Search in sources :

Example 1 with SetViewAuthorization

use of io.trino.sql.tree.SetViewAuthorization in project trino by trinodb.

the class SetViewAuthorizationTask method execute.

@Override
public ListenableFuture<Void> execute(SetViewAuthorization statement, QueryStateMachine stateMachine, List<Expression> parameters, WarningCollector warningCollector) {
    Session session = stateMachine.getSession();
    QualifiedObjectName viewName = createQualifiedObjectName(session, statement, statement.getSource());
    getRequiredCatalogHandle(metadata, session, statement, viewName.getCatalogName());
    ViewDefinition view = metadata.getView(session, viewName).orElseThrow(() -> semanticException(TABLE_NOT_FOUND, statement, "View '%s' does not exist", viewName));
    TrinoPrincipal principal = createPrincipal(statement.getPrincipal());
    checkRoleExists(session, statement, metadata, principal, Optional.of(viewName.getCatalogName()).filter(catalog -> metadata.isCatalogManagedSecurity(session, catalog)));
    if (!view.isRunAsInvoker() && !isAllowSetViewAuthorization) {
        throw new TrinoException(NOT_SUPPORTED, format("Cannot set authorization for view %s to %s: this feature is disabled", viewName.getCatalogName() + '.' + viewName.getSchemaName() + '.' + viewName.getObjectName(), principal));
    }
    accessControl.checkCanSetViewAuthorization(session.toSecurityContext(), viewName, principal);
    metadata.setViewAuthorization(session, viewName.asCatalogSchemaTableName(), principal);
    return immediateVoidFuture();
}
Also used : ListenableFuture(com.google.common.util.concurrent.ListenableFuture) MetadataUtil.checkRoleExists(io.trino.metadata.MetadataUtil.checkRoleExists) Inject(javax.inject.Inject) NOT_SUPPORTED(io.trino.spi.StandardErrorCode.NOT_SUPPORTED) MetadataUtil.createQualifiedObjectName(io.trino.metadata.MetadataUtil.createQualifiedObjectName) TABLE_NOT_FOUND(io.trino.spi.StandardErrorCode.TABLE_NOT_FOUND) Objects.requireNonNull(java.util.Objects.requireNonNull) SemanticExceptions.semanticException(io.trino.sql.analyzer.SemanticExceptions.semanticException) Futures.immediateVoidFuture(com.google.common.util.concurrent.Futures.immediateVoidFuture) SetViewAuthorization(io.trino.sql.tree.SetViewAuthorization) ViewDefinition(io.trino.metadata.ViewDefinition) TrinoException(io.trino.spi.TrinoException) MetadataUtil.getRequiredCatalogHandle(io.trino.metadata.MetadataUtil.getRequiredCatalogHandle) String.format(java.lang.String.format) List(java.util.List) FeaturesConfig(io.trino.FeaturesConfig) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) AccessControl(io.trino.security.AccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) MetadataUtil.createPrincipal(io.trino.metadata.MetadataUtil.createPrincipal) WarningCollector(io.trino.execution.warnings.WarningCollector) Metadata(io.trino.metadata.Metadata) Optional(java.util.Optional) Expression(io.trino.sql.tree.Expression) Session(io.trino.Session) ViewDefinition(io.trino.metadata.ViewDefinition) TrinoException(io.trino.spi.TrinoException) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) MetadataUtil.createQualifiedObjectName(io.trino.metadata.MetadataUtil.createQualifiedObjectName) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) Session(io.trino.Session)

Example 2 with SetViewAuthorization

use of io.trino.sql.tree.SetViewAuthorization in project trino by trinodb.

the class TestSqlParser method testAlterViewSetAuthorization.

@Test
public void testAlterViewSetAuthorization() {
    assertStatement("ALTER VIEW foo.bar.baz SET AUTHORIZATION qux", new SetViewAuthorization(QualifiedName.of("foo", "bar", "baz"), new PrincipalSpecification(PrincipalSpecification.Type.UNSPECIFIED, new Identifier("qux"))));
    assertStatement("ALTER VIEW foo.bar.baz SET AUTHORIZATION USER qux", new SetViewAuthorization(QualifiedName.of("foo", "bar", "baz"), new PrincipalSpecification(PrincipalSpecification.Type.USER, new Identifier("qux"))));
    assertStatement("ALTER VIEW foo.bar.baz SET AUTHORIZATION ROLE qux", new SetViewAuthorization(QualifiedName.of("foo", "bar", "baz"), new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("qux"))));
}
Also used : SetViewAuthorization(io.trino.sql.tree.SetViewAuthorization) QueryUtil.quotedIdentifier(io.trino.sql.QueryUtil.quotedIdentifier) Identifier(io.trino.sql.tree.Identifier) PrincipalSpecification(io.trino.sql.tree.PrincipalSpecification) Test(org.junit.jupiter.api.Test)

Aggregations

SetViewAuthorization (io.trino.sql.tree.SetViewAuthorization)2 Futures.immediateVoidFuture (com.google.common.util.concurrent.Futures.immediateVoidFuture)1 ListenableFuture (com.google.common.util.concurrent.ListenableFuture)1 FeaturesConfig (io.trino.FeaturesConfig)1 Session (io.trino.Session)1 WarningCollector (io.trino.execution.warnings.WarningCollector)1 Metadata (io.trino.metadata.Metadata)1 MetadataUtil.checkRoleExists (io.trino.metadata.MetadataUtil.checkRoleExists)1 MetadataUtil.createPrincipal (io.trino.metadata.MetadataUtil.createPrincipal)1 MetadataUtil.createQualifiedObjectName (io.trino.metadata.MetadataUtil.createQualifiedObjectName)1 MetadataUtil.getRequiredCatalogHandle (io.trino.metadata.MetadataUtil.getRequiredCatalogHandle)1 QualifiedObjectName (io.trino.metadata.QualifiedObjectName)1 ViewDefinition (io.trino.metadata.ViewDefinition)1 AccessControl (io.trino.security.AccessControl)1 NOT_SUPPORTED (io.trino.spi.StandardErrorCode.NOT_SUPPORTED)1 TABLE_NOT_FOUND (io.trino.spi.StandardErrorCode.TABLE_NOT_FOUND)1 TrinoException (io.trino.spi.TrinoException)1 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)1 QueryUtil.quotedIdentifier (io.trino.sql.QueryUtil.quotedIdentifier)1 SemanticExceptions.semanticException (io.trino.sql.analyzer.SemanticExceptions.semanticException)1