Skip to content
This repository was archived by the owner on Jan 28, 2021. It is now read-only.

Commit a8b0c56

Browse files
committed
engine: check authorization in engine instead of analyzer
This makes it more controllable and uses auth from engine. Previously it had to be added to the rules with the builder. Signed-off-by: Javi Fontan <jfontan@gmail.com>
1 parent c76702b commit a8b0c56

File tree

5 files changed

+15
-42
lines changed

5 files changed

+15
-42
lines changed

auth/common_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ func authEngine(au auth.Auth) (string, *sqle.Engine, error) {
4646

4747
catalog.RegisterIndexDriver(pilosa.NewDriver(tmpDir))
4848

49-
a := analyzer.NewBuilder(catalog).WithAuth(au).Build()
49+
a := analyzer.NewBuilder(catalog).Build()
5050
config := &sqle.Config{Auth: au}
5151

5252
return tmpDir, sqle.New(catalog, a, config), nil

engine.go

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,9 +72,19 @@ func (e *Engine) Query(
7272
return nil, nil, err
7373
}
7474

75+
var perm = auth.ReadPerm
7576
var typ = sql.QueryProcess
76-
if _, ok := parsed.(*plan.CreateIndex); ok {
77+
switch parsed.(type) {
78+
case *plan.CreateIndex:
7779
typ = sql.CreateIndexProcess
80+
perm = auth.ReadPerm | auth.WritePerm
81+
case *plan.InsertInto, *plan.DropIndex, *plan.UnlockTables, *plan.LockTables:
82+
perm = auth.ReadPerm | auth.WritePerm
83+
}
84+
85+
err = e.Auth.Allowed(ctx, perm)
86+
if err != nil {
87+
return nil, nil, err
7888
}
7989

8090
ctx, err = e.Catalog.AddProcess(ctx, typ, query)

engine_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1550,9 +1550,9 @@ func TestReadOnly(t *testing.T) {
15501550
catalog.AddDatabase(db)
15511551

15521552
au := auth.NewNativeSingle("user", "pass", auth.ReadPerm)
1553-
1554-
a := analyzer.NewBuilder(catalog).WithAuth(au).Build()
1555-
e := sqle.New(catalog, a, nil)
1553+
cfg := &sqle.Config{Auth: au}
1554+
a := analyzer.NewBuilder(catalog).Build()
1555+
e := sqle.New(catalog, a, cfg)
15561556

15571557
_, _, err := e.Query(newCtx(), `SELECT i FROM mytable`)
15581558
require.NoError(err)

sql/analyzer/analyzer.go

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ import (
66
opentracing "github.com/opentracing/opentracing-go"
77
"github.com/sirupsen/logrus"
88
"gopkg.in/src-d/go-errors.v1"
9-
"gopkg.in/src-d/go-mysql-server.v0/auth"
109
"gopkg.in/src-d/go-mysql-server.v0/sql"
1110
)
1211

@@ -47,11 +46,6 @@ func (ab *Builder) WithParallelism(parallelism int) *Builder {
4746
return ab
4847
}
4948

50-
// WithAuth adds add authorization rule.
51-
func (ab *Builder) WithAuth(a auth.Auth) *Builder {
52-
return ab.AddPostValidationRule(CheckAuthorizationRule, CheckAuthorization(a))
53-
}
54-
5549
// AddPreAnalyzeRule adds a new rule to the analyze before the standard analyzer rules.
5650
func (ab *Builder) AddPreAnalyzeRule(name string, fn RuleFunc) *Builder {
5751
ab.preAnalyzeRules = append(ab.preAnalyzeRules, Rule{name, fn})

sql/analyzer/check_auth.go

Lines changed: 0 additions & 31 deletions
This file was deleted.

0 commit comments

Comments
 (0)