceof CreateIndexStatement || sqlStatement instanceof AlterIndexStatement || sqlStatement instanceof DropIndexStatement;
+    }
+
     private static ACLOperation extractDistSQL(final DistSQLStatement sqlStatement) {
         if (sqlStatement instanceof CreateRuleStatement) {
             return ACLOperation.CREATE_RULE;
@@ -127,7 +137,7 @@ private static ACLOperation extractDistSQL(final DistSQLStatement sqlStatement)
         if (sqlStatement instanceof ShowDatabaseRulesStatement || sqlStatement instanceof ShowStorageUnitsStatement) {
             return ACLOperation.SHOW_RULES;
         }
-        if (sqlStatement instanceof RegisterStorageUnitStatement) {
+        if (sqlStatement instanceof RegisterStorageUnitStatement || sqlStatement instanceof AlterStorageUnitStatement) {
             return ACLOperation.REGISTER;
         }
         if (sqlStatement instanceof UnregisterStorageUnitStatement) {
@@ -145,7 +155,7 @@ private static ACLOperation extractDistSQL(final DistSQLStatement sqlStatement)
         if (sqlStatement instanceof ParseStatement) {
             return ACLOperation.PARSE;
         }
-        if (sqlStatement instanceof RALStatement) {
+        if (sqlStatement instanceof RALStatement || sqlStatement instanceof ShowGlobalRulesStatement || sqlStatement instanceof GlobalRuleDefinitionStatement) {
             return ACLOperation.RAL_OPERATE;
         }
         return ACLOperation.UNKNOWN;

diff --git a/...el/authority/distsql/handler/src/test/resources/cases/show-dist-users-current-config.yaml b/...el/authority/distsql/handler/src/test/resources/cases/show-dist-users-current-config.yaml
@@ -21,4 +21,5 @@ rules:
     users:
       - user: root@%
         password: 123456
+        admin: true
 #SPEX ADDED: END
diff --git a/kernel/authority/distsql/handler/src/test/resources/cases/show-dist-users.xml b/kernel/authority/distsql/handler/src/test/resources/cases/show-dist-users.xml
@@ -19,7 +19,7 @@
 <distsql-rule-query-executor-test-cases>
     <test-case dist-sql="SHOW DIST USERS" current-rule-config-yaml-file="cases/show-dist-users-current-config.yaml">
         <expected-query-result-rows>
-            <expected-query-result-row>%|root</expected-query-result-row>
+            <expected-query-result-row>%|root|Y</expected-query-result-row>
         </expected-query-result-rows>
     </test-case>
 </distsql-rule-query-executor-test-cases>