databendlabs · BohuTANG · Dec 14, 2021 · Dec 10, 2021 · Dec 10, 2021 · Dec 10, 2021
diff --git a/common/management/src/user/user_api.rs b/common/management/src/user/user_api.rs
@@ -18,7 +18,7 @@ use common_meta_types::AuthType;
 use common_meta_types::GrantObject;
 use common_meta_types::SeqV;
 use common_meta_types::UserInfo;
-use common_meta_types::UserPrivilege;
+use common_meta_types::UserPrivilegeSet;
 
 #[async_trait::async_trait]
 pub trait UserMgrApi: Sync + Send {
@@ -47,7 +47,7 @@ pub trait UserMgrApi: Sync + Send {
         username: String,
         hostname: String,
         object: GrantObject,
-        privileges: UserPrivilege,
+        privileges: UserPrivilegeSet,
         seq: Option<u64>,
     ) -> Result<Option<u64>>;
 
@@ -56,7 +56,7 @@ pub trait UserMgrApi: Sync + Send {
         username: String,
         hostname: String,
         object: GrantObject,
-        privileges: UserPrivilege,
+        privileges: UserPrivilegeSet,
         seq: Option<u64>,
     ) -> Result<Option<u64>>;
 

diff --git a/common/management/src/user/user_mgr.rs b/common/management/src/user/user_mgr.rs
@@ -29,7 +29,7 @@ use common_meta_types::Operation;
 use common_meta_types::SeqV;
 use common_meta_types::UpsertKVAction;
 use common_meta_types::UserInfo;
-use common_meta_types::UserPrivilege;
+use common_meta_types::UserPrivilegeSet;
 
 use crate::user::user_api::UserMgrApi;
 
@@ -204,7 +204,7 @@ impl UserMgrApi for UserMgr {
         username: String,
         hostname: String,
         object: GrantObject,
-        privileges: UserPrivilege,
+        privileges: UserPrivilegeSet,
         seq: Option<u64>,
     ) -> Result<Option<u64>> {
         let user_val_seq = self.get_user(username.clone(), hostname.clone(), seq);
@@ -221,7 +221,7 @@ impl UserMgrApi for UserMgr {
         username: String,
         hostname: String,
         object: GrantObject,
-        privileges: UserPrivilege,
+        privileges: UserPrivilegeSet,
         seq: Option<u64>,
     ) -> Result<Option<u64>> {
         let user_val_seq = self.get_user(username.clone(), hostname.clone(), seq);

diff --git a/common/management/tests/it/user.rs b/common/management/tests/it/user.rs
@@ -728,7 +728,7 @@ mod set_user_privileges {
     use common_meta_types::AuthType;
     use common_meta_types::GrantObject;
     use common_meta_types::UserInfo;
-    use common_meta_types::UserPrivilege;
+    use common_meta_types::UserPrivilegeSet;
     use common_meta_types::UserPrivilegeType;
 
     use super::*;
@@ -761,7 +761,7 @@ mod set_user_privileges {
                 .return_once(move |_k| Ok(Some(SeqV::new(0, prev_value))));
         }
         // - update_kv should be called
-        let mut privileges = UserPrivilege::empty();
+        let mut privileges = UserPrivilegeSet::empty();
         privileges.set_privilege(UserPrivilegeType::Select);
         user_info.grants.grant_privileges(
             test_user_name,

diff --git a/common/meta/types/src/lib.rs b/common/meta/types/src/lib.rs
@@ -30,6 +30,7 @@ mod seq_value;
 mod table;
 mod user_auth;
 mod user_grant;
+mod user_identity;
 mod user_info;
 mod user_privilege;
 mod user_quota;
@@ -90,8 +91,9 @@ pub use user_auth::AuthType;
 pub use user_grant::GrantEntry;
 pub use user_grant::GrantObject;
 pub use user_grant::UserGrantSet;
+pub use user_identity::UserIdentity;
 pub use user_info::UserInfo;
-pub use user_privilege::UserPrivilege;
+pub use user_privilege::UserPrivilegeSet;
 pub use user_privilege::UserPrivilegeType;
 pub use user_quota::UserQuota;
 pub use user_stage::*;
diff --git a/common/meta/types/src/user_grant.rs b/common/meta/types/src/user_grant.rs
@@ -12,9 +12,11 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use std::fmt;
+
 use enumflags2::BitFlags;
 
-use crate::UserPrivilege;
+use crate::UserPrivilegeSet;
 use crate::UserPrivilegeType;
 
 #[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq)]
@@ -24,6 +26,16 @@ pub enum GrantObject {
     Table(String, String),
 }
 
+impl fmt::Display for GrantObject {
+    fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+        match self {
+            GrantObject::Global => write!(f, "*.*"),
+            GrantObject::Database(ref db) => write!(f, "'{}'.*", db),
+            GrantObject::Table(ref db, ref table) => write!(f, "'{}'.'{}'", db, table),
+        }
+    }
+}
+
 #[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq)]
 pub struct GrantEntry {
     user: String,
@@ -128,6 +140,17 @@ impl GrantEntry {
     }
 }
 
