Caideyipi commented on code in PR #13158:
URL: https://github.com/apache/iotdb/pull/13158#discussion_r1924777733
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControlImpl.java:
##########
@@ -88,4 +95,214 @@ public void checkCanShowOrDescTable(String userName,
QualifiedObjectName tableNa
public void checkUserHasMaintainPrivilege(String userName) {
authChecker.checkGlobalPrivilege(userName, TableModelPrivilege.MAINTAIN);
}
+
+ @Override
+ public void checkUserCanRunRelationalAuthorStatement(
+ String userName, RelationalAuthorStatement statement) {
+ AuthorRType type = statement.getAuthorType();
+ TSStatus status;
+ switch (type) {
+ case CREATE_USER:
+ // admin cannot be created.
+ if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())) {
+ status =
+ AuthorityChecker.getTSStatus(
+ false, "Cannot create user has same name with admin user");
+ throw new RuntimeException(new IoTDBException(status.getMessage(),
status.getCode()));
+ }
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ authChecker.checkGlobalPrivilege(userName,
TableModelPrivilege.MANAGE_USER);
+ return;
+ case DROP_USER:
+ if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())
+ || statement.getUserName().equals(userName)) {
+ status = AuthorityChecker.getTSStatus(false, "Cannot drop admin user
or yourself");
+ throw new RuntimeException(new IoTDBException(status.getMessage(),
status.getCode()));
+ }
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ authChecker.checkGlobalPrivilege(userName,
TableModelPrivilege.MANAGE_USER);
+ return;
+ case UPDATE_USER:
+ case LIST_USER_PRIV:
+ if (AuthorityChecker.SUPER_USER.equals(userName)
+ || statement.getUserName().equals(userName)) {
+ return;
+ }
+ authChecker.checkGlobalPrivilege(userName,
TableModelPrivilege.MANAGE_USER);
+ return;
+ case LIST_USER:
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ authChecker.checkGlobalPrivilege(userName,
TableModelPrivilege.MANAGE_USER);
+ return;
+ case CREATE_ROLE:
+ if (AuthorityChecker.SUPER_USER.equals(statement.getRoleName())) {
+ throw new RuntimeException(
+ new IoTDBException(
+ "Cannot create role has same name with admin user",
+ TSStatusCode.NO_PERMISSION.getStatusCode()));
+ }
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ authChecker.checkGlobalPrivilege(userName,
TableModelPrivilege.MANAGE_ROLE);
+ return;
+
+ case DROP_ROLE:
+ if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())) {
+ throw new RuntimeException(
+ new IoTDBException(
+ "Cannot drop role with admin name",
TSStatusCode.NO_PERMISSION.getStatusCode()));
+ }
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ authChecker.checkGlobalPrivilege(userName,
TableModelPrivilege.MANAGE_ROLE);
+ return;
+
+ case GRANT_USER_ROLE:
+ if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())) {
+ throw new RuntimeException(
+ new IoTDBException(
+ "Cannot grant role to admin",
TSStatusCode.NO_PERMISSION.getStatusCode()));
+ }
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ authChecker.checkGlobalPrivilege(userName,
TableModelPrivilege.MANAGE_ROLE);
+ return;
+
+ case REVOKE_USER_ROLE:
+ if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())) {
+ throw new RuntimeException(
+ new IoTDBException(
+ "Cannot revoke role from admin",
TSStatusCode.NO_PERMISSION.getStatusCode()));
+ }
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ authChecker.checkGlobalPrivilege(userName,
TableModelPrivilege.MANAGE_ROLE);
+ return;
+ case LIST_ROLE:
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ authChecker.checkGlobalPrivilege(userName,
TableModelPrivilege.MANAGE_ROLE);
+ return;
+ case LIST_ROLE_PRIV:
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ if (AuthorityChecker.checkRole(userName, statement.getRoleName())) {
+ return;
+ }
+ authChecker.checkGlobalPrivilege(userName,
TableModelPrivilege.MANAGE_ROLE);
+ return;
+ case GRANT_ROLE_ANY:
+ case GRANT_USER_ANY:
+ case REVOKE_ROLE_ANY:
+ case REVOKE_USER_ANY:
+ if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())) {
