github.com/matrixorigin/matrixone@v0.7.0/pkg/frontend/authenticate_test.go (about) 1 // Copyright 2021 Matrix Origin 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package frontend 16 17 import ( 18 "bytes" 19 "context" 20 "fmt" 21 "strings" 22 "testing" 23 "time" 24 25 "github.com/fagongzi/goetty/v2/buf" 26 "github.com/matrixorigin/matrixone/pkg/container/types" 27 28 "github.com/golang/mock/gomock" 29 "github.com/matrixorigin/matrixone/pkg/config" 30 "github.com/matrixorigin/matrixone/pkg/defines" 31 mock_frontend "github.com/matrixorigin/matrixone/pkg/frontend/test" 32 "github.com/matrixorigin/matrixone/pkg/pb/plan" 33 "github.com/matrixorigin/matrixone/pkg/sql/parsers/tree" 34 plan2 "github.com/matrixorigin/matrixone/pkg/sql/plan" 35 "github.com/prashantv/gostub" 36 "github.com/smartystreets/goconvey/convey" 37 ) 38 39 func TestGetTenantInfo(t *testing.T) { 40 convey.Convey("tenant", t, func() { 41 type input struct { 42 input string 43 output string 44 wantErr bool 45 } 46 args := []input{ 47 {"u1", "{account sys:u1: -- 0:0:0}", false}, 48 {"tenant1:u1", "{account tenant1:u1: -- 0:0:0}", false}, 49 {"tenant1:u1:r1", "{account tenant1:u1:r1 -- 0:0:0}", false}, 50 {":u1:r1", "{account tenant1:u1:r1 -- 0:0:0}", true}, 51 {"tenant1:u1:", "{account tenant1:u1:moadmin -- 0:0:0}", true}, 52 {"tenant1::r1", "{account tenant1::r1 -- 0:0:0}", true}, 53 {"tenant1: :r1", "{account tenant1::r1 -- 0:0:0}", true}, 54 {" : :r1", "{account tenant1::r1 -- 0:0:0}", true}, 55 {" tenant1 : u1 : r1 ", "{account tenant1:u1:r1 -- 0:0:0}", false}, 56 {"u1", "{account sys:u1: -- 0:0:0}", false}, 57 {"tenant1#u1", "{account tenant1#u1# -- 0#0#0}", false}, 58 {"tenant1#u1#r1", "{account tenant1#u1#r1 -- 0#0#0}", false}, 59 {"#u1#r1", "{account tenant1#u1#r1 -- 0#0#0}", true}, 60 {"tenant1#u1#", "{account tenant1#u1#moadmin -- 0#0#0}", true}, 61 {"tenant1##r1", "{account tenant1##r1 -- 0#0#0}", true}, 62 {"tenant1# #r1", "{account tenant1##r1 -- 0#0#0}", true}, 63 {" # #r1", "{account tenant1##r1 -- 0#0#0}", true}, 64 {" tenant1 # u1 # r1 ", "{account tenant1#u1#r1 -- 0#0#0}", false}, 65 } 66 67 for _, arg := range args { 68 ti, err := GetTenantInfo(context.TODO(), arg.input) 69 if arg.wantErr { 70 convey.So(err, convey.ShouldNotBeNil) 71 } else { 72 convey.So(err, convey.ShouldBeNil) 73 tis := ti.String() 74 convey.So(tis, convey.ShouldEqual, arg.output) 75 } 76 } 77 }) 78 79 convey.Convey("tenant op", t, func() { 80 ti := &TenantInfo{} 81 convey.So(ti.GetTenant(), convey.ShouldBeEmpty) 82 convey.So(ti.GetTenantID(), convey.ShouldBeZeroValue) 83 convey.So(ti.GetUser(), convey.ShouldBeEmpty) 84 convey.So(ti.GetUserID(), convey.ShouldBeZeroValue) 85 convey.So(ti.GetDefaultRole(), convey.ShouldBeEmpty) 86 convey.So(ti.GetDefaultRoleID(), convey.ShouldBeZeroValue) 87 88 ti.SetTenantID(10) 89 convey.So(ti.GetTenantID(), convey.ShouldEqual, 10) 90 ti.SetUserID(10) 91 convey.So(ti.GetUserID(), convey.ShouldEqual, 10) 92 ti.SetDefaultRoleID(10) 93 convey.So(ti.GetDefaultRoleID(), convey.ShouldEqual, 10) 94 95 convey.So(ti.IsSysTenant(), convey.ShouldBeFalse) 96 convey.So(ti.IsDefaultRole(), convey.ShouldBeFalse) 97 convey.So(ti.IsMoAdminRole(), convey.ShouldBeFalse) 98 99 convey.So(GetDefaultTenant(), convey.ShouldEqual, sysAccountName) 100 convey.So(GetDefaultRole(), convey.ShouldEqual, moAdminRoleName) 101 }) 102 } 103 104 func TestPrivilegeType_Scope(t *testing.T) { 105 convey.Convey("scope", t, func() { 106 pss := []struct { 107 ps PrivilegeScope 108 s string 109 }{ 110 {PrivilegeScopeSys, "sys"}, 111 {PrivilegeScopeAccount, "account"}, 112 {PrivilegeScopeUser, "user"}, 113 {PrivilegeScopeRole, "role"}, 114 {PrivilegeScopeDatabase, "database"}, 115 {PrivilegeScopeTable, "table"}, 116 {PrivilegeScopeRoutine, "routine"}, 117 {PrivilegeScopeSys | PrivilegeScopeRole | PrivilegeScopeRoutine, "sys,role,routine"}, 118 {PrivilegeScopeSys | PrivilegeScopeDatabase | PrivilegeScopeTable, "sys,database,table"}, 119 } 120 for _, scope := range pss { 121 convey.So(scope.ps.String(), convey.ShouldEqual, scope.s) 122 } 123 }) 124 } 125 126 func TestPrivilegeType(t *testing.T) { 127 convey.Convey("privilege type", t, func() { 128 type arg struct { 129 pt PrivilegeType 130 s string 131 sc PrivilegeScope 132 } 133 args := []arg{} 134 for i := PrivilegeTypeCreateAccount; i <= PrivilegeTypeExecute; i++ { 135 args = append(args, arg{pt: i, s: i.String(), sc: i.Scope()}) 136 } 137 for _, a := range args { 138 convey.So(a.pt.String(), convey.ShouldEqual, a.s) 139 convey.So(a.pt.Scope(), convey.ShouldEqual, a.sc) 140 } 141 }) 142 } 143 144 func TestFormSql(t *testing.T) { 145 convey.Convey("form sql", t, func() { 146 convey.So(getSqlForCheckTenant("a"), convey.ShouldEqual, fmt.Sprintf(checkTenantFormat, "a")) 147 convey.So(getSqlForPasswordOfUser("u"), convey.ShouldEqual, fmt.Sprintf(getPasswordOfUserFormat, "u")) 148 convey.So(getSqlForCheckRoleExists(0, "r"), convey.ShouldEqual, fmt.Sprintf(checkRoleExistsFormat, 0, "r")) 149 convey.So(getSqlForRoleIdOfRole("r"), convey.ShouldEqual, fmt.Sprintf(roleIdOfRoleFormat, "r")) 150 convey.So(getSqlForRoleOfUser(0, "r"), convey.ShouldEqual, fmt.Sprintf(getRoleOfUserFormat, 0, "r")) 151 }) 152 } 153 154 func Test_checkSysExistsOrNot(t *testing.T) { 155 convey.Convey("check sys tenant exists or not", t, func() { 156 ctrl := gomock.NewController(t) 157 defer ctrl.Finish() 158 159 pu := config.NewParameterUnit(&config.FrontendParameters{}, nil, nil, nil, nil) 160 pu.SV.SetDefaultValues() 161 162 ctx := context.WithValue(context.TODO(), config.ParameterUnitKey, pu) 163 164 bh := mock_frontend.NewMockBackgroundExec(ctrl) 165 bh.EXPECT().Close().Return().AnyTimes() 166 bh.EXPECT().Exec(gomock.Any(), gomock.Any()).Return(nil).AnyTimes() 167 bh.EXPECT().ClearExecResultSet().Return().AnyTimes() 168 169 mrs1 := mock_frontend.NewMockExecResult(ctrl) 170 dbs := make([]string, 0) 171 for k := range sysWantedDatabases { 172 dbs = append(dbs, k) 173 } 174 mrs1.EXPECT().GetRowCount().Return(uint64(len(sysWantedDatabases))).AnyTimes() 175 mrs1.EXPECT().GetString(gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx2 context.Context, r uint64, c uint64) (string, error) { 176 return dbs[r], nil 177 }).AnyTimes() 178 179 mrs2 := mock_frontend.NewMockExecResult(ctrl) 180 tables := make([]string, 0) 181 for k := range sysWantedTables { 182 tables = append(tables, k) 183 } 184 185 mrs2.EXPECT().GetRowCount().Return(uint64(len(sysWantedTables))).AnyTimes() 186 mrs2.EXPECT().GetString(gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx2 context.Context, r uint64, c uint64) (string, error) { 187 return tables[r], nil 188 }).AnyTimes() 189 190 rs := []ExecResult{ 191 mrs1, 192 mrs2, 193 } 194 195 cnt := 0 196 bh.EXPECT().GetExecResultSet().DoAndReturn(func() []interface{} { 197 old := cnt 198 cnt++ 199 if cnt >= len(rs) { 200 cnt = 0 201 } 202 return []interface{}{rs[old]} 203 }).AnyTimes() 204 205 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 206 defer bhStub.Reset() 207 208 exists, err := checkSysExistsOrNot(ctx, bh, pu) 209 convey.So(exists, convey.ShouldBeTrue) 210 convey.So(err, convey.ShouldBeNil) 211 212 // A mock autoIncrCaches. 213 aic := defines.AutoIncrCaches{} 214 215 err = InitSysTenant(ctx, aic) 216 convey.So(err, convey.ShouldBeNil) 217 }) 218 } 219 220 func Test_createTablesInMoCatalog(t *testing.T) { 221 convey.Convey("createTablesInMoCatalog", t, func() { 222 ctrl := gomock.NewController(t) 223 defer ctrl.Finish() 224 225 pu := config.NewParameterUnit(&config.FrontendParameters{}, nil, nil, nil, nil) 226 pu.SV.SetDefaultValues() 227 228 ctx := context.WithValue(context.TODO(), config.ParameterUnitKey, pu) 229 230 bh := mock_frontend.NewMockBackgroundExec(ctrl) 231 bh.EXPECT().Close().Return().AnyTimes() 232 bh.EXPECT().Exec(gomock.Any(), gomock.Any()).Return(nil).AnyTimes() 233 234 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 235 defer bhStub.Reset() 236 237 tenant := &TenantInfo{ 238 Tenant: sysAccountName, 239 User: rootName, 240 DefaultRole: moAdminRoleName, 241 TenantID: sysAccountID, 242 UserID: rootID, 243 DefaultRoleID: moAdminRoleID, 244 } 245 246 err := createTablesInMoCatalog(ctx, bh, tenant, pu) 247 convey.So(err, convey.ShouldBeNil) 248 249 err = createTablesInInformationSchema(ctx, bh, tenant, pu) 250 convey.So(err, convey.ShouldBeNil) 251 }) 252 } 253 254 func Test_checkTenantExistsOrNot(t *testing.T) { 255 convey.Convey("check tenant exists or not", t, func() { 256 ctrl := gomock.NewController(t) 257 defer ctrl.Finish() 258 259 pu := config.NewParameterUnit(&config.FrontendParameters{}, nil, nil, nil, nil) 260 pu.SV.SetDefaultValues() 261 262 ctx := context.WithValue(context.TODO(), config.ParameterUnitKey, pu) 263 264 bh := mock_frontend.NewMockBackgroundExec(ctrl) 265 bh.EXPECT().Close().Return().AnyTimes() 266 bh.EXPECT().Exec(gomock.Any(), gomock.Any()).Return(nil).AnyTimes() 267 268 mrs1 := mock_frontend.NewMockExecResult(ctrl) 269 mrs1.EXPECT().GetRowCount().Return(uint64(1)).AnyTimes() 270 271 bh.EXPECT().GetExecResultSet().Return([]interface{}{mrs1}).AnyTimes() 272 bh.EXPECT().ClearExecResultSet().Return().AnyTimes() 273 274 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 275 defer bhStub.Reset() 276 277 exists, err := checkTenantExistsOrNot(ctx, bh, "test") 278 convey.So(exists, convey.ShouldBeTrue) 279 convey.So(err, convey.ShouldBeNil) 280 281 tenant := &TenantInfo{ 282 Tenant: sysAccountName, 283 User: rootName, 284 DefaultRole: moAdminRoleName, 285 TenantID: sysAccountID, 286 UserID: rootID, 287 DefaultRoleID: moAdminRoleID, 288 } 289 290 ses := newSes(nil, ctrl) 291 ses.tenant = tenant 292 293 err = InitGeneralTenant(ctx, ses, &tree.CreateAccount{ 294 Name: "test", 295 IfNotExists: true, 296 AuthOption: tree.AccountAuthOption{ 297 AdminName: "root", 298 }, 299 }) 300 convey.So(err, convey.ShouldBeNil) 301 }) 302 } 303 304 func Test_createTablesInMoCatalogOfGeneralTenant(t *testing.T) { 305 convey.Convey("createTablesInMoCatalog", t, func() { 306 ctrl := gomock.NewController(t) 307 defer ctrl.Finish() 308 309 pu := config.NewParameterUnit(&config.FrontendParameters{}, nil, nil, nil, nil) 310 pu.SV.SetDefaultValues() 311 312 ctx := context.WithValue(context.TODO(), config.ParameterUnitKey, pu) 313 314 bh := mock_frontend.NewMockBackgroundExec(ctrl) 315 bh.EXPECT().Close().Return().AnyTimes() 316 bh.EXPECT().Exec(gomock.Any(), gomock.Any()).Return(nil).AnyTimes() 317 bh.EXPECT().ClearExecResultSet().Return().AnyTimes() 318 msr := newMrsForCheckTenant([][]interface{}{ 319 {1, "test"}, 320 }) 321 bh.EXPECT().GetExecResultSet().Return([]interface{}{msr}).AnyTimes() 322 323 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 324 defer bhStub.Reset() 325 326 tenant := &TenantInfo{ 327 Tenant: sysAccountName, 328 User: rootName, 329 DefaultRole: moAdminRoleName, 330 TenantID: sysAccountID, 331 UserID: rootID, 332 DefaultRoleID: moAdminRoleID, 333 } 334 335 ca := &tree.CreateAccount{ 336 Name: "test", 337 IfNotExists: true, 338 AuthOption: tree.AccountAuthOption{ 339 AdminName: "test_root", 340 IdentifiedType: tree.AccountIdentified{Typ: tree.AccountIdentifiedByPassword, Str: "123"}}, 341 Comment: tree.AccountComment{Exist: true, Comment: "test acccount"}, 342 } 343 344 newTi, _, _, err := createTablesInMoCatalogOfGeneralTenant(ctx, bh, tenant, pu, ca) 345 convey.So(err, convey.ShouldBeNil) 346 347 err = createTablesInInformationSchemaOfGeneralTenant(ctx, bh, tenant, pu, newTi) 348 convey.So(err, convey.ShouldBeNil) 349 }) 350 } 351 352 func Test_checkUserExistsOrNot(t *testing.T) { 353 convey.Convey("checkUserExistsOrNot", t, func() { 354 ctrl := gomock.NewController(t) 355 defer ctrl.Finish() 356 357 pu := config.NewParameterUnit(&config.FrontendParameters{}, nil, nil, nil, nil) 358 pu.SV.SetDefaultValues() 359 360 ctx := context.WithValue(context.TODO(), config.ParameterUnitKey, pu) 361 362 bh := mock_frontend.NewMockBackgroundExec(ctrl) 363 bh.EXPECT().Close().Return().AnyTimes() 364 bh.EXPECT().Exec(gomock.Any(), gomock.Any()).Return(nil).AnyTimes() 365 bh.EXPECT().ClearExecResultSet().Return().AnyTimes() 366 367 mrs1 := mock_frontend.NewMockExecResult(ctrl) 368 mrs1.EXPECT().GetRowCount().Return(uint64(1)).AnyTimes() 369 370 bh.EXPECT().GetExecResultSet().Return([]interface{}{mrs1}).AnyTimes() 371 372 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 373 defer bhStub.Reset() 374 375 exists, err := checkUserExistsOrNot(ctx, pu, "test") 376 convey.So(exists, convey.ShouldBeTrue) 377 convey.So(err, convey.ShouldBeNil) 378 379 tenant := &TenantInfo{ 380 Tenant: sysAccountName, 381 User: rootName, 382 DefaultRole: moAdminRoleName, 383 TenantID: sysAccountID, 384 UserID: rootID, 385 DefaultRoleID: moAdminRoleID, 386 } 387 388 ses := &Session{} 389 390 err = InitUser(ctx, ses, tenant, &tree.CreateUser{IfNotExists: true, Users: []*tree.User{{Username: "test"}}}) 391 convey.So(err, convey.ShouldBeNil) 392 }) 393 } 394 395 func Test_initFunction(t *testing.T) { 396 convey.Convey("init function", t, func() { 397 ctrl := gomock.NewController(t) 398 defer ctrl.Finish() 399 400 pu := config.NewParameterUnit(&config.FrontendParameters{}, nil, nil, nil, nil) 401 pu.SV.SetDefaultValues() 402 403 ctx := context.WithValue(context.TODO(), config.ParameterUnitKey, pu) 404 405 bh := mock_frontend.NewMockBackgroundExec(ctrl) 406 bh.EXPECT().ClearExecResultSet().AnyTimes() 407 bh.EXPECT().Close().Return().AnyTimes() 408 bh.EXPECT().Exec(gomock.Any(), gomock.Any()).Return(nil).AnyTimes() 409 rs := mock_frontend.NewMockExecResult(ctrl) 410 rs.EXPECT().GetRowCount().Return(uint64(0)).AnyTimes() 411 bh.EXPECT().GetExecResultSet().Return([]interface{}{rs}).AnyTimes() 412 413 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 414 defer bhStub.Reset() 415 416 locale := "" 417 418 cu := &tree.CreateFunction{ 419 Name: tree.NewFuncName("testFunc", 420 tree.ObjectNamePrefix{ 421 SchemaName: tree.Identifier("db"), 422 CatalogName: tree.Identifier(""), 423 ExplicitSchema: true, 424 ExplicitCatalog: false, 425 }, 426 ), 427 Args: nil, 428 ReturnType: tree.NewReturnType(&tree.T{ 429 InternalType: tree.InternalType{ 430 Family: tree.IntFamily, 431 FamilyString: "INT", 432 Width: 24, 433 Locale: &locale, 434 Oid: uint32(defines.MYSQL_TYPE_INT24), 435 }, 436 }), 437 Body: "", 438 Language: "sql", 439 } 440 441 tenant := &TenantInfo{ 442 Tenant: sysAccountName, 443 User: rootName, 444 DefaultRole: moAdminRoleName, 445 TenantID: sysAccountID, 446 UserID: rootID, 447 DefaultRoleID: moAdminRoleID, 448 } 449 450 ses := &Session{} 451 err := InitFunction(ctx, ses, tenant, cu) 452 convey.So(err, convey.ShouldBeNil) 453 }) 454 } 455 456 func Test_initUser(t *testing.T) { 457 convey.Convey("init user", t, func() { 458 ctrl := gomock.NewController(t) 459 defer ctrl.Finish() 460 461 pu := config.NewParameterUnit(&config.FrontendParameters{}, nil, nil, nil, nil) 462 pu.SV.SetDefaultValues() 463 464 ctx := context.WithValue(context.TODO(), config.ParameterUnitKey, pu) 465 sql2result := make(map[string]ExecResult) 466 467 cu := &tree.CreateUser{ 468 IfNotExists: true, 469 Users: []*tree.User{ 470 { 471 Username: "u1", 472 AuthOption: &tree.AccountIdentified{Typ: tree.AccountIdentifiedByPassword, Str: "123"}, 473 }, 474 { 475 Username: "u2", 476 AuthOption: &tree.AccountIdentified{Typ: tree.AccountIdentifiedByPassword, Str: "123"}, 477 }, 478 }, 479 Role: &tree.Role{UserName: "test_role"}, 480 MiscOpt: &tree.UserMiscOptionAccountUnlock{}, 481 } 482 483 mrs := newMrsForRoleIdOfRole([][]interface{}{ 484 {10}, 485 }) 486 487 sql := getSqlForRoleIdOfRole(cu.Role.UserName) 488 sql2result[sql] = mrs 489 490 for _, user := range cu.Users { 491 sql = getSqlForPasswordOfUser(user.Username) 492 mrs = newMrsForPasswordOfUser([][]interface{}{}) 493 sql2result[sql] = mrs 494 495 sql = getSqlForRoleIdOfRole(user.Username) 496 mrs = newMrsForRoleIdOfRole([][]interface{}{}) 497 sql2result[sql] = mrs 498 } 499 500 bh := newBh(ctrl, sql2result) 501 502 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 503 defer bhStub.Reset() 504 505 tenant := &TenantInfo{ 506 Tenant: sysAccountName, 507 User: rootName, 508 DefaultRole: moAdminRoleName, 509 TenantID: sysAccountID, 510 UserID: rootID, 511 DefaultRoleID: moAdminRoleID, 512 } 513 514 ses := &Session{} 515 err := InitUser(ctx, ses, tenant, cu) 516 convey.So(err, convey.ShouldBeError) 517 }) 518 } 519 520 func Test_initRole(t *testing.T) { 521 convey.Convey("init role", t, func() { 522 ctrl := gomock.NewController(t) 523 defer ctrl.Finish() 524 525 pu := config.NewParameterUnit(&config.FrontendParameters{}, nil, nil, nil, nil) 526 pu.SV.SetDefaultValues() 527 528 ctx := context.WithValue(context.TODO(), config.ParameterUnitKey, pu) 529 530 bh := mock_frontend.NewMockBackgroundExec(ctrl) 531 bh.EXPECT().ClearExecResultSet().AnyTimes() 532 bh.EXPECT().Close().Return().AnyTimes() 533 bh.EXPECT().Exec(gomock.Any(), gomock.Any()).Return(nil).AnyTimes() 534 rs := mock_frontend.NewMockExecResult(ctrl) 535 rs.EXPECT().GetRowCount().Return(uint64(0)).AnyTimes() 536 bh.EXPECT().GetExecResultSet().Return([]interface{}{rs}).AnyTimes() 537 538 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 539 defer bhStub.Reset() 540 541 tenant := &TenantInfo{ 542 Tenant: sysAccountName, 543 User: rootName, 544 DefaultRole: moAdminRoleName, 545 TenantID: sysAccountID, 546 UserID: rootID, 547 DefaultRoleID: moAdminRoleID, 548 } 549 550 cr := &tree.CreateRole{ 551 IfNotExists: true, 552 Roles: []*tree.Role{ 553 {UserName: "r1"}, 554 {UserName: "r2"}, 555 }, 556 } 557 ses := &Session{} 558 559 err := InitRole(ctx, ses, tenant, cr) 560 convey.So(err, convey.ShouldBeNil) 561 }) 562 } 563 564 func Test_determinePrivilege(t *testing.T) { 565 type arg struct { 566 stmt tree.Statement 567 priv *privilege 568 } 569 570 args := []arg{ 571 {stmt: &tree.CreateAccount{}}, 572 {stmt: &tree.DropAccount{}}, 573 {stmt: &tree.AlterAccount{}}, 574 {stmt: &tree.CreateUser{}}, 575 {stmt: &tree.DropUser{}}, 576 {stmt: &tree.AlterUser{}}, 577 {stmt: &tree.CreateRole{}}, 578 {stmt: &tree.DropRole{}}, 579 {stmt: &tree.GrantRole{}}, 580 {stmt: &tree.RevokeRole{}}, 581 {stmt: &tree.GrantPrivilege{}}, 582 {stmt: &tree.RevokePrivilege{}}, 583 {stmt: &tree.CreateDatabase{}}, 584 {stmt: &tree.DropDatabase{}}, 585 {stmt: &tree.ShowDatabases{}}, 586 {stmt: &tree.ShowCreateDatabase{}}, 587 {stmt: &tree.Use{}}, 588 {stmt: &tree.ShowTables{}}, 589 {stmt: &tree.ShowCreateTable{}}, 590 {stmt: &tree.ShowColumns{}}, 591 {stmt: &tree.ShowCreateView{}}, 592 {stmt: &tree.CreateTable{}}, 593 {stmt: &tree.CreateView{}}, 594 {stmt: &tree.DropTable{}}, 595 {stmt: &tree.DropView{}}, 596 {stmt: &tree.Select{}}, 597 {stmt: &tree.Insert{}}, 598 {stmt: &tree.Load{}}, 599 {stmt: &tree.Update{}}, 600 {stmt: &tree.Delete{}}, 601 {stmt: &tree.CreateIndex{}}, 602 {stmt: &tree.DropIndex{}}, 603 {stmt: &tree.ShowIndex{}}, 604 {stmt: &tree.ShowProcessList{}}, 605 {stmt: &tree.ShowErrors{}}, 606 {stmt: &tree.ShowWarnings{}}, 607 {stmt: &tree.ShowVariables{}}, 608 {stmt: &tree.ShowStatus{}}, 609 {stmt: &tree.ExplainFor{}}, 610 {stmt: &tree.ExplainAnalyze{}}, 611 {stmt: &tree.ExplainStmt{}}, 612 {stmt: &tree.BeginTransaction{}}, 613 {stmt: &tree.CommitTransaction{}}, 614 {stmt: &tree.RollbackTransaction{}}, 615 {stmt: &tree.SetVar{}}, 616 {stmt: &tree.SetDefaultRole{}}, 617 {stmt: &tree.SetRole{}}, 618 {stmt: &tree.SetPassword{}}, 619 {stmt: &tree.PrepareStmt{}}, 620 {stmt: &tree.PrepareString{}}, 621 {stmt: &tree.Deallocate{}}, 622 } 623 624 for i := 0; i < len(args); i++ { 625 args[i].priv = determinePrivilegeSetOfStatement(args[i].stmt) 626 } 627 628 convey.Convey("privilege of statement", t, func() { 629 for i := 0; i < len(args); i++ { 630 priv := determinePrivilegeSetOfStatement(args[i].stmt) 631 convey.So(priv, convey.ShouldResemble, args[i].priv) 632 } 633 }) 634 } 635 636 func Test_determineCreateAccount(t *testing.T) { 637 convey.Convey("create/drop/alter account succ", t, func() { 638 ctrl := gomock.NewController(t) 639 defer ctrl.Finish() 640 641 stmt := &tree.CreateAccount{} 642 priv := determinePrivilegeSetOfStatement(stmt) 643 ses := newSes(priv, ctrl) 644 645 rowsOfMoUserGrant := [][]interface{}{ 646 {0, false}, 647 } 648 roleIdsInMoRolePrivs := []int{0} 649 rowsOfMoRolePrivs := [][]interface{}{ 650 {0, true}, 651 } 652 653 sql2result := makeSql2ExecResult(0, rowsOfMoUserGrant, 654 roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, 655 nil, nil) 656 657 bh := newBh(ctrl, sql2result) 658 659 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 660 defer bhStub.Reset() 661 662 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 663 convey.So(err, convey.ShouldBeNil) 664 convey.So(ok, convey.ShouldBeTrue) 665 }) 666 667 convey.Convey("create/drop/alter account fail", t, func() { 668 ctrl := gomock.NewController(t) 669 defer ctrl.Finish() 670 671 stmt := &tree.CreateAccount{} 672 priv := determinePrivilegeSetOfStatement(stmt) 673 ses := newSes(priv, ctrl) 674 675 rowsOfMoUserGrant := [][]interface{}{ 676 {0, false}, 677 } 678 roleIdsInMoRolePrivs := []int{0, 1} 679 rowsOfMoRolePrivs := [][]interface{}{} 680 681 //actually no role dependency loop 682 roleIdsInMoRoleGrant := []int{0, 1} 683 rowsOfMoRoleGrant := [][]interface{}{ 684 {1, true}, 685 } 686 687 sql2result := makeSql2ExecResult(0, rowsOfMoUserGrant, 688 roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, 689 roleIdsInMoRoleGrant, rowsOfMoRoleGrant) 690 691 bh := newBh(ctrl, sql2result) 692 693 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 694 defer bhStub.Reset() 695 696 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 697 convey.So(err, convey.ShouldBeNil) 698 convey.So(ok, convey.ShouldBeFalse) 699 }) 700 } 701 702 func Test_determineCreateUser(t *testing.T) { 703 convey.Convey("create user succ", t, func() { 704 ctrl := gomock.NewController(t) 705 defer ctrl.Finish() 706 707 stmt := &tree.CreateUser{} 708 priv := determinePrivilegeSetOfStatement(stmt) 709 ses := newSes(priv, ctrl) 710 711 rowsOfMoUserGrant := [][]interface{}{ 712 {0, false}, 713 } 714 roleIdsInMoRolePrivs := []int{0} 715 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 716 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 717 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 718 } 719 720 //without privilege create user, all 721 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 722 rowsOfMoRolePrivs[0][1] = [][]interface{}{ 723 {0, true}, 724 } 725 726 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, nil, nil, nil, nil) 727 728 bh := newBh(ctrl, sql2result) 729 730 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 731 defer bhStub.Reset() 732 733 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 734 convey.So(err, convey.ShouldBeNil) 735 convey.So(ok, convey.ShouldBeTrue) 736 }) 737 convey.Convey("create user succ 2", t, func() { 738 ctrl := gomock.NewController(t) 739 defer ctrl.Finish() 740 741 stmt := &tree.CreateUser{} 742 priv := determinePrivilegeSetOfStatement(stmt) 743 ses := newSes(priv, ctrl) 744 745 rowsOfMoUserGrant := [][]interface{}{ 746 {0, false}, 747 } 748 roleIdsInMoRolePrivs := []int{0, 1} 749 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 750 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 751 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 752 } 753 754 //role 0 without privilege create user, all, ownership 755 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 756 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 757 758 //role 1 with privilege create user 759 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 760 {1, true}, 761 } 762 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 763 764 //grant role 1 to role 0 765 roleIdsInMoRoleGrant := []int{0} 766 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 767 rowsOfMoRoleGrant[0] = [][]interface{}{ 768 {1, true}, 769 } 770 771 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 772 773 bh := newBh(ctrl, sql2result) 774 775 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 776 defer bhStub.Reset() 777 778 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 779 convey.So(err, convey.ShouldBeNil) 780 convey.So(ok, convey.ShouldBeTrue) 781 }) 782 convey.Convey("create user fail", t, func() { 783 ctrl := gomock.NewController(t) 784 defer ctrl.Finish() 785 786 stmt := &tree.CreateUser{} 787 priv := determinePrivilegeSetOfStatement(stmt) 788 ses := newSes(priv, ctrl) 789 790 rowsOfMoUserGrant := [][]interface{}{ 791 {0, false}, 792 } 793 roleIdsInMoRolePrivs := []int{0, 1, 2} 794 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 795 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 796 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 797 } 798 799 //role 0 without privilege create user, all, ownership 800 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 801 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 802 803 //role 1 without privilege create user, all, ownership 804 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 805 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 806 807 //role 2 without privilege create user, all, ownership 808 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 809 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 810 811 roleIdsInMoRoleGrant := []int{0, 1, 2} 812 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 813 //grant role 1 to role 0 814 rowsOfMoRoleGrant[0] = [][]interface{}{ 815 {1, true}, 816 } 817 //grant role 2 to role 1 818 rowsOfMoRoleGrant[1] = [][]interface{}{ 819 {2, true}, 820 } 821 rowsOfMoRoleGrant[2] = [][]interface{}{} 822 823 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 824 825 bh := newBh(ctrl, sql2result) 826 827 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 828 defer bhStub.Reset() 829 830 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 831 convey.So(err, convey.ShouldBeNil) 832 convey.So(ok, convey.ShouldBeFalse) 833 }) 834 } 835 836 func Test_determineDropUser(t *testing.T) { 837 convey.Convey("drop/alter user succ", t, func() { 838 ctrl := gomock.NewController(t) 839 defer ctrl.Finish() 840 841 stmt := &tree.DropUser{} 842 priv := determinePrivilegeSetOfStatement(stmt) 843 ses := newSes(priv, ctrl) 844 845 rowsOfMoUserGrant := [][]interface{}{ 846 {0, false}, 847 } 848 roleIdsInMoRolePrivs := []int{0} 849 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 850 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 851 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 852 } 853 854 //with privilege drop user 855 rowsOfMoRolePrivs[0][0] = [][]interface{}{ 856 {0, true}, 857 } 858 //without privilege all 859 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 860 861 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, nil, nil, nil, nil) 862 863 bh := newBh(ctrl, sql2result) 864 865 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 866 defer bhStub.Reset() 867 868 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 869 convey.So(err, convey.ShouldBeNil) 870 convey.So(ok, convey.ShouldBeTrue) 871 }) 872 convey.Convey("drop/alter user succ 2", t, func() { 873 ctrl := gomock.NewController(t) 874 defer ctrl.Finish() 875 876 stmt := &tree.DropUser{} 877 priv := determinePrivilegeSetOfStatement(stmt) 878 ses := newSes(priv, ctrl) 879 880 rowsOfMoUserGrant := [][]interface{}{ 881 {0, false}, 882 } 883 roleIdsInMoRolePrivs := []int{0, 1} 884 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 885 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 886 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 887 } 888 889 //role 0 without privilege drop user, all, account/user ownership 890 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 891 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 892 893 //role 1 with privilege drop user 894 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 895 {1, true}, 896 } 897 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 898 899 //grant role 1 to role 0 900 roleIdsInMoRoleGrant := []int{0} 901 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 902 rowsOfMoRoleGrant[0] = [][]interface{}{ 903 {1, true}, 904 } 905 906 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 907 908 bh := newBh(ctrl, sql2result) 909 910 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 911 defer bhStub.Reset() 912 913 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 914 convey.So(err, convey.ShouldBeNil) 915 convey.So(ok, convey.ShouldBeTrue) 916 }) 917 convey.Convey("drop/alter user fail", t, func() { 918 ctrl := gomock.NewController(t) 919 defer ctrl.Finish() 920 921 stmt := &tree.DropUser{} 922 priv := determinePrivilegeSetOfStatement(stmt) 923 ses := newSes(priv, ctrl) 924 925 rowsOfMoUserGrant := [][]interface{}{ 926 {0, false}, 927 } 928 roleIdsInMoRolePrivs := []int{0, 1, 2} 929 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 930 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 931 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 932 } 933 934 //role 0 without privilege drop user, all, ownership 935 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 936 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 937 938 //role 1 without privilege drop user, all, ownership 939 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 940 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 941 942 //role 2 without privilege drop user, all, ownership 943 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 944 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 945 946 roleIdsInMoRoleGrant := []int{0, 1, 2} 947 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 948 //grant role 1 to role 0 949 rowsOfMoRoleGrant[0] = [][]interface{}{ 950 {1, true}, 951 } 952 //grant role 2 to role 1 953 rowsOfMoRoleGrant[1] = [][]interface{}{ 954 {2, true}, 955 } 956 rowsOfMoRoleGrant[2] = [][]interface{}{} 957 958 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 959 960 bh := newBh(ctrl, sql2result) 961 962 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 963 defer bhStub.Reset() 964 965 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 966 convey.So(err, convey.ShouldBeNil) 967 convey.So(ok, convey.ShouldBeFalse) 968 }) 969 } 970 971 func Test_determineCreateRole(t *testing.T) { 972 convey.Convey("create role succ", t, func() { 973 ctrl := gomock.NewController(t) 974 defer ctrl.Finish() 975 976 stmt := &tree.CreateRole{} 977 priv := determinePrivilegeSetOfStatement(stmt) 978 ses := newSes(priv, ctrl) 979 980 rowsOfMoUserGrant := [][]interface{}{ 981 {0, false}, 982 } 983 roleIdsInMoRolePrivs := []int{0} 984 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 985 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 986 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 987 } 988 989 //with privilege create role 990 rowsOfMoRolePrivs[0][0] = [][]interface{}{ 991 {0, true}, 992 } 993 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 994 995 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, nil, nil, nil, nil) 996 997 bh := newBh(ctrl, sql2result) 998 999 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1000 defer bhStub.Reset() 1001 1002 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 1003 convey.So(err, convey.ShouldBeNil) 1004 convey.So(ok, convey.ShouldBeTrue) 1005 }) 1006 convey.Convey("create role succ 2", t, func() { 1007 ctrl := gomock.NewController(t) 1008 defer ctrl.Finish() 1009 1010 stmt := &tree.CreateRole{} 1011 priv := determinePrivilegeSetOfStatement(stmt) 1012 ses := newSes(priv, ctrl) 1013 1014 rowsOfMoUserGrant := [][]interface{}{ 1015 {0, false}, 1016 } 1017 roleIdsInMoRolePrivs := []int{0, 1} 1018 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1019 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1020 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1021 } 1022 1023 //role 0 without privilege create role, all, ownership 1024 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 1025 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1026 1027 //role 1 with privilege create role 1028 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 1029 {1, true}, 1030 } 1031 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 1032 1033 //grant role 1 to role 0 1034 roleIdsInMoRoleGrant := []int{0} 1035 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 1036 rowsOfMoRoleGrant[0] = [][]interface{}{ 1037 {1, true}, 1038 } 1039 1040 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 1041 1042 bh := newBh(ctrl, sql2result) 1043 1044 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1045 defer bhStub.Reset() 1046 1047 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 1048 convey.So(err, convey.ShouldBeNil) 1049 convey.So(ok, convey.ShouldBeTrue) 1050 }) 1051 convey.Convey("create role fail", t, func() { 1052 ctrl := gomock.NewController(t) 1053 defer ctrl.Finish() 1054 1055 stmt := &tree.CreateRole{} 1056 priv := determinePrivilegeSetOfStatement(stmt) 1057 ses := newSes(priv, ctrl) 1058 1059 rowsOfMoUserGrant := [][]interface{}{ 1060 {0, false}, 1061 } 1062 roleIdsInMoRolePrivs := []int{0, 1, 2} 1063 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1064 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1065 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1066 } 1067 1068 //role 0 without privilege create role, all, ownership 1069 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 1070 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1071 1072 //role 1 without privilege create role, all, ownership 1073 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 1074 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 1075 1076 //role 2 without privilege create role, all, ownership 1077 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 1078 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 1079 1080 roleIdsInMoRoleGrant := []int{0, 1, 2} 1081 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 1082 //grant role 1 to role 0 1083 rowsOfMoRoleGrant[0] = [][]interface{}{ 1084 {1, true}, 1085 } 1086 //grant role 2 to role 1 1087 rowsOfMoRoleGrant[1] = [][]interface{}{ 1088 {2, true}, 1089 } 1090 rowsOfMoRoleGrant[2] = [][]interface{}{} 1091 1092 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 1093 1094 bh := newBh(ctrl, sql2result) 1095 1096 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1097 defer bhStub.Reset() 1098 1099 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 1100 convey.So(err, convey.ShouldBeNil) 1101 convey.So(ok, convey.ShouldBeFalse) 1102 }) 1103 } 1104 1105 func Test_determineDropRole(t *testing.T) { 1106 convey.Convey("drop/alter role succ", t, func() { 1107 ctrl := gomock.NewController(t) 1108 defer ctrl.Finish() 1109 1110 stmt := &tree.DropRole{} 1111 priv := determinePrivilegeSetOfStatement(stmt) 1112 ses := newSes(priv, ctrl) 1113 1114 rowsOfMoUserGrant := [][]interface{}{ 1115 {0, false}, 1116 } 1117 roleIdsInMoRolePrivs := []int{0} 1118 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1119 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1120 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1121 } 1122 1123 //with privilege drop role 1124 rowsOfMoRolePrivs[0][0] = [][]interface{}{ 1125 {0, true}, 1126 } 1127 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1128 1129 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, nil, nil, nil, nil) 1130 1131 bh := newBh(ctrl, sql2result) 1132 1133 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1134 defer bhStub.Reset() 1135 1136 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 1137 convey.So(err, convey.ShouldBeNil) 1138 convey.So(ok, convey.ShouldBeTrue) 1139 }) 1140 convey.Convey("drop/alter role succ 2", t, func() { 1141 ctrl := gomock.NewController(t) 1142 defer ctrl.Finish() 1143 1144 stmt := &tree.DropRole{} 1145 priv := determinePrivilegeSetOfStatement(stmt) 1146 ses := newSes(priv, ctrl) 1147 1148 rowsOfMoUserGrant := [][]interface{}{ 1149 {0, false}, 1150 } 1151 roleIdsInMoRolePrivs := []int{0, 1} 1152 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1153 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1154 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1155 } 1156 1157 //role 0 without privilege drop role, all, ownership 1158 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 1159 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1160 1161 //role 1 with privilege drop role 1162 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 1163 {1, true}, 1164 } 1165 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 1166 1167 //grant role 1 to role 0 1168 roleIdsInMoRoleGrant := []int{0} 1169 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 1170 rowsOfMoRoleGrant[0] = [][]interface{}{ 1171 {1, true}, 1172 } 1173 1174 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 1175 1176 bh := newBh(ctrl, sql2result) 1177 1178 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1179 defer bhStub.Reset() 1180 1181 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 1182 convey.So(err, convey.ShouldBeNil) 1183 convey.So(ok, convey.ShouldBeTrue) 1184 }) 1185 convey.Convey("drop/alter role fail", t, func() { 1186 ctrl := gomock.NewController(t) 1187 defer ctrl.Finish() 1188 1189 stmt := &tree.DropRole{} 1190 priv := determinePrivilegeSetOfStatement(stmt) 1191 ses := newSes(priv, ctrl) 1192 1193 rowsOfMoUserGrant := [][]interface{}{ 1194 {0, false}, 1195 } 1196 roleIdsInMoRolePrivs := []int{0, 1, 2} 1197 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1198 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1199 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1200 } 1201 1202 //role 0 without privilege drop role, all, ownership 1203 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 1204 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1205 1206 //role 1 without privilege drop role, all, ownership 1207 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 1208 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 1209 1210 //role 2 without privilege drop role, all, ownership 1211 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 1212 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 1213 1214 roleIdsInMoRoleGrant := []int{0, 1, 2} 1215 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 1216 //grant role 1 to role 0 1217 rowsOfMoRoleGrant[0] = [][]interface{}{ 1218 {1, true}, 1219 } 1220 //grant role 2 to role 1 1221 rowsOfMoRoleGrant[1] = [][]interface{}{ 1222 {2, true}, 1223 } 1224 rowsOfMoRoleGrant[2] = [][]interface{}{} 1225 1226 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 1227 1228 bh := newBh(ctrl, sql2result) 1229 1230 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1231 defer bhStub.Reset() 1232 1233 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 1234 convey.So(err, convey.ShouldBeNil) 1235 convey.So(ok, convey.ShouldBeFalse) 1236 }) 1237 } 1238 1239 func Test_determineGrantRole(t *testing.T) { 1240 convey.Convey("grant role succ", t, func() { 1241 ctrl := gomock.NewController(t) 1242 defer ctrl.Finish() 1243 1244 stmt := &tree.GrantRole{} 1245 priv := determinePrivilegeSetOfStatement(stmt) 1246 ses := newSes(priv, ctrl) 1247 1248 rowsOfMoUserGrant := [][]interface{}{ 1249 {0, false}, 1250 } 1251 roleIdsInMoRolePrivs := []int{0} 1252 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1253 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1254 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1255 } 1256 1257 //with privilege manage grants 1258 rowsOfMoRolePrivs[0][0] = [][]interface{}{ 1259 {0, true}, 1260 } 1261 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1262 1263 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, 1264 roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, 1265 nil, nil, nil, nil) 1266 1267 bh := newBh(ctrl, sql2result) 1268 1269 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1270 defer bhStub.Reset() 1271 1272 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 1273 convey.So(err, convey.ShouldBeNil) 1274 convey.So(ok, convey.ShouldBeTrue) 1275 }) 1276 1277 convey.Convey("grant role succ 2", t, func() { 1278 ctrl := gomock.NewController(t) 1279 defer ctrl.Finish() 1280 1281 stmt := &tree.GrantRole{} 1282 priv := determinePrivilegeSetOfStatement(stmt) 1283 ses := newSes(priv, ctrl) 1284 1285 rowsOfMoUserGrant := [][]interface{}{ 1286 {0, false}, 1287 } 1288 roleIdsInMoRolePrivs := []int{0, 1} 1289 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1290 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1291 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1292 } 1293 1294 //role 0 without privilege manage grants, all, ownership 1295 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 1296 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1297 1298 //role 1 with privilege manage grants 1299 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 1300 {1, true}, 1301 } 1302 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 1303 1304 //grant role 1 to role 0 1305 roleIdsInMoRoleGrant := []int{0} 1306 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 1307 rowsOfMoRoleGrant[0] = [][]interface{}{ 1308 {1, true}, 1309 } 1310 1311 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, 1312 roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, 1313 roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 1314 bh := newBh(ctrl, sql2result) 1315 1316 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1317 defer bhStub.Reset() 1318 1319 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 1320 convey.So(err, convey.ShouldBeNil) 1321 convey.So(ok, convey.ShouldBeTrue) 1322 }) 1323 1324 convey.Convey("grant role succ 3 (mo_role_grant + with_grant_option)", t, func() { 1325 ctrl := gomock.NewController(t) 1326 defer ctrl.Finish() 1327 1328 roleNames := []string{ 1329 "r1", 1330 "r2", 1331 "r3", 1332 } 1333 1334 g := &tree.Grant{ 1335 Typ: tree.GrantTypeRole, 1336 } 1337 gr := &g.GrantRole 1338 for _, name := range roleNames { 1339 gr.Roles = append(gr.Roles, &tree.Role{UserName: name}) 1340 } 1341 priv := determinePrivilegeSetOfStatement(g) 1342 ses := newSes(priv, ctrl) 1343 1344 rowsOfMoUserGrant := [][]interface{}{ 1345 {0, false}, 1346 } 1347 roleIdsInMoRolePrivs := []int{0, 1, 5, 6, 7} 1348 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1349 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1350 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1351 } 1352 1353 //role 0 without privilege manage grants, all, ownership 1354 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 1355 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1356 1357 //role 1 without privilege manage grants 1358 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 1359 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 1360 1361 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 1362 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 1363 1364 rowsOfMoRolePrivs[3][0] = [][]interface{}{} 1365 rowsOfMoRolePrivs[3][1] = [][]interface{}{} 1366 1367 rowsOfMoRolePrivs[4][0] = [][]interface{}{} 1368 rowsOfMoRolePrivs[4][1] = [][]interface{}{} 1369 1370 //grant role 1,5,6,7 to role 0 1371 roleIdsInMoRoleGrant := []int{0, 1, 5, 6, 7} 1372 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 1373 rowsOfMoRoleGrant[0] = [][]interface{}{ 1374 {1, true}, 1375 {5, true}, 1376 {6, true}, 1377 {7, true}, 1378 } 1379 rowsOfMoRoleGrant[1] = [][]interface{}{} 1380 rowsOfMoRoleGrant[2] = [][]interface{}{} 1381 rowsOfMoRoleGrant[3] = [][]interface{}{} 1382 rowsOfMoRoleGrant[4] = [][]interface{}{} 1383 1384 grantedIds := []int{0, 1, 5, 6, 7} 1385 granteeRows := make([][][]interface{}, len(grantedIds)) 1386 granteeRows[0] = [][]interface{}{} 1387 granteeRows[1] = [][]interface{}{} 1388 granteeRows[2] = [][]interface{}{ 1389 {0}, 1390 } 1391 granteeRows[3] = [][]interface{}{ 1392 {0}, 1393 } 1394 granteeRows[4] = [][]interface{}{ 1395 {0}, 1396 } 1397 1398 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, 1399 roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, 1400 roleIdsInMoRoleGrant, rowsOfMoRoleGrant, 1401 grantedIds, granteeRows) 1402 1403 //fill mo_role 1404 rowsOfMoRole := make([][][]interface{}, len(roleNames)) 1405 rowsOfMoRole[0] = [][]interface{}{ 1406 {5}, 1407 } 1408 rowsOfMoRole[1] = [][]interface{}{ 1409 {6}, 1410 } 1411 rowsOfMoRole[2] = [][]interface{}{ 1412 {7}, 1413 } 1414 makeRowsOfMoRole(sql2result, roleNames, rowsOfMoRole) 1415 1416 bh := newBh(ctrl, sql2result) 1417 1418 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1419 defer bhStub.Reset() 1420 1421 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, g) 1422 convey.So(err, convey.ShouldBeNil) 1423 convey.So(ok, convey.ShouldBeTrue) 1424 }) 1425 1426 convey.Convey("grant role succ 4 (mo_user_grant + with_grant_option)", t, func() { 1427 ctrl := gomock.NewController(t) 1428 defer ctrl.Finish() 1429 1430 roleNames := []string{ 1431 "r1", 1432 "r2", 1433 "r3", 1434 } 1435 1436 g := &tree.Grant{ 1437 Typ: tree.GrantTypeRole, 1438 } 1439 gr := &g.GrantRole 1440 for _, name := range roleNames { 1441 gr.Roles = append(gr.Roles, &tree.Role{UserName: name}) 1442 } 1443 priv := determinePrivilegeSetOfStatement(g) 1444 ses := newSes(priv, ctrl) 1445 1446 rowsOfMoUserGrant := [][]interface{}{ 1447 {0, false}, 1448 {5, true}, 1449 {6, true}, 1450 {7, true}, 1451 } 1452 roleIdsInMoRolePrivs := []int{0, 1, 5, 6, 7} 1453 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1454 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1455 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1456 } 1457 1458 //role 0 without privilege manage grants, all, ownership 1459 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 1460 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1461 1462 //role 1 without privilege manage grants 1463 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 1464 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 1465 1466 