Introduce GRANT/REVOKE roles statements

Extracted-From: prestodb/presto#10904
trinodb · Jan 29, 2019 · 5f9c74d · 5f9c74d
1 parent 91b38e4
commit 5f9c74d
Show file tree

Hide file tree

Showing 7 changed files with 540 additions and 1 deletion.
diff --git a/presto-parser/src/main/antlr4/io/prestosql/sql/parser/SqlBase.g4 b/presto-parser/src/main/antlr4/io/prestosql/sql/parser/SqlBase.g4
@@ -64,6 +64,18 @@ statement
         (WITH ADMIN grantor)?
         (IN catalog=identifier)?                                       #createRole
     | DROP ROLE name=identifier (IN catalog=identifier)?               #dropRole
+    | GRANT
+        roles
+        TO principal (',' principal)*
+        (WITH ADMIN OPTION)?
+        (GRANTED BY grantor)?
+        (IN catalog=identifier)?                                       #grantRoles
+    | REVOKE
+        (ADMIN OPTION FOR)?
+        roles
+        FROM principal (',' principal)*
+        (GRANTED BY grantor)?
+        (IN catalog=identifier)?                                       #revokeRoles
     | GRANT
         (privilege (',' privilege)* | ALL PRIVILEGES)
         ON TABLE? qualifiedName TO grantee=identifier
@@ -453,6 +465,10 @@ principal
     | ROLE identifier       #rolePrincipal
     ;
 
+roles
+    : identifier (',' identifier)*
+    ;
+
 identifier
     : IDENTIFIER             #unquotedIdentifier
     | QUOTED_IDENTIFIER      #quotedIdentifier
@@ -475,7 +491,7 @@ nonReserved
     | DATA | DATE | DAY | DEFINER | DESC | DISTRIBUTED
     | EXCLUDING | EXPLAIN
     | FILTER | FIRST | FOLLOWING | FORMAT | FUNCTIONS
-    | GRANT | GRANTS | GRAPHVIZ
+    | GRANT | GRANTED | GRANTS | GRAPHVIZ
     | HOUR
     | IF | INCLUDING | INPUT | INTERVAL | INVOKER | IO | ISOLATION
     | JSON
@@ -560,6 +576,7 @@ FROM: 'FROM';
 FULL: 'FULL';
 FUNCTIONS: 'FUNCTIONS';
 GRANT: 'GRANT';
+GRANTED: 'GRANTED';
 GRANTS: 'GRANTS';
 GRAPHVIZ: 'GRAPHVIZ';
 GROUP: 'GROUP';

diff --git a/presto-parser/src/main/java/io/prestosql/sql/SqlFormatter.java b/presto-parser/src/main/java/io/prestosql/sql/SqlFormatter.java
@@ -45,6 +45,7 @@
 import io.prestosql.sql.tree.ExplainType;
 import io.prestosql.sql.tree.Expression;
 import io.prestosql.sql.tree.Grant;
+import io.prestosql.sql.tree.GrantRoles;
 import io.prestosql.sql.tree.GrantorSpecification;
 import io.prestosql.sql.tree.Identifier;
 import io.prestosql.sql.tree.Insert;
@@ -71,6 +72,7 @@
 import io.prestosql.sql.tree.RenameTable;
 import io.prestosql.sql.tree.ResetSession;
 import io.prestosql.sql.tree.Revoke;
+import io.prestosql.sql.tree.RevokeRoles;
 import io.prestosql.sql.tree.Rollback;
 import io.prestosql.sql.tree.Row;
 import io.prestosql.sql.tree.SampledRelation;
@@ -1116,6 +1118,52 @@ protected Void visitDropRole(DropRole node, Integer context)
             return null;
         }
 
