Skip to content

Commit

Permalink
server: fix UserSQLRoles to account for global privileges
Browse files Browse the repository at this point in the history 
Release note: None
  • Loading branch information
@rafiss
rafiss committed Jan 14, 2023
1 parent 582d845 commit 0daec0b
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions pkg/server/user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"context"

"github.com/cockroachdb/cockroach/pkg/server/serverpb"
"github.com/cockroachdb/cockroach/pkg/sql/privilege"
"github.com/cockroachdb/cockroach/pkg/sql/roleoption"
)

Expand All @@ -31,13 +32,19 @@ func (s *baseStatusServer) UserSQLRoles(

var resp serverpb.UserSQLRolesResponse
if !isAdmin {
for name := range roleoption.ByName {
hasRole, err := s.privilegeChecker.hasRoleOption(ctx, username, roleoption.ByName[name])
for _, privKind := range privilege.GlobalPrivileges {
privName := privKind.String()
hasPriv := s.privilegeChecker.checkHasGlobalPrivilege(ctx, username, privKind)
if hasPriv {
resp.Roles = append(resp.Roles, privName)
continue
}
hasRole, err := s.privilegeChecker.hasRoleOption(ctx, username, roleoption.ByName[privName])
if err != nil {
return nil, err
}
if hasRole {
resp.Roles = append(resp.Roles, name)
resp.Roles = append(resp.Roles, privName)
}
}
} else {
Expand Down

0 comments on commit 0daec0b

Please sign in to comment.