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 1467 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 1468 1469 rowsOfMoRolePrivs[3][0] = [][]interface{}{} 1470 rowsOfMoRolePrivs[3][1] = [][]interface{}{} 1471 1472 rowsOfMoRolePrivs[4][0] = [][]interface{}{} 1473 rowsOfMoRolePrivs[4][1] = [][]interface{}{} 1474 1475 //grant role 1,5,6,7 to role 0 1476 roleIdsInMoRoleGrant := []int{0, 1, 5, 6, 7} 1477 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 1478 rowsOfMoRoleGrant[0] = [][]interface{}{ 1479 {1, true}, 1480 } 1481 rowsOfMoRoleGrant[1] = [][]interface{}{} 1482 rowsOfMoRoleGrant[2] = [][]interface{}{} 1483 rowsOfMoRoleGrant[3] = [][]interface{}{} 1484 rowsOfMoRoleGrant[4] = [][]interface{}{} 1485 1486 grantedIds := []int{0, 1, 5, 6, 7} 1487 granteeRows := make([][][]interface{}, len(grantedIds)) 1488 granteeRows[0] = [][]interface{}{} 1489 granteeRows[1] = [][]interface{}{} 1490 granteeRows[2] = [][]interface{}{ 1491 {0}, 1492 } 1493 granteeRows[3] = [][]interface{}{ 1494 {0}, 1495 } 1496 granteeRows[4] = [][]interface{}{ 1497 {0}, 1498 } 1499 1500 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, 1501 roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, 1502 roleIdsInMoRoleGrant, rowsOfMoRoleGrant, 1503 grantedIds, granteeRows) 1504 1505 //fill mo_role 1506 rowsOfMoRole := make([][][]interface{}, len(roleNames)) 1507 rowsOfMoRole[0] = [][]interface{}{ 1508 {5}, 1509 } 1510 rowsOfMoRole[1] = [][]interface{}{ 1511 {6}, 1512 } 1513 rowsOfMoRole[2] = [][]interface{}{ 1514 {7}, 1515 } 1516 makeRowsOfMoRole(sql2result, roleNames, rowsOfMoRole) 1517 1518 bh := newBh(ctrl, sql2result) 1519 1520 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1521 defer bhStub.Reset() 1522 1523 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, g) 1524 convey.So(err, convey.ShouldBeNil) 1525 convey.So(ok, convey.ShouldBeTrue) 1526 }) 1527 1528 convey.Convey("grant role fail 1 (mo_user_grant + with_grant_option)", t, func() { 1529 ctrl := gomock.NewController(t) 1530 defer ctrl.Finish() 1531 1532 roleNames := []string{ 1533 "r1", 1534 "r2", 1535 "r3", 1536 } 1537 1538 g := &tree.Grant{ 1539 Typ: tree.GrantTypeRole, 1540 } 1541 gr := &g.GrantRole 1542 for _, name := range roleNames { 1543 gr.Roles = append(gr.Roles, &tree.Role{UserName: name}) 1544 } 1545 priv := determinePrivilegeSetOfStatement(g) 1546 ses := newSes(priv, ctrl) 1547 1548 rowsOfMoUserGrant := [][]interface{}{ 1549 {0, false}, 1550 {5, true}, 1551 {6, false}, 1552 {7, true}, 1553 } 1554 roleIdsInMoRolePrivs := []int{0, 1, 5, 6, 7} 1555 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1556 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1557 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1558 } 1559 1560 //role 0 without privilege manage grants, all, ownership 1561 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 1562 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1563 1564 //role 1 without privilege manage grants 1565 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 1566 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 1567 1568 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 1569 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 1570 1571 rowsOfMoRolePrivs[3][0] = [][]interface{}{} 1572 rowsOfMoRolePrivs[3][1] = [][]interface{}{} 1573 1574 rowsOfMoRolePrivs[4][0] = [][]interface{}{} 1575 rowsOfMoRolePrivs[4][1] = [][]interface{}{} 1576 1577 //grant role 1,5,6,7 to role 0 1578 roleIdsInMoRoleGrant := []int{0, 1, 5, 6, 7} 1579 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 1580 rowsOfMoRoleGrant[0] = [][]interface{}{ 1581 {1, true}, 1582 } 1583 rowsOfMoRoleGrant[1] = [][]interface{}{} 1584 rowsOfMoRoleGrant[2] = [][]interface{}{} 1585 rowsOfMoRoleGrant[3] = [][]interface{}{} 1586 rowsOfMoRoleGrant[4] = [][]interface{}{} 1587 1588 grantedIds := []int{0, 1, 5, 6, 7} 1589 granteeRows := make([][][]interface{}, len(grantedIds)) 1590 granteeRows[0] = [][]interface{}{} 1591 granteeRows[1] = [][]interface{}{} 1592 granteeRows[2] = [][]interface{}{ 1593 {0}, 1594 } 1595 granteeRows[3] = [][]interface{}{} 1596 granteeRows[4] = [][]interface{}{ 1597 {0}, 1598 } 1599 1600 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, 1601 roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, 1602 roleIdsInMoRoleGrant, rowsOfMoRoleGrant, grantedIds, granteeRows) 1603 1604 //fill mo_role 1605 rowsOfMoRole := make([][][]interface{}, len(roleNames)) 1606 rowsOfMoRole[0] = [][]interface{}{ 1607 {5}, 1608 } 1609 rowsOfMoRole[1] = [][]interface{}{ 1610 {6}, 1611 } 1612 rowsOfMoRole[2] = [][]interface{}{ 1613 {7}, 1614 } 1615 makeRowsOfMoRole(sql2result, roleNames, rowsOfMoRole) 1616 1617 bh := newBh(ctrl, sql2result) 1618 1619 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1620 defer bhStub.Reset() 1621 1622 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, g) 1623 convey.So(err, convey.ShouldBeNil) 1624 convey.So(ok, convey.ShouldBeFalse) 1625 }) 1626 1627 convey.Convey("grant role fail 2 (mo_role_grant + with_grant_option)", t, func() { 1628 ctrl := gomock.NewController(t) 1629 defer ctrl.Finish() 1630 1631 roleNames := []string{ 1632 "r1", 1633 "r2", 1634 "r3", 1635 } 1636 1637 g := &tree.Grant{ 1638 Typ: tree.GrantTypeRole, 1639 } 1640 gr := &g.GrantRole 1641 for _, name := range roleNames { 1642 gr.Roles = append(gr.Roles, &tree.Role{UserName: name}) 1643 } 1644 priv := determinePrivilegeSetOfStatement(g) 1645 ses := newSes(priv, ctrl) 1646 1647 rowsOfMoUserGrant := [][]interface{}{ 1648 {0, false}, 1649 } 1650 roleIdsInMoRolePrivs := []int{0, 1, 5, 6, 7} 1651 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1652 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1653 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1654 } 1655 1656 //role 0 without privilege manage grants, all, ownership 1657 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 1658 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1659 1660 //role 1 without privilege manage grants 1661 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 1662 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 1663 1664 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 1665 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 1666 1667 rowsOfMoRolePrivs[3][0] = [][]interface{}{} 1668 rowsOfMoRolePrivs[3][1] = [][]interface{}{} 1669 1670 rowsOfMoRolePrivs[4][0] = [][]interface{}{} 1671 rowsOfMoRolePrivs[4][1] = [][]interface{}{} 1672 1673 //grant role 1,5,6,7 to role 0 1674 roleIdsInMoRoleGrant := []int{0, 1, 5, 6, 7} 1675 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 1676 rowsOfMoRoleGrant[0] = [][]interface{}{ 1677 {1, true}, 1678 {5, true}, 1679 {6, false}, 1680 {7, true}, 1681 } 1682 rowsOfMoRoleGrant[1] = [][]interface{}{} 1683 rowsOfMoRoleGrant[2] = [][]interface{}{} 1684 rowsOfMoRoleGrant[3] = [][]interface{}{} 1685 rowsOfMoRoleGrant[4] = [][]interface{}{} 1686 1687 grantedIds := []int{0, 1, 5, 6, 7} 1688 granteeRows := make([][][]interface{}, len(grantedIds)) 1689 granteeRows[0] = [][]interface{}{} 1690 granteeRows[1] = [][]interface{}{} 1691 granteeRows[2] = [][]interface{}{ 1692 {0}, 1693 } 1694 granteeRows[3] = [][]interface{}{ 1695 {0}, 1696 } 1697 granteeRows[4] = [][]interface{}{} 1698 1699 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, 1700 roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, 1701 roleIdsInMoRoleGrant, rowsOfMoRoleGrant, 1702 grantedIds, granteeRows) 1703 1704 //fill mo_role 1705 rowsOfMoRole := make([][][]interface{}, len(roleNames)) 1706 rowsOfMoRole[0] = [][]interface{}{ 1707 {5}, 1708 } 1709 rowsOfMoRole[1] = [][]interface{}{ 1710 {6}, 1711 } 1712 rowsOfMoRole[2] = [][]interface{}{ 1713 {7}, 1714 } 1715 makeRowsOfMoRole(sql2result, roleNames, rowsOfMoRole) 1716 1717 bh := newBh(ctrl, sql2result) 1718 1719 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1720 defer bhStub.Reset() 1721 1722 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, g) 1723 convey.So(err, convey.ShouldBeNil) 1724 convey.So(ok, convey.ShouldBeFalse) 1725 }) 1726 } 1727 1728 func Test_determineRevokeRole(t *testing.T) { 1729 convey.Convey("revoke role succ", t, func() { 1730 ctrl := gomock.NewController(t) 1731 defer ctrl.Finish() 1732 1733 stmt := &tree.RevokeRole{} 1734 priv := determinePrivilegeSetOfStatement(stmt) 1735 ses := newSes(priv, ctrl) 1736 1737 rowsOfMoUserGrant := [][]interface{}{ 1738 {0, false}, 1739 } 1740 roleIdsInMoRolePrivs := []int{0} 1741 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1742 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1743 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1744 } 1745 1746 //with privilege manage grants 1747 rowsOfMoRolePrivs[0][0] = [][]interface{}{ 1748 {0, true}, 1749 } 1750 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1751 1752 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, nil, nil, nil, nil) 1753 1754 bh := newBh(ctrl, sql2result) 1755 1756 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1757 defer bhStub.Reset() 1758 1759 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 1760 convey.So(err, convey.ShouldBeNil) 1761 convey.So(ok, convey.ShouldBeTrue) 1762 }) 1763 1764 convey.Convey("revoke role succ 2", t, func() { 1765 ctrl := gomock.NewController(t) 1766 defer ctrl.Finish() 1767 1768 stmt := &tree.RevokeRole{} 1769 priv := determinePrivilegeSetOfStatement(stmt) 1770 ses := newSes(priv, ctrl) 1771 1772 rowsOfMoUserGrant := [][]interface{}{ 1773 {0, false}, 1774 } 1775 roleIdsInMoRolePrivs := []int{0, 1} 1776 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1777 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1778 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1779 } 1780 1781 //role 0 without privilege manage grants, all, ownership 1782 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 1783 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1784 1785 //role 1 with privilege manage grants 1786 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 1787 {1, true}, 1788 } 1789 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 1790 1791 //grant role 1 to role 0 1792 roleIdsInMoRoleGrant := []int{0} 1793 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 1794 rowsOfMoRoleGrant[0] = [][]interface{}{ 1795 {1, true}, 1796 } 1797 1798 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 1799 1800 bh := newBh(ctrl, sql2result) 1801 1802 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1803 defer bhStub.Reset() 1804 1805 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 1806 convey.So(err, convey.ShouldBeNil) 1807 convey.So(ok, convey.ShouldBeTrue) 1808 }) 1809 1810 convey.Convey("revoke role fail", t, func() { 1811 ctrl := gomock.NewController(t) 1812 defer ctrl.Finish() 1813 1814 stmt := &tree.RevokeRole{} 1815 priv := determinePrivilegeSetOfStatement(stmt) 1816 ses := newSes(priv, ctrl) 1817 1818 rowsOfMoUserGrant := [][]interface{}{ 1819 {0, false}, 1820 } 1821 roleIdsInMoRolePrivs := []int{0, 1, 2} 1822 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 1823 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 1824 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 1825 } 1826 1827 //role 0 without privilege drop role, all, ownership 1828 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 1829 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 1830 1831 //role 1 without privilege drop role, all, ownership 1832 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 1833 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 1834 1835 //role 2 without privilege drop role, all, ownership 1836 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 1837 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 1838 1839 roleIdsInMoRoleGrant := []int{0, 1, 2} 1840 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 1841 //grant role 1 to role 0 1842 rowsOfMoRoleGrant[0] = [][]interface{}{ 1843 {1, true}, 1844 } 1845 //grant role 2 to role 1 1846 rowsOfMoRoleGrant[1] = [][]interface{}{ 1847 {2, true}, 1848 } 1849 rowsOfMoRoleGrant[2] = [][]interface{}{} 1850 1851 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 1852 1853 bh := newBh(ctrl, sql2result) 1854 1855 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1856 defer bhStub.Reset() 1857 1858 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 1859 convey.So(err, convey.ShouldBeNil) 1860 convey.So(ok, convey.ShouldBeFalse) 1861 }) 1862 } 1863 1864 func Test_determineGrantPrivilege(t *testing.T) { 1865 convey.Convey("convert ast privilege", t, func() { 1866 type arg struct { 1867 pt tree.PrivilegeType 1868 want PrivilegeType 1869 } 1870 1871 args := []arg{ 1872 {tree.PRIVILEGE_TYPE_STATIC_SELECT, PrivilegeTypeSelect}, 1873 } 1874 1875 for _, a := range args { 1876 w, err := convertAstPrivilegeTypeToPrivilegeType(context.TODO(), a.pt, tree.OBJECT_TYPE_TABLE) 1877 convey.So(err, convey.ShouldBeNil) 1878 convey.So(w, convey.ShouldEqual, a.want) 1879 } 1880 }) 1881 1882 convey.Convey("grant privilege [ObjectType: Table] AdminRole succ", t, func() { 1883 ctrl := gomock.NewController(t) 1884 defer ctrl.Finish() 1885 1886 stmts := []*tree.GrantPrivilege{ 1887 { 1888 Privileges: []*tree.Privilege{ 1889 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 1890 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 1891 }, 1892 ObjType: tree.OBJECT_TYPE_TABLE, 1893 Level: &tree.PrivilegeLevel{ 1894 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR, 1895 }, 1896 }, 1897 } 1898 1899 for _, stmt := range stmts { 1900 priv := determinePrivilegeSetOfStatement(stmt) 1901 ses := newSes(priv, ctrl) 1902 ses.SetDatabaseName("db") 1903 1904 ok, err := authenticateUserCanExecuteStatementWithObjectTypeNone(ses.GetRequestContext(), ses, stmt) 1905 convey.So(err, convey.ShouldBeNil) 1906 convey.So(ok, convey.ShouldBeTrue) 1907 } 1908 }) 1909 1910 convey.Convey("grant privilege [ObjectType: Table] succ", t, func() { 1911 ctrl := gomock.NewController(t) 1912 defer ctrl.Finish() 1913 1914 bh := &backgroundExecTest{} 1915 bh.init() 1916 1917 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 1918 defer bhStub.Reset() 1919 1920 stmts := []*tree.GrantPrivilege{ 1921 { 1922 Privileges: []*tree.Privilege{ 1923 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 1924 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 1925 }, 1926 ObjType: tree.OBJECT_TYPE_TABLE, 1927 Level: &tree.PrivilegeLevel{ 1928 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR, 1929 }, 1930 }, 1931 { 1932 Privileges: []*tree.Privilege{ 1933 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 1934 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 1935 }, 1936 ObjType: tree.OBJECT_TYPE_TABLE, 1937 Level: &tree.PrivilegeLevel{ 1938 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR_STAR, 1939 }, 1940 }, 1941 { 1942 Privileges: []*tree.Privilege{ 1943 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 1944 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 1945 }, 1946 ObjType: tree.OBJECT_TYPE_TABLE, 1947 Level: &tree.PrivilegeLevel{ 1948 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE_STAR, 1949 }, 1950 }, 1951 { 1952 Privileges: []*tree.Privilege{ 1953 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 1954 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 1955 }, 1956 ObjType: tree.OBJECT_TYPE_TABLE, 1957 Level: &tree.PrivilegeLevel{ 1958 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE_TABLE, 1959 }, 1960 }, 1961 { 1962 Privileges: []*tree.Privilege{ 1963 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 1964 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 1965 }, 1966 ObjType: tree.OBJECT_TYPE_TABLE, 1967 Level: &tree.PrivilegeLevel{ 1968 Level: tree.PRIVILEGE_LEVEL_TYPE_TABLE, 1969 }, 1970 }, 1971 } 1972 1973 for _, stmt := range stmts { 1974 priv := determinePrivilegeSetOfStatement(stmt) 1975 ses := newSes(priv, ctrl) 1976 ses.tenant = &TenantInfo{ 1977 Tenant: "xxx", 1978 User: "xxx", 1979 DefaultRole: "xxx", 1980 TenantID: 1001, 1981 UserID: 1001, 1982 DefaultRoleID: 1001, 1983 } 1984 ses.SetDatabaseName("db") 1985 //TODO: make sql2result 1986 bh.init() 1987 for _, p := range stmt.Privileges { 1988 sql, err := formSqlFromGrantPrivilege(context.TODO(), ses, stmt, p) 1989 convey.So(err, convey.ShouldBeNil) 1990 makeRowsOfWithGrantOptionPrivilege(bh.sql2result, sql, [][]interface{}{ 1991 {1, true}, 1992 }) 1993 1994 var privType PrivilegeType 1995 privType, err = convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, stmt.ObjType) 1996 convey.So(err, convey.ShouldBeNil) 1997 sql = getSqlForCheckRoleHasPrivilegeWGO(int64(privType)) 1998 1999 rows := [][]interface{}{ 2000 {ses.GetTenantInfo().GetDefaultRoleID()}, 2001 } 2002 2003 bh.sql2result[sql] = newMrsForPrivilegeWGO(rows) 2004 } 2005 2006 ok, err := authenticateUserCanExecuteStatementWithObjectTypeNone(ses.GetRequestContext(), ses, stmt) 2007 convey.So(err, convey.ShouldBeNil) 2008 convey.So(ok, convey.ShouldBeTrue) 2009 } 2010 }) 2011 2012 convey.Convey("grant privilege [ObjectType: Table] fail", t, func() { 2013 ctrl := gomock.NewController(t) 2014 defer ctrl.Finish() 2015 2016 bh := &backgroundExecTest{} 2017 bh.init() 2018 2019 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2020 defer bhStub.Reset() 2021 2022 stmts := []*tree.GrantPrivilege{ 2023 { 2024 Privileges: []*tree.Privilege{ 2025 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2026 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2027 }, 2028 ObjType: tree.OBJECT_TYPE_TABLE, 2029 Level: &tree.PrivilegeLevel{ 2030 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR, 2031 }, 2032 }, 2033 { 2034 Privileges: []*tree.Privilege{ 2035 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2036 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2037 }, 2038 ObjType: tree.OBJECT_TYPE_TABLE, 2039 Level: &tree.PrivilegeLevel{ 2040 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR_STAR, 2041 }, 2042 }, 2043 { 2044 Privileges: []*tree.Privilege{ 2045 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2046 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2047 }, 2048 ObjType: tree.OBJECT_TYPE_TABLE, 2049 Level: &tree.PrivilegeLevel{ 2050 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE_STAR, 2051 }, 2052 }, 2053 { 2054 Privileges: []*tree.Privilege{ 2055 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2056 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2057 }, 2058 ObjType: tree.OBJECT_TYPE_TABLE, 2059 Level: &tree.PrivilegeLevel{ 2060 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE_TABLE, 2061 }, 2062 }, 2063 { 2064 Privileges: []*tree.Privilege{ 2065 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2066 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2067 }, 2068 ObjType: tree.OBJECT_TYPE_TABLE, 2069 Level: &tree.PrivilegeLevel{ 2070 Level: tree.PRIVILEGE_LEVEL_TYPE_TABLE, 2071 }, 2072 }, 2073 } 2074 2075 for _, stmt := range stmts { 2076 priv := determinePrivilegeSetOfStatement(stmt) 2077 ses := newSes(priv, ctrl) 2078 ses.tenant = &TenantInfo{ 2079 Tenant: "xxx", 2080 User: "xxx", 2081 DefaultRole: "xxx", 2082 TenantID: 1001, 2083 UserID: 1001, 2084 DefaultRoleID: 1001, 2085 } 2086 ses.SetDatabaseName("db") 2087 //TODO: make sql2result 2088 bh.init() 2089 var privType PrivilegeType 2090 for i, p := range stmt.Privileges { 2091 sql, err := formSqlFromGrantPrivilege(context.TODO(), ses, stmt, p) 2092 convey.So(err, convey.ShouldBeNil) 2093 var rows [][]interface{} 2094 if i == 0 { 2095 rows = [][]interface{}{} 2096 } else { 2097 rows = [][]interface{}{ 2098 {1, true}, 2099 } 2100 } 2101 makeRowsOfWithGrantOptionPrivilege(bh.sql2result, sql, rows) 2102 2103 privType, err = convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, stmt.ObjType) 2104 convey.So(err, convey.ShouldBeNil) 2105 sql = getSqlForCheckRoleHasPrivilegeWGO(int64(privType)) 2106 if i == 0 { 2107 rows = [][]interface{}{} 2108 } else { 2109 rows = [][]interface{}{ 2110 {ses.GetTenantInfo().GetDefaultRoleID()}, 2111 } 2112 } 2113 2114 bh.sql2result[sql] = newMrsForPrivilegeWGO(rows) 2115 } 2116 2117 ok, err := authenticateUserCanExecuteStatementWithObjectTypeNone(ses.GetRequestContext(), ses, stmt) 2118 convey.So(err, convey.ShouldBeNil) 2119 convey.So(ok, convey.ShouldBeFalse) 2120 } 2121 }) 2122 2123 convey.Convey("grant privilege [ObjectType: Database] succ", t, func() { 2124 ctrl := gomock.NewController(t) 2125 defer ctrl.Finish() 2126 2127 bh := &backgroundExecTest{} 2128 bh.init() 2129 2130 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2131 defer bhStub.Reset() 2132 2133 stmts := []*tree.GrantPrivilege{ 2134 { 2135 Privileges: []*tree.Privilege{ 2136 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2137 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2138 }, 2139 ObjType: tree.OBJECT_TYPE_DATABASE, 2140 Level: &tree.PrivilegeLevel{ 2141 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR, 2142 }, 2143 }, 2144 { 2145 Privileges: []*tree.Privilege{ 2146 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2147 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2148 }, 2149 ObjType: tree.OBJECT_TYPE_DATABASE, 2150 Level: &tree.PrivilegeLevel{ 2151 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR_STAR, 2152 }, 2153 }, 2154 { 2155 Privileges: []*tree.Privilege{ 2156 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2157 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2158 }, 2159 ObjType: tree.OBJECT_TYPE_DATABASE, 2160 Level: &tree.PrivilegeLevel{ 2161 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE, 2162 }, 2163 }, 2164 } 2165 2166 var privType PrivilegeType 2167 for _, stmt := range stmts { 2168 priv := determinePrivilegeSetOfStatement(stmt) 2169 ses := newSes(priv, ctrl) 2170 ses.tenant = &TenantInfo{ 2171 Tenant: "xxx", 2172 User: "xxx", 2173 DefaultRole: "xxx", 2174 TenantID: 1001, 2175 UserID: 1001, 2176 DefaultRoleID: 1001, 2177 } 2178 ses.SetDatabaseName("db") 2179 //TODO: make sql2result 2180 bh.init() 2181 for _, p := range stmt.Privileges { 2182 sql, err := formSqlFromGrantPrivilege(context.TODO(), ses, stmt, p) 2183 convey.So(err, convey.ShouldBeNil) 2184 makeRowsOfWithGrantOptionPrivilege(bh.sql2result, sql, [][]interface{}{ 2185 {1, true}, 2186 }) 2187 2188 privType, err = convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, stmt.ObjType) 2189 convey.So(err, convey.ShouldBeNil) 2190 sql = getSqlForCheckRoleHasPrivilegeWGO(int64(privType)) 2191 2192 rows := [][]interface{}{ 2193 {ses.GetTenantInfo().GetDefaultRoleID()}, 2194 } 2195 2196 bh.sql2result[sql] = newMrsForPrivilegeWGO(rows) 2197 } 2198 2199 ok, err := authenticateUserCanExecuteStatementWithObjectTypeNone(ses.GetRequestContext(), ses, stmt) 2200 convey.So(err, convey.ShouldBeNil) 2201 convey.So(ok, convey.ShouldBeTrue) 2202 } 2203 }) 2204 2205 convey.Convey("grant privilege [ObjectType: Database] fail", t, func() { 2206 ctrl := gomock.NewController(t) 2207 defer ctrl.Finish() 2208 2209 bh := &backgroundExecTest{} 