+impl fmt::Display for GrantEntry {
+    fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+        let privileges: UserPrivilegeSet = self.privileges.into();
+        write!(
+            f,
+            "GRANT {} ON {} TO '{}'@'{}'",
+            privileges, self.object, self.user, self.host_pattern
+        )
+    }
+}
+
 #[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq, Default)]
 pub struct UserGrantSet {
     grants: Vec<GrantEntry>,
@@ -183,7 +206,7 @@ impl UserGrantSet {
         user: &str,
         host_pattern: &str,
         object: &GrantObject,
-        privileges: UserPrivilege,
+        privileges: UserPrivilegeSet,
     ) {
         let privileges: BitFlags<UserPrivilegeType> = privileges.into();
         let mut new_grants: Vec<GrantEntry> = vec![];
@@ -215,7 +238,7 @@ impl UserGrantSet {
         user: &str,
         host_pattern: &str,
         object: &GrantObject,
-        privileges: UserPrivilege,
+        privileges: UserPrivilegeSet,
     ) {
         let privileges: BitFlags<UserPrivilegeType> = privileges.into();
         let grants = self

diff --git a/common/meta/types/src/user_identity.rs b/common/meta/types/src/user_identity.rs
@@ -0,0 +1,19 @@
+// Copyright 2021 Datafuse Labs.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq)]
+pub struct UserIdentity {
+    pub username: String,
+    pub hostname: String,
+}
diff --git a/common/meta/types/src/user_privilege.rs b/common/meta/types/src/user_privilege.rs
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use std::fmt;
 use std::ops;
 
 use enumflags2::bitflags;
@@ -41,14 +42,26 @@ const ALL_PRIVILEGES: BitFlags<UserPrivilegeType> = make_bitflags!(
         | Set}
 );
 
+impl std::fmt::Display for UserPrivilegeType {
+    fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+        write!(f, "{}", match self {
+            UserPrivilegeType::Usage => "USAGE",
+            UserPrivilegeType::Create => "CREATE",
+            UserPrivilegeType::Select => "SELECT",
+            UserPrivilegeType::Insert => "INSERT",
+            UserPrivilegeType::Set => "SET",
+        })
+    }
+}
+
 #[derive(serde::Serialize, serde::Deserialize, Clone, Copy, Default, Debug, Eq, PartialEq)]
-pub struct UserPrivilege {
+pub struct UserPrivilegeSet {
     privileges: BitFlags<UserPrivilegeType>,
 }
 
-impl UserPrivilege {
+impl UserPrivilegeSet {
     pub fn empty() -> Self {
-        UserPrivilege {
+        UserPrivilegeSet {
             privileges: BitFlags::empty(),
         }
     }
@@ -70,7 +83,21 @@ impl UserPrivilege {
     }
 }
 
-impl ops::BitOr for UserPrivilege {
+impl std::fmt::Display for UserPrivilegeSet {
+    fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+        write!(
+            f,
+            "{}",
+            self.privileges
+                .iter()
+                .map(|p| p.to_string())
+                .collect::<Vec<_>>()
+                .join(",")
+        )
+    }
+}
+
+impl ops::BitOr for UserPrivilegeSet {
     type Output = Self;
     #[inline(always)]
     fn bitor(self, other: Self) -> Self {
@@ -80,21 +107,21 @@ impl ops::BitOr for UserPrivilege {
     }
 }
 
-impl ops::BitOrAssign for UserPrivilege {
+impl ops::BitOrAssign for UserPrivilegeSet {
     #[inline(always)]
     fn bitor_assign(&mut self, other: Self) {
         self.privileges |= other.privileges
     }
 }
 
-impl From<UserPrivilege> for BitFlags<UserPrivilegeType> {
-    fn from(privilege: UserPrivilege) -> BitFlags<UserPrivilegeType> {
+impl From<UserPrivilegeSet> for BitFlags<UserPrivilegeType> {
+    fn from(privilege: UserPrivilegeSet) -> BitFlags<UserPrivilegeType> {
         privilege.privileges
     }
 }
 
-impl From<BitFlags<UserPrivilegeType>> for UserPrivilege {
-    fn from(privileges: BitFlags<UserPrivilegeType>) -> UserPrivilege {
-        UserPrivilege { privileges }
+impl From<BitFlags<UserPrivilegeType>> for UserPrivilegeSet {
+    fn from(privileges: BitFlags<UserPrivilegeType>) -> UserPrivilegeSet {
+        UserPrivilegeSet { privileges }
     }
 }
diff --git a/common/meta/types/tests/it/user_privilege.rs b/common/meta/types/tests/it/user_privilege.rs
@@ -13,12 +13,12 @@
 // limitations under the License.
 
 use common_exception::exception::Result;
-use common_meta_types::UserPrivilege;
+use common_meta_types::UserPrivilegeSet;
 use common_meta_types::UserPrivilegeType;
 