+        @Override
+        protected Void visitGrantRoles(GrantRoles node, Integer context)
+        {
+            builder.append("GRANT ");
+            builder.append(node.getRoles().stream()
+                    .map(Identifier::toString)
+                    .collect(joining(", ")));
+            builder.append(" TO ");
+            builder.append(node.getGrantees().stream()
+                    .map(Formatter::formatPrincipal)
+                    .collect(joining(", ")));
+            if (node.isWithAdminOption()) {
+                builder.append(" WITH ADMIN OPTION");
+            }
+            if (node.getGrantor().isPresent()) {
+                builder.append(" GRANTED BY ").append(formatGrantor(node.getGrantor().get()));
+            }
+            if (node.getCatalog().isPresent()) {
+                builder.append(" IN ").append(node.getCatalog().get());
+            }
+            return null;
+        }
+
+        @Override
+        protected Void visitRevokeRoles(RevokeRoles node, Integer context)
+        {
+            builder.append("REVOKE ");
+            if (node.isAdminOptionFor()) {
+                builder.append("ADMIN OPTION FOR ");
+            }
+            builder.append(node.getRoles().stream()
+                    .map(Identifier::toString)
+                    .collect(joining(", ")));
+            builder.append(" FROM ");
+            builder.append(node.getGrantees().stream()
+                    .map(Formatter::formatPrincipal)
+                    .collect(joining(", ")));
+            if (node.getGrantor().isPresent()) {
+                builder.append(" GRANTED BY ").append(formatGrantor(node.getGrantor().get()));
+            }
+            if (node.getCatalog().isPresent()) {
+                builder.append(" IN ").append(node.getCatalog().get());
+            }
+            return null;
+        }
+
         @Override
         public Void visitGrant(Grant node, Integer indent)
         {

diff --git a/presto-parser/src/main/java/io/prestosql/sql/parser/AstBuilder.java b/presto-parser/src/main/java/io/prestosql/sql/parser/AstBuilder.java
@@ -14,6 +14,7 @@
 package io.prestosql.sql.parser;
 
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Lists;
 import io.prestosql.sql.tree.AddColumn;
 import io.prestosql.sql.tree.AliasedRelation;
@@ -68,6 +69,7 @@
 import io.prestosql.sql.tree.FunctionCall;
 import io.prestosql.sql.tree.GenericLiteral;
 import io.prestosql.sql.tree.Grant;
+import io.prestosql.sql.tree.GrantRoles;
 import io.prestosql.sql.tree.GrantorSpecification;
 import io.prestosql.sql.tree.GroupBy;
 import io.prestosql.sql.tree.GroupingElement;
@@ -118,6 +120,7 @@
 import io.prestosql.sql.tree.RenameTable;
 import io.prestosql.sql.tree.ResetSession;
 import io.prestosql.sql.tree.Revoke;
+import io.prestosql.sql.tree.RevokeRoles;
 import io.prestosql.sql.tree.Rollback;
 import io.prestosql.sql.tree.Rollup;
 import io.prestosql.sql.tree.Row;
@@ -837,6 +840,30 @@ public Node visitDropRole(SqlBaseParser.DropRoleContext context)
                 getIdentifierIfPresent(context.catalog));
     }
 
+    @Override
+    public Node visitGrantRoles(SqlBaseParser.GrantRolesContext context)
+    {
+        return new GrantRoles(
+                getLocation(context),
+                ImmutableSet.copyOf(getIdentifiers(context.roles().identifier())),
+                ImmutableSet.copyOf(getPrincipalSpecifications(context.principal())),
+                context.OPTION() != null,
+                getGrantorSpecificationIfPresent(context.grantor()),
+                getIdentifierIfPresent(context.catalog));
+    }
+
+    @Override
+    public Node visitRevokeRoles(SqlBaseParser.RevokeRolesContext context)
+    {
+        return new RevokeRoles(
+                getLocation(context),
+                ImmutableSet.copyOf(getIdentifiers(context.roles().identifier())),
+                ImmutableSet.copyOf(getPrincipalSpecifications(context.principal())),
+                context.OPTION() != null,
+                getGrantorSpecificationIfPresent(context.grantor()),
+                getIdentifierIfPresent(context.catalog));
+    }
+
     @Override
     public Node visitGrant(SqlBaseParser.GrantContext context)
     {
@@ -2149,6 +2176,16 @@ private String typeParameterToString(SqlBaseParser.TypeParameterContext typePara
         throw new IllegalArgumentException("Unsupported typeParameter: " + typeParameter.getText());
     }
 
+    private List<Identifier> getIdentifiers(List<SqlBaseParser.IdentifierContext> identifiers)
+    {
+        return identifiers.stream().map(context -> (Identifier) visit(context)).collect(toList());
+    }
+
+    private List<PrincipalSpecification> getPrincipalSpecifications(List<SqlBaseParser.PrincipalContext> principals)
+    {
+        return principals.stream().map(this::getPrincipalSpecification).collect(toList());
+    }
+
     private Optional<GrantorSpecification> getGrantorSpecificationIfPresent(SqlBaseParser.GrantorContext context)
     {
         return Optional.ofNullable(context).map(this::getGrantorSpecification);

diff --git a/presto-parser/src/main/java/io/prestosql/sql/tree/AstVisitor.java b/presto-parser/src/main/java/io/prestosql/sql/tree/AstVisitor.java
@@ -607,6 +607,16 @@ protected R visitDropRole(DropRole node, C context)
         return visitStatement(node, context);
     }
 
