登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
开源项目 > 数据库相关 > 数据库服务 &&
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
2 Star 2 Fork 1

cockroachdb/cockroach

代码 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
authorization.go 2.80 KB
一键复制 编辑 原始数据 按行查看 历史
Alex Robinson 提交于 2017-08-12 01:46 . sql: Fix incorrect comment on RequireSuperUser
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879
// Copyright 2017 The Cockroach Authors.

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

//     http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or

// implied. See the License for the specific language governing

// permissions and limitations under the License.



package sql



import (

	"fmt"



	"github.com/cockroachdb/cockroach/pkg/security"

	"github.com/cockroachdb/cockroach/pkg/sql/privilege"

	"github.com/cockroachdb/cockroach/pkg/sql/sqlbase"

)



// AuthorizationAccessor for checking authorization (e.g. desc privileges).

type AuthorizationAccessor interface {

	// CheckPrivilege verifies that the user has `privilege` on `descriptor`.

	CheckPrivilege(

		descriptor sqlbase.DescriptorProto, privilege privilege.Kind,

	) error



	// anyPrivilege verifies that the user has any privilege on `descriptor`.

	anyPrivilege(descriptor sqlbase.DescriptorProto) error



	// RequiresSuperUser errors if the session user isn't a super-user (i.e. root

	// or node). Includes the named action in the error message.

	RequireSuperUser(action string) error

}



var _ AuthorizationAccessor = &planner{}



// CheckPrivilege verifies that `user`` has `privilege` on `descriptor`.

func CheckPrivilege(

	user string, descriptor sqlbase.DescriptorProto, privilege privilege.Kind,

) error {

	if descriptor.GetPrivileges().CheckPrivilege(user, privilege) {

		return nil

	}

	return fmt.Errorf("user %s does not have %s privilege on %s %s",

		user, privilege, descriptor.TypeName(), descriptor.GetName())

}



// CheckPrivilege implements the AuthorizationAccessor interface.

func (p *planner) CheckPrivilege(

	descriptor sqlbase.DescriptorProto, privilege privilege.Kind,

) error {

	return CheckPrivilege(p.session.User, descriptor, privilege)

}



// anyPrivilege implements the AuthorizationAccessor interface.

func (p *planner) anyPrivilege(descriptor sqlbase.DescriptorProto) error {

	if userCanSeeDescriptor(descriptor, p.session.User) {

		return nil

	}

	return fmt.Errorf("user %s has no privileges on %s %s",

		p.session.User, descriptor.TypeName(), descriptor.GetName())

}



// RequireSuperUser implements the AuthorizationAccessor interface.

func (p *planner) RequireSuperUser(action string) error {

	if p.session.User != security.RootUser && p.session.User != security.NodeUser {

		return fmt.Errorf("only %s is allowed to %s", security.RootUser, action)

	}

	return nil

}



func userCanSeeDescriptor(descriptor sqlbase.DescriptorProto, user string) bool {

	return descriptor.GetPrivileges().AnyPrivilege(user) || isVirtualDescriptor(descriptor)

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/mirrors_cockroachdb/cockroach.git
git@gitee.com:mirrors_cockroachdb/cockroach.git
mirrors_cockroachdb
cockroach
cockroach
v1.1.2
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部