2210 bh.init() 2211 2212 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2213 defer bhStub.Reset() 2214 2215 stmts := []*tree.GrantPrivilege{ 2216 { 2217 Privileges: []*tree.Privilege{ 2218 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2219 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2220 }, 2221 ObjType: tree.OBJECT_TYPE_DATABASE, 2222 Level: &tree.PrivilegeLevel{ 2223 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR, 2224 }, 2225 }, 2226 { 2227 Privileges: []*tree.Privilege{ 2228 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2229 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2230 }, 2231 ObjType: tree.OBJECT_TYPE_DATABASE, 2232 Level: &tree.PrivilegeLevel{ 2233 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR_STAR, 2234 }, 2235 }, 2236 { 2237 Privileges: []*tree.Privilege{ 2238 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2239 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2240 }, 2241 ObjType: tree.OBJECT_TYPE_DATABASE, 2242 Level: &tree.PrivilegeLevel{ 2243 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE, 2244 }, 2245 }, 2246 } 2247 2248 for _, stmt := range stmts { 2249 priv := determinePrivilegeSetOfStatement(stmt) 2250 ses := newSes(priv, ctrl) 2251 ses.tenant = &TenantInfo{ 2252 Tenant: "xxx", 2253 User: "xxx", 2254 DefaultRole: "xxx", 2255 TenantID: 1001, 2256 UserID: 1001, 2257 DefaultRoleID: 1001, 2258 } 2259 ses.SetDatabaseName("db") 2260 //TODO: make sql2result 2261 bh.init() 2262 for i, p := range stmt.Privileges { 2263 sql, err := formSqlFromGrantPrivilege(context.TODO(), ses, stmt, p) 2264 convey.So(err, convey.ShouldBeNil) 2265 var rows [][]interface{} 2266 if i == 0 { 2267 rows = [][]interface{}{} 2268 } else { 2269 rows = [][]interface{}{ 2270 {1, true}, 2271 } 2272 } 2273 makeRowsOfWithGrantOptionPrivilege(bh.sql2result, sql, rows) 2274 2275 var privType PrivilegeType 2276 privType, err = convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, stmt.ObjType) 2277 convey.So(err, convey.ShouldBeNil) 2278 sql = getSqlForCheckRoleHasPrivilegeWGO(int64(privType)) 2279 2280 if i == 0 { 2281 rows = [][]interface{}{} 2282 } else { 2283 rows = [][]interface{}{ 2284 {ses.GetTenantInfo().GetDefaultRoleID()}, 2285 } 2286 } 2287 2288 bh.sql2result[sql] = newMrsForPrivilegeWGO(rows) 2289 } 2290 2291 ok, err := authenticateUserCanExecuteStatementWithObjectTypeNone(ses.GetRequestContext(), ses, stmt) 2292 convey.So(err, convey.ShouldBeNil) 2293 convey.So(ok, convey.ShouldBeFalse) 2294 } 2295 }) 2296 2297 convey.Convey("grant privilege [ObjectType: Account] succ", t, func() { 2298 ctrl := gomock.NewController(t) 2299 defer ctrl.Finish() 2300 2301 bh := &backgroundExecTest{} 2302 bh.init() 2303 2304 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2305 defer bhStub.Reset() 2306 2307 stmts := []*tree.GrantPrivilege{ 2308 { 2309 Privileges: []*tree.Privilege{ 2310 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2311 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2312 }, 2313 ObjType: tree.OBJECT_TYPE_ACCOUNT, 2314 Level: &tree.PrivilegeLevel{ 2315 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR, 2316 }, 2317 }, 2318 } 2319 2320 for _, stmt := range stmts { 2321 priv := determinePrivilegeSetOfStatement(stmt) 2322 ses := newSes(priv, ctrl) 2323 ses.tenant = &TenantInfo{ 2324 Tenant: "xxx", 2325 User: "xxx", 2326 DefaultRole: "xxx", 2327 TenantID: 1001, 2328 UserID: 1001, 2329 DefaultRoleID: 1001, 2330 } 2331 ses.SetDatabaseName("db") 2332 //TODO: make sql2result 2333 bh.init() 2334 for _, p := range stmt.Privileges { 2335 sql, err := formSqlFromGrantPrivilege(context.TODO(), ses, stmt, p) 2336 convey.So(err, convey.ShouldBeNil) 2337 makeRowsOfWithGrantOptionPrivilege(bh.sql2result, sql, [][]interface{}{ 2338 {1, true}, 2339 }) 2340 2341 var privType PrivilegeType 2342 privType, err = convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, stmt.ObjType) 2343 convey.So(err, convey.ShouldBeNil) 2344 sql = getSqlForCheckRoleHasPrivilegeWGO(int64(privType)) 2345 rows := [][]interface{}{ 2346 {ses.GetTenantInfo().GetDefaultRoleID()}, 2347 } 2348 2349 bh.sql2result[sql] = newMrsForPrivilegeWGO(rows) 2350 } 2351 2352 ok, err := authenticateUserCanExecuteStatementWithObjectTypeNone(ses.GetRequestContext(), ses, stmt) 2353 convey.So(err, convey.ShouldBeNil) 2354 convey.So(ok, convey.ShouldBeTrue) 2355 } 2356 }) 2357 2358 convey.Convey("grant privilege [ObjectType: Account] fail", t, func() { 2359 ctrl := gomock.NewController(t) 2360 defer ctrl.Finish() 2361 2362 bh := &backgroundExecTest{} 2363 bh.init() 2364 2365 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2366 defer bhStub.Reset() 2367 2368 stmts := []*tree.GrantPrivilege{ 2369 { 2370 Privileges: []*tree.Privilege{ 2371 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 2372 {Type: tree.PRIVILEGE_TYPE_STATIC_INSERT}, 2373 }, 2374 ObjType: tree.OBJECT_TYPE_ACCOUNT, 2375 Level: &tree.PrivilegeLevel{ 2376 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR, 2377 }, 2378 }, 2379 } 2380 2381 for _, stmt := range stmts { 2382 priv := determinePrivilegeSetOfStatement(stmt) 2383 ses := newSes(priv, ctrl) 2384 ses.tenant = &TenantInfo{ 2385 Tenant: "xxx", 2386 User: "xxx", 2387 DefaultRole: "xxx", 2388 TenantID: 1001, 2389 UserID: 1001, 2390 DefaultRoleID: 1001, 2391 } 2392 ses.SetDatabaseName("db") 2393 //TODO: make sql2result 2394 bh.init() 2395 for i, p := range stmt.Privileges { 2396 sql, err := formSqlFromGrantPrivilege(context.TODO(), ses, stmt, p) 2397 convey.So(err, convey.ShouldBeNil) 2398 var rows [][]interface{} 2399 if i == 0 { 2400 rows = [][]interface{}{} 2401 } else { 2402 rows = [][]interface{}{ 2403 {1, true}, 2404 } 2405 } 2406 makeRowsOfWithGrantOptionPrivilege(bh.sql2result, sql, rows) 2407 2408 var privType PrivilegeType 2409 privType, err = convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, stmt.ObjType) 2410 convey.So(err, convey.ShouldBeNil) 2411 sql = getSqlForCheckRoleHasPrivilegeWGO(int64(privType)) 2412 2413 if i == 0 { 2414 rows = [][]interface{}{} 2415 } else { 2416 rows = [][]interface{}{ 2417 {ses.GetTenantInfo().GetDefaultRoleID()}, 2418 } 2419 } 2420 2421 bh.sql2result[sql] = newMrsForPrivilegeWGO(rows) 2422 } 2423 2424 ok, err := authenticateUserCanExecuteStatementWithObjectTypeNone(ses.GetRequestContext(), ses, stmt) 2425 convey.So(err, convey.ShouldBeNil) 2426 convey.So(ok, convey.ShouldBeFalse) 2427 } 2428 }) 2429 } 2430 2431 func Test_determineRevokePrivilege(t *testing.T) { 2432 convey.Convey("revoke privilege [ObjectType: Table] AdminRole succ", t, func() { 2433 ctrl := gomock.NewController(t) 2434 defer ctrl.Finish() 2435 var stmts []*tree.RevokePrivilege 2436 2437 for _, stmt := range stmts { 2438 priv := determinePrivilegeSetOfStatement(stmt) 2439 ses := newSes(priv, ctrl) 2440 2441 ok, err := authenticateUserCanExecuteStatementWithObjectTypeNone(ses.GetRequestContext(), ses, stmt) 2442 convey.So(err, convey.ShouldBeNil) 2443 convey.So(ok, convey.ShouldBeTrue) 2444 } 2445 }) 2446 convey.Convey("revoke privilege [ObjectType: Table] not AdminRole fail", t, func() { 2447 ctrl := gomock.NewController(t) 2448 defer ctrl.Finish() 2449 var stmts []*tree.RevokePrivilege 2450 2451 for _, stmt := range stmts { 2452 priv := determinePrivilegeSetOfStatement(stmt) 2453 ses := newSes(priv, ctrl) 2454 ses.tenant = &TenantInfo{ 2455 Tenant: "xxx", 2456 User: "xxx", 2457 DefaultRole: "xxx", 2458 TenantID: 1001, 2459 UserID: 1001, 2460 DefaultRoleID: 1001, 2461 } 2462 2463 ok, err := authenticateUserCanExecuteStatementWithObjectTypeNone(ses.GetRequestContext(), ses, stmt) 2464 convey.So(err, convey.ShouldBeNil) 2465 convey.So(ok, convey.ShouldBeFalse) 2466 } 2467 }) 2468 } 2469 2470 func Test_determineCreateDatabase(t *testing.T) { 2471 convey.Convey("create database succ", t, func() { 2472 ctrl := gomock.NewController(t) 2473 defer ctrl.Finish() 2474 2475 stmt := &tree.CreateDatabase{} 2476 priv := determinePrivilegeSetOfStatement(stmt) 2477 ses := newSes(priv, ctrl) 2478 2479 rowsOfMoUserGrant := [][]interface{}{ 2480 {0, false}, 2481 } 2482 roleIdsInMoRolePrivs := []int{0} 2483 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2484 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2485 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2486 } 2487 2488 //without privilege create database, all 2489 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 2490 rowsOfMoRolePrivs[0][1] = [][]interface{}{ 2491 {0, true}, 2492 } 2493 2494 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, nil, nil, nil, nil) 2495 2496 bh := newBh(ctrl, sql2result) 2497 2498 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2499 defer bhStub.Reset() 2500 2501 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 2502 convey.So(err, convey.ShouldBeNil) 2503 convey.So(ok, convey.ShouldBeTrue) 2504 }) 2505 convey.Convey("create database succ 2", t, func() { 2506 ctrl := gomock.NewController(t) 2507 defer ctrl.Finish() 2508 2509 stmt := &tree.CreateDatabase{} 2510 priv := determinePrivilegeSetOfStatement(stmt) 2511 ses := newSes(priv, ctrl) 2512 2513 rowsOfMoUserGrant := [][]interface{}{ 2514 {0, false}, 2515 } 2516 roleIdsInMoRolePrivs := []int{0, 1} 2517 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2518 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2519 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2520 } 2521 2522 //role 0 without privilege create database, all, ownership 2523 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 2524 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 2525 2526 //role 1 with privilege create database 2527 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 2528 {1, true}, 2529 } 2530 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 2531 2532 //grant role 1 to role 0 2533 roleIdsInMoRoleGrant := []int{0} 2534 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 2535 rowsOfMoRoleGrant[0] = [][]interface{}{ 2536 {1, true}, 2537 } 2538 2539 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 2540 2541 bh := newBh(ctrl, sql2result) 2542 2543 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2544 defer bhStub.Reset() 2545 2546 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 2547 convey.So(err, convey.ShouldBeNil) 2548 convey.So(ok, convey.ShouldBeTrue) 2549 }) 2550 convey.Convey("create database fail", t, func() { 2551 ctrl := gomock.NewController(t) 2552 defer ctrl.Finish() 2553 2554 stmt := &tree.CreateDatabase{} 2555 priv := determinePrivilegeSetOfStatement(stmt) 2556 ses := newSes(priv, ctrl) 2557 2558 rowsOfMoUserGrant := [][]interface{}{ 2559 {0, false}, 2560 } 2561 roleIdsInMoRolePrivs := []int{0, 1, 2} 2562 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2563 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2564 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2565 } 2566 2567 //role 0 without privilege create database, all, ownership 2568 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 2569 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 2570 2571 //role 1 without privilege create database, all, ownership 2572 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 2573 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 2574 2575 //role 2 without privilege create database, all, ownership 2576 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 2577 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 2578 2579 roleIdsInMoRoleGrant := []int{0, 1, 2} 2580 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 2581 //grant role 1 to role 0 2582 rowsOfMoRoleGrant[0] = [][]interface{}{ 2583 {1, true}, 2584 } 2585 //grant role 2 to role 1 2586 rowsOfMoRoleGrant[1] = [][]interface{}{ 2587 {2, true}, 2588 } 2589 rowsOfMoRoleGrant[2] = [][]interface{}{} 2590 2591 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 2592 2593 bh := newBh(ctrl, sql2result) 2594 2595 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2596 defer bhStub.Reset() 2597 2598 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 2599 convey.So(err, convey.ShouldBeNil) 2600 convey.So(ok, convey.ShouldBeFalse) 2601 }) 2602 } 2603 2604 func Test_determineDropDatabase(t *testing.T) { 2605 convey.Convey("drop/alter database succ", t, func() { 2606 ctrl := gomock.NewController(t) 2607 defer ctrl.Finish() 2608 2609 stmt := &tree.DropDatabase{} 2610 priv := determinePrivilegeSetOfStatement(stmt) 2611 ses := newSes(priv, ctrl) 2612 2613 rowsOfMoUserGrant := [][]interface{}{ 2614 {0, false}, 2615 } 2616 roleIdsInMoRolePrivs := []int{0} 2617 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2618 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2619 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2620 } 2621 2622 //with privilege drop database 2623 rowsOfMoRolePrivs[0][0] = [][]interface{}{ 2624 {0, true}, 2625 } 2626 //without privilege all 2627 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 2628 2629 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, nil, nil, nil, nil) 2630 2631 bh := newBh(ctrl, sql2result) 2632 2633 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2634 defer bhStub.Reset() 2635 2636 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 2637 convey.So(err, convey.ShouldBeNil) 2638 convey.So(ok, convey.ShouldBeTrue) 2639 }) 2640 convey.Convey("drop/alter database succ 2", t, func() { 2641 ctrl := gomock.NewController(t) 2642 defer ctrl.Finish() 2643 2644 stmt := &tree.DropDatabase{} 2645 priv := determinePrivilegeSetOfStatement(stmt) 2646 ses := newSes(priv, ctrl) 2647 2648 rowsOfMoUserGrant := [][]interface{}{ 2649 {0, false}, 2650 } 2651 roleIdsInMoRolePrivs := []int{0, 1} 2652 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2653 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2654 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2655 } 2656 2657 //role 0 without privilege drop database, all, account/user ownership 2658 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 2659 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 2660 2661 //role 1 with privilege drop database 2662 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 2663 {1, true}, 2664 } 2665 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 2666 2667 //grant role 1 to role 0 2668 roleIdsInMoRoleGrant := []int{0} 2669 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 2670 rowsOfMoRoleGrant[0] = [][]interface{}{ 2671 {1, true}, 2672 } 2673 2674 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 2675 2676 bh := newBh(ctrl, sql2result) 2677 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2678 defer bhStub.Reset() 2679 2680 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 2681 convey.So(err, convey.ShouldBeNil) 2682 convey.So(ok, convey.ShouldBeTrue) 2683 }) 2684 convey.Convey("drop/alter database fail", t, func() { 2685 ctrl := gomock.NewController(t) 2686 defer ctrl.Finish() 2687 2688 stmt := &tree.DropDatabase{} 2689 priv := determinePrivilegeSetOfStatement(stmt) 2690 ses := newSes(priv, ctrl) 2691 2692 rowsOfMoUserGrant := [][]interface{}{ 2693 {0, false}, 2694 } 2695 roleIdsInMoRolePrivs := []int{0, 1, 2} 2696 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2697 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2698 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2699 } 2700 2701 //role 0 without privilege drop database, all, ownership 2702 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 2703 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 2704 2705 //role 1 without privilege drop database, all, ownership 2706 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 2707 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 2708 2709 //role 2 without privilege drop database, all, ownership 2710 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 2711 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 2712 2713 roleIdsInMoRoleGrant := []int{0, 1, 2} 2714 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 2715 //grant role 1 to role 0 2716 rowsOfMoRoleGrant[0] = [][]interface{}{ 2717 {1, true}, 2718 } 2719 //grant role 2 to role 1 2720 rowsOfMoRoleGrant[1] = [][]interface{}{ 2721 {2, true}, 2722 } 2723 rowsOfMoRoleGrant[2] = [][]interface{}{} 2724 2725 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 2726 bh := newBh(ctrl, sql2result) 2727 2728 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2729 defer bhStub.Reset() 2730 2731 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 2732 convey.So(err, convey.ShouldBeNil) 2733 convey.So(ok, convey.ShouldBeFalse) 2734 }) 2735 } 2736 2737 func Test_determineShowDatabase(t *testing.T) { 2738 convey.Convey("show database succ", t, func() { 2739 ctrl := gomock.NewController(t) 2740 defer ctrl.Finish() 2741 2742 stmt := &tree.ShowDatabases{} 2743 priv := determinePrivilegeSetOfStatement(stmt) 2744 ses := newSes(priv, ctrl) 2745 2746 rowsOfMoUserGrant := [][]interface{}{ 2747 {0, false}, 2748 } 2749 roleIdsInMoRolePrivs := []int{0} 2750 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2751 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2752 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2753 } 2754 2755 //with privilege show databases 2756 rowsOfMoRolePrivs[0][0] = [][]interface{}{ 2757 {0, true}, 2758 } 2759 //without privilege all 2760 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 2761 2762 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, nil, nil, nil, nil) 2763 2764 bh := newBh(ctrl, sql2result) 2765 2766 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2767 defer bhStub.Reset() 2768 2769 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 2770 convey.So(err, convey.ShouldBeNil) 2771 convey.So(ok, convey.ShouldBeTrue) 2772 }) 2773 convey.Convey("show database succ 2", t, func() { 2774 ctrl := gomock.NewController(t) 2775 defer ctrl.Finish() 2776 2777 stmt := &tree.ShowDatabases{} 2778 priv := determinePrivilegeSetOfStatement(stmt) 2779 ses := newSes(priv, ctrl) 2780 2781 rowsOfMoUserGrant := [][]interface{}{ 2782 {0, false}, 2783 } 2784 roleIdsInMoRolePrivs := []int{0, 1} 2785 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2786 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2787 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2788 } 2789 2790 //role 0 without privilege show databases, all, account/user ownership 2791 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 2792 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 2793 2794 //role 1 with privilege show databases 2795 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 2796 {1, true}, 2797 } 2798 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 2799 2800 //grant role 1 to role 0 2801 roleIdsInMoRoleGrant := []int{0} 2802 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 2803 rowsOfMoRoleGrant[0] = [][]interface{}{ 2804 {1, true}, 2805 } 2806 2807 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 2808 2809 bh := newBh(ctrl, sql2result) 2810 2811 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2812 defer bhStub.Reset() 2813 2814 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 2815 convey.So(err, convey.ShouldBeNil) 2816 convey.So(ok, convey.ShouldBeTrue) 2817 }) 2818 convey.Convey("show database fail", t, func() { 2819 ctrl := gomock.NewController(t) 2820 defer ctrl.Finish() 2821 2822 stmt := &tree.ShowDatabases{} 2823 priv := determinePrivilegeSetOfStatement(stmt) 2824 ses := newSes(priv, ctrl) 2825 2826 rowsOfMoUserGrant := [][]interface{}{ 2827 {0, false}, 2828 } 2829 roleIdsInMoRolePrivs := []int{0, 1, 2} 2830 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2831 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2832 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2833 } 2834 2835 //role 0 without privilege show databases, all, ownership 2836 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 2837 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 2838 2839 //role 1 without privilege show databases, all, ownership 2840 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 2841 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 2842 2843 //role 2 without privilege show databases, all, ownership 2844 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 2845 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 2846 2847 roleIdsInMoRoleGrant := []int{0, 1, 2} 2848 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 2849 //grant role 1 to role 0 2850 rowsOfMoRoleGrant[0] = [][]interface{}{ 2851 {1, true}, 2852 } 2853 //grant role 2 to role 1 2854 rowsOfMoRoleGrant[1] = [][]interface{}{ 2855 {2, true}, 2856 } 2857 rowsOfMoRoleGrant[2] = [][]interface{}{} 2858 2859 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 2860 2861 bh := newBh(ctrl, sql2result) 2862 2863 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2864 defer bhStub.Reset() 2865 2866 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 2867 convey.So(err, convey.ShouldBeNil) 2868 convey.So(ok, convey.ShouldBeFalse) 2869 }) 2870 } 2871 2872 func Test_determineUseDatabase(t *testing.T) { 2873 convey.Convey("use database succ", t, func() { 2874 ctrl := gomock.NewController(t) 2875 defer ctrl.Finish() 2876 2877 stmt := &tree.Use{ 2878 Name: "db", 2879 } 2880 priv := determinePrivilegeSetOfStatement(stmt) 2881 ses := newSes(priv, ctrl) 2882 2883 rowsOfMoUserGrant := [][]interface{}{ 2884 {0, false}, 2885 } 2886 roleIdsInMoRolePrivs := []int{0} 2887 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2888 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2889 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2890 } 2891 2892 //with privilege show databases 2893 rowsOfMoRolePrivs[0][0] = [][]interface{}{ 2894 {0, true}, 2895 } 2896 //without privilege all 2897 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 2898 2899 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, nil, nil, nil, nil) 2900 2901 bh := newBh(ctrl, sql2result) 2902 2903 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2904 defer bhStub.Reset() 2905 2906 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 2907 convey.So(err, convey.ShouldBeNil) 2908 convey.So(ok, convey.ShouldBeTrue) 2909 }) 2910 convey.Convey("use database succ 2", t, func() { 2911 ctrl := gomock.NewController(t) 2912 defer ctrl.Finish() 2913 2914 stmt := &tree.Use{ 2915 Name: "db", 2916 } 2917 priv := determinePrivilegeSetOfStatement(stmt) 2918 ses := newSes(priv, ctrl) 2919 2920 rowsOfMoUserGrant := [][]interface{}{ 2921 {0, false}, 2922 } 2923 roleIdsInMoRolePrivs := []int{0, 1} 2924 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2925 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2926 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2927 } 2928 2929 //role 0 without privilege show databases, all, account/user ownership 2930 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 2931 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 2932 2933 //role 1 with privilege show databases 2934 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 