+ throw new RuntimeException(
+ new IoTDBException(
+ "Cannot grant/revoke privileges to/from admin",
+ TSStatusCode.NO_PERMISSION.getStatusCode()));
+ }
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ for (PrivilegeType privilegeType : statement.getPrivilegeTypes()) {
+ authChecker.checkAnyScopePrivilegeGrantOption(
+ userName, TableModelPrivilege.getTableModelType(privilegeType));
+ }
+ return;
+ case GRANT_ROLE_ALL:
+ case REVOKE_ROLE_ALL:
+ case GRANT_USER_ALL:
+ case REVOKE_USER_ALL:
+ if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())) {
+ throw new RuntimeException(
+ new IoTDBException(
+ "Cannot grant/revoke all privileges to/from admin",
+ TSStatusCode.NO_PERMISSION.getStatusCode()));
+ }
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ for (PrivilegeType privilegeType : statement.getPrivilegeTypes()) {
+ if (privilegeType.isRelationalPrivilege()) {
+ AuthorityChecker.checkAnyScopePermissionGrantOption(userName,
privilegeType);
+ }
+ if (privilegeType.forRelationalSys()) {
+ AuthorityChecker.checkSystemPermissionGrantOption(userName,
privilegeType);
+ }
+ }
+ return;
+ case GRANT_USER_DB:
+ case GRANT_ROLE_DB:
+ case REVOKE_USER_DB:
+ case REVOKE_ROLE_DB:
+ if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())) {
+ throw new RuntimeException(
+ new IoTDBException(
+ "Cannot grant/revoke privileges of admin user",
+ TSStatusCode.NO_PERMISSION.getStatusCode()));
+ }
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ for (PrivilegeType privilegeType : statement.getPrivilegeTypes()) {
+ authChecker.checkDatabasePrivilegeGrantOption(
+ userName,
+ statement.getDatabase(),
+ TableModelPrivilege.getTableModelType(privilegeType));
+ }
+ return;
+ case GRANT_USER_TB:
+ case GRANT_ROLE_TB:
+ case REVOKE_USER_TB:
+ case REVOKE_ROLE_TB:
+ if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())) {
+ throw new RuntimeException(
+ new IoTDBException(
+ "Cannot grant/revoke privileges of admin user",
+ TSStatusCode.NO_PERMISSION.getStatusCode()));
+ }
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ for (PrivilegeType privilegeType : statement.getPrivilegeTypes()) {
+ authChecker.checkTablePrivilegeGrantOption(
+ userName,
+ new QualifiedObjectName(statement.getDatabase(),
statement.getTableName()),
+ TableModelPrivilege.getTableModelType(privilegeType));
+ }
+ return;
+
+ case GRANT_USER_SYS:
+ case GRANT_ROLE_SYS:
+ case REVOKE_USER_SYS:
+ case REVOKE_ROLE_SYS:
+ if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())) {
+ throw new RuntimeException(
+ new IoTDBException(
+ "Cannot grant/revoke privileges of admin user",
+ TSStatusCode.NO_PERMISSION.getStatusCode()));
+ }
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return;
+ }
+ for (PrivilegeType privilegeType : statement.getPrivilegeTypes()) {
+ authChecker.checkGlobalPrivilegeGrantOption(
+ userName, TableModelPrivilege.getTableModelType(privilegeType));
+ }
+ default:
+ //
Review Comment:
Use break instead
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/parser/AstBuilder.java:
##########
@@ -1330,6 +1333,273 @@ public Node
visitExplainAnalyze(RelationalSqlParser.ExplainAnalyzeContext ctx) {
getLocation(ctx), ctx.VERBOSE() != null, (Statement)
visit(ctx.query()));
}
+ // ********************** author expressions ********************
+
+ private String stripQuotes(String text) {
+ if (text != null && text.length() >= 2 && text.startsWith("'") &&
text.endsWith("'")) {
+ return text.substring(1, text.length() - 1).replace("''", "'");
+ }
+ return text;
+ }
+
+ @Override
+ public Node
visitCreateUserStatement(RelationalSqlParser.CreateUserStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.CREATE_USER);
+ stmt.setUserName(ctx.userName.getText());
+ stmt.setPassword(stripQuotes(ctx.password.getText()));
+ return stmt;
+ }
+
+ @Override
+ public Node
visitCreateRoleStatement(RelationalSqlParser.CreateRoleStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.CREATE_ROLE);