+    protected R visitGrantRoles(GrantRoles node, C context)
+    {
+        return visitStatement(node, context);
+    }
+
+    protected R visitRevokeRoles(RevokeRoles node, C context)
+    {
+        return visitStatement(node, context);
+    }
+
     protected R visitGrant(Grant node, C context)
     {
         return visitStatement(node, context);

diff --git a/presto-parser/src/main/java/io/prestosql/sql/tree/GrantRoles.java b/presto-parser/src/main/java/io/prestosql/sql/tree/GrantRoles.java
@@ -0,0 +1,144 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.prestosql.sql.tree;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
+
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.Set;
+
+import static com.google.common.base.MoreObjects.toStringHelper;
+import static java.util.Objects.requireNonNull;
+
+public class GrantRoles
+        extends Statement
+{
+    private final Set<Identifier> roles;
+    private final Set<PrincipalSpecification> grantees;
+    private final boolean withAdminOption;
+    private final Optional<GrantorSpecification> grantor;
+    private final Optional<Identifier> catalog;
+
+    public GrantRoles(
+            NodeLocation location,
+            Set<Identifier> roles,
+            Set<PrincipalSpecification> grantees,
+            boolean withAdminOption,
+            Optional<GrantorSpecification> grantor,
+            Optional<Identifier> catalog)
+    {
+        this(Optional.of(location), roles, grantees, withAdminOption, grantor, catalog);
+    }
+
+    public GrantRoles(
+            Set<Identifier> roles,
+            Set<PrincipalSpecification> grantees,
+            boolean withAdminOption,
+            Optional<GrantorSpecification> grantor,
+            Optional<Identifier> catalog)
+    {
+        this(Optional.empty(), roles, grantees, withAdminOption, grantor, catalog);
+    }
+
+    private GrantRoles(
+            Optional<NodeLocation> location,
+            Set<Identifier> roles,
+            Set<PrincipalSpecification> grantees,
+            boolean withAdminOption,
+            Optional<GrantorSpecification> grantor,
+            Optional<Identifier> catalog)
+    {
+        super(location);
+        this.roles = ImmutableSet.copyOf(requireNonNull(roles, "roles is null"));
+        this.grantees = ImmutableSet.copyOf(requireNonNull(grantees, "grantees is null"));
+        this.withAdminOption = withAdminOption;
+        this.grantor = requireNonNull(grantor, "grantor is null");
+        this.catalog = requireNonNull(catalog, "catalog is null");
+    }
+
+    public Set<Identifier> getRoles()
+    {
+        return roles;
+    }
+
+    public Set<PrincipalSpecification> getGrantees()
+    {
+        return grantees;
+    }
+
+    public boolean isWithAdminOption()
+    {
+        return withAdminOption;
+    }
+
+    public Optional<GrantorSpecification> getGrantor()
+    {
+        return grantor;
+    }
+
+    public Optional<Identifier> getCatalog()
+    {
+        return catalog;
+    }
+
+    @Override
+    public List<? extends Node> getChildren()
+    {
+        return ImmutableList.of();
+    }
+
+    @Override
+    public <R, C> R accept(AstVisitor<R, C> visitor, C context)
+    {
+        return visitor.visitGrantRoles(this, context);
+    }
+
+    @Override
+    public boolean equals(Object o)
+    {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        GrantRoles grantRoles = (GrantRoles) o;
+        return withAdminOption == grantRoles.withAdminOption &&
+                Objects.equals(roles, grantRoles.roles) &&
+                Objects.equals(grantees, grantRoles.grantees) &&
+                Objects.equals(grantor, grantRoles.grantor) &&
+                Objects.equals(catalog, grantRoles.catalog);
+    }
+
+    @Override
+    public int hashCode()
+    {
+        return Objects.hash(roles, grantees, withAdminOption, grantor, catalog);
+    }
+
+    @Override
+    public String toString()
+    {
+        return toStringHelper(this)
+                .add("roles", roles)
+                .add("grantees", grantees)
+                .add("withAdminOption", withAdminOption)
+                .add("grantor", grantor)
+                .add("catalog", catalog)
+                .toString();
+    }
+}