Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

executor: add privilege check for show bindings #14443

Merged
merged 3 commits into from
Feb 3, 2020
Merged

executor: add privilege check for show bindings #14443

merged 3 commits into from
Feb 3, 2020

Conversation

alivxxx
Copy link
Contributor

@alivxxx alivxxx commented Jan 10, 2020

What problem does this PR solve?

Add privilege check for show bindings.

What is changed and how it works?

A binding will only be appended to result if the user has all tables' select priviledge in the sql.

Check List

Tests

  • Unit test

Code changes

  • Has exported function/method change

Side effects

  • None

Related changes

  • Need to cherry-pick to the release branch

Release note

  • add privilege check for show bindings

@alivxxx alivxxx requested a review from a team as a code owner January 10, 2020 09:01
@ghost ghost removed their request for review January 10, 2020 09:28
eurekaka
eurekaka reviewed Jan 14, 2020
View reviewed changes
executor/show.go Outdated
schema = v.defaultDB
}
if !v.is.TableExists(model.NewCIStr(schema), x.Name) {
v.ok = false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about setting v.ok to true if table does not exist in the information schema?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

v.ok=v.is.TableExists(model.NewCIStr(schema), x.Name)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@eurekaka Why? If the table does not exist anymore, why should we show it?
@crazycs520 No, ok may change from fasle to true then, which should not happen.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the table is re-created, then the binding would be shown then? would it confuse users since they don't touch bindings actually but the results change?

lzmhhh123
lzmhhh123 reviewed Jan 14, 2020
View reviewed changes
Copy link
Contributor

@lzmhhh123 lzmhhh123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lzmhhh123 lzmhhh123 added the status/LGT1 Indicates that a PR has LGTM 1. label Jan 14, 2020
crazycs520
crazycs520 reviewed Jan 14, 2020
View reviewed changes
Copy link
Contributor

@crazycs520 crazycs520 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

REST LGTM

eurekaka
eurekaka approved these changes Feb 3, 2020
View reviewed changes
Copy link
Contributor

@eurekaka eurekaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@eurekaka eurekaka added the status/can-merge Indicates a PR has been approved by a committer. label Feb 3, 2020
@sre-bot
Copy link
Contributor

sre-bot commented Feb 3, 2020

/run-all-tests

@sre-bot sre-bot merged commit 9e97091 into pingcap:master Feb 3, 2020
@sre-bot
Copy link
Contributor

sre-bot commented Feb 3, 2020

cherry pick to release-3.0 failed

@alivxxx alivxxx deleted the bind-privilege branch February 4, 2020 05:33
alivxxx added a commit to alivxxx/tidb that referenced this pull request Feb 4, 2020
@alivxxx
executor: add privilege check for show bindings (pingcap#14443)
2c1ba46
@alivxxx alivxxx mentioned this pull request Feb 4, 2020
Merged
sre-bot pushed a commit that referenced this pull request Feb 4, 2020
@alivxxx
executor: add privilege check for show bindings (#14443) (#14618)
0c426b1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lzmhhh123 lzmhhh123 lzmhhh123 left review comments

@crazycs520 crazycs520 crazycs520 left review comments

@eurekaka eurekaka eurekaka approved these changes

@winoros winoros Awaiting requested review from winoros

Assignees
No one assigned
Labels
component/privilege status/can-merge Indicates a PR has been approved by a committer. status/LGT1 Indicates that a PR has LGTM 1. type/bugfix This PR fixes a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@alivxxx @sre-bot @eurekaka @crazycs520 @lzmhhh123