+ stmt.setRoleName(ctx.roleName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node
visitDropUserStatement(RelationalSqlParser.DropUserStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.DROP_USER);
+ stmt.setUserName(ctx.userName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node
visitDropRoleStatement(RelationalSqlParser.DropRoleStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.DROP_ROLE);
+ stmt.setRoleName(ctx.roleName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node
visitAlterUserStatement(RelationalSqlParser.AlterUserStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.UPDATE_USER);
+ stmt.setUserName(ctx.userName.getText());
+ stmt.setPassword(stripQuotes(ctx.password.getText()));
+ return stmt;
+ }
+
+ @Override
+ public Node
visitGrantUserRoleStatement(RelationalSqlParser.GrantUserRoleStatementContext
ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.GRANT_USER_ROLE);
+ stmt.setUserName(ctx.userName.getText());
+ stmt.setRoleName(ctx.roleName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node
visitRevokeUserRoleStatement(RelationalSqlParser.RevokeUserRoleStatementContext
ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.REVOKE_USER_ROLE);
+ stmt.setUserName(ctx.userName.getText());
+ stmt.setRoleName(ctx.roleName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node visitListUserPrivilegeStatement(
+ RelationalSqlParser.ListUserPrivilegeStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.LIST_USER_PRIV);
+ stmt.setUserName(ctx.userName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node visitListRolePrivilegeStatement(
+ RelationalSqlParser.ListRolePrivilegeStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.LIST_ROLE_PRIV);
+ stmt.setRoleName(ctx.roleName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node
visitListUserStatement(RelationalSqlParser.ListUserStatementContext ctx) {
+ return new RelationalAuthorStatement(AuthorRType.LIST_USER);
+ }
+
+ @Override
+ public Node
visitListRoleStatement(RelationalSqlParser.ListRoleStatementContext ctx) {
+ return new RelationalAuthorStatement(AuthorRType.LIST_ROLE);
+ }
+
+ private Set<PrivilegeType>
parseSystemPrivilege(RelationalSqlParser.SystemPrivilegesContext ctx) {
+ List<RelationalSqlParser.SystemPrivilegeContext> privilegeContexts =
ctx.systemPrivilege();
+ Set<PrivilegeType> privileges = new HashSet<>();
+ for (RelationalSqlParser.SystemPrivilegeContext privilege :
privilegeContexts) {
+ privileges.add(PrivilegeType.valueOf(privilege.getText().toUpperCase()));
+ }
+ return privileges;
+ }
+
+ private Set<PrivilegeType> parseRelationalPrivilege(
+ RelationalSqlParser.ObjectPrivilegesContext ctx) {
+ List<RelationalSqlParser.ObjectPrivilegeContext> privilegeContexts =
ctx.objectPrivilege();
+ Set<PrivilegeType> privileges = new HashSet<>();
+ for (RelationalSqlParser.ObjectPrivilegeContext privilege :
privilegeContexts) {
+ privileges.add(PrivilegeType.valueOf(privilege.getText().toUpperCase()));
+ }
+ return privileges;
+ }
+
+ @Override
+ public Node visitGrantStatement(RelationalSqlParser.GrantStatementContext
ctx) {
+ boolean toUser;
+ String name;
+ toUser = ctx.holderType().getText().equalsIgnoreCase("user");
+ name = ctx.holderName.getText();
+ boolean grantOption = ctx.grantOpt() != null;
+ boolean toTable;
+ Set<PrivilegeType> privileges = new HashSet<>();
+ // SYSTEM PRIVILEGES OR ALL PRIVILEGES
+ if (ctx.privilegeObjectScope().ON() == null) {
+ if (ctx.privilegeObjectScope().ALL() != null) {
+ for (PrivilegeType privilege : PrivilegeType.values()) {
Review Comment:
Seems useless
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/parser/AstBuilder.java:
##########
@@ -1330,6 +1333,273 @@ public Node
visitExplainAnalyze(RelationalSqlParser.ExplainAnalyzeContext ctx) {
getLocation(ctx), ctx.VERBOSE() != null, (Statement)
visit(ctx.query()));
}
+ // ********************** author expressions ********************
+
+ private String stripQuotes(String text) {
Review Comment:
Better use "visit" to parse the identifier and string...