2935 {1, true}, 2936 } 2937 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 2938 2939 //grant role 1 to role 0 2940 roleIdsInMoRoleGrant := []int{0} 2941 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 2942 rowsOfMoRoleGrant[0] = [][]interface{}{ 2943 {1, true}, 2944 } 2945 2946 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 2947 2948 bh := newBh(ctrl, sql2result) 2949 2950 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 2951 defer bhStub.Reset() 2952 2953 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 2954 convey.So(err, convey.ShouldBeNil) 2955 convey.So(ok, convey.ShouldBeTrue) 2956 }) 2957 convey.Convey("use database fail", t, func() { 2958 ctrl := gomock.NewController(t) 2959 defer ctrl.Finish() 2960 2961 stmt := &tree.Use{ 2962 Name: "db", 2963 } 2964 priv := determinePrivilegeSetOfStatement(stmt) 2965 ses := newSes(priv, ctrl) 2966 2967 rowsOfMoUserGrant := [][]interface{}{ 2968 {0, false}, 2969 } 2970 roleIdsInMoRolePrivs := []int{0, 1, 2} 2971 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 2972 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 2973 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 2974 } 2975 2976 //role 0 without privilege show databases, all, ownership 2977 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 2978 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 2979 2980 //role 1 without privilege show databases, all, ownership 2981 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 2982 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 2983 2984 //role 2 without privilege show databases, all, ownership 2985 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 2986 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 2987 2988 roleIdsInMoRoleGrant := []int{0, 1, 2} 2989 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 2990 //grant role 1 to role 0 2991 rowsOfMoRoleGrant[0] = [][]interface{}{ 2992 {1, true}, 2993 } 2994 //grant role 2 to role 1 2995 rowsOfMoRoleGrant[1] = [][]interface{}{ 2996 {2, true}, 2997 } 2998 rowsOfMoRoleGrant[2] = [][]interface{}{} 2999 3000 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 3001 3002 bh := newBh(ctrl, sql2result) 3003 3004 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3005 defer bhStub.Reset() 3006 3007 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 3008 convey.So(err, convey.ShouldBeNil) 3009 convey.So(ok, convey.ShouldBeFalse) 3010 }) 3011 } 3012 3013 func Test_determineUseRole(t *testing.T) { 3014 //TODO:add ut 3015 } 3016 3017 func Test_determineCreateTable(t *testing.T) { 3018 convey.Convey("create table succ", t, func() { 3019 ctrl := gomock.NewController(t) 3020 defer ctrl.Finish() 3021 3022 stmt := &tree.CreateTable{} 3023 priv := determinePrivilegeSetOfStatement(stmt) 3024 ses := newSes(priv, ctrl) 3025 3026 rowsOfMoUserGrant := [][]interface{}{ 3027 {0, false}, 3028 } 3029 roleIdsInMoRolePrivs := []int{0} 3030 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 3031 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 3032 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 3033 } 3034 3035 //without privilege create table, all 3036 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 3037 rowsOfMoRolePrivs[0][1] = [][]interface{}{ 3038 {0, true}, 3039 } 3040 3041 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, nil, nil, nil, nil) 3042 3043 var rows [][]interface{} 3044 roles := []int{0} 3045 for _, entry := range priv.entries { 3046 pls, err := getPrivilegeLevelsOfObjectType(context.TODO(), entry.objType) 3047 convey.So(err, convey.ShouldBeNil) 3048 for _, pl := range pls { 3049 for _, roleId := range roles { 3050 sql, err := getSqlForPrivilege(context.TODO(), int64(roleId), entry, pl) 3051 convey.So(err, convey.ShouldBeNil) 3052 if entry.privilegeId == PrivilegeTypeCreateTable { 3053 rows = [][]interface{}{ 3054 {0, true}, 3055 } 3056 } else { 3057 rows = [][]interface{}{} 3058 } 3059 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 3060 } 3061 } 3062 } 3063 3064 sql := getSqlForInheritedRoleIdOfRoleId(0) 3065 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{}) 3066 3067 bh := newBh(ctrl, sql2result) 3068 3069 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3070 defer bhStub.Reset() 3071 3072 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 3073 convey.So(err, convey.ShouldBeNil) 3074 convey.So(ok, convey.ShouldBeTrue) 3075 }) 3076 3077 convey.Convey("create table succ 2", t, func() { 3078 ctrl := gomock.NewController(t) 3079 defer ctrl.Finish() 3080 3081 stmt := &tree.CreateTable{} 3082 priv := determinePrivilegeSetOfStatement(stmt) 3083 ses := newSes(priv, ctrl) 3084 3085 rowsOfMoUserGrant := [][]interface{}{ 3086 {0, false}, 3087 } 3088 roleIdsInMoRolePrivs := []int{0, 1} 3089 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 3090 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 3091 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 3092 } 3093 3094 //role 0 without privilege create table, all, ownership 3095 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 3096 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 3097 3098 //role 1 with privilege create table 3099 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 3100 {1, true}, 3101 } 3102 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 3103 3104 //grant role 1 to role 0 3105 roleIdsInMoRoleGrant := []int{0} 3106 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 3107 rowsOfMoRoleGrant[0] = [][]interface{}{ 3108 {1, true}, 3109 } 3110 3111 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 3112 3113 var rows [][]interface{} 3114 roles := []int{0, 1} 3115 for _, entry := range priv.entries { 3116 pls, err := getPrivilegeLevelsOfObjectType(context.TODO(), entry.objType) 3117 convey.So(err, convey.ShouldBeNil) 3118 for _, pl := range pls { 3119 for _, roleId := range roles { 3120 sql, err := getSqlForPrivilege(context.TODO(), int64(roleId), entry, pl) 3121 convey.So(err, convey.ShouldBeNil) 3122 if roleId == 1 && entry.privilegeId == PrivilegeTypeCreateTable { 3123 rows = [][]interface{}{ 3124 {1, true}, 3125 } 3126 } else { 3127 rows = [][]interface{}{} 3128 } 3129 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 3130 } 3131 } 3132 } 3133 3134 sql := getSqlForInheritedRoleIdOfRoleId(0) 3135 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{ 3136 {1, true}, 3137 }) 3138 sql = getSqlForInheritedRoleIdOfRoleId(1) 3139 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{}) 3140 3141 bh := newBh(ctrl, sql2result) 3142 3143 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3144 defer bhStub.Reset() 3145 3146 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 3147 convey.So(err, convey.ShouldBeNil) 3148 convey.So(ok, convey.ShouldBeTrue) 3149 }) 3150 3151 convey.Convey("create table fail", t, func() { 3152 ctrl := gomock.NewController(t) 3153 defer ctrl.Finish() 3154 3155 stmt := &tree.CreateTable{} 3156 priv := determinePrivilegeSetOfStatement(stmt) 3157 ses := newSes(priv, ctrl) 3158 3159 rowsOfMoUserGrant := [][]interface{}{ 3160 {0, false}, 3161 } 3162 roleIdsInMoRolePrivs := []int{0, 1, 2} 3163 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 3164 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 3165 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 3166 } 3167 3168 //role 0 without privilege create table, all, ownership 3169 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 3170 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 3171 3172 //role 1 without privilege create table, all, ownership 3173 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 3174 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 3175 3176 //role 2 without privilege create table, all, ownership 3177 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 3178 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 3179 3180 roleIdsInMoRoleGrant := []int{0, 1, 2} 3181 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 3182 //grant role 1 to role 0 3183 rowsOfMoRoleGrant[0] = [][]interface{}{ 3184 {1, true}, 3185 } 3186 //grant role 2 to role 1 3187 rowsOfMoRoleGrant[1] = [][]interface{}{ 3188 {2, true}, 3189 } 3190 rowsOfMoRoleGrant[2] = [][]interface{}{} 3191 3192 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 3193 3194 var rows [][]interface{} 3195 roles := []int{0, 1, 2} 3196 for _, entry := range priv.entries { 3197 pls, err := getPrivilegeLevelsOfObjectType(context.TODO(), entry.objType) 3198 convey.So(err, convey.ShouldBeNil) 3199 for _, pl := range pls { 3200 for _, roleId := range roles { 3201 sql, err := getSqlForPrivilege(context.TODO(), int64(roleId), entry, pl) 3202 convey.So(err, convey.ShouldBeNil) 3203 rows = [][]interface{}{} 3204 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 3205 } 3206 } 3207 } 3208 3209 sql := getSqlForInheritedRoleIdOfRoleId(0) 3210 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{ 3211 {1, true}, 3212 }) 3213 sql = getSqlForInheritedRoleIdOfRoleId(1) 3214 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{ 3215 {2, true}, 3216 }) 3217 sql = getSqlForInheritedRoleIdOfRoleId(2) 3218 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{}) 3219 3220 bh := newBh(ctrl, sql2result) 3221 3222 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3223 defer bhStub.Reset() 3224 3225 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 3226 convey.So(err, convey.ShouldBeNil) 3227 convey.So(ok, convey.ShouldBeFalse) 3228 }) 3229 } 3230 3231 func Test_determineDropTable(t *testing.T) { 3232 convey.Convey("drop/alter table succ", t, func() { 3233 ctrl := gomock.NewController(t) 3234 defer ctrl.Finish() 3235 3236 stmt := &tree.DropTable{} 3237 priv := determinePrivilegeSetOfStatement(stmt) 3238 ses := newSes(priv, ctrl) 3239 3240 rowsOfMoUserGrant := [][]interface{}{ 3241 {0, false}, 3242 } 3243 roleIdsInMoRolePrivs := []int{0} 3244 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 3245 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 3246 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 3247 } 3248 3249 //with privilege drop table 3250 rowsOfMoRolePrivs[0][0] = [][]interface{}{ 3251 {0, true}, 3252 } 3253 //without privilege all 3254 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 3255 3256 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, nil, nil, nil, nil) 3257 3258 var rows [][]interface{} 3259 roles := []int{0} 3260 for _, entry := range priv.entries { 3261 pls, err := getPrivilegeLevelsOfObjectType(context.TODO(), entry.objType) 3262 convey.So(err, convey.ShouldBeNil) 3263 for _, pl := range pls { 3264 for _, roleId := range roles { 3265 sql, err := getSqlForPrivilege(context.TODO(), int64(roleId), entry, pl) 3266 convey.So(err, convey.ShouldBeNil) 3267 if entry.privilegeId == PrivilegeTypeDropTable { 3268 rows = [][]interface{}{ 3269 {0, true}, 3270 } 3271 } else { 3272 rows = [][]interface{}{} 3273 } 3274 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 3275 } 3276 } 3277 } 3278 3279 sql := getSqlForInheritedRoleIdOfRoleId(0) 3280 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{}) 3281 3282 bh := newBh(ctrl, sql2result) 3283 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3284 defer bhStub.Reset() 3285 3286 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 3287 convey.So(err, convey.ShouldBeNil) 3288 convey.So(ok, convey.ShouldBeTrue) 3289 }) 3290 3291 convey.Convey("drop/alter table succ 2", t, func() { 3292 ctrl := gomock.NewController(t) 3293 defer ctrl.Finish() 3294 3295 stmt := &tree.DropTable{} 3296 priv := determinePrivilegeSetOfStatement(stmt) 3297 ses := newSes(priv, ctrl) 3298 3299 rowsOfMoUserGrant := [][]interface{}{ 3300 {0, false}, 3301 } 3302 roleIdsInMoRolePrivs := []int{0, 1} 3303 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 3304 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 3305 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 3306 } 3307 3308 //role 0 without privilege drop table, all, account/user ownership 3309 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 3310 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 3311 3312 //role 1 with privilege drop table 3313 rowsOfMoRolePrivs[1][0] = [][]interface{}{ 3314 {1, true}, 3315 } 3316 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 3317 3318 //grant role 1 to role 0 3319 roleIdsInMoRoleGrant := []int{0} 3320 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 3321 rowsOfMoRoleGrant[0] = [][]interface{}{ 3322 {1, true}, 3323 } 3324 3325 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 3326 3327 var rows [][]interface{} 3328 roles := []int{0, 1} 3329 for _, entry := range priv.entries { 3330 pls, err := getPrivilegeLevelsOfObjectType(context.TODO(), entry.objType) 3331 convey.So(err, convey.ShouldBeNil) 3332 for _, pl := range pls { 3333 for _, roleId := range roles { 3334 sql, err := getSqlForPrivilege(context.TODO(), int64(roleId), entry, pl) 3335 convey.So(err, convey.ShouldBeNil) 3336 if roleId == 1 && entry.privilegeId == PrivilegeTypeDropTable { 3337 rows = [][]interface{}{ 3338 {1, true}, 3339 } 3340 } else { 3341 rows = [][]interface{}{} 3342 } 3343 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 3344 } 3345 } 3346 } 3347 3348 sql := getSqlForInheritedRoleIdOfRoleId(0) 3349 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{ 3350 {1, true}, 3351 }) 3352 sql = getSqlForInheritedRoleIdOfRoleId(1) 3353 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{}) 3354 3355 bh := newBh(ctrl, sql2result) 3356 3357 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3358 defer bhStub.Reset() 3359 3360 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 3361 convey.So(err, convey.ShouldBeNil) 3362 convey.So(ok, convey.ShouldBeTrue) 3363 }) 3364 3365 convey.Convey("drop/alter table fail", t, func() { 3366 ctrl := gomock.NewController(t) 3367 defer ctrl.Finish() 3368 3369 stmt := &tree.DropTable{} 3370 priv := determinePrivilegeSetOfStatement(stmt) 3371 ses := newSes(priv, ctrl) 3372 3373 rowsOfMoUserGrant := [][]interface{}{ 3374 {0, false}, 3375 } 3376 roleIdsInMoRolePrivs := []int{0, 1, 2} 3377 rowsOfMoRolePrivs := make([][][][]interface{}, len(roleIdsInMoRolePrivs)) 3378 for i := 0; i < len(roleIdsInMoRolePrivs); i++ { 3379 rowsOfMoRolePrivs[i] = make([][][]interface{}, len(priv.entries)) 3380 } 3381 3382 //role 0 without privilege drop table, all, ownership 3383 rowsOfMoRolePrivs[0][0] = [][]interface{}{} 3384 rowsOfMoRolePrivs[0][1] = [][]interface{}{} 3385 3386 //role 1 without privilege drop table, all, ownership 3387 rowsOfMoRolePrivs[1][0] = [][]interface{}{} 3388 rowsOfMoRolePrivs[1][1] = [][]interface{}{} 3389 3390 //role 2 without privilege drop table, all, ownership 3391 rowsOfMoRolePrivs[2][0] = [][]interface{}{} 3392 rowsOfMoRolePrivs[2][1] = [][]interface{}{} 3393 3394 roleIdsInMoRoleGrant := []int{0, 1, 2} 3395 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 3396 //grant role 1 to role 0 3397 rowsOfMoRoleGrant[0] = [][]interface{}{ 3398 {1, true}, 3399 } 3400 //grant role 2 to role 1 3401 rowsOfMoRoleGrant[1] = [][]interface{}{ 3402 {2, true}, 3403 } 3404 rowsOfMoRoleGrant[2] = [][]interface{}{} 3405 3406 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, roleIdsInMoRolePrivs, priv.entries, rowsOfMoRolePrivs, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 3407 3408 var rows [][]interface{} 3409 roles := []int{0, 1, 2} 3410 for _, entry := range priv.entries { 3411 pls, err := getPrivilegeLevelsOfObjectType(context.TODO(), entry.objType) 3412 convey.So(err, convey.ShouldBeNil) 3413 for _, pl := range pls { 3414 for _, roleId := range roles { 3415 sql, err := getSqlForPrivilege(context.TODO(), int64(roleId), entry, pl) 3416 convey.So(err, convey.ShouldBeNil) 3417 rows = [][]interface{}{} 3418 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 3419 } 3420 } 3421 } 3422 3423 sql := getSqlForInheritedRoleIdOfRoleId(0) 3424 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{ 3425 {1, true}, 3426 }) 3427 sql = getSqlForInheritedRoleIdOfRoleId(1) 3428 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{ 3429 {2, true}, 3430 }) 3431 sql = getSqlForInheritedRoleIdOfRoleId(2) 3432 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{}) 3433 3434 bh := newBh(ctrl, sql2result) 3435 3436 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3437 defer bhStub.Reset() 3438 3439 ok, err := authenticateUserCanExecuteStatementWithObjectTypeAccountAndDatabase(ses.GetRequestContext(), ses, nil) 3440 convey.So(err, convey.ShouldBeNil) 3441 convey.So(ok, convey.ShouldBeFalse) 3442 }) 3443 } 3444 3445 func Test_determineDML(t *testing.T) { 3446 type arg struct { 3447 stmt tree.Statement 3448 p *plan2.Plan 3449 } 3450 3451 args := []arg{ 3452 { 3453 stmt: &tree.Select{}, 3454 p: &plan2.Plan{ 3455 Plan: &plan2.Plan_Query{ 3456 Query: &plan2.Query{ 3457 Nodes: []*plan2.Node{ 3458 {NodeType: plan.Node_TABLE_SCAN, ObjRef: &plan2.ObjectRef{SchemaName: "t", ObjName: "a"}}, 3459 {NodeType: plan.Node_TABLE_SCAN, ObjRef: &plan2.ObjectRef{SchemaName: "s", ObjName: "b"}}, 3460 }, 3461 }, 3462 }, 3463 }, 3464 }, 3465 { 3466 stmt: &tree.Update{}, 3467 p: &plan2.Plan{ 3468 Plan: &plan2.Plan_Query{ 3469 Query: &plan2.Query{ 3470 Nodes: []*plan2.Node{ 3471 {NodeType: plan.Node_TABLE_SCAN, ObjRef: &plan2.ObjectRef{SchemaName: "t", ObjName: "a"}}, 3472 {NodeType: plan.Node_TABLE_SCAN, ObjRef: &plan2.ObjectRef{SchemaName: "s", ObjName: "b"}}, 3473 {NodeType: plan.Node_UPDATE}, 3474 }, 3475 }, 3476 }, 3477 }, 3478 }, 3479 { 3480 stmt: &tree.Delete{}, 3481 p: &plan2.Plan{ 3482 Plan: &plan2.Plan_Query{ 3483 Query: &plan2.Query{ 3484 Nodes: []*plan2.Node{ 3485 {NodeType: plan.Node_TABLE_SCAN, ObjRef: &plan2.ObjectRef{SchemaName: "t", ObjName: "a"}}, 3486 {NodeType: plan.Node_TABLE_SCAN, ObjRef: &plan2.ObjectRef{SchemaName: "s", ObjName: "b"}}, 3487 {NodeType: plan.Node_DELETE}, 3488 }, 3489 }, 3490 }, 3491 }, 3492 }, 3493 { //insert into select 3494 stmt: &tree.Insert{}, 3495 p: &plan2.Plan{ 3496 Plan: &plan2.Plan_Query{ 3497 Query: &plan2.Query{ 3498 Nodes: []*plan2.Node{ 3499 {NodeType: plan.Node_TABLE_SCAN, ObjRef: &plan2.ObjectRef{SchemaName: "t", ObjName: "a"}}, 3500 {NodeType: plan.Node_TABLE_SCAN, ObjRef: &plan2.ObjectRef{SchemaName: "s", ObjName: "b"}}, 3501 {NodeType: plan.Node_INSERT, ObjRef: &plan2.ObjectRef{SchemaName: "s", ObjName: "b"}}, 3502 }, 3503 }, 3504 }, 3505 }, 3506 }, 3507 } 3508 3509 convey.Convey("select/update/delete/insert succ", t, func() { 3510 ctrl := gomock.NewController(t) 3511 defer ctrl.Finish() 3512 3513 for _, a := range args { 3514 priv := determinePrivilegeSetOfStatement(a.stmt) 3515 ses := newSes(priv, ctrl) 3516 3517 rowsOfMoUserGrant := [][]interface{}{ 3518 {0, false}, 3519 } 3520 3521 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, nil, nil, nil, nil, nil, nil, nil) 3522 3523 arr := extractPrivilegeTipsFromPlan(a.p) 3524 convertPrivilegeTipsToPrivilege(priv, arr) 3525 3526 roleIds := []int{ 3527 int(ses.GetTenantInfo().GetDefaultRoleID()), 3528 } 3529 3530 for _, roleId := range roleIds { 3531 for _, entry := range priv.entries { 3532 sql := getSqlForCheckRoleHasTableLevelPrivilege(int64(roleId), entry.privilegeId, entry.databaseName, entry.tableName) 3533 sql2result[sql] = newMrsForWithGrantOptionPrivilege([][]interface{}{ 3534 {entry.privilegeId, true}, 3535 }) 3536 } 3537 } 3538 3539 var rows [][]interface{} 3540 makeSql := func(entry privilegeEntry) { 3541 pls, err := getPrivilegeLevelsOfObjectType(context.TODO(), entry.objType) 3542 convey.So(err, convey.ShouldBeNil) 3543 for i, pl := range pls { 3544 for _, roleId := range roleIds { 3545 sql, err := getSqlForPrivilege(context.TODO(), int64(roleId), entry, pl) 3546 convey.So(err, convey.ShouldBeNil) 3547 if i == 0 { 3548 rows = [][]interface{}{ 3549 {0, true}, 3550 } 3551 } else { 3552 rows = [][]interface{}{} 3553 } 3554 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 3555 } 3556 } 3557 } 3558 for _, entry := range priv.entries { 3559 if entry.privilegeEntryTyp == privilegeEntryTypeGeneral { 3560 makeSql(entry) 3561 } else if entry.privilegeEntryTyp == privilegeEntryTypeCompound { 3562 for _, mi := range entry.compound.items { 3563 tempEntry := privilegeEntriesMap[mi.privilegeTyp] 3564 tempEntry.databaseName = mi.dbName 3565 tempEntry.tableName = mi.tableName 3566 tempEntry.privilegeEntryTyp = privilegeEntryTypeGeneral 3567 tempEntry.compound = nil 3568 makeSql(tempEntry) 3569 } 3570 } 3571 } 3572 3573 sql := getSqlForInheritedRoleIdOfRoleId(0) 3574 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{}) 3575 3576 bh := newBh(ctrl, sql2result) 3577 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3578 defer bhStub.Reset() 3579 3580 ok, err := authenticateUserCanExecuteStatementWithObjectTypeDatabaseAndTable(ses.GetRequestContext(), ses, a.stmt, a.p) 3581 convey.So(err, convey.ShouldBeNil) 3582 convey.So(ok, convey.ShouldBeTrue) 3583 } 3584 3585 }) 3586 3587 convey.Convey("select/update/delete/insert succ 2", t, func() { 3588 ctrl := gomock.NewController(t) 3589 defer ctrl.Finish() 3590 3591 for _, a := range args { 3592 priv := determinePrivilegeSetOfStatement(a.stmt) 3593 ses := newSes(priv, ctrl) 3594 3595 rowsOfMoUserGrant := [][]interface{}{ 3596 {0, false}, 3597 } 3598 3599 //grant role 1 to role 0 3600 roleIdsInMoRoleGrant := []int{0} 3601 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 3602 rowsOfMoRoleGrant[0] = [][]interface{}{ 3603 {1, true}, 3604 } 3605 3606 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, nil, nil, nil, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 3607 3608 arr := extractPrivilegeTipsFromPlan(a.p) 3609 convertPrivilegeTipsToPrivilege(priv, arr) 3610 3611 //role 0 does not have the select 3612 //role 1 has the select 3613 roleIds := []int{ 3614 int(ses.GetTenantInfo().GetDefaultRoleID()), 1, 3615 } 3616 3617 for _, roleId := range roleIds { 3618 for _, entry := range priv.entries { 3619 sql, _ := getSqlFromPrivilegeEntry(context.TODO(), int64(roleId), entry) 3620 var rows [][]interface{} 3621 if roleId == 1 { 3622 rows = [][]interface{}{ 3623 {entry.privilegeId, true}, 3624 } 3625 } 3626 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 3627 } 3628 } 3629 3630 var rows [][]interface{} 3631 roles := []int{0, 1} 3632 makeSql := func(entry privilegeEntry) { 3633 pls, err := getPrivilegeLevelsOfObjectType(context.TODO(), entry.objType) 3634 convey.So(err, convey.ShouldBeNil) 3635 for _, pl := range pls { 3636 for _, roleId := range roles { 3637 sql, err := getSqlForPrivilege(context.TODO(), int64(roleId), entry, pl) 3638 convey.So(err, convey.ShouldBeNil) 3639 if roleId == 1 { 3640 rows = [][]interface{}{ 3641 {1, true}, 3642 } 3643 } else { 3644 rows = [][]interface{}{} 3645 } 3646 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 3647 } 3648 } 3649 } 3650 3651 for _, entry := range priv.entries { 3652 if entry.privilegeEntryTyp == privilegeEntryTypeGeneral { 3653 makeSql(entry) 3654 } else if