Add the mysql.procs_privs table #2099
Conversation
not instantiated yet
Stubbed others with panics
We don't want to allow this to customers until we actually honor them correctly
| @@ -22,11 +22,17 @@ table PrivilegeSetTable { | |||
| privs:[int]; | |||
| columns:[PrivilegeSetColumn]; | |||
| } | |||
| table PrivilegeSetRoutine { | |||
sql/mysql_db/mysql_db_serialize.go
Outdated
| @@ -97,6 +97,24 @@ func serializeTables(b *flatbuffers.Builder, tables []PrivilegeSetTable) flatbuf | |||
| return serializeVectorOffsets(b, serial.PrivilegeSetDatabaseStartTablesVector, offsets) | |||
| } | |||
|
|
|||
| func serializeRoutines(b *flatbuffers.Builder, routines []PrivilegeSetRoutine) flatbuffers.UOffsetT { | |||
|
|
|||
There was a problem hiding this comment.
nit: inconsistent spacing in some of these functions, some skip a line, many don't
| } | ||
| } | ||
| } else { | ||
| if n.ObjectType != plan.ObjectType_Any { |
There was a problem hiding this comment.
stylistically, i might have continued after the first if to flatten the nesting and pull this else block out, and then maybe switch on these object types to make the decision tree a bit more straightforward
There was a problem hiding this comment.
honestly, I hate this code. very hard to follow. I'll massage on the next round.
| if user == nil { | ||
| return nil, sql.ErrGrantUserDoesNotExist.New() | ||
|
|
||
| if routineGrantsEnabled() && (n.ObjectType == plan.ObjectType_Procedure || n.ObjectType == plan.ObjectType_Function) { |
There was a problem hiding this comment.
if procedure and function behave the same do we need the distinction? a helper method on the type of these symbols would also be a way to do something like n.ObjectType.IsProcGrantable()
There was a problem hiding this comment.
They behave the same, but the are unique in the namespace. You can grant access to one or the other, but not both, with one command.
Obviously having a function and a procedure with the same seems like a terrible idea, but it is what it is.
| rows = append(rows, sql.Row{privStr}) | ||
| } | ||
|
|
||
| // TODO: display column privileges |
There was a problem hiding this comment.
we usually default to erroring for in-progress but currently unsupported behavior
There was a problem hiding this comment.
Since there is no way to create a grant without the magic env var flag, I think this is fine. After the next change this will be supported. Also, this is needed for the tests I have written in bats.
| @@ -132,6 +132,30 @@ func generatePrivStrings(db, tbl, user string, privs []sql.PrivilegeType) string | |||
| return fmt.Sprintf("GRANT %s ON %s.%s TO %s%s", privStr, db, tbl, user, withGrantOption) | |||
| } | |||
|
|
|||
| // generateRoutinePrivStrings creates a formatted GRANT <PRILEDGE_LIST> on <ROUTINE_TYPE> <ROUTINE> to <user@host> string | |||
| func generateRoutinePrivStrings(db, routine, routine_type, user string, privs []sql.PrivilegeType) string { | |||
There was a problem hiding this comment.
this could be useful as a Routine method
There was a problem hiding this comment.
Can refactor in the future if needed - this seems pretty show specific to me.
In order to support procedure and function permissions, the mysql.procs_priv needs to be supported. This change add support, but gates the ability to create these grants because they are not being used for actual permission checks yet. That will come next.
I have engine tests on another branch due to the gate. I'll add them when the feature is complete. There are also bats tests in flight in the dolt repo which can be seen here:
dolthub/dolt@4d8fe2a...macneale4/privs_tests_wip