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/parser/AstBuilder.java:
##########
@@ -1330,6 +1333,273 @@ public Node
visitExplainAnalyze(RelationalSqlParser.ExplainAnalyzeContext ctx) {
getLocation(ctx), ctx.VERBOSE() != null, (Statement)
visit(ctx.query()));
}
+ // ********************** author expressions ********************
+
+ private String stripQuotes(String text) {
+ if (text != null && text.length() >= 2 && text.startsWith("'") &&
text.endsWith("'")) {
+ return text.substring(1, text.length() - 1).replace("''", "'");
+ }
+ return text;
+ }
+
+ @Override
+ public Node
visitCreateUserStatement(RelationalSqlParser.CreateUserStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.CREATE_USER);
+ stmt.setUserName(ctx.userName.getText());
+ stmt.setPassword(stripQuotes(ctx.password.getText()));
+ return stmt;
+ }
+
+ @Override
+ public Node
visitCreateRoleStatement(RelationalSqlParser.CreateRoleStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.CREATE_ROLE);
+ stmt.setRoleName(ctx.roleName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node
visitDropUserStatement(RelationalSqlParser.DropUserStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.DROP_USER);
+ stmt.setUserName(ctx.userName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node
visitDropRoleStatement(RelationalSqlParser.DropRoleStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.DROP_ROLE);
+ stmt.setRoleName(ctx.roleName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node
visitAlterUserStatement(RelationalSqlParser.AlterUserStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.UPDATE_USER);
+ stmt.setUserName(ctx.userName.getText());
+ stmt.setPassword(stripQuotes(ctx.password.getText()));
+ return stmt;
+ }
+
+ @Override
+ public Node
visitGrantUserRoleStatement(RelationalSqlParser.GrantUserRoleStatementContext
ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.GRANT_USER_ROLE);
+ stmt.setUserName(ctx.userName.getText());
+ stmt.setRoleName(ctx.roleName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node
visitRevokeUserRoleStatement(RelationalSqlParser.RevokeUserRoleStatementContext
ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.REVOKE_USER_ROLE);
+ stmt.setUserName(ctx.userName.getText());
+ stmt.setRoleName(ctx.roleName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node visitListUserPrivilegeStatement(
+ RelationalSqlParser.ListUserPrivilegeStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.LIST_USER_PRIV);
+ stmt.setUserName(ctx.userName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node visitListRolePrivilegeStatement(
+ RelationalSqlParser.ListRolePrivilegeStatementContext ctx) {
+ RelationalAuthorStatement stmt = new
RelationalAuthorStatement(AuthorRType.LIST_ROLE_PRIV);
+ stmt.setRoleName(ctx.roleName.getText());
+ return stmt;
+ }
+
+ @Override
+ public Node
visitListUserStatement(RelationalSqlParser.ListUserStatementContext ctx) {
+ return new RelationalAuthorStatement(AuthorRType.LIST_USER);
+ }
+
+ @Override
+ public Node
visitListRoleStatement(RelationalSqlParser.ListRoleStatementContext ctx) {
+ return new RelationalAuthorStatement(AuthorRType.LIST_ROLE);
+ }
+
+ private Set<PrivilegeType>
parseSystemPrivilege(RelationalSqlParser.SystemPrivilegesContext ctx) {
+ List<RelationalSqlParser.SystemPrivilegeContext> privilegeContexts =
ctx.systemPrivilege();
+ Set<PrivilegeType> privileges = new HashSet<>();
+ for (RelationalSqlParser.SystemPrivilegeContext privilege :
privilegeContexts) {
+ privileges.add(PrivilegeType.valueOf(privilege.getText().toUpperCase()));
+ }
+ return privileges;
+ }
+
+ private Set<PrivilegeType> parseRelationalPrivilege(
+ RelationalSqlParser.ObjectPrivilegesContext ctx) {
