Search in sources :

Example 1 with ROLE_NOT_FOUND

use of io.trino.spi.StandardErrorCode.ROLE_NOT_FOUND in project trino by trinodb.

the class SetRoleTask method execute.

@Override
public ListenableFuture<Void> execute(SetRole statement, QueryStateMachine stateMachine, List<Expression> parameters, WarningCollector warningCollector) {
    Session session = stateMachine.getSession();
    Optional<String> catalog = processRoleCommandCatalog(metadata, session, statement, statement.getCatalog().map(Identifier::getValue));
    if (statement.getType() == SetRole.Type.ROLE) {
        String role = statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH)).orElseThrow();
        if (!metadata.roleExists(session, role, catalog)) {
            throw semanticException(ROLE_NOT_FOUND, statement, "Role '%s' does not exist", role);
        }
        if (catalog.isPresent()) {
            accessControl.checkCanSetCatalogRole(SecurityContext.of(session), role, catalog.get());
        } else {
            Set<RoleGrant> roleGrants = metadata.listApplicableRoles(session, new TrinoPrincipal(USER, session.getUser()), Optional.empty());
            if (roleGrants.stream().map(RoleGrant::getRoleName).noneMatch(role::equals)) {
                denySetRole(role);
            }
        }
    }
    SelectedRole.Type type = toSelectedRoleType(statement.getType());
    stateMachine.addSetRole(catalog.orElse("system"), new SelectedRole(type, statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH))));
    return immediateVoidFuture();
}
Also used : Futures.immediateVoidFuture(com.google.common.util.concurrent.Futures.immediateVoidFuture) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) USER(io.trino.spi.security.PrincipalType.USER) Set(java.util.Set) RoleGrant(io.trino.spi.security.RoleGrant) AccessDeniedException.denySetRole(io.trino.spi.security.AccessDeniedException.denySetRole) Inject(javax.inject.Inject) SelectedRole(io.trino.spi.security.SelectedRole) List(java.util.List) AccessControl(io.trino.security.AccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) SetRole(io.trino.sql.tree.SetRole) Objects.requireNonNull(java.util.Objects.requireNonNull) WarningCollector(io.trino.execution.warnings.WarningCollector) Metadata(io.trino.metadata.Metadata) Optional(java.util.Optional) Expression(io.trino.sql.tree.Expression) SecurityContext(io.trino.security.SecurityContext) MetadataUtil.processRoleCommandCatalog(io.trino.metadata.MetadataUtil.processRoleCommandCatalog) SemanticExceptions.semanticException(io.trino.sql.analyzer.SemanticExceptions.semanticException) ENGLISH(java.util.Locale.ENGLISH) Identifier(io.trino.sql.tree.Identifier) ROLE_NOT_FOUND(io.trino.spi.StandardErrorCode.ROLE_NOT_FOUND) Session(io.trino.Session) RoleGrant(io.trino.spi.security.RoleGrant) SelectedRole(io.trino.spi.security.SelectedRole) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Session(io.trino.Session)

Aggregations

Futures.immediateVoidFuture (com.google.common.util.concurrent.Futures.immediateVoidFuture)1 ListenableFuture (com.google.common.util.concurrent.ListenableFuture)1 Session (io.trino.Session)1 WarningCollector (io.trino.execution.warnings.WarningCollector)1 Metadata (io.trino.metadata.Metadata)1 MetadataUtil.processRoleCommandCatalog (io.trino.metadata.MetadataUtil.processRoleCommandCatalog)1 AccessControl (io.trino.security.AccessControl)1 SecurityContext (io.trino.security.SecurityContext)1 ROLE_NOT_FOUND (io.trino.spi.StandardErrorCode.ROLE_NOT_FOUND)1 AccessDeniedException.denySetRole (io.trino.spi.security.AccessDeniedException.denySetRole)1 USER (io.trino.spi.security.PrincipalType.USER)1 RoleGrant (io.trino.spi.security.RoleGrant)1 SelectedRole (io.trino.spi.security.SelectedRole)1 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)1 SemanticExceptions.semanticException (io.trino.sql.analyzer.SemanticExceptions.semanticException)1 Expression (io.trino.sql.tree.Expression)1 Identifier (io.trino.sql.tree.Identifier)1 SetRole (io.trino.sql.tree.SetRole)1 List (java.util.List)1 ENGLISH (java.util.Locale.ENGLISH)1