[GitHub] [shardingsphere] wallacezhou commented on issue #21615: authority type DATABASE_PERMITTED not apply correctly for some account when there are multi accounts

Mon, 17 Oct 2022 18:50:44 -0700 


wallacezhou commented on issue #21615:
URL: 
https://github.com/apache/shardingsphere/issues/21615#issuecomment-1281704793

   @RaigorJiang 
   
   checked the code in master branch with revision number 
84cf85fa0f7e3c8097c17f5a26a0024cba40f39c
   
org.apache.shardingsphere.authority.provider.database.builder.DatabasePrivilegeBuilder
   
   the method buildPrivileges() build the privileges,  it calls method 
getUserDatabases()
   the logic in bold line:
    when the database host is unlimited value: %, then the database is add to 
the result
   
   if the user is not match,  seems that one user can add other user's database 
when the database host is %
   
       private static Map<ShardingSphereUser, ShardingSpherePrivileges> 
buildPrivileges(final Collection<ShardingSphereUser> users, final String 
mappingProp) {
           Map<ShardingSphereUser, Collection<String>> userDatabaseMappings = 
convertDatabases(mappingProp);
           Map<ShardingSphereUser, ShardingSpherePrivileges> result = new 
HashMap<>(users.size(), 1);
           users.forEach(each -> result.put(each, new 
DatabasePermittedPrivileges(new HashSet<>(getUserDatabases(each, 
userDatabaseMappings)))));
           return result;
       }
   
       private static Collection<String> getUserDatabases(final 
ShardingSphereUser shardingSphereUser, final Map<ShardingSphereUser, 
Collection<String>> userDatabaseMappings) {
           Set<String> result = new HashSet<>();
           for (Entry<ShardingSphereUser, Collection<String>> entry : 
userDatabaseMappings.entrySet()) {
               boolean isAnyOtherHost = 
checkAnyOtherHost(entry.getKey().getGrantee(), shardingSphereUser);
               **if (isAnyOtherHost || shardingSphereUser == entry.getKey() || 
shardingSphereUser.equals(entry.getKey())) {**
                   result.addAll(entry.getValue());
               }
           }
           return result;
       }
       
       private static boolean checkAnyOtherHost(final Grantee grantee, final 
ShardingSphereUser shardingSphereUser) {
           return ("%".equalsIgnoreCase(grantee.getHostname())
                   || 
grantee.getHostname().equals(shardingSphereUser.getGrantee().getHostname())) && 
grantee.getUsername().equals(shardingSphereUser.getGrantee().getUsername());
       }


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to