+ List<RelationalSqlParser.ObjectPrivilegeContext> privilegeContexts =
ctx.objectPrivilege();
+ Set<PrivilegeType> privileges = new HashSet<>();
+ for (RelationalSqlParser.ObjectPrivilegeContext privilege :
privilegeContexts) {
+ privileges.add(PrivilegeType.valueOf(privilege.getText().toUpperCase()));
+ }
+ return privileges;
+ }
+
+ @Override
+ public Node visitGrantStatement(RelationalSqlParser.GrantStatementContext
ctx) {
+ boolean toUser;
+ String name;
+ toUser = ctx.holderType().getText().equalsIgnoreCase("user");
+ name = ctx.holderName.getText();
+ boolean grantOption = ctx.grantOpt() != null;
+ boolean toTable;
+ Set<PrivilegeType> privileges = new HashSet<>();
+ // SYSTEM PRIVILEGES OR ALL PRIVILEGES
+ if (ctx.privilegeObjectScope().ON() == null) {
+ if (ctx.privilegeObjectScope().ALL() != null) {
+ for (PrivilegeType privilege : PrivilegeType.values()) {
+ if (privilege.isRelationalPrivilege() ||
privilege.forRelationalSys()) {
+ privileges.add(privilege);
+ }
+ }
+ return new RelationalAuthorStatement(
+ toUser ? AuthorRType.GRANT_USER_ALL : AuthorRType.GRANT_ROLE_ALL,
+ toUser ? name : "",
+ toUser ? "" : name,
+ grantOption);
+ } else {
+ privileges =
parseSystemPrivilege(ctx.privilegeObjectScope().systemPrivileges());
+ return new RelationalAuthorStatement(
+ toUser ? AuthorRType.GRANT_USER_SYS : AuthorRType.GRANT_ROLE_SYS,
+ privileges,
+ toUser ? name : "",
+ toUser ? "" : name,
+ grantOption);
+ }
+ } else {
+ privileges =
parseRelationalPrivilege(ctx.privilegeObjectScope().objectPrivileges());
+ // ON TABLE / DB
+ if (ctx.privilegeObjectScope().objectType() != null) {
+ toTable =
ctx.privilegeObjectScope().objectType().getText().equalsIgnoreCase("table");
+ String databaseName = "";
+ if (toTable) {
+ databaseName = clientSession.getDatabaseName();
+ if (databaseName == null) {
+ throw new SemanticException("Database is not set yet.");
+ }
+ }
+ String obj = ctx.privilegeObjectScope().objectName.getText();
+ return new RelationalAuthorStatement(
+ toUser
+ ? toTable ? AuthorRType.GRANT_USER_TB :
AuthorRType.GRANT_USER_DB
+ : toTable ? AuthorRType.GRANT_ROLE_TB :
AuthorRType.GRANT_ROLE_DB,
+ toUser ? name : "",
+ toUser ? "" : name,
+ toTable ? databaseName.toLowerCase() : obj.toLowerCase(),
+ toTable ? obj.toLowerCase() : "",
+ privileges,
+ grantOption,
+ null);
+ } else if (ctx.privilegeObjectScope().objectScope() != null) {
+ String db =
ctx.privilegeObjectScope().objectScope().dbname.getText().toLowerCase();
+ String tb =
ctx.privilegeObjectScope().objectScope().tbname.getText().toLowerCase();
+ return new RelationalAuthorStatement(
+ toUser ? AuthorRType.GRANT_USER_TB : AuthorRType.GRANT_ROLE_TB,
+ toUser ? name : "",
+ toUser ? "" : name,
+ db,
+ tb,
+ privileges,
+ grantOption,
+ null);
+ } else if (ctx.privilegeObjectScope().ANY() != null) {
+ return new RelationalAuthorStatement(
+ toUser ? AuthorRType.GRANT_USER_ANY : AuthorRType.GRANT_ROLE_ANY,
+ privileges,
+ toUser ? name : "",
+ toUser ? "" : name,
+ grantOption);
+ }
+ }
+ // will not get here.
+ throw new SemanticException("author statement parser error");
+ }
+
+ public Node visitRevokeStatement(RelationalSqlParser.RevokeStatementContext
ctx) {
+ boolean fromUser;
+ String name;
+ fromUser = ctx.holderType().getText().equalsIgnoreCase("user");
+ name = ctx.holderName.getText();
+ boolean grantOption = ctx.revokeGrantOpt() != null;
+ boolean fromTable;
+ Set<PrivilegeType> privileges = new HashSet<>();
+
+ // SYSTEM PRIVILEGES OR ALL PRIVILEGES
+ if (ctx.privilegeObjectScope().ON() == null) {
+ if (ctx.privilegeObjectScope().ALL() != null) {
+ for (PrivilegeType privilege : PrivilegeType.values()) {
Review Comment:
Seems useless
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
