8000 feat: support grant/revoke privilege on view by yezizp2012 · Pull Request #20670 · risingwavelabs/risingwave · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat: support grant/revoke privilege on view #20670

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Mar 3, 2025
Merged

feat: support grant/revoke privilege on view #20670

merged 7 commits into from
Mar 3, 2025

Conversation

yezizp2012
Copy link
Member
@yezizp2012 yezizp2012 commented Feb 28, 2025
edited
Loading

I hereby agree to the terms of the RisingWave Labs, Inc. Contributor License Agreement.

What's changed and what's your intention?

Resolved #6164 .
Fixed #8864 .

  1. support grant/revoke privilege on view.
  2. fix some privilege check.
  3. perform privilege checks during the binding stage.
GRANT {SELECT | INSERT | DELETE | UPDATE | ALL [PRIVILEGES]}
ON {VIEW view_name [, ...]
    | ALL VIEWS IN SCHEMA schema_name [, ...] }
TO user_name [WITH GRANT OPTION] [GRANTED BY user_name];

REVOKE {SELECT | INSERT | DELETE | UPDATE | ALL [PRIVILEGES]}
ON {VIEW view_name [, ...]
    | ALL VIEWS IN SCHEMA schema_name [, ...] }
FROM user_name [GRANTED BY user_name];

Checklist

  • I have written necessary rustdoc comments.
  • I have added necessary unit tests and integration tests.
  • I have added test labels as necessary.
  • I have added fuzzing tests or opened an issue to track them.
  • My PR contains breaking changes.
  • My PR changes performance-critical code, so I will run (micro) benchmarks and present the results.
  • My PR contains critical fixes that are necessary to be merged into the latest release.

Documentation

  • My PR needs documentation updates.
Release note

support view privilege management.

GRANT {SELECT | INSERT | DELETE | UPDATE | ALL [PRIVILEGES]}
ON {VIEW view_name [, ...]
    | ALL VIEWS IN SCHEMA schema_name [, ...] }
TO user_name [WITH GRANT OPTION] [GRANTED BY user_name];

REVOKE {SE
8000
LECT | INSERT | DELETE | UPDATE | ALL [PRIVILEGES]}
ON {VIEW view_name [, ...]
    | ALL VIEWS IN SCHEMA schema_name [, ...] }
FROM user_name [GRANTED BY user_name];

Copilot
Copilot AI reviewed Feb 28, 2025
View reviewed changes
Copy link
Contributor
@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@yezizp2012 yezizp2012 requested a review from Copilot February 28, 2025 09:45
Copilot
Copilot AI reviewed Feb 28, 2025
View reviewed changes
Copy link
Contributor
@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR adds support for granting/revoking privileges on views and refactors various privilege checks across the binder, handler, and catalog modules. Key changes include:

  • Adding privilege checks for views during binding.
  • Standardizing privilege verification by replacing direct check calls with has_privilege where appropriate.
  • Updating catalog and proto definitions to align with the new privilege management requirements.

Reviewed Changes

File Description
src/frontend/src/binder/relation/table_or_source.rs Updated privilege checks for sources, tables, and views; added new check_privilege for view relations.
src/frontend/src/handler/comment.rs Added additional ownership check after binding a table in comment-related requests.
src/frontend/src/binder/insert.rs Added privilege checks for insert operations using the new check_privilege.
src/frontend/src/binder/delete.rs Updated delete binding to check for privileges before proceeding.
src/frontend/src/catalog/system_catalog/mod.rs Adjusted sys view creation to use non-Arc types and updated schema fields.
src/frontend/src/binder/update.rs Updated update binding to perform privilege checks (note potential AclMode mismatch).
src/frontend/src/handler/handle_privilege.rs Removed redundant relation privilege resolution code.
src/frontend/src/expr/function_impl/pg_table_is_visible.rs Replaced check_privilege with has_privilege for schema access checks.
Other files (create_index, create_mv, create_sink, alter_rename, alter_owner, etc.) Consistent updates to privilege check calls and minor refactoring for clarity.
proto/user.proto Updated field numbers in GrantPrivilege message for compatibility.

Copilot reviewed 29 out of 29 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (1)

src/frontend/src/binder/update.rs:130

  • The privilege check in the update binder is using AclMode::Insert instead of the expected AclMode::Update. Consider changing it to AclMode::Update to properly reflect the update operation.
self.check_privilege(PbObject::TableId(table_catalog.id.table_id), table_catalog.database_id, AclMode::Insert, table_catalog.owner, )?;

@yezizp2012 yezizp2012 added the user-facing-changes Contains changes that are visible to users label Feb 28, 2025
@github-actions GitHub Actions
Copy link
Contributor

Hi, there.

📝 Telemetry Reminder:
If you're implementing this feature, please consider adding telemetry metrics to track its usage. This helps us understand how the feature is being used and improve it further.
You can find the function report_event of telemetry reporting in the following files. Feel free to ask questions if you need any guidance!

  • src/frontend/src/telemetry.rs
  • src/meta/src/telemetry.rs
  • src/stream/src/telemetry.rs
  • src/storage/compactor/src/telemetry.rs
    Or calling report_event_common (src/common/telemetry_event/src/lib.rs) as if finding it hard to implement.
    ✨ Thank you for your contribution to RisingWave! ✨

This is an automated comment created by the peaceiris/actions-label-commenter. Responding to the bot or mentioning it won't have any effect.

st1page
st1page approved these changes Mar 3, 2025
View reviewed changes
Copy link
Contributor
@st1page st1page left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fixes and refactoring.
generall LGTM

src/frontend/src/binder/insert.rs
Comment on lines +111 to +119
let bound_table = self.bind_table(schema_name.as_deref(), &table_name)?;
let table_catalog = &bound_table.table_catalog;
Self::check_for_dml(table_catalog, true)?;
self.check_privilege(
PbObject::TableId(table_catalog.id.table_id),
table_catalog.database_id,
AclMode::Insert,
table_catalog.owner,
)?;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we do not have privilege check for DML in the past?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the check was performed after the binding process was completed before this PR, which is prone to errors.

src/frontend/src/binder/relation/table_or_source.rs
Comment on lines +248 to +250
BindFor::Ddl | BindFor::System => {
// do nothing.
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In which case this branch will be processed?

@yezizp2012 yezizp2012 added this pull request to the merge queue Mar 3, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 3, 2025
@yezizp2012 yezizp2012 enabled auto-merge March 3, 2025 10:15
@yezizp2012 yezizp2012 added this pull request to the merge queue Mar 3, 2025
Merged via the queue into main with commit 8d8d47d Mar 3, 2025
32 of 34 checks passed
@yezizp2012 yezizp2012 deleted the zp/view-privilege branch March 3, 2025 11:44
@neverchanje neverchanje mentioned this pull request Mar 3, 2025
Closed
@yezizp2012 yezizp2012 mentioned this pull request Mar 17, 2025
Merged
8 tasks
@WanYixian WanYixian mentioned this pull request Mar 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@st1page st1page st1page approved these changes

@shanicky shanicky Awaiting requested review from shanicky

Assignees
No one assigned
Labels
ci/run-e2e-single-node-tests ci/run-e2e-test-other-backends type/feature Type: New feature. user-facing-changes Contains changes that are visible to users
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug(frontend): relations in subquery are not covered when check privileges feat: support privilege grant/revoke for logical view
2 participants
@yezizp2012 @st1page
0