entry.privilegeEntryTyp == privilegeEntryTypeCompound { 3655 for _, mi := range entry.compound.items { 3656 tempEntry := privilegeEntriesMap[mi.privilegeTyp] 3657 tempEntry.databaseName = mi.dbName 3658 tempEntry.tableName = mi.tableName 3659 tempEntry.privilegeEntryTyp = privilegeEntryTypeGeneral 3660 tempEntry.compound = nil 3661 makeSql(tempEntry) 3662 } 3663 } 3664 } 3665 3666 sql := getSqlForInheritedRoleIdOfRoleId(0) 3667 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{ 3668 {1, true}, 3669 }) 3670 sql = getSqlForInheritedRoleIdOfRoleId(1) 3671 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{}) 3672 3673 bh := newBh(ctrl, sql2result) 3674 3675 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3676 defer bhStub.Reset() 3677 3678 ok, err := authenticateUserCanExecuteStatementWithObjectTypeDatabaseAndTable(ses.GetRequestContext(), ses, a.stmt, a.p) 3679 convey.So(err, convey.ShouldBeNil) 3680 convey.So(ok, convey.ShouldBeTrue) 3681 } 3682 }) 3683 3684 convey.Convey("select/update/delete/insert fail", t, func() { 3685 ctrl := gomock.NewController(t) 3686 defer ctrl.Finish() 3687 3688 for _, a := range args { 3689 priv := determinePrivilegeSetOfStatement(a.stmt) 3690 ses := newSes(priv, ctrl) 3691 3692 rowsOfMoUserGrant := [][]interface{}{ 3693 {0, false}, 3694 } 3695 3696 //grant role 1 to role 0 3697 roleIdsInMoRoleGrant := []int{0, 1} 3698 rowsOfMoRoleGrant := make([][][]interface{}, len(roleIdsInMoRoleGrant)) 3699 rowsOfMoRoleGrant[0] = [][]interface{}{ 3700 {1, true}, 3701 } 3702 rowsOfMoRoleGrant[0] = [][]interface{}{} 3703 3704 sql2result := makeSql2ExecResult2(0, rowsOfMoUserGrant, nil, nil, nil, roleIdsInMoRoleGrant, rowsOfMoRoleGrant, nil, nil) 3705 3706 arr := extractPrivilegeTipsFromPlan(a.p) 3707 convertPrivilegeTipsToPrivilege(priv, arr) 3708 3709 //role 0,1 does not have the select 3710 roleIds := []int{ 3711 int(ses.GetTenantInfo().GetDefaultRoleID()), 1, 3712 } 3713 3714 for _, roleId := range roleIds { 3715 for _, entry := range priv.entries { 3716 sql, _ := getSqlFromPrivilegeEntry(context.TODO(), int64(roleId), entry) 3717 rows := make([][]interface{}, 0) 3718 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 3719 } 3720 } 3721 3722 var rows [][]interface{} 3723 roles := []int{0, 1, 2} 3724 makeSql := func(entry privilegeEntry) { 3725 pls, err := getPrivilegeLevelsOfObjectType(context.TODO(), entry.objType) 3726 convey.So(err, convey.ShouldBeNil) 3727 for _, pl := range pls { 3728 for _, roleId := range roles { 3729 sql, err := getSqlForPrivilege(context.TODO(), int64(roleId), entry, pl) 3730 convey.So(err, convey.ShouldBeNil) 3731 rows = [][]interface{}{} 3732 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 3733 } 3734 } 3735 } 3736 3737 for _, entry := range priv.entries { 3738 if entry.privilegeEntryTyp == privilegeEntryTypeGeneral { 3739 makeSql(entry) 3740 } else if entry.privilegeEntryTyp == privilegeEntryTypeCompound { 3741 for _, mi := range entry.compound.items { 3742 tempEntry := privilegeEntriesMap[mi.privilegeTyp] 3743 tempEntry.databaseName = mi.dbName 3744 tempEntry.tableName = mi.tableName 3745 tempEntry.privilegeEntryTyp = privilegeEntryTypeGeneral 3746 tempEntry.compound = nil 3747 makeSql(tempEntry) 3748 } 3749 } 3750 } 3751 3752 sql := getSqlForInheritedRoleIdOfRoleId(0) 3753 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{ 3754 {1, true}, 3755 }) 3756 sql = getSqlForInheritedRoleIdOfRoleId(1) 3757 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{ 3758 {2, true}, 3759 }) 3760 sql = getSqlForInheritedRoleIdOfRoleId(2) 3761 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId([][]interface{}{}) 3762 3763 bh := newBh(ctrl, sql2result) 3764 3765 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3766 defer bhStub.Reset() 3767 3768 ok, err := authenticateUserCanExecuteStatementWithObjectTypeDatabaseAndTable(ses.GetRequestContext(), ses, a.stmt, a.p) 3769 convey.So(err, convey.ShouldBeNil) 3770 convey.So(ok, convey.ShouldBeFalse) 3771 } 3772 }) 3773 } 3774 3775 func Test_doGrantRole(t *testing.T) { 3776 convey.Convey("grant role to role succ", t, func() { 3777 ctrl := gomock.NewController(t) 3778 defer ctrl.Finish() 3779 3780 bh := &backgroundExecTest{} 3781 bh.init() 3782 3783 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3784 defer bhStub.Reset() 3785 3786 stmt := &tree.GrantRole{ 3787 Roles: []*tree.Role{ 3788 {UserName: "r1"}, 3789 {UserName: "r2"}, 3790 {UserName: "r3"}, 3791 }, 3792 Users: []*tree.User{ 3793 {Username: "r4"}, 3794 {Username: "r5"}, 3795 {Username: "r6"}, 3796 }, 3797 } 3798 priv := determinePrivilegeSetOfStatement(stmt) 3799 ses := newSes(priv, ctrl) 3800 3801 //no result set 3802 bh.sql2result["begin;"] = nil 3803 bh.sql2result["commit;"] = nil 3804 bh.sql2result["rollback;"] = nil 3805 3806 //init from roles 3807 for i, role := range stmt.Roles { 3808 sql := getSqlForRoleIdOfRole(role.UserName) 3809 mrs := newMrsForRoleIdOfRole([][]interface{}{ 3810 {i}, 3811 }) 3812 bh.sql2result[sql] = mrs 3813 } 3814 3815 //init to roles 3816 for i, user := range stmt.Users { 3817 sql := getSqlForRoleIdOfRole(user.Username) 3818 mrs := newMrsForRoleIdOfRole([][]interface{}{ 3819 {i + len(stmt.Roles)}, 3820 }) 3821 3822 bh.sql2result[sql] = mrs 3823 } 3824 3825 //has "ro roles", need init mo_role_grant (assume empty) 3826 sql := getSqlForGetAllStuffRoleGrantFormat() 3827 mrs := newMrsForGetAllStuffRoleGrant([][]interface{}{}) 3828 3829 bh.sql2result[sql] = mrs 3830 3831 //loop on from ... to 3832 for fromId := range stmt.Roles { 3833 for toId := range stmt.Users { 3834 toId = toId + len(stmt.Roles) 3835 sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 3836 mrs = newMrsForCheckRoleGrant([][]interface{}{}) 3837 bh.sql2result[sql] = mrs 3838 } 3839 } 3840 3841 err := doGrantRole(ses.GetRequestContext(), ses, stmt) 3842 convey.So(err, convey.ShouldBeNil) 3843 }) 3844 3845 convey.Convey("grant role to user succ", t, func() { 3846 ctrl := gomock.NewController(t) 3847 defer ctrl.Finish() 3848 3849 bh := &backgroundExecTest{} 3850 bh.init() 3851 3852 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3853 defer bhStub.Reset() 3854 3855 stmt := &tree.GrantRole{ 3856 Roles: []*tree.Role{ 3857 {UserName: "r1"}, 3858 {UserName: "r2"}, 3859 {UserName: "r3"}, 3860 }, 3861 Users: []*tree.User{ 3862 {Username: "u4"}, 3863 {Username: "u5"}, 3864 {Username: "u6"}, 3865 }, 3866 } 3867 priv := determinePrivilegeSetOfStatement(stmt) 3868 ses := newSes(priv, ctrl) 3869 3870 //no result set 3871 bh.sql2result["begin;"] = nil 3872 bh.sql2result["commit;"] = nil 3873 bh.sql2result["rollback;"] = nil 3874 3875 //init from roles 3876 for i, role := range stmt.Roles { 3877 sql := getSqlForRoleIdOfRole(role.UserName) 3878 mrs := newMrsForRoleIdOfRole([][]interface{}{ 3879 {i}, 3880 }) 3881 bh.sql2result[sql] = mrs 3882 } 3883 3884 //init to empty roles, 3885 //init to users 3886 for i, user := range stmt.Users { 3887 sql := getSqlForRoleIdOfRole(user.Username) 3888 mrs := newMrsForRoleIdOfRole([][]interface{}{}) 3889 3890 bh.sql2result[sql] = mrs 3891 3892 sql = getSqlForPasswordOfUser(user.Username) 3893 mrs = newMrsForPasswordOfUser([][]interface{}{ 3894 {i, "111", i}, 3895 }) 3896 bh.sql2result[sql] = mrs 3897 3898 sql = getSqlForRoleOfUser(int64(i), moAdminRoleName) 3899 bh.sql2result[sql] = newMrsForRoleOfUser([][]interface{}{}) 3900 } 3901 3902 //has "ro roles", need init mo_role_grant (assume empty) 3903 sql := getSqlForGetAllStuffRoleGrantFormat() 3904 mrs := newMrsForGetAllStuffRoleGrant([][]interface{}{}) 3905 3906 bh.sql2result[sql] = mrs 3907 3908 //loop on from ... to 3909 for fromId := range stmt.Roles { 3910 for toId := range stmt.Users { 3911 sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 3912 mrs = newMrsForCheckRoleGrant([][]interface{}{}) 3913 bh.sql2result[sql] = mrs 3914 3915 sql = getSqlForCheckUserGrant(int64(fromId), int64(toId)) 3916 mrs = newMrsForCheckUserGrant([][]interface{}{}) 3917 bh.sql2result[sql] = mrs 3918 } 3919 } 3920 3921 err := doGrantRole(ses.GetRequestContext(), ses, stmt) 3922 convey.So(err, convey.ShouldBeNil) 3923 }) 3924 3925 convey.Convey("grant role to role+user succ", t, func() { 3926 ctrl := gomock.NewController(t) 3927 defer ctrl.Finish() 3928 3929 bh := &backgroundExecTest{} 3930 bh.init() 3931 3932 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 3933 defer bhStub.Reset() 3934 3935 stmt := &tree.GrantRole{ 3936 Roles: []*tree.Role{ 3937 {UserName: "r1"}, 3938 {UserName: "r2"}, 3939 {UserName: "r3"}, 3940 }, 3941 Users: []*tree.User{ 3942 {Username: "u4"}, 3943 {Username: "u5"}, 3944 {Username: "u6"}, 3945 }, 3946 } 3947 priv := determinePrivilegeSetOfStatement(stmt) 3948 ses := newSes(priv, ctrl) 3949 3950 //no result set 3951 bh.sql2result["begin;"] = nil 3952 bh.sql2result["commit;"] = nil 3953 bh.sql2result["rollback;"] = nil 3954 3955 //init from roles 3956 for i, role := range stmt.Roles { 3957 sql := getSqlForRoleIdOfRole(role.UserName) 3958 mrs := newMrsForRoleIdOfRole([][]interface{}{ 3959 {i}, 3960 }) 3961 bh.sql2result[sql] = mrs 3962 } 3963 3964 //init to 2 roles, 3965 //init to 1 users 3966 for i, user := range stmt.Users { 3967 if i < 2 { //roles 3968 sql := getSqlForRoleIdOfRole(user.Username) 3969 mrs := newMrsForRoleIdOfRole([][]interface{}{ 3970 {i + len(stmt.Roles)}, 3971 }) 3972 3973 bh.sql2result[sql] = mrs 3974 3975 sql = getSqlForPasswordOfUser(user.Username) 3976 mrs = newMrsForPasswordOfUser([][]interface{}{}) 3977 bh.sql2result[sql] = mrs 3978 } else { //users 3979 sql := getSqlForRoleIdOfRole(user.Username) 3980 mrs := newMrsForRoleIdOfRole([][]interface{}{}) 3981 3982 bh.sql2result[sql] = mrs 3983 3984 sql = getSqlForPasswordOfUser(user.Username) 3985 mrs = newMrsForPasswordOfUser([][]interface{}{ 3986 {i, "111", i}, 3987 }) 3988 bh.sql2result[sql] = mrs 3989 3990 sql = getSqlForRoleOfUser(int64(i), moAdminRoleName) 3991 bh.sql2result[sql] = newMrsForRoleOfUser([][]interface{}{}) 3992 } 3993 3994 } 3995 3996 //has "ro roles", need init mo_role_grant (assume empty) 3997 sql := getSqlForGetAllStuffRoleGrantFormat() 3998 mrs := newMrsForGetAllStuffRoleGrant([][]interface{}{}) 3999 4000 bh.sql2result[sql] = mrs 4001 4002 //loop on from ... to 4003 for fromId := range stmt.Roles { 4004 for toId := range stmt.Users { 4005 if toId < 2 { //roles 4006 toId = toId + len(stmt.Roles) 4007 sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 4008 mrs = newMrsForCheckRoleGrant([][]interface{}{}) 4009 bh.sql2result[sql] = mrs 4010 4011 sql = getSqlForCheckUserGrant(int64(fromId), int64(toId)) 4012 mrs = newMrsForCheckUserGrant([][]interface{}{}) 4013 bh.sql2result[sql] = mrs 4014 } else { //users 4015 sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 4016 mrs = newMrsForCheckRoleGrant([][]interface{}{}) 4017 bh.sql2result[sql] = mrs 4018 4019 sql = getSqlForCheckUserGrant(int64(fromId), int64(toId)) 4020 mrs = newMrsForCheckUserGrant([][]interface{}{}) 4021 bh.sql2result[sql] = mrs 4022 } 4023 4024 } 4025 } 4026 4027 err := doGrantRole(ses.GetRequestContext(), ses, stmt) 4028 convey.So(err, convey.ShouldBeNil) 4029 }) 4030 4031 convey.Convey("grant role to role+user 2 (insert) succ", t, func() { 4032 ctrl := gomock.NewController(t) 4033 defer ctrl.Finish() 4034 4035 bh := &backgroundExecTest{} 4036 bh.init() 4037 4038 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4039 defer bhStub.Reset() 4040 4041 stmt := &tree.GrantRole{ 4042 Roles: []*tree.Role{ 4043 {UserName: "r1"}, 4044 {UserName: "r2"}, 4045 {UserName: "r3"}, 4046 }, 4047 Users: []*tree.User{ 4048 {Username: "u4"}, 4049 {Username: "u5"}, 4050 {Username: "u6"}, 4051 }, 4052 } 4053 priv := determinePrivilegeSetOfStatement(stmt) 4054 ses := newSes(priv, ctrl) 4055 4056 //no result set 4057 bh.sql2result["begin;"] = nil 4058 bh.sql2result["commit;"] = nil 4059 bh.sql2result["rollback;"] = nil 4060 4061 //init from roles 4062 for i, role := range stmt.Roles { 4063 sql := getSqlForRoleIdOfRole(role.UserName) 4064 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4065 {i}, 4066 }) 4067 bh.sql2result[sql] = mrs 4068 } 4069 4070 //init to 2 roles, 4071 //init to 1 users 4072 for i, user := range stmt.Users { 4073 if i < 2 { //roles 4074 sql := getSqlForRoleIdOfRole(user.Username) 4075 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4076 {i + len(stmt.Roles)}, 4077 }) 4078 4079 bh.sql2result[sql] = mrs 4080 4081 sql = getSqlForPasswordOfUser(user.Username) 4082 mrs = newMrsForPasswordOfUser([][]interface{}{}) 4083 bh.sql2result[sql] = mrs 4084 } else { //users 4085 sql := getSqlForRoleIdOfRole(user.Username) 4086 mrs := newMrsForRoleIdOfRole([][]interface{}{}) 4087 4088 bh.sql2result[sql] = mrs 4089 4090 sql = getSqlForPasswordOfUser(user.Username) 4091 mrs = newMrsForPasswordOfUser([][]interface{}{ 4092 {i, "111", i}, 4093 }) 4094 bh.sql2result[sql] = mrs 4095 4096 sql = getSqlForRoleOfUser(int64(i), moAdminRoleName) 4097 bh.sql2result[sql] = newMrsForRoleOfUser([][]interface{}{}) 4098 } 4099 4100 } 4101 4102 //has "ro roles", need init mo_role_grant (assume empty) 4103 sql := getSqlForGetAllStuffRoleGrantFormat() 4104 mrs := newMrsForGetAllStuffRoleGrant([][]interface{}{ 4105 {0, 1, true}, 4106 {1, 2, true}, 4107 {3, 4, true}, 4108 }) 4109 4110 bh.sql2result[sql] = mrs 4111 4112 //loop on from ... to 4113 for fromId := range stmt.Roles { 4114 for toId := range stmt.Users { 4115 if toId < 2 { //roles 4116 toId = toId + len(stmt.Roles) 4117 sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 4118 mrs = newMrsForCheckRoleGrant([][]interface{}{}) 4119 bh.sql2result[sql] = mrs 4120 4121 sql = getSqlForCheckUserGrant(int64(fromId), int64(toId)) 4122 mrs = newMrsForCheckUserGrant([][]interface{}{}) 4123 bh.sql2result[sql] = mrs 4124 } else { //users 4125 sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 4126 mrs = newMrsForCheckRoleGrant([][]interface{}{}) 4127 bh.sql2result[sql] = mrs 4128 4129 sql = getSqlForCheckUserGrant(int64(fromId), int64(toId)) 4130 mrs = newMrsForCheckUserGrant([][]interface{}{}) 4131 bh.sql2result[sql] = mrs 4132 } 4133 } 4134 } 4135 4136 err := doGrantRole(ses.GetRequestContext(), ses, stmt) 4137 convey.So(err, convey.ShouldBeNil) 4138 }) 4139 4140 convey.Convey("grant role to role+user 3 (update) succ", t, func() { 4141 ctrl := gomock.NewController(t) 4142 defer ctrl.Finish() 4143 4144 bh := &backgroundExecTest{} 4145 bh.init() 4146 4147 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4148 defer bhStub.Reset() 4149 4150 stmt := &tree.GrantRole{ 4151 Roles: []*tree.Role{ 4152 {UserName: "r1"}, 4153 {UserName: "r2"}, 4154 {UserName: "r3"}, 4155 }, 4156 Users: []*tree.User{ 4157 {Username: "u4"}, 4158 {Username: "u5"}, 4159 {Username: "u6"}, 4160 }, 4161 GrantOption: true, 4162 } 4163 priv := determinePrivilegeSetOfStatement(stmt) 4164 ses := newSes(priv, ctrl) 4165 4166 //no result set 4167 bh.sql2result["begin;"] = nil 4168 bh.sql2result["commit;"] = nil 4169 bh.sql2result["rollback;"] = nil 4170 4171 //init from roles 4172 for i, role := range stmt.Roles { 4173 sql := getSqlForRoleIdOfRole(role.UserName) 4174 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4175 {i}, 4176 }) 4177 bh.sql2result[sql] = mrs 4178 } 4179 4180 //init to 2 roles, 4181 //init to 1 users 4182 for i, user := range stmt.Users { 4183 if i < 2 { //roles 4184 sql := getSqlForRoleIdOfRole(user.Username) 4185 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4186 {i + len(stmt.Roles)}, 4187 }) 4188 4189 bh.sql2result[sql] = mrs 4190 4191 sql = getSqlForPasswordOfUser(user.Username) 4192 mrs = newMrsForPasswordOfUser([][]interface{}{}) 4193 bh.sql2result[sql] = mrs 4194 } else { //users 4195 sql := getSqlForRoleIdOfRole(user.Username) 4196 mrs := newMrsForRoleIdOfRole([][]interface{}{}) 4197 4198 bh.sql2result[sql] = mrs 4199 4200 sql = getSqlForPasswordOfUser(user.Username) 4201 mrs = newMrsForPasswordOfUser([][]interface{}{ 4202 {i, "111", i}, 4203 }) 4204 bh.sql2result[sql] = mrs 4205 4206 sql = getSqlForRoleOfUser(int64(i), moAdminRoleName) 4207 bh.sql2result[sql] = newMrsForRoleOfUser([][]interface{}{}) 4208 } 4209 4210 } 4211 4212 //has "ro roles", need init mo_role_grant (assume empty) 4213 sql := getSqlForGetAllStuffRoleGrantFormat() 4214 mrs := newMrsForGetAllStuffRoleGrant([][]interface{}{ 4215 {0, 1, true}, 4216 {1, 2, true}, 4217 {3, 4, true}, 4218 }) 4219 4220 bh.sql2result[sql] = mrs 4221 4222 //loop on from ... to 4223 for fromId := range stmt.Roles { 4224 for toId := range stmt.Users { 4225 if toId < 2 { //roles 4226 toId = toId + len(stmt.Roles) 4227 sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 4228 mrs = newMrsForCheckRoleGrant([][]interface{}{ 4229 {fromId, toId, false}, 4230 }) 4231 bh.sql2result[sql] = mrs 4232 4233 //sql = getSqlForCheckUserGrant(int64(fromId), int64(toId)) 4234 //mrs = newMrsForCheckUserGrant([][]interface{}{}) 4235 //bh.sql2result[sql] = mrs 4236 } else { //users 4237 //sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 4238 //mrs = newMrsForCheckRoleGrant([][]interface{}{}) 4239 //bh.sql2result[sql] = mrs 4240 4241 sql = getSqlForCheckUserGrant(int64(fromId), int64(toId)) 4242 mrs = newMrsForCheckUserGrant([][]interface{}{ 4243 {fromId, toId, false}, 4244 }) 4245 bh.sql2result[sql] = mrs 4246 } 4247 4248 } 4249 } 4250 4251 err := doGrantRole(ses.GetRequestContext(), ses, stmt) 4252 convey.So(err, convey.ShouldBeNil) 4253 }) 4254 4255 convey.Convey("grant role to role fail direct loop", t, func() { 4256 ctrl := gomock.NewController(t) 4257 defer ctrl.Finish() 4258 4259 bh := &backgroundExecTest{} 4260 bh.init() 4261 4262 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4263 defer bhStub.Reset() 4264 4265 stmt := &tree.GrantRole{ 4266 Roles: []*tree.Role{ 4267 {UserName: "r1"}, 4268 }, 4269 Users: []*tree.User{ 4270 {Username: "r1"}, 4271 }, 4272 } 4273 priv := determinePrivilegeSetOfStatement(stmt) 4274 ses := newSes(priv, ctrl) 4275 4276 //no result set 4277 bh.sql2result["begin;"] = nil 4278 bh.sql2result["commit;"] = nil 4279 bh.sql2result["rollback;"] = nil 4280 4281 //init from roles 4282 for i, role := range stmt.Roles { 4283 sql := getSqlForRoleIdOfRole(role.UserName) 4284 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4285 {i}, 4286 }) 4287 bh.sql2result[sql] = mrs 4288 } 4289 4290 //init to roles 4291 for i, user := range stmt.Users { 4292 sql := getSqlForRoleIdOfRole(user.Username) 4293 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4294 {i + len(stmt.Roles)}, 4295 }) 4296 4297 bh.sql2result[sql] = mrs 4298 } 4299 4300 //has "ro roles", need init mo_role_grant (assume empty) 4301 sql := getSqlForGetAllStuffRoleGrantFormat() 4302 mrs := newMrsForGetAllStuffRoleGrant([][]interface{}{}) 4303 4304 bh.sql2result[sql] = mrs 4305 4306 //loop on from ... to 4307 for fromId := range stmt.Roles { 4308 for toId := range stmt.Users { 4309 toId = toId + len(stmt.Roles) 4310 sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 4311 mrs = newMrsForCheckRoleGrant([][]interface{}{}) 4312 bh.sql2result[sql] = mrs 4313 } 4314 } 4315 4316 err := doGrantRole(ses.GetRequestContext(), ses, stmt) 4317 convey.So(err, convey.ShouldBeError) 4318 }) 4319 4320 convey.Convey("grant role to role+user fail indirect loop", t, func() { 4321 ctrl := gomock.NewController(t) 4322 defer ctrl.Finish() 4323 4324 bh := &backgroundExecTest{} 4325 bh.init() 4326 4327 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4328 defer bhStub.Reset() 4329 4330 stmt := &tree.GrantRole{ 4331 Roles: []*tree.Role{ 4332 {UserName: "r1"}, 4333 {UserName: "r2"}, 4334 {UserName: "r3"}, 4335 }, 4336 Users: []*tree.User{ 4337 {Username: "r4"}, 4338 {Username: "r5"}, 4339 {Username: "u6"}, 4340 }, 4341 GrantOption: true, 4342 } 4343 priv := determinePrivilegeSetOfStatement(stmt) 4344 ses := newSes(priv, ctrl) 4345 4346 //no result set 4347 bh.sql2result["begin;"] = nil 4348 bh.sql2result["commit;"] = nil 4349 bh.sql2result["rollback;"] = nil 4350 4351 //init from roles 4352 for i, role := range stmt.Roles { 4353 sql := getSqlForRoleIdOfRole(role.UserName) 4354 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4355 {i}, 4356 }) 4357 bh.sql2result[sql] = mrs 4358 } 4359 4360 //init to 2 roles, 4361 //init to 1 users 4362 for i, user := range stmt.Users { 4363 if i < 2 { //roles 4364 sql := getSqlForRoleIdOfRole(user.Username) 4365 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4366 {i + len(stmt.Roles)}, 4367 }) 4368 4369 bh.sql2result[sql] = mrs 4370 4371 sql = getSqlForPasswordOfUser(user.Username) 4372 mrs = newMrsForPasswordOfUser([][]interface{}{}) 4373 bh.sql2result[sql] = mrs 4374 } else { //users 4375 sql := getSqlForRoleIdOfRole(user.Username) 4376 mrs := newMrsForRoleIdOfRole([][]interface{}{}) 4377 4378 bh.sql2result[sql] = mrs 4379 4380 sql = getSqlForPasswordOfUser(user.Username) 4381 mrs = newMrsForPasswordOfUser([][]interface{}{ 4382 {i, "111", i}, 4383 }) 4384 bh.sql2result[sql] = mrs 4385 4386 sql = getSqlForRoleOfUser(int64(i), moAdminRoleName) 4387 bh.sql2result[sql] = newMrsForRoleOfUser([][]interface{}{}) 4388 } 4389 4390 } 4391 4392 //has "ro roles", need init mo_role_grant (assume empty) 4393 sql := getSqlForGetAllStuffRoleGrantFormat() 4394 mrs := newMrsForGetAllStuffRoleGrant([][]interface{}{ 4395 {1, 0, true}, 4396 {2, 1, true}, 4397 {3, 2, true}, 4398 {4, 2, true}, 4399 }) 4400 4401 bh.sql2result[sql] = mrs 4402 4403 //loop on from ... to 4404 for fromId := range stmt.Roles { 4405 for toId := range stmt.Users { 4406 if toId < 2 { //roles 4407 toId = toId + len(stmt.Roles) 4408 sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 4409 mrs = newMrsForCheckRoleGrant([][]interface{}{ 4410 {fromId, toId, false}, 4411 }) 4412 bh.sql2result[sql] = mrs 4413 4414 //sql = getSqlForCheckUserGrant(int64(fromId), int64(toId)) 4415 //mrs = newMrsForCheckUserGrant([][]interface{}{}) 4416 //bh.sql2result[sql] = mrs 4417 } else { //users 4418 //sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 4419 //mrs = newMrsForCheckRoleGrant([][]interface{}{}) 4420 //bh.sql2result[sql] = mrs 4421 4422 sql = getSqlForCheckUserGrant(int64(fromId), int64(toId)) 4423 mrs = newMrsForCheckUserGrant([][]interface{}{ 4424 {fromId, toId, false}, 4425 }) 4426 bh.sql2result[sql] = mrs 4427 } 4428 4429 } 4430 } 4431 4432 err := doGrantRole(ses.GetRequestContext(), ses, stmt) 4433 convey.So(err, convey.ShouldBeError) 4434 }) 4435 4436 convey.Convey("grant role to role fail no role", t, func() { 4437 ctrl := gomock.NewController(t) 4438 defer ctrl.Finish() 4439 4440 bh := &backgroundExecTest{} 4441 bh.init() 4442 4443 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4444 defer bhStub.Reset() 4445 4446 stmt := &tree.GrantRole{ 4447 Roles: []*tree.Role{ 4448 {UserName: "r1"}, 4449 {UserName: "r2"}, 4450 {UserName: "r3"}, 4451 }, 4452 Users: []*tree.User{ 4453 {Username: "r4"}, 4454 {Username: "r5"}, 4455 {Username: "r6"}, 4456 }, 4457 } 4458 priv := determinePrivilegeSetOfStatement(stmt) 4459 ses := newSes(priv, ctrl) 4460 4461 //no result set 