Refactor SQL privileges

- Ensure backward compatibility; - Include database name in schema type; Signed-off-by: Stefano Scafiti <stefano.scafiti96@gmail.com>
codenotary · Jul 25, 2024 · 0834409 · 0834409
1 parent c189283
commit 0834409
Show file tree

Hide file tree

Showing 11 changed files with 2,602 additions and 2,612 deletions.
diff --git a/embedded/sql/engine.go b/embedded/sql/engine.go
@@ -535,12 +535,8 @@ func (e *Engine) checkUserPermissions(ctx context.Context, stmt SQLStmt) error {
 		return err
 	}
 
-	if user.Permission() == PermissionAdmin {
-		return nil
-	}
-
 	if !stmt.readOnly() && user.Permission() == PermissionReadOnly {
-		return ErrAccessDenied
+		return fmt.Errorf("%w: statement requires %s permission", ErrAccessDenied, PermissionReadWrite)
 	}
 
 	requiredPrivileges := stmt.requiredPrivileges()

diff --git a/embedded/sql/stmt.go b/embedded/sql/stmt.go
@@ -97,6 +97,24 @@ const (
 	PermissionSysAdmin  Permission = "SYSADMIN"
 )
 
+func PermissionFromCode(code uint32) Permission {
+	switch code {
+	case 1:
+		{
+			return PermissionReadOnly
+		}
+	case 2:
+		{
+			return PermissionReadWrite
+		}
+	case 254:
+		{
+			return PermissionAdmin
+		}
+	}
+	return PermissionSysAdmin
+}
+
 type AggregateFn = string
 
 const (
@@ -5475,7 +5493,7 @@ var allPrivileges = []SQLPrivilege{
 
 func DefaultSQLPrivilegesForPermission(p Permission) []SQLPrivilege {
 	switch p {
-	case PermissionSysAdmin, PermissionAdmin, PermissionReadWrite: // should also contain GRANT/REVOKE
+	case PermissionSysAdmin, PermissionAdmin, PermissionReadWrite:
 		return allPrivileges
 	case PermissionReadOnly:
 		return []SQLPrivilege{SQLPrivilegeSelect}

diff --git a/pkg/api/schema/docs.md b/pkg/api/schema/docs.md
@@ -91,6 +91,7 @@
     - [SQLExecRequest](#immudb.schema.SQLExecRequest)
     - [SQLExecResult](#immudb.schema.SQLExecResult)
     - [SQLGetRequest](#immudb.schema.SQLGetRequest)
+    - [SQLPrivilege](#immudb.schema.SQLPrivilege)
     - [SQLQueryRequest](#immudb.schema.SQLQueryRequest)
     - [SQLQueryResult](#immudb.schema.SQLQueryResult)
     - [SQLValue](#immudb.schema.SQLValue)
@@ -142,7 +143,6 @@
 
     - [EntryTypeAction](#immudb.schema.EntryTypeAction)
     - [PermissionAction](#immudb.schema.PermissionAction)
-    - [SQLPrivilege](#immudb.schema.SQLPrivilege)
     - [TxMode](#immudb.schema.TxMode)
 
     - [ImmuService](#immudb.schema.ImmuService)
@@ -235,7 +235,7 @@ DEPRECATED
 | action | [PermissionAction](#immudb.schema.PermissionAction) |  | Action to perform |
 | username | [string](#string) |  | Name of the user to update |
 | database | [string](#string) |  | Name of the database |
-| privileges | [SQLPrivilege](#immudb.schema.SQLPrivilege) | repeated | SQL privileges to grant / revoke |
+| privileges | [string](#string) | repeated | SQL privileges: SELECT, CREATE, INSERT, UPDATE, DELETE, DROP, ALTER |
 
 
 
@@ -1633,6 +1633,22 @@ Only succeed if given key was not modified after given transaction
 
 
 
+<a name="immudb.schema.SQLPrivilege"></a>
+
+### SQLPrivilege
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| database | [string](#string) |  | Database name |
+| privilege | [string](#string) |  | Privilege: SELECT, CREATE, INSERT, UPDATE, DELETE, DROP, ALTER |
+
+
+
+
+
+
 <a name="immudb.schema.SQLQueryRequest"></a>
 
 ### SQLQueryRequest
@@ -2488,24 +2504,6 @@ Reserved to reply with more advanced response later
 
 
 
-<a name="immudb.schema.SQLPrivilege"></a>
-
-### SQLPrivilege
-
-
-| Name | Number | Description |
-| ---- | ------ | ----------- |
-| UNKNOWN | 0 |  |
-| SELECT | 1 |  |
-| CREATE | 2 |  |
-| INSERT | 3 |  |
-| UPDATE | 4 |  |
-| DELETE | 5 |  |
-| DROP | 6 |  |
-| ALTER | 7 |  |
-
-
-
 <a name="immudb.schema.TxMode"></a>
 
 ### TxMode