 #[test]
 fn test_user_privilege() -> Result<()> {
-    let mut privileges = UserPrivilege::empty();
+    let mut privileges = UserPrivilegeSet::empty();
     let r = privileges.has_privilege(UserPrivilegeType::Set);
     assert!(!r);
 

diff --git a/common/planners/src/lib.rs b/common/planners/src/lib.rs
@@ -53,6 +53,7 @@ mod plan_revoke_privilege;
 mod plan_rewriter;
 mod plan_select;
 mod plan_setting;
+mod plan_show_grants;
 mod plan_show_table_create;
 mod plan_sink;
 mod plan_sort;
@@ -133,6 +134,7 @@ pub use plan_rewriter::RewriteHelper;
 pub use plan_select::SelectPlan;
 pub use plan_setting::SettingPlan;
 pub use plan_setting::VarValue;
+pub use plan_show_grants::ShowGrantsPlan;
 pub use plan_show_table_create::ShowCreateTablePlan;
 pub use plan_sink::SinkPlan;
 pub use plan_sink::SINK_SCHEMA;

diff --git a/common/planners/src/plan_grant_privilege.rs b/common/planners/src/plan_grant_privilege.rs
@@ -17,13 +17,13 @@ use std::sync::Arc;
 use common_datavalues::DataSchema;
 use common_datavalues::DataSchemaRef;
 use common_meta_types::GrantObject;
-use common_meta_types::UserPrivilege;
+use common_meta_types::UserPrivilegeSet;
 
 #[derive(serde::Serialize, serde::Deserialize, Clone, Debug, PartialEq)]
 pub struct GrantPrivilegePlan {
     pub name: String,
     pub hostname: String,
-    pub priv_types: UserPrivilege,
+    pub priv_types: UserPrivilegeSet,
     pub on: GrantObject,
 }
 

diff --git a/common/planners/src/plan_node.rs b/common/planners/src/plan_node.rs
@@ -48,6 +48,7 @@ use crate::RevokePrivilegePlan;
 use crate::SelectPlan;
 use crate::SettingPlan;
 use crate::ShowCreateTablePlan;
+use crate::ShowGrantsPlan;
 use crate::SinkPlan;
 use crate::SortPlan;
 use crate::StagePlan;
@@ -94,6 +95,7 @@ pub enum PlanNode {
     GrantPrivilege(GrantPrivilegePlan),
     RevokePrivilege(RevokePrivilegePlan),
     CreateUserStage(CreateUserStagePlan),
+    ShowGrants(ShowGrantsPlan),
 }
 
 impl PlanNode {
@@ -137,6 +139,7 @@ impl PlanNode {
             PlanNode::Sink(v) => v.schema(),
             PlanNode::Copy(v) => v.schema(),
             PlanNode::CreateUserStage(v) => v.schema(),
+            PlanNode::ShowGrants(v) => v.schema(),
         }
     }
 
@@ -179,6 +182,7 @@ impl PlanNode {
             PlanNode::Sink(_) => "SinkPlan",
             PlanNode::Copy(_) => "CopyPlan",
             PlanNode::CreateUserStage(_) => "CreateUserStagePlan",
+            PlanNode::ShowGrants(_) => "ShowGrantsPlan",
         }
     }
 

diff --git a/common/planners/src/plan_revoke_privilege.rs b/common/planners/src/plan_revoke_privilege.rs
@@ -17,13 +17,13 @@ use std::sync::Arc;
 use common_datavalues::DataSchema;
 use common_datavalues::DataSchemaRef;
 use common_meta_types::GrantObject;
-use common_meta_types::UserPrivilege;
+use common_meta_types::UserPrivilegeSet;
 
 #[derive(serde::Serialize, serde::Deserialize, Clone, Debug, PartialEq)]
 pub struct RevokePrivilegePlan {
     pub username: String,
     pub hostname: String,
-    pub priv_types: UserPrivilege,
+    pub priv_types: UserPrivilegeSet,
     pub on: GrantObject,
 }
 

diff --git a/common/planners/src/plan_rewriter.rs b/common/planners/src/plan_rewriter.rs
@@ -57,6 +57,7 @@ use crate::RevokePrivilegePlan;
 use crate::SelectPlan;
 use crate::SettingPlan;
 use crate::ShowCreateTablePlan;
+use crate::ShowGrantsPlan;
 use crate::SinkPlan;
 use crate::SortPlan;
 use crate::StagePlan;
@@ -122,6 +123,7 @@ pub trait PlanRewriter {
             PlanNode::RevokePrivilege(plan) => self.revoke_privilege(plan),
             PlanNode::CreateUserStage(plan) => self.rewrite_create_stage(plan),
             PlanNode::Sink(plan) => self.rewrite_sink(plan),
+            PlanNode::ShowGrants(plan) => self.rewrite_show_grants(plan),
         }
     }
 
@@ -388,6 +390,10 @@ pub trait PlanRewriter {
         Ok(PlanNode::CreateUserStage(plan.clone()))
     }
 
+    fn rewrite_show_grants(&mut self, plan: &ShowGrantsPlan) -> Result<PlanNode> {
+        Ok(PlanNode::ShowGrants(plan.clone()))
+    }
+
     fn rewrite_sink(&mut self, plan: &SinkPlan) -> Result<PlanNode> {
         Ok(PlanNode::Sink(plan.clone()))
     }