4462 bh.sql2result["begin;"] = nil 4463 bh.sql2result["commit;"] = nil 4464 bh.sql2result["rollback;"] = nil 4465 4466 //init from roles 4467 for _, role := range stmt.Roles { 4468 sql := getSqlForRoleIdOfRole(role.UserName) 4469 mrs := newMrsForRoleIdOfRole([][]interface{}{}) 4470 bh.sql2result[sql] = mrs 4471 } 4472 4473 //init to roles 4474 for i, user := range stmt.Users { 4475 sql := getSqlForRoleIdOfRole(user.Username) 4476 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4477 {i + len(stmt.Roles)}, 4478 }) 4479 4480 bh.sql2result[sql] = mrs 4481 } 4482 4483 //has "ro roles", need init mo_role_grant (assume empty) 4484 sql := getSqlForGetAllStuffRoleGrantFormat() 4485 mrs := newMrsForGetAllStuffRoleGrant([][]interface{}{}) 4486 4487 bh.sql2result[sql] = mrs 4488 4489 //loop on from ... to 4490 for fromId := range stmt.Roles { 4491 for toId := range stmt.Users { 4492 toId = toId + len(stmt.Roles) 4493 sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 4494 mrs = newMrsForCheckRoleGrant([][]interface{}{}) 4495 bh.sql2result[sql] = mrs 4496 } 4497 } 4498 4499 err := doGrantRole(ses.GetRequestContext(), ses, stmt) 4500 convey.So(err, convey.ShouldBeError) 4501 }) 4502 4503 convey.Convey("grant role to user fail no user", t, func() { 4504 ctrl := gomock.NewController(t) 4505 defer ctrl.Finish() 4506 4507 bh := &backgroundExecTest{} 4508 bh.init() 4509 4510 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4511 defer bhStub.Reset() 4512 4513 stmt := &tree.GrantRole{ 4514 Roles: []*tree.Role{ 4515 {UserName: "r1"}, 4516 {UserName: "r2"}, 4517 {UserName: "r3"}, 4518 }, 4519 Users: []*tree.User{ 4520 {Username: "u4"}, 4521 {Username: "u5"}, 4522 {Username: "u6"}, 4523 }, 4524 } 4525 priv := determinePrivilegeSetOfStatement(stmt) 4526 ses := newSes(priv, ctrl) 4527 4528 //no result set 4529 bh.sql2result["begin;"] = nil 4530 bh.sql2result["commit;"] = nil 4531 bh.sql2result["rollback;"] = nil 4532 4533 //init from roles 4534 for i, role := range stmt.Roles { 4535 sql := getSqlForRoleIdOfRole(role.UserName) 4536 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4537 {i}, 4538 }) 4539 bh.sql2result[sql] = mrs 4540 } 4541 4542 //init to empty roles, 4543 //init to users 4544 for _, user := range stmt.Users { 4545 sql := getSqlForRoleIdOfRole(user.Username) 4546 mrs := newMrsForRoleIdOfRole([][]interface{}{}) 4547 4548 bh.sql2result[sql] = mrs 4549 4550 sql = getSqlForPasswordOfUser(user.Username) 4551 mrs = newMrsForPasswordOfUser([][]interface{}{}) 4552 bh.sql2result[sql] = mrs 4553 } 4554 4555 //has "ro roles", need init mo_role_grant (assume empty) 4556 sql := getSqlForGetAllStuffRoleGrantFormat() 4557 mrs := newMrsForGetAllStuffRoleGrant([][]interface{}{}) 4558 4559 bh.sql2result[sql] = mrs 4560 4561 //loop on from ... to 4562 for fromId := range stmt.Roles { 4563 for toId := range stmt.Users { 4564 sql = getSqlForCheckRoleGrant(int64(fromId), int64(toId)) 4565 mrs = newMrsForCheckRoleGrant([][]interface{}{}) 4566 bh.sql2result[sql] = mrs 4567 4568 sql = getSqlForCheckUserGrant(int64(fromId), int64(toId)) 4569 mrs = newMrsForCheckUserGrant([][]interface{}{}) 4570 bh.sql2result[sql] = mrs 4571 } 4572 } 4573 4574 err := doGrantRole(ses.GetRequestContext(), ses, stmt) 4575 convey.So(err, convey.ShouldBeError) 4576 }) 4577 } 4578 4579 func Test_doRevokeRole(t *testing.T) { 4580 convey.Convey("revoke role from role succ", t, func() { 4581 ctrl := gomock.NewController(t) 4582 defer ctrl.Finish() 4583 4584 bh := &backgroundExecTest{} 4585 bh.init() 4586 4587 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4588 defer bhStub.Reset() 4589 4590 stmt := &tree.RevokeRole{ 4591 Roles: []*tree.Role{ 4592 {UserName: "r1"}, 4593 {UserName: "r2"}, 4594 {UserName: "r3"}, 4595 }, 4596 Users: []*tree.User{ 4597 {Username: "r4"}, 4598 {Username: "r5"}, 4599 {Username: "r6"}, 4600 }, 4601 } 4602 priv := determinePrivilegeSetOfStatement(stmt) 4603 ses := newSes(priv, ctrl) 4604 4605 //no result set 4606 bh.sql2result["begin;"] = nil 4607 bh.sql2result["commit;"] = nil 4608 bh.sql2result["rollback;"] = nil 4609 4610 //init from roles 4611 for i, role := range stmt.Roles { 4612 sql := getSqlForRoleIdOfRole(role.UserName) 4613 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4614 {i}, 4615 }) 4616 bh.sql2result[sql] = mrs 4617 } 4618 4619 //init to roles 4620 for i, user := range stmt.Users { 4621 sql := getSqlForRoleIdOfRole(user.Username) 4622 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4623 {i + len(stmt.Roles)}, 4624 }) 4625 4626 bh.sql2result[sql] = mrs 4627 } 4628 4629 //loop on from ... to 4630 for fromId := range stmt.Roles { 4631 for toId := range stmt.Users { 4632 toId = toId + len(stmt.Roles) 4633 sql := getSqlForDeleteRoleGrant(int64(fromId), int64(toId)) 4634 bh.sql2result[sql] = nil 4635 } 4636 } 4637 4638 err := doRevokeRole(ses.GetRequestContext(), ses, stmt) 4639 convey.So(err, convey.ShouldBeNil) 4640 }) 4641 4642 convey.Convey("revoke role from role succ (if exists = true, miss role before FROM)", t, func() { 4643 ctrl := gomock.NewController(t) 4644 defer ctrl.Finish() 4645 4646 bh := &backgroundExecTest{} 4647 bh.init() 4648 4649 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4650 defer bhStub.Reset() 4651 4652 stmt := &tree.RevokeRole{ 4653 IfExists: true, 4654 Roles: []*tree.Role{ 4655 {UserName: "r1"}, 4656 {UserName: "r2"}, 4657 {UserName: "r3"}, 4658 }, 4659 Users: []*tree.User{ 4660 {Username: "r4"}, 4661 {Username: "r5"}, 4662 {Username: "r6"}, 4663 }, 4664 } 4665 priv := determinePrivilegeSetOfStatement(stmt) 4666 ses := newSes(priv, ctrl) 4667 4668 //no result set 4669 bh.sql2result["begin;"] = nil 4670 bh.sql2result["commit;"] = nil 4671 bh.sql2result["rollback;"] = nil 4672 4673 //init from roles 4674 var mrs *MysqlResultSet 4675 for i, role := range stmt.Roles { 4676 sql := getSqlForRoleIdOfRole(role.UserName) 4677 mrs = newMrsForRoleIdOfRole([][]interface{}{ 4678 {i}, 4679 }) 4680 bh.sql2result[sql] = mrs 4681 } 4682 4683 //init to roles 4684 for i, user := range stmt.Users { 4685 sql := getSqlForRoleIdOfRole(user.Username) 4686 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4687 {i + len(stmt.Roles)}, 4688 }) 4689 4690 bh.sql2result[sql] = mrs 4691 } 4692 4693 //loop on from ... to 4694 for fromId := range stmt.Roles { 4695 for toId := range stmt.Users { 4696 toId = toId + len(stmt.Roles) 4697 sql := getSqlForDeleteRoleGrant(int64(fromId), int64(toId)) 4698 bh.sql2result[sql] = nil 4699 } 4700 } 4701 4702 err := doRevokeRole(ses.GetRequestContext(), ses, stmt) 4703 convey.So(err, convey.ShouldBeNil) 4704 }) 4705 4706 convey.Convey("revoke role from role fail (if exists = false,miss role before FROM)", t, func() { 4707 ctrl := gomock.NewController(t) 4708 defer ctrl.Finish() 4709 4710 bh := &backgroundExecTest{} 4711 bh.init() 4712 4713 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4714 defer bhStub.Reset() 4715 4716 stmt := &tree.RevokeRole{ 4717 Roles: []*tree.Role{ 4718 {UserName: "r1"}, 4719 {UserName: "r2"}, 4720 {UserName: "r3"}, 4721 }, 4722 Users: []*tree.User{ 4723 {Username: "r4"}, 4724 {Username: "r5"}, 4725 {Username: "r6"}, 4726 }, 4727 } 4728 priv := determinePrivilegeSetOfStatement(stmt) 4729 ses := newSes(priv, ctrl) 4730 4731 //no result set 4732 bh.sql2result["begin;"] = nil 4733 bh.sql2result["commit;"] = nil 4734 bh.sql2result["rollback;"] = nil 4735 4736 //init from roles 4737 var mrs *MysqlResultSet 4738 for i, role := range stmt.Roles { 4739 sql := getSqlForRoleIdOfRole(role.UserName) 4740 if i == 0 { 4741 mrs = newMrsForRoleIdOfRole([][]interface{}{}) 4742 } else { 4743 mrs = newMrsForRoleIdOfRole([][]interface{}{ 4744 {i}, 4745 }) 4746 } 4747 4748 bh.sql2result[sql] = mrs 4749 } 4750 4751 //init to roles 4752 for i, user := range stmt.Users { 4753 sql := getSqlForRoleIdOfRole(user.Username) 4754 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4755 {i + len(stmt.Roles)}, 4756 }) 4757 4758 bh.sql2result[sql] = mrs 4759 } 4760 4761 //loop on from ... to 4762 for fromId := range stmt.Roles { 4763 for toId := range stmt.Users { 4764 toId = toId + len(stmt.Roles) 4765 sql := getSqlForDeleteRoleGrant(int64(fromId), int64(toId)) 4766 bh.sql2result[sql] = nil 4767 } 4768 } 4769 4770 err := doRevokeRole(ses.GetRequestContext(), ses, stmt) 4771 convey.So(err, convey.ShouldBeError) 4772 }) 4773 4774 convey.Convey("revoke role from user fail (if exists = false,miss role after FROM)", t, func() { 4775 ctrl := gomock.NewController(t) 4776 defer ctrl.Finish() 4777 4778 bh := &backgroundExecTest{} 4779 bh.init() 4780 4781 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4782 defer bhStub.Reset() 4783 4784 stmt := &tree.RevokeRole{ 4785 Roles: []*tree.Role{ 4786 {UserName: "r1"}, 4787 {UserName: "r2"}, 4788 {UserName: "r3"}, 4789 }, 4790 Users: []*tree.User{ 4791 {Username: "u1"}, 4792 {Username: "u2"}, 4793 {Username: "u3"}, 4794 }, 4795 } 4796 priv := determinePrivilegeSetOfStatement(stmt) 4797 ses := newSes(priv, ctrl) 4798 4799 //no result set 4800 bh.sql2result["begin;"] = nil 4801 bh.sql2result["commit;"] = nil 4802 bh.sql2result["rollback;"] = nil 4803 4804 //init from roles 4805 var mrs *MysqlResultSet 4806 for i, role := range stmt.Roles { 4807 sql := getSqlForRoleIdOfRole(role.UserName) 4808 mrs = newMrsForRoleIdOfRole([][]interface{}{ 4809 {i}, 4810 }) 4811 4812 bh.sql2result[sql] = mrs 4813 } 4814 4815 //init to roles 4816 for i, user := range stmt.Users { 4817 //sql := getSqlForRoleIdOfRole(user.Username) 4818 //mrs = newMrsForRoleIdOfRole([][]interface{}{}) 4819 4820 sql := getSqlForPasswordOfUser(user.Username) 4821 //miss u2 4822 if i == 1 { 4823 mrs = newMrsForPasswordOfUser([][]interface{}{}) 4824 } else { 4825 mrs = newMrsForPasswordOfUser([][]interface{}{ 4826 {i + len(stmt.Roles)}, 4827 }) 4828 } 4829 4830 bh.sql2result[sql] = mrs 4831 } 4832 4833 //loop on from ... to 4834 for fromId := range stmt.Roles { 4835 for toId := range stmt.Users { 4836 toId = toId + len(stmt.Roles) 4837 sql := getSqlForDeleteUserGrant(int64(fromId), int64(toId)) 4838 bh.sql2result[sql] = nil 4839 } 4840 } 4841 4842 err := doRevokeRole(ses.GetRequestContext(), ses, stmt) 4843 convey.So(err, convey.ShouldBeError) 4844 }) 4845 4846 convey.Convey("revoke role from user succ", t, func() { 4847 ctrl := gomock.NewController(t) 4848 defer ctrl.Finish() 4849 4850 bh := &backgroundExecTest{} 4851 bh.init() 4852 4853 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4854 defer bhStub.Reset() 4855 4856 stmt := &tree.RevokeRole{ 4857 Roles: []*tree.Role{ 4858 {UserName: "r1"}, 4859 {UserName: "r2"}, 4860 {UserName: "r3"}, 4861 }, 4862 Users: []*tree.User{ 4863 {Username: "u4"}, 4864 {Username: "u5"}, 4865 {Username: "u6"}, 4866 }, 4867 } 4868 priv := determinePrivilegeSetOfStatement(stmt) 4869 ses := newSes(priv, ctrl) 4870 4871 //no result set 4872 bh.sql2result["begin;"] = nil 4873 bh.sql2result["commit;"] = nil 4874 bh.sql2result["rollback;"] = nil 4875 4876 //init from roles 4877 for i, role := range stmt.Roles { 4878 sql := getSqlForRoleIdOfRole(role.UserName) 4879 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4880 {i}, 4881 }) 4882 bh.sql2result[sql] = mrs 4883 } 4884 4885 //init to roles 4886 for i, user := range stmt.Users { 4887 sql := getSqlForRoleIdOfRole(user.Username) 4888 mrs := newMrsForRoleIdOfRole([][]interface{}{}) 4889 4890 bh.sql2result[sql] = mrs 4891 4892 sql = getSqlForPasswordOfUser(user.Username) 4893 mrs = newMrsForPasswordOfUser([][]interface{}{ 4894 {i}, 4895 }) 4896 4897 bh.sql2result[sql] = mrs 4898 } 4899 4900 //loop on from ... to 4901 for fromId := range stmt.Roles { 4902 for toId := range stmt.Users { 4903 toId = toId + len(stmt.Roles) 4904 sql := getSqlForDeleteRoleGrant(int64(fromId), int64(toId)) 4905 bh.sql2result[sql] = nil 4906 } 4907 } 4908 4909 err := doRevokeRole(ses.GetRequestContext(), ses, stmt) 4910 convey.So(err, convey.ShouldBeNil) 4911 }) 4912 } 4913 4914 func Test_doGrantPrivilege(t *testing.T) { 4915 convey.Convey("grant account, role succ", t, func() { 4916 ctrl := gomock.NewController(t) 4917 defer ctrl.Finish() 4918 4919 bh := &backgroundExecTest{} 4920 bh.init() 4921 4922 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4923 defer bhStub.Reset() 4924 4925 stmt := &tree.GrantPrivilege{ 4926 Privileges: []*tree.Privilege{ 4927 {Type: tree.PRIVILEGE_TYPE_STATIC_CREATE_DATABASE}, 4928 }, 4929 ObjType: tree.OBJECT_TYPE_ACCOUNT, 4930 Level: &tree.PrivilegeLevel{Level: tree.PRIVILEGE_LEVEL_TYPE_STAR}, 4931 Roles: []*tree.Role{ 4932 {UserName: "r1"}, 4933 }, 4934 } 4935 priv := determinePrivilegeSetOfStatement(stmt) 4936 ses := newSes(priv, ctrl) 4937 4938 //no result set 4939 bh.sql2result["begin;"] = nil 4940 bh.sql2result["commit;"] = nil 4941 bh.sql2result["rollback;"] = nil 4942 4943 //init from roles 4944 for i, role := range stmt.Roles { 4945 sql := getSqlForRoleIdOfRole(role.UserName) 4946 mrs := newMrsForRoleIdOfRole([][]interface{}{ 4947 {i}, 4948 }) 4949 bh.sql2result[sql] = mrs 4950 } 4951 4952 for _, p := range stmt.Privileges { 4953 privType, err := convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, tree.OBJECT_TYPE_ACCOUNT) 4954 convey.So(err, convey.ShouldBeNil) 4955 for j := range stmt.Roles { 4956 sql := getSqlForCheckRoleHasPrivilege(int64(j), objectTypeAccount, objectIDAll, int64(privType)) 4957 mrs := newMrsForCheckRoleHasPrivilege([][]interface{}{}) 4958 bh.sql2result[sql] = mrs 4959 } 4960 } 4961 4962 err := doGrantPrivilege(ses.GetRequestContext(), ses, stmt) 4963 convey.So(err, convey.ShouldBeNil) 4964 }) 4965 convey.Convey("grant database, role succ", t, func() { 4966 ctrl := gomock.NewController(t) 4967 defer ctrl.Finish() 4968 4969 bh := &backgroundExecTest{} 4970 bh.init() 4971 4972 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 4973 defer bhStub.Reset() 4974 4975 stmts := []*tree.GrantPrivilege{ 4976 { 4977 Privileges: []*tree.Privilege{ 4978 {Type: tree.PRIVILEGE_TYPE_STATIC_SHOW_TABLES}, 4979 }, 4980 ObjType: tree.OBJECT_TYPE_DATABASE, 4981 Level: &tree.PrivilegeLevel{ 4982 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR, 4983 }, 4984 Roles: []*tree.Role{ 4985 {UserName: "r1"}, 4986 }, 4987 }, 4988 { 4989 Privileges: []*tree.Privilege{ 4990 {Type: tree.PRIVILEGE_TYPE_STATIC_SHOW_TABLES}, 4991 }, 4992 ObjType: tree.OBJECT_TYPE_DATABASE, 4993 Level: &tree.PrivilegeLevel{ 4994 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR_STAR, 4995 }, 4996 Roles: []*tree.Role{ 4997 {UserName: "r1"}, 4998 }, 4999 }, 5000 { 5001 Privileges: []*tree.Privilege{ 5002 {Type: tree.PRIVILEGE_TYPE_STATIC_SHOW_TABLES}, 5003 }, 5004 ObjType: tree.OBJECT_TYPE_DATABASE, 5005 Level: &tree.PrivilegeLevel{ 5006 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE, 5007 DbName: "d", 5008 }, 5009 Roles: []*tree.Role{ 5010 {UserName: "r1"}, 5011 }, 5012 }, 5013 { 5014 Privileges: []*tree.Privilege{ 5015 {Type: tree.PRIVILEGE_TYPE_STATIC_SHOW_TABLES}, 5016 }, 5017 ObjType: tree.OBJECT_TYPE_DATABASE, 5018 Level: &tree.PrivilegeLevel{ 5019 Level: tree.PRIVILEGE_LEVEL_TYPE_TABLE, 5020 TabName: "d", 5021 }, 5022 Roles: []*tree.Role{ 5023 {UserName: "r1"}, 5024 }, 5025 }, 5026 } 5027 5028 for _, stmt := range stmts { 5029 priv := determinePrivilegeSetOfStatement(stmt) 5030 ses := newSes(priv, ctrl) 5031 5032 //no result set 5033 bh.sql2result["begin;"] = nil 5034 bh.sql2result["commit;"] = nil 5035 bh.sql2result["rollback;"] = nil 5036 5037 //init from roles 5038 for i, role := range stmt.Roles { 5039 sql := getSqlForRoleIdOfRole(role.UserName) 5040 mrs := newMrsForRoleIdOfRole([][]interface{}{ 5041 {i}, 5042 }) 5043 bh.sql2result[sql] = mrs 5044 } 5045 5046 objType, err := convertAstObjectTypeToObjectType(context.TODO(), stmt.ObjType) 5047 convey.So(err, convey.ShouldBeNil) 5048 5049 if stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_DATABASE { 5050 sql := getSqlForCheckDatabase(stmt.Level.DbName) 5051 mrs := newMrsForCheckDatabase([][]interface{}{ 5052 {0}, 5053 }) 5054 bh.sql2result[sql] = mrs 5055 } else if stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_TABLE { 5056 sql := getSqlForCheckDatabase(stmt.Level.TabName) 5057 mrs := newMrsForCheckDatabase([][]interface{}{ 5058 {0}, 5059 }) 5060 bh.sql2result[sql] = mrs 5061 } 5062 5063 _, objId, err := checkPrivilegeObjectTypeAndPrivilegeLevel(context.TODO(), ses, bh, stmt.ObjType, *stmt.Level) 5064 convey.So(err, convey.ShouldBeNil) 5065 5066 for _, p := range stmt.Privileges { 5067 privType, err := convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, stmt.ObjType) 5068 convey.So(err, convey.ShouldBeNil) 5069 for j := range stmt.Roles { 5070 sql := getSqlForCheckRoleHasPrivilege(int64(j), objType, objId, int64(privType)) 5071 mrs := newMrsForCheckRoleHasPrivilege([][]interface{}{}) 5072 bh.sql2result[sql] = mrs 5073 } 5074 } 5075 5076 err = doGrantPrivilege(ses.GetRequestContext(), ses, stmt) 5077 convey.So(err, convey.ShouldBeNil) 5078 } 5079 }) 5080 convey.Convey("grant table, role succ", t, func() { 5081 ctrl := gomock.NewController(t) 5082 defer ctrl.Finish() 5083 5084 bh := &backgroundExecTest{} 5085 bh.init() 5086 5087 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5088 defer bhStub.Reset() 5089 5090 dbName := "d" 5091 tableName := "t" 5092 stmts := []*tree.GrantPrivilege{ 5093 { 5094 Privileges: []*tree.Privilege{ 5095 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 5096 }, 5097 ObjType: tree.OBJECT_TYPE_TABLE, 5098 Level: &tree.PrivilegeLevel{ 5099 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR, 5100 }, 5101 Roles: []*tree.Role{ 5102 {UserName: "r1"}, 5103 }, 5104 }, 5105 { 5106 Privileges: []*tree.Privilege{ 5107 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 5108 }, 5109 ObjType: tree.OBJECT_TYPE_TABLE, 5110 Level: &tree.PrivilegeLevel{ 5111 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR_STAR, 5112 }, 5113 Roles: []*tree.Role{ 5114 {UserName: "r1"}, 5115 }, 5116 }, 5117 { 5118 Privileges: []*tree.Privilege{ 5119 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 5120 }, 5121 ObjType: tree.OBJECT_TYPE_TABLE, 5122 Level: &tree.PrivilegeLevel{ 5123 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE_STAR, 5124 DbName: dbName, 5125 }, 5126 Roles: []*tree.Role{ 5127 {UserName: "r1"}, 5128 }, 5129 }, 5130 { 5131 Privileges: []*tree.Privilege{ 5132 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 5133 }, 5134 ObjType: tree.OBJECT_TYPE_TABLE, 5135 Level: &tree.PrivilegeLevel{ 5136 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE_TABLE, 5137 DbName: dbName, 5138 TabName: tableName, 5139 }, 5140 Roles: []*tree.Role{ 5141 {UserName: "r1"}, 5142 }, 5143 }, 5144 { 5145 Privileges: []*tree.Privilege{ 5146 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 5147 }, 5148 ObjType: tree.OBJECT_TYPE_TABLE, 5149 Level: &tree.PrivilegeLevel{ 5150 Level: tree.PRIVILEGE_LEVEL_TYPE_TABLE, 5151 TabName: tableName, 5152 }, 5153 Roles: []*tree.Role{ 5154 {UserName: "r1"}, 5155 }, 5156 }, 5157 } 5158 5159 for _, stmt := range stmts { 5160 priv := determinePrivilegeSetOfStatement(stmt) 5161 ses := newSes(priv, ctrl) 5162 ses.SetDatabaseName("d") 5163 5164 //no result set 5165 bh.sql2result["begin;"] = nil 5166 bh.sql2result["commit;"] = nil 5167 bh.sql2result["rollback;"] = nil 5168 5169 //init from roles 5170 for i, role := range stmt.Roles { 5171 sql := getSqlForRoleIdOfRole(role.UserName) 5172 mrs := newMrsForRoleIdOfRole([][]interface{}{ 5173 {i}, 5174 }) 5175 bh.sql2result[sql] = mrs 5176 } 5177 5178 objType, err := convertAstObjectTypeToObjectType(context.TODO(), stmt.ObjType) 5179 convey.So(err, convey.ShouldBeNil) 5180 5181 if stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_STAR || 5182 stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_DATABASE_STAR { 5183 sql := getSqlForCheckDatabase(dbName) 5184 mrs := newMrsForCheckDatabase([][]interface{}{ 5185 {0}, 5186 }) 5187 bh.sql2result[sql] = mrs 5188 } else if stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_TABLE || 5189 stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_DATABASE_TABLE { 5190 sql := getSqlForCheckDatabaseTable(dbName, tableName) 5191 mrs := newMrsForCheckDatabaseTable([][]interface{}{ 5192 {0}, 5193 }) 5194 bh.sql2result[sql] = mrs 5195 } 5196 5197 _, objId, err := checkPrivilegeObjectTypeAndPrivilegeLevel(context.TODO(), ses, bh, stmt.ObjType, *stmt.Level) 5198 convey.So(err, convey.ShouldBeNil) 5199 5200 for _, p := range stmt.Privileges { 5201 privType, err := convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, stmt.ObjType) 5202 convey.So(err, convey.ShouldBeNil) 5203 for j := range stmt.Roles { 5204 sql := getSqlForCheckRoleHasPrivilege(int64(j), objType, objId, int64(privType)) 5205 mrs := newMrsForCheckRoleHasPrivilege([][]interface{}{}) 5206 bh.sql2result[sql] = mrs 5207 } 5208 } 5209 5210 err = doGrantPrivilege(ses.GetRequestContext(), ses, stmt) 5211 convey.So(err, convey.ShouldBeNil) 5212 } 5213 }) 5214 } 5215 5216 func Test_doRevokePrivilege(t *testing.T) { 5217 convey.Convey("revoke account, role succ", t, func() { 5218 ctrl := gomock.NewController(t) 5219 defer ctrl.Finish() 5220 5221 bh := &backgroundExecTest{} 5222 bh.init() 5223 5224 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5225 defer bhStub.Reset() 5226 5227 stmt := &tree.RevokePrivilege{ 5228 Privileges: []*tree.Privilege{ 5229 {Type: tree.PRIVILEGE_TYPE_STATIC_CREATE_DATABASE}, 5230 }, 5231 ObjType: tree.OBJECT_TYPE_ACCOUNT, 5232 Level: &tree.PrivilegeLevel{Level: tree.PRIVILEGE_LEVEL_TYPE_STAR}, 5233 Roles: []*tree.Role{ 5234 {UserName: "r1"}, 5235 }, 5236 } 5237 priv := determinePrivilegeSetOfStatement(stmt) 5238 ses := newSes(priv, ctrl) 5239 5240 //no result set 5241 bh.sql2result["begin;"] = nil 5242 bh.sql2result["commit;"] = nil 5243 bh.sql2result["rollback;"] = nil 5244 5245 //init from roles 5246 for i, role := range stmt.Roles { 5247 sql := getSqlForRoleIdOfRole(role.UserName) 5248 mrs := newMrsForRoleIdOfRole([][]interface{}{ 5249 {i}, 5250 }) 5251 bh.sql2result[sql] = mrs 5252 } 5253 5254 for _, p := range stmt.Privileges { 5255 privType, err := convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, tree.OBJECT_TYPE_ACCOUNT) 5256 convey.So(err, convey.ShouldBeNil) 5257 for j := range stmt.Roles { 5258 sql := getSqlForCheckRoleHasPrivilege(int64(j), objectTypeAccount, objectIDAll, int64(privType)) 5259 mrs := newMrsForCheckRoleHasPrivilege([][]interface{}{}) 5260 bh.sql2result[sql] = mrs 5261 } 5262 } 5263 5264 err := doRevokePrivilege(ses.GetRequestContext(), ses, stmt) 5265 convey.So(err, convey.ShouldBeNil) 5266 }) 5267 convey.Convey("revoke database, role succ", t, func() { 5268 ctrl := gomock.NewController(t) 5269 defer ctrl.Finish() 5270 5271 bh := &backgroundExecTest{} 5272 bh.init() 5273 5274 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5275 defer bhStub.Reset() 5276 5277 stmts := []*tree.RevokePrivilege{ 5278 { 5279 Privileges: []*tree.Privilege{ 5280 {Type: tree.PRIVILEGE_TYPE_STATIC_SHOW_TABLES}, 5281 }, 5282 ObjType: