Skip to content

Commit

Permalink
add GrantRoleStmt
Browse files Browse the repository at this point in the history
  • Loading branch information
imtbkcat committed Mar 19, 2019
1 parent 551b517 commit 03cdc88
Show file tree
Hide file tree
Showing 5 changed files with 83 additions and 3 deletions.
54 changes: 54 additions & 0 deletions ast/misc.go
Original file line number Diff line number Diff line change
Expand Up @@ -1585,6 +1585,60 @@ func (n *GrantStmt) Accept(v Visitor) (Node, bool) {
return v.Leave(n)
}

// GrantRoleStmt is the struct for GRANT TO statement.
type GrantRoleStmt struct {
stmtNode

Roles []*auth.RoleIdentity
Users []*auth.UserIdentity
}

// Accept implements Node Accept interface.
func (n *GrantRoleStmt) Accept(v Visitor) (Node, bool) {
newNode, skipChildren := v.Enter(n)
if skipChildren {
return v.Leave(newNode)
}
n = newNode.(*GrantRoleStmt)
return v.Leave(n)
}

// Restore implements Node interface.
func (n *GrantRoleStmt) Restore(ctx *RestoreCtx) error {
ctx.WriteKeyWord("GRANT ")
if len(n.Roles) > 0 {
for i, role := range n.Roles {
if i != 0 {
ctx.WritePlain(", ")
}
if err := role.Restore(ctx); err != nil {
return errors.Annotatef(err, "An error occurred while restore GrantRoleStmt.Roles[%d]", i)
}
}
}
ctx.WriteKeyWord(" TO ")
for i, v := range n.Users {
if i != 0 {
ctx.WritePlain(", ")
}
if err := v.Restore(ctx); err != nil {
return errors.Annotatef(err, "An error occurred while restore GrantStmt.Users[%d]", i)
}
}
return nil
}

// SecureText implements SensitiveStatement interface.
func (n *GrantRoleStmt) SecureText() string {
text := n.text
// Filter "identified by xxx" because it would expose password information.
idx := strings.Index(strings.ToLower(text), "identified")
if idx > 0 {
text = text[:idx]
}
return text
}

// Ident is the table identifier composed of schema name and table name.
type Ident struct {
Schema model.CIStr
Expand Down
15 changes: 15 additions & 0 deletions auth/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -124,3 +124,18 @@ func DecodePassword(pwd string) ([]byte, error) {
}
return x, nil
}

func (role *RoleIdentity) Restore(ctx *RestoreCtx) error {
ctx.WriteName(role.Username)
if role.Hostname != "" {
ctx.WritePlain("@")
ctx.WriteName(role.Hostname)
}
return nil
}

// String converts UserIdentity to the format user@host.
func (role *RoleIdentity) String() string {
// TODO: Escape username and hostname.
return fmt.Sprintf("`%s`@`%s`", role.Username, role.Hostname)
}
7 changes: 7 additions & 0 deletions parser.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions parser.y
Original file line number Diff line number Diff line change
Expand Up @@ -7679,6 +7679,10 @@ GrantStmt:
GrantRoleStmt:
"GRANT" RolenameList "TO" UsernameList
{
$$ = &ast.GrantRoleStmt {
Roles: $2.([]*auth.RoleIdentity),
Users: $4.([]*auth.UserIdentity),
}
}

WithGrantOptionOpt:
Expand Down
6 changes: 3 additions & 3 deletions parser_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2134,9 +2134,9 @@ func (s *testParserSuite) TestPrivilege(c *C) {
{"GRANT SELECT ON test.* to 'test'", true, "GRANT SELECT ON `test`.* TO `test`@`%`"}, // For issue 2654.
{"grant PROCESS,usage, REPLICATION SLAVE, REPLICATION CLIENT on *.* to 'xxxxxxxxxx'@'%' identified by password 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'", true, "GRANT PROCESS /* UNSUPPORTED TYPE */ /* UNSUPPORTED TYPE */ /* UNSUPPORTED TYPE */ ON *.* TO `xxxxxxxxxx`@`%` IDENTIFIED BY PASSWORD 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'"}, // For issue 4865
{"/* rds internal mark */ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, RELOAD, PROCESS, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER on *.* to 'root2'@'%' identified by password '*sdsadsdsadssadsadsadsadsada' with grant option", true, "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES /* UNSUPPORTED TYPE */, PROCESS, INDEX, ALTER /* UNSUPPORTED TYPE */ /* UNSUPPORTED TYPE */, EXECUTE /* UNSUPPORTED TYPE */ /* UNSUPPORTED TYPE */, CREATE VIEW, SHOW VIEW /* UNSUPPORTED TYPE */ /* UNSUPPORTED TYPE */, CREATE USER /* UNSUPPORTED TYPE */, TRIGGER ON *.* TO `root2`@`%` IDENTIFIED BY PASSWORD '*sdsadsdsadssadsadsadsadsada' WITH GRANT OPTION"},
{"GRANT 'role1', 'role2' TO 'user1'@'localhost', 'user2'@'localhost';", true, ""},
{"GRANT 'u1' TO 'u1';", true, ""},
{"GRANT 'app_developer' TO 'dev1'@'localhost';", true, ""},
{"GRANT 'role1', 'role2' TO 'user1'@'localhost', 'user2'@'localhost';", true, "GRANT `role1`@`%`, `role2`@`%` TO `user1`@`localhost`, `user2`@`localhost`"},
{"GRANT 'u1' TO 'u1';", true, "GRANT `u1`@`%` TO `u1`@`%`"},
{"GRANT 'app_developer' TO 'dev1'@'localhost';", true, "GRANT `app_developer`@`%` TO `dev1`@`localhost`"},

// for revoke statement
{"REVOKE ALL ON db1.* FROM 'jeffrey'@'localhost';", true, "REVOKE ALL ON `db1`.* FROM `jeffrey`@`localhost`"},
Expand Down

0 comments on commit 03cdc88

Please sign in to comment.