use of io.prestosql.sql.tree.GrantRoles in project hetu-core by openlookeng.
the class GrantRolesTask method execute.
@Override
public ListenableFuture<?> execute(GrantRoles statement, TransactionManager transactionManager, Metadata metadata, AccessControl accessControl, QueryStateMachine stateMachine, List<Expression> parameters, HeuristicIndexerManager heuristicIndexerManager) {
Session session = stateMachine.getSession();
Set<String> roles = statement.getRoles().stream().map(role -> role.getValue().toLowerCase(Locale.ENGLISH)).collect(toImmutableSet());
Set<PrestoPrincipal> grantees = statement.getGrantees().stream().map(MetadataUtil::createPrincipal).collect(toImmutableSet());
boolean withAdminOption = statement.isWithAdminOption();
Optional<PrestoPrincipal> grantor = statement.getGrantor().map(specification -> createPrincipal(session, specification));
String catalog = createCatalogName(session, statement);
Set<String> availableRoles = metadata.listRoles(session, catalog);
Set<String> specifiedRoles = new LinkedHashSet<>();
specifiedRoles.addAll(roles);
grantees.stream().filter(principal -> principal.getType() == ROLE).map(PrestoPrincipal::getName).forEach(specifiedRoles::add);
if (grantor.isPresent() && grantor.get().getType() == ROLE) {
specifiedRoles.add(grantor.get().getName());
}
for (String role : specifiedRoles) {
if (!availableRoles.contains(role)) {
throw new SemanticException(MISSING_ROLE, statement, "Role '%s' does not exist", role);
}
}
accessControl.checkCanGrantRoles(session.getRequiredTransactionId(), session.getIdentity(), roles, grantees, withAdminOption, grantor, catalog);
metadata.grantRoles(session, roles, grantees, withAdminOption, grantor, catalog);
return immediateFuture(null);
}
use of io.prestosql.sql.tree.GrantRoles in project hetu-core by openlookeng.
the class TestSqlParser method testGrantRoles.
@Test
public void testGrantRoles() {
assertStatement("GRANT role1 TO user1", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.UNSPECIFIED, new Identifier("user1"))), false, Optional.empty()));
assertStatement("GRANT role1, role2, role3 TO user1, USER user2, ROLE role4 WITH ADMIN OPTION", new GrantRoles(ImmutableSet.of(new Identifier("role1"), new Identifier("role2"), new Identifier("role3")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.UNSPECIFIED, new Identifier("user1")), new PrincipalSpecification(PrincipalSpecification.Type.USER, new Identifier("user2")), new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("role4"))), true, Optional.empty()));
assertStatement("GRANT role1 TO user1 WITH ADMIN OPTION GRANTED BY admin", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.UNSPECIFIED, new Identifier("user1"))), true, Optional.of(new GrantorSpecification(GrantorSpecification.Type.PRINCIPAL, Optional.of(new PrincipalSpecification(PrincipalSpecification.Type.UNSPECIFIED, new Identifier("admin")))))));
assertStatement("GRANT role1 TO USER user1 WITH ADMIN OPTION GRANTED BY USER admin", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.USER, new Identifier("user1"))), true, Optional.of(new GrantorSpecification(GrantorSpecification.Type.PRINCIPAL, Optional.of(new PrincipalSpecification(PrincipalSpecification.Type.USER, new Identifier("admin")))))));
assertStatement("GRANT role1 TO ROLE role2 WITH ADMIN OPTION GRANTED BY ROLE admin", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("role2"))), true, Optional.of(new GrantorSpecification(GrantorSpecification.Type.PRINCIPAL, Optional.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("admin")))))));
assertStatement("GRANT role1 TO ROLE role2 GRANTED BY ROLE admin", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("role2"))), false, Optional.of(new GrantorSpecification(GrantorSpecification.Type.PRINCIPAL, Optional.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("admin")))))));
assertStatement("GRANT \"role1\" TO ROLE \"role2\" GRANTED BY ROLE \"admin\"", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("role2"))), false, Optional.of(new GrantorSpecification(GrantorSpecification.Type.PRINCIPAL, Optional.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("admin")))))));
}
Aggregations