use of io.trino.spi.security.GrantInfo in project trino by trinodb.
the class SqlStandardAccessControlMetadata method buildGrants.
private List<GrantInfo> buildGrants(SchemaTableName tableName, Optional<HivePrincipal> principal) {
ImmutableList.Builder<GrantInfo> result = ImmutableList.builder();
Set<HivePrivilegeInfo> hivePrivileges = metastore.listTablePrivileges(tableName.getSchemaName(), tableName.getTableName(), principal);
for (HivePrivilegeInfo hivePrivilege : hivePrivileges) {
Set<PrivilegeInfo> prestoPrivileges = hivePrivilege.toPrivilegeInfo();
for (PrivilegeInfo prestoPrivilege : prestoPrivileges) {
GrantInfo grant = new GrantInfo(prestoPrivilege, hivePrivilege.getGrantee().toTrinoPrincipal(), tableName, Optional.of(hivePrivilege.getGrantor().toTrinoPrincipal()), Optional.empty());
result.add(grant);
}
}
return result.build();
}
use of io.trino.spi.security.GrantInfo in project trino by trinodb.
the class SqlStandardAccessControlMetadata method listTablePrivileges.
@Override
public List<GrantInfo> listTablePrivileges(ConnectorSession session, List<SchemaTableName> tableNames) {
Set<HivePrincipal> principals = ThriftMetastoreUtil.listEnabledPrincipals(session.getIdentity(), metastore::listRoleGrants).collect(toImmutableSet());
boolean isAdminRoleSet = hasAdminRole(principals);
ImmutableList.Builder<GrantInfo> result = ImmutableList.builder();
for (SchemaTableName tableName : tableNames) {
try {
result.addAll(buildGrants(principals, isAdminRoleSet, tableName));
} catch (TableNotFoundException e) {
// table disappeared during listing operation
} catch (HiveViewNotSupportedException e) {
// table is an unsupported hive view but shouldn't fail listTablePrivileges.
}
}
return result.build();
}
use of io.trino.spi.security.GrantInfo in project trino by trinodb.
the class MetadataManager method listTablePrivileges.
// TODO support table redirection
@Override
public List<GrantInfo> listTablePrivileges(Session session, QualifiedTablePrefix prefix) {
requireNonNull(prefix, "prefix is null");
Optional<CatalogMetadata> catalog = getOptionalCatalogMetadata(session, prefix.getCatalogName());
ImmutableSet.Builder<GrantInfo> grantInfos = ImmutableSet.builder();
if (catalog.isPresent()) {
CatalogMetadata catalogMetadata = catalog.get();
ConnectorSession connectorSession = session.toConnectorSession(catalogMetadata.getCatalogName());
List<CatalogName> connectorIds = prefix.asQualifiedObjectName().map(qualifiedTableName -> singletonList(catalogMetadata.getConnectorId(session, qualifiedTableName))).orElseGet(catalogMetadata::listConnectorIds);
for (CatalogName catalogName : connectorIds) {
ConnectorMetadata metadata = catalogMetadata.getMetadataFor(session, catalogName);
if (catalogMetadata.getSecurityManagement() == SecurityManagement.SYSTEM) {
grantInfos.addAll(systemSecurityMetadata.listTablePrivileges(session, prefix));
} else {
grantInfos.addAll(metadata.listTablePrivileges(connectorSession, prefix.asSchemaTablePrefix()));
}
}
}
return ImmutableList.copyOf(grantInfos.build());
}
Aggregations