You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by GitBox <gi...@apache.org> on 2021/03/19 09:01:12 UTC

[GitHub] [shardingsphere] tristaZero commented on a change in pull request #9743: fix #9724

tristaZero commented on a change in pull request #9743:
URL: https://github.com/apache/shardingsphere/pull/9743#discussion_r597505817



##########
File path: shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
##########
@@ -48,7 +47,11 @@ public void execute(final BackendConnection backendConnection) {
     
     private boolean isAuthorizedSchema(final BackendConnection backendConnection, final String schema) {
         Optional<ShardingSpherePrivilege> privilege = ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findPrivilege(backendConnection.getGrantee());
-        // TODO : Need to check whether PrivilegeType.USAGE is correct or enough?
-        return privilege.isPresent() && privilege.get().hasPrivileges(schema, Collections.emptyList());
+        if (privilege.isPresent()) {
+            if (privilege.get().hasPrivileges(schema)) {

Review comment:
       if (privilege.isPresent() && privilege.get().hasPrivileges(schema))

##########
File path: shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
##########
@@ -54,10 +54,14 @@ public void execute(final BackendConnection backendConnection) {
             return Collections.emptyList();
         }
         Collection<Object> result = new LinkedList<>();
-        for (String each : ProxyContext.getInstance().getAllSchemaNames()) {
-            // TODO : Need to check whether PrivilegeType.SHOW_DB is correct or enough?
-            if (privilege.get().hasPrivileges(each, Collections.singletonList(PrivilegeType.SHOW_DB))) {
-                result.add(each);
+        if(privilege.get().getAdministrativePrivilege().hasPrivileges(Collections.singletonList(PrivilegeType.SUPER))
+                || privilege.get().getAdministrativePrivilege().hasPrivileges(Collections.singletonList(PrivilegeType.SHOW_DB))) {

Review comment:
       Do you think `hasPrivileges(final String schema, final Collection<PrivilegeType> privileges)`  can replace these statements?

##########
File path: shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
##########
@@ -57,11 +55,12 @@
             return Optional.of(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR);
         }
         ShardingSpherePrivilege privilege = ProxyContext.getInstance().getMetaDataContexts().getAuthentication().getAuthentication().get(user.get());
-        // TODO : privilege.getDataPrivilege().getSpecificPrivileges().containsKey(database) is bound to be replaced with privilege.hasPrivileges(schema, xxx) (xxx means the privileges needed here)
-        if (!privilege.hasPrivileges(Collections.singletonList(PrivilegeType.SUPER)) && !privilege.getDatabasePrivilege().getSpecificPrivileges().containsKey(database)) {
-            return Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
+        if (null != privilege) {

Review comment:
       if (privilege.isPresent() && privilege.get().hasPrivileges(schema))

##########
File path: shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/ShardingSpherePrivilege.java
##########
@@ -63,6 +63,25 @@ public boolean hasPrivileges(final String schema, final Collection<PrivilegeType
         return hasPrivileges(privileges) || databasePrivilege.hasPrivileges(schema, privileges);
     }
     
+    /**
+     * Has privilege for login and use db.
+     *
+     * @param schema schema
+     * @return has or not
+     */
+    public boolean hasPrivileges(final String schema) {
+        if (administrativePrivilege.getPrivileges().contains(PrivilegeType.SUPER)) {
+            return true;
+        }
+        if (!databasePrivilege.getGlobalPrivileges().isEmpty()) {
+            return true;
+        }
+        if (databasePrivilege.getSpecificPrivileges().containsKey(schema)) {
+            return true;
+        }
+        return false;
+    }

Review comment:
       return administrativePrivilege.getPrivileges().contains(PrivilegeType.SUPER) || !databasePrivilege.getGlobalPrivileges().isEmpty() 
                   || databasePrivilege.getSpecificPrivileges().containsKey(schema);




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org