tree.OBJECT_TYPE_DATABASE, 5283 Level: &tree.PrivilegeLevel{ 5284 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR, 5285 }, 5286 Roles: []*tree.Role{ 5287 {UserName: "r1"}, 5288 }, 5289 }, 5290 { 5291 Privileges: []*tree.Privilege{ 5292 {Type: tree.PRIVILEGE_TYPE_STATIC_SHOW_TABLES}, 5293 }, 5294 ObjType: tree.OBJECT_TYPE_DATABASE, 5295 Level: &tree.PrivilegeLevel{ 5296 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR_STAR, 5297 }, 5298 Roles: []*tree.Role{ 5299 {UserName: "r1"}, 5300 }, 5301 }, 5302 { 5303 Privileges: []*tree.Privilege{ 5304 {Type: tree.PRIVILEGE_TYPE_STATIC_SHOW_TABLES}, 5305 }, 5306 ObjType: tree.OBJECT_TYPE_DATABASE, 5307 Level: &tree.PrivilegeLevel{ 5308 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE, 5309 DbName: "d", 5310 }, 5311 Roles: []*tree.Role{ 5312 {UserName: "r1"}, 5313 }, 5314 }, 5315 { 5316 Privileges: []*tree.Privilege{ 5317 {Type: tree.PRIVILEGE_TYPE_STATIC_SHOW_TABLES}, 5318 }, 5319 ObjType: tree.OBJECT_TYPE_DATABASE, 5320 Level: &tree.PrivilegeLevel{ 5321 Level: tree.PRIVILEGE_LEVEL_TYPE_TABLE, 5322 TabName: "d", 5323 }, 5324 Roles: []*tree.Role{ 5325 {UserName: "r1"}, 5326 }, 5327 }, 5328 } 5329 5330 for _, stmt := range stmts { 5331 priv := determinePrivilegeSetOfStatement(stmt) 5332 ses := newSes(priv, ctrl) 5333 5334 //no result set 5335 bh.sql2result["begin;"] = nil 5336 bh.sql2result["commit;"] = nil 5337 bh.sql2result["rollback;"] = nil 5338 5339 //init from roles 5340 for i, role := range stmt.Roles { 5341 sql := getSqlForRoleIdOfRole(role.UserName) 5342 mrs := newMrsForRoleIdOfRole([][]interface{}{ 5343 {i}, 5344 }) 5345 bh.sql2result[sql] = mrs 5346 } 5347 5348 objType, err := convertAstObjectTypeToObjectType(context.TODO(), stmt.ObjType) 5349 convey.So(err, convey.ShouldBeNil) 5350 5351 if stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_DATABASE { 5352 sql := getSqlForCheckDatabase(stmt.Level.DbName) 5353 mrs := newMrsForCheckDatabase([][]interface{}{ 5354 {0}, 5355 }) 5356 bh.sql2result[sql] = mrs 5357 } else if stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_TABLE { 5358 sql := getSqlForCheckDatabase(stmt.Level.TabName) 5359 mrs := newMrsForCheckDatabase([][]interface{}{ 5360 {0}, 5361 }) 5362 bh.sql2result[sql] = mrs 5363 } 5364 5365 _, objId, err := checkPrivilegeObjectTypeAndPrivilegeLevel(context.TODO(), ses, bh, stmt.ObjType, *stmt.Level) 5366 convey.So(err, convey.ShouldBeNil) 5367 5368 for _, p := range stmt.Privileges { 5369 privType, err := convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, stmt.ObjType) 5370 convey.So(err, convey.ShouldBeNil) 5371 for j := range stmt.Roles { 5372 sql := getSqlForCheckRoleHasPrivilege(int64(j), objType, objId, int64(privType)) 5373 mrs := newMrsForCheckRoleHasPrivilege([][]interface{}{}) 5374 bh.sql2result[sql] = mrs 5375 } 5376 } 5377 5378 err = doRevokePrivilege(ses.GetRequestContext(), ses, stmt) 5379 convey.So(err, convey.ShouldBeNil) 5380 } 5381 }) 5382 convey.Convey("revoke table, role succ", t, func() { 5383 ctrl := gomock.NewController(t) 5384 defer ctrl.Finish() 5385 5386 bh := &backgroundExecTest{} 5387 bh.init() 5388 5389 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5390 defer bhStub.Reset() 5391 5392 dbName := "d" 5393 tableName := "t" 5394 stmts := []*tree.RevokePrivilege{ 5395 { 5396 Privileges: []*tree.Privilege{ 5397 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 5398 }, 5399 ObjType: tree.OBJECT_TYPE_TABLE, 5400 Level: &tree.PrivilegeLevel{ 5401 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR, 5402 }, 5403 Roles: []*tree.Role{ 5404 {UserName: "r1"}, 5405 }, 5406 }, 5407 { 5408 Privileges: []*tree.Privilege{ 5409 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 5410 }, 5411 ObjType: tree.OBJECT_TYPE_TABLE, 5412 Level: &tree.PrivilegeLevel{ 5413 Level: tree.PRIVILEGE_LEVEL_TYPE_STAR_STAR, 5414 }, 5415 Roles: []*tree.Role{ 5416 {UserName: "r1"}, 5417 }, 5418 }, 5419 { 5420 Privileges: []*tree.Privilege{ 5421 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 5422 }, 5423 ObjType: tree.OBJECT_TYPE_TABLE, 5424 Level: &tree.PrivilegeLevel{ 5425 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE_STAR, 5426 DbName: dbName, 5427 }, 5428 Roles: []*tree.Role{ 5429 {UserName: "r1"}, 5430 }, 5431 }, 5432 { 5433 Privileges: []*tree.Privilege{ 5434 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 5435 }, 5436 ObjType: tree.OBJECT_TYPE_TABLE, 5437 Level: &tree.PrivilegeLevel{ 5438 Level: tree.PRIVILEGE_LEVEL_TYPE_DATABASE_TABLE, 5439 DbName: dbName, 5440 TabName: tableName, 5441 }, 5442 Roles: []*tree.Role{ 5443 {UserName: "r1"}, 5444 }, 5445 }, 5446 { 5447 Privileges: []*tree.Privilege{ 5448 {Type: tree.PRIVILEGE_TYPE_STATIC_SELECT}, 5449 }, 5450 ObjType: tree.OBJECT_TYPE_TABLE, 5451 Level: &tree.PrivilegeLevel{ 5452 Level: tree.PRIVILEGE_LEVEL_TYPE_TABLE, 5453 TabName: tableName, 5454 }, 5455 Roles: []*tree.Role{ 5456 {UserName: "r1"}, 5457 }, 5458 }, 5459 } 5460 5461 for _, stmt := range stmts { 5462 priv := determinePrivilegeSetOfStatement(stmt) 5463 ses := newSes(priv, ctrl) 5464 ses.SetDatabaseName("d") 5465 5466 //no result set 5467 bh.sql2result["begin;"] = nil 5468 bh.sql2result["commit;"] = nil 5469 bh.sql2result["rollback;"] = nil 5470 5471 //init from roles 5472 for i, role := range stmt.Roles { 5473 sql := getSqlForRoleIdOfRole(role.UserName) 5474 mrs := newMrsForRoleIdOfRole([][]interface{}{ 5475 {i}, 5476 }) 5477 bh.sql2result[sql] = mrs 5478 } 5479 5480 objType, err := convertAstObjectTypeToObjectType(context.TODO(), stmt.ObjType) 5481 convey.So(err, convey.ShouldBeNil) 5482 5483 if stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_STAR || 5484 stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_DATABASE_STAR { 5485 sql := getSqlForCheckDatabase(dbName) 5486 mrs := newMrsForCheckDatabase([][]interface{}{ 5487 {0}, 5488 }) 5489 bh.sql2result[sql] = mrs 5490 } else if stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_TABLE || 5491 stmt.Level.Level == tree.PRIVILEGE_LEVEL_TYPE_DATABASE_TABLE { 5492 sql := getSqlForCheckDatabaseTable(dbName, tableName) 5493 mrs := newMrsForCheckDatabaseTable([][]interface{}{ 5494 {0}, 5495 }) 5496 bh.sql2result[sql] = mrs 5497 } 5498 5499 _, objId, err := checkPrivilegeObjectTypeAndPrivilegeLevel(context.TODO(), ses, bh, stmt.ObjType, *stmt.Level) 5500 convey.So(err, convey.ShouldBeNil) 5501 5502 for _, p := range stmt.Privileges { 5503 privType, err := convertAstPrivilegeTypeToPrivilegeType(context.TODO(), p.Type, stmt.ObjType) 5504 convey.So(err, convey.ShouldBeNil) 5505 for j := range stmt.Roles { 5506 sql := getSqlForCheckRoleHasPrivilege(int64(j), objType, objId, int64(privType)) 5507 mrs := newMrsForCheckRoleHasPrivilege([][]interface{}{}) 5508 bh.sql2result[sql] = mrs 5509 } 5510 } 5511 5512 err = doRevokePrivilege(ses.GetRequestContext(), ses, stmt) 5513 convey.So(err, convey.ShouldBeNil) 5514 } 5515 }) 5516 } 5517 5518 func Test_doDropFunction(t *testing.T) { 5519 convey.Convey("drop function", t, func() { 5520 ctrl := gomock.NewController(t) 5521 defer ctrl.Finish() 5522 5523 pu := config.NewParameterUnit(&config.FrontendParameters{}, nil, nil, nil, nil) 5524 pu.SV.SetDefaultValues() 5525 5526 ctx := context.WithValue(context.TODO(), config.ParameterUnitKey, pu) 5527 5528 bh := mock_frontend.NewMockBackgroundExec(ctrl) 5529 bh.EXPECT().ClearExecResultSet().AnyTimes() 5530 bh.EXPECT().Close().Return().AnyTimes() 5531 bh.EXPECT().Exec(gomock.Any(), gomock.Any()).Return(nil).AnyTimes() 5532 rs := mock_frontend.NewMockExecResult(ctrl) 5533 rs.EXPECT().GetRowCount().Return(uint64(0)).AnyTimes() 5534 bh.EXPECT().GetExecResultSet().Return([]interface{}{rs}).AnyTimes() 5535 5536 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5537 defer bhStub.Reset() 5538 5539 cu := &tree.DropFunction{ 5540 Name: tree.NewFuncName("testFunc", 5541 tree.ObjectNamePrefix{ 5542 SchemaName: tree.Identifier("db"), 5543 CatalogName: tree.Identifier(""), 5544 ExplicitSchema: true, 5545 ExplicitCatalog: false, 5546 }, 5547 ), 5548 Args: nil, 5549 } 5550 5551 ses := &Session{} 5552 err := doDropFunction(ctx, ses, cu) 5553 convey.So(err, convey.ShouldNotBeNil) 5554 }) 5555 } 5556 5557 func Test_doDropRole(t *testing.T) { 5558 convey.Convey("drop role succ", t, func() { 5559 ctrl := gomock.NewController(t) 5560 defer ctrl.Finish() 5561 5562 bh := &backgroundExecTest{} 5563 bh.init() 5564 5565 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5566 defer bhStub.Reset() 5567 5568 stmt := &tree.DropRole{ 5569 Roles: []*tree.Role{ 5570 {UserName: "r1"}, 5571 {UserName: "r2"}, 5572 {UserName: "r3"}, 5573 }, 5574 } 5575 priv := determinePrivilegeSetOfStatement(stmt) 5576 ses := newSes(priv, ctrl) 5577 5578 //no result set 5579 bh.sql2result["begin;"] = nil 5580 bh.sql2result["commit;"] = nil 5581 bh.sql2result["rollback;"] = nil 5582 5583 //init from roles 5584 for i, role := range stmt.Roles { 5585 sql := getSqlForRoleIdOfRole(role.UserName) 5586 mrs := newMrsForRoleIdOfRole([][]interface{}{ 5587 {i}, 5588 }) 5589 bh.sql2result[sql] = mrs 5590 } 5591 5592 for i := range stmt.Roles { 5593 sqls := getSqlForDeleteRole(int64(i)) 5594 for _, sql := range sqls { 5595 bh.sql2result[sql] = nil 5596 } 5597 } 5598 5599 err := doDropRole(ses.GetRequestContext(), ses, stmt) 5600 convey.So(err, convey.ShouldBeNil) 5601 }) 5602 convey.Convey("drop role succ (if exists)", t, func() { 5603 ctrl := gomock.NewController(t) 5604 defer ctrl.Finish() 5605 5606 bh := &backgroundExecTest{} 5607 bh.init() 5608 5609 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5610 defer bhStub.Reset() 5611 5612 stmt := &tree.DropRole{ 5613 IfExists: true, 5614 Roles: []*tree.Role{ 5615 {UserName: "r1"}, 5616 {UserName: "r2"}, 5617 {UserName: "r3"}, 5618 }, 5619 } 5620 priv := determinePrivilegeSetOfStatement(stmt) 5621 ses := newSes(priv, ctrl) 5622 5623 //no result set 5624 bh.sql2result["begin;"] = nil 5625 bh.sql2result["commit;"] = nil 5626 bh.sql2result["rollback;"] = nil 5627 5628 var mrs *MysqlResultSet 5629 //init from roles 5630 for i, role := range stmt.Roles { 5631 sql := getSqlForRoleIdOfRole(role.UserName) 5632 if i == 0 { 5633 mrs = newMrsForRoleIdOfRole([][]interface{}{}) 5634 } else { 5635 mrs = newMrsForRoleIdOfRole([][]interface{}{ 5636 {i}, 5637 }) 5638 } 5639 5640 bh.sql2result[sql] = mrs 5641 } 5642 5643 for i := range stmt.Roles { 5644 sqls := getSqlForDeleteRole(int64(i)) 5645 for _, sql := range sqls { 5646 bh.sql2result[sql] = nil 5647 } 5648 } 5649 5650 err := doDropRole(ses.GetRequestContext(), ses, stmt) 5651 convey.So(err, convey.ShouldBeNil) 5652 }) 5653 convey.Convey("drop role fail", t, func() { 5654 ctrl := gomock.NewController(t) 5655 defer ctrl.Finish() 5656 5657 bh := &backgroundExecTest{} 5658 bh.init() 5659 5660 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5661 defer bhStub.Reset() 5662 5663 stmt := &tree.DropRole{ 5664 IfExists: false, 5665 Roles: []*tree.Role{ 5666 {UserName: "r1"}, 5667 {UserName: "r2"}, 5668 {UserName: "r3"}, 5669 }, 5670 } 5671 priv := determinePrivilegeSetOfStatement(stmt) 5672 ses := newSes(priv, ctrl) 5673 5674 //no result set 5675 bh.sql2result["begin;"] = nil 5676 bh.sql2result["commit;"] = nil 5677 bh.sql2result["rollback;"] = nil 5678 5679 var mrs *MysqlResultSet 5680 //init from roles 5681 for i, role := range stmt.Roles { 5682 sql := getSqlForRoleIdOfRole(role.UserName) 5683 if i == 0 { 5684 mrs = newMrsForRoleIdOfRole([][]interface{}{}) 5685 } else { 5686 mrs = newMrsForRoleIdOfRole([][]interface{}{ 5687 {i}, 5688 }) 5689 } 5690 5691 bh.sql2result[sql] = mrs 5692 } 5693 5694 for i := range stmt.Roles { 5695 sqls := getSqlForDeleteRole(int64(i)) 5696 for _, sql := range sqls { 5697 bh.sql2result[sql] = nil 5698 } 5699 } 5700 5701 err := doDropRole(ses.GetRequestContext(), ses, stmt) 5702 convey.So(err, convey.ShouldBeError) 5703 }) 5704 } 5705 5706 func Test_doDropUser(t *testing.T) { 5707 convey.Convey("drop user succ", t, func() { 5708 ctrl := gomock.NewController(t) 5709 defer ctrl.Finish() 5710 5711 bh := &backgroundExecTest{} 5712 bh.init() 5713 5714 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5715 defer bhStub.Reset() 5716 5717 stmt := &tree.DropUser{ 5718 Users: []*tree.User{ 5719 {Username: "u1"}, 5720 {Username: "u2"}, 5721 {Username: "u3"}, 5722 }, 5723 } 5724 priv := determinePrivilegeSetOfStatement(stmt) 5725 ses := newSes(priv, ctrl) 5726 5727 //no result set 5728 bh.sql2result["begin;"] = nil 5729 bh.sql2result["commit;"] = nil 5730 bh.sql2result["rollback;"] = nil 5731 5732 for i, user := range stmt.Users { 5733 sql := getSqlForPasswordOfUser(user.Username) 5734 mrs := newMrsForPasswordOfUser([][]interface{}{ 5735 {i, "111", "public"}, 5736 }) 5737 bh.sql2result[sql] = mrs 5738 5739 sql = getSqlForCheckUserHasRole(user.Username, moAdminRoleID) 5740 mrs = newMrsForSqlForCheckUserHasRole([][]interface{}{}) 5741 bh.sql2result[sql] = mrs 5742 } 5743 5744 for i := range stmt.Users { 5745 sqls := getSqlForDeleteUser(int64(i)) 5746 for _, sql := range sqls { 5747 bh.sql2result[sql] = nil 5748 } 5749 } 5750 5751 err := doDropUser(ses.GetRequestContext(), ses, stmt) 5752 convey.So(err, convey.ShouldBeNil) 5753 }) 5754 5755 convey.Convey("drop user succ (if exists)", t, func() { 5756 ctrl := gomock.NewController(t) 5757 defer ctrl.Finish() 5758 5759 bh := &backgroundExecTest{} 5760 bh.init() 5761 5762 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5763 defer bhStub.Reset() 5764 5765 stmt := &tree.DropUser{ 5766 IfExists: true, 5767 Users: []*tree.User{ 5768 {Username: "u1"}, 5769 {Username: "u2"}, 5770 {Username: "u3"}, 5771 }, 5772 } 5773 priv := determinePrivilegeSetOfStatement(stmt) 5774 ses := newSes(priv, ctrl) 5775 5776 //no result set 5777 bh.sql2result["begin;"] = nil 5778 bh.sql2result["commit;"] = nil 5779 bh.sql2result["rollback;"] = nil 5780 5781 var mrs *MysqlResultSet 5782 //init from roles 5783 for i, user := range stmt.Users { 5784 sql := getSqlForPasswordOfUser(user.Username) 5785 if i == 0 { 5786 mrs = newMrsForPasswordOfUser([][]interface{}{}) 5787 } else { 5788 mrs = newMrsForPasswordOfUser([][]interface{}{ 5789 {i, "111", "public"}, 5790 }) 5791 } 5792 5793 bh.sql2result[sql] = mrs 5794 sql = getSqlForCheckUserHasRole(user.Username, moAdminRoleID) 5795 mrs = newMrsForSqlForCheckUserHasRole([][]interface{}{}) 5796 bh.sql2result[sql] = mrs 5797 } 5798 5799 for i := range stmt.Users { 5800 sqls := getSqlForDeleteUser(int64(i)) 5801 for _, sql := range sqls { 5802 bh.sql2result[sql] = nil 5803 } 5804 } 5805 5806 err := doDropUser(ses.GetRequestContext(), ses, stmt) 5807 convey.So(err, convey.ShouldBeNil) 5808 }) 5809 5810 convey.Convey("drop user fail", t, func() { 5811 ctrl := gomock.NewController(t) 5812 defer ctrl.Finish() 5813 5814 bh := &backgroundExecTest{} 5815 bh.init() 5816 5817 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5818 defer bhStub.Reset() 5819 5820 stmt := &tree.DropUser{ 5821 IfExists: false, 5822 Users: []*tree.User{ 5823 {Username: "u1"}, 5824 {Username: "u2"}, 5825 {Username: "u3"}, 5826 }, 5827 } 5828 priv := determinePrivilegeSetOfStatement(stmt) 5829 ses := newSes(priv, ctrl) 5830 5831 //no result set 5832 bh.sql2result["begin;"] = nil 5833 bh.sql2result["commit;"] = nil 5834 bh.sql2result["rollback;"] = nil 5835 5836 var mrs *MysqlResultSet 5837 //init from roles 5838 for i, user := range stmt.Users { 5839 sql := getSqlForPasswordOfUser(user.Username) 5840 if i == 0 { 5841 mrs = newMrsForPasswordOfUser([][]interface{}{}) 5842 } else { 5843 mrs = newMrsForPasswordOfUser([][]interface{}{ 5844 {i, "111", "public"}, 5845 }) 5846 } 5847 5848 bh.sql2result[sql] = mrs 5849 5850 sql = getSqlForCheckUserHasRole(user.Username, moAdminRoleID) 5851 mrs = newMrsForSqlForCheckUserHasRole([][]interface{}{}) 5852 bh.sql2result[sql] = mrs 5853 } 5854 5855 for i := range stmt.Users { 5856 sqls := getSqlForDeleteUser(int64(i)) 5857 for _, sql := range sqls { 5858 bh.sql2result[sql] = nil 5859 } 5860 } 5861 5862 err := doDropUser(ses.GetRequestContext(), ses, stmt) 5863 convey.So(err, convey.ShouldBeError) 5864 }) 5865 } 5866 5867 func Test_doAlterAccount(t *testing.T) { 5868 convey.Convey("alter account (auth_option) succ", t, func() { 5869 ctrl := gomock.NewController(t) 5870 defer ctrl.Finish() 5871 5872 bh := &backgroundExecTest{} 5873 bh.init() 5874 5875 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5876 defer bhStub.Reset() 5877 5878 stmt := &tree.AlterAccount{ 5879 Name: "acc", 5880 AuthOption: tree.AlterAccountAuthOption{ 5881 Exist: true, 5882 AdminName: "rootx", 5883 IdentifiedType: tree.AccountIdentified{ 5884 Typ: tree.AccountIdentifiedByPassword, 5885 Str: "111", 5886 }, 5887 }, 5888 } 5889 priv := determinePrivilegeSetOfStatement(stmt) 5890 ses := newSes(priv, ctrl) 5891 5892 //no result set 5893 bh.sql2result["begin;"] = nil 5894 bh.sql2result["commit;"] = nil 5895 bh.sql2result["rollback;"] = nil 5896 5897 sql := getSqlForCheckTenant(stmt.Name) 5898 mrs := newMrsForCheckTenant([][]interface{}{ 5899 {0}, 5900 }) 5901 bh.sql2result[sql] = mrs 5902 5903 sql = getSqlForPasswordOfUser(stmt.AuthOption.AdminName) 5904 bh.sql2result[sql] = newMrsForPasswordOfUser([][]interface{}{ 5905 {10, "111", 0}, 5906 }) 5907 5908 sql = getSqlForUpdatePasswordOfUser(stmt.AuthOption.IdentifiedType.Str, stmt.AuthOption.AdminName) 5909 bh.sql2result[sql] = nil 5910 5911 err := doAlterAccount(ses.GetRequestContext(), ses, stmt) 5912 convey.So(err, convey.ShouldBeNil) 5913 }) 5914 5915 convey.Convey("alter account (auth_option) failed (wrong identifiedBy)", t, func() { 5916 ctrl := gomock.NewController(t) 5917 defer ctrl.Finish() 5918 5919 bh := &backgroundExecTest{} 5920 bh.init() 5921 5922 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5923 defer bhStub.Reset() 5924 5925 stmt := &tree.AlterAccount{ 5926 Name: "acc", 5927 AuthOption: tree.AlterAccountAuthOption{ 5928 Exist: true, 5929 AdminName: "rootx", 5930 IdentifiedType: tree.AccountIdentified{ 5931 Typ: tree.AccountIdentifiedByRandomPassword, 5932 Str: "111", 5933 }, 5934 }, 5935 } 5936 priv := determinePrivilegeSetOfStatement(stmt) 5937 ses := newSes(priv, ctrl) 5938 5939 //no result set 5940 bh.sql2result["begin;"] = nil 5941 bh.sql2result["commit;"] = nil 5942 bh.sql2result["rollback;"] = nil 5943 5944 sql := getSqlForCheckTenant(stmt.Name) 5945 mrs := newMrsForCheckTenant([][]interface{}{ 5946 {0}, 5947 }) 5948 bh.sql2result[sql] = mrs 5949 5950 sql = getSqlForPasswordOfUser(stmt.AuthOption.AdminName) 5951 bh.sql2result[sql] = newMrsForPasswordOfUser([][]interface{}{ 5952 {10, "111", 0}, 5953 }) 5954 5955 sql = getSqlForUpdatePasswordOfUser(stmt.AuthOption.IdentifiedType.Str, stmt.AuthOption.AdminName) 5956 bh.sql2result[sql] = nil 5957 5958 err := doAlterAccount(ses.GetRequestContext(), ses, stmt) 5959 convey.So(err, convey.ShouldNotBeNil) 5960 }) 5961 5962 convey.Convey("alter account (auth_option) failed (no account)", t, func() { 5963 ctrl := gomock.NewController(t) 5964 defer ctrl.Finish() 5965 5966 bh := &backgroundExecTest{} 5967 bh.init() 5968 5969 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 5970 defer bhStub.Reset() 5971 5972 stmt := &tree.AlterAccount{ 5973 Name: "acc", 5974 AuthOption: tree.AlterAccountAuthOption{ 5975 Exist: true, 5976 AdminName: "rootx", 5977 IdentifiedType: tree.AccountIdentified{ 5978 Typ: tree.AccountIdentifiedByRandomPassword, 5979 Str: "111", 5980 }, 5981 }, 5982 } 5983 priv := determinePrivilegeSetOfStatement(stmt) 5984 ses := newSes(priv, ctrl) 5985 5986 //no result set 5987 bh.sql2result["begin;"] = nil 5988 bh.sql2result["commit;"] = nil 5989 bh.sql2result["rollback;"] = nil 5990 5991 sql := getSqlForCheckTenant(stmt.Name) 5992 bh.sql2result[sql] = nil 5993 5994 sql = getSqlForPasswordOfUser(stmt.AuthOption.AdminName) 5995 bh.sql2result[sql] = nil 5996 5997 sql = getSqlForUpdatePasswordOfUser(stmt.AuthOption.IdentifiedType.Str, stmt.AuthOption.AdminName) 5998 bh.sql2result[sql] = nil 5999 6000 err := doAlterAccount(ses.GetRequestContext(), ses, stmt) 6001 convey.So(err, convey.ShouldNotBeNil) 6002 }) 6003 6004 convey.Convey("alter account (auth_option) succ (no account, if exists)", t, func() { 6005 ctrl := gomock.NewController(t) 6006 defer ctrl.Finish() 6007 6008 bh := &backgroundExecTest{} 6009 bh.init() 6010 6011 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 6012 defer bhStub.Reset() 6013 6014 stmt := &tree.AlterAccount{ 6015 IfExists: true, 6016 Name: "acc", 6017 AuthOption: tree.AlterAccountAuthOption{ 6018 Exist: true, 6019 AdminName: "rootx", 6020 IdentifiedType: tree.AccountIdentified{ 6021 Typ: tree.AccountIdentifiedByPassword, 6022 Str: "111", 6023 }, 6024 }, 6025 } 6026 priv := determinePrivilegeSetOfStatement(stmt) 6027 ses := newSes(priv, ctrl) 6028 6029 //no result set 6030 bh.sql2result["begin;"] = nil 6031 bh.sql2result["commit;"] = nil 6032 bh.sql2result["rollback;"] = nil 6033 6034 sql := getSqlForCheckTenant(stmt.Name) 6035 mrs := newMrsForCheckTenant([][]interface{}{}) 6036 bh.sql2result[sql] = mrs 6037 6038 sql = getSqlForPasswordOfUser(stmt.AuthOption.AdminName) 6039 bh.sql2result[sql] = nil 6040 6041 sql = getSqlForUpdatePasswordOfUser(stmt.AuthOption.IdentifiedType.Str, stmt.AuthOption.AdminName) 6042 bh.sql2result[sql] = nil 6043 6044 err := doAlterAccount(ses.GetRequestContext(), ses, stmt) 6045 convey.So(err, convey.ShouldBeNil) 6046 }) 6047 6048 convey.Convey("alter account (auth_option) failed (has account,if exists, no user)", t, func() { 6049 ctrl := gomock.NewController(t) 6050 defer ctrl.Finish() 6051 6052 bh := &backgroundExecTest{} 6053 bh.init() 6054 6055 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 6056 defer bhStub.Reset() 6057 6058 stmt := &tree.AlterAccount{ 6059 IfExists: true, 6060 Name: "acc", 6061 AuthOption: tree.AlterAccountAuthOption{ 6062 Exist: true, 6063 AdminName: "rootx", 6064 IdentifiedType: tree.AccountIdentified{ 6065 Typ: tree.AccountIdentifiedByPassword, 6066 Str: "111", 6067 }, 6068 }, 6069 } 6070 priv := determinePrivilegeSetOfStatement(stmt) 6071 ses := newSes(priv, ctrl) 6072 6073 //no result set 6074 bh.sql2result["begin;"] = nil 6075 bh.sql2result["commit;"] = nil 6076 bh.sql2result["rollback;"] = nil 6077 6078 sql := getSqlForCheckTenant(stmt.Name) 6079 mrs := newMrsForCheckTenant([][]interface{}{ 6080 {0}, 6081 }) 6082 bh.sql2result[sql] = mrs 6083 6084 sql = getSqlForPasswordOfUser(stmt.AuthOption.AdminName) 6085 bh.sql2result[sql] = newMrsForPasswordOfUser([][]interface{}{}) 6086 6087 sql = getSqlForUpdatePasswordOfUser(stmt.AuthOption.IdentifiedType.Str, stmt.AuthOption.AdminName) 6088 bh.sql2result[sql] = nil 6089 6090 err := doAlterAccount(ses.GetRequestContext(), ses, stmt) 6091 convey.So(err, convey.ShouldNotBeNil) 6092 }) 6093 6094 convey.Convey("alter account (auth_option) failed (no option)", t, func() { 6095 ctrl := gomock.NewController(t) 6096 defer ctrl.Finish() 6097 6098 bh := &backgroundExecTest{} 6099 bh.init() 6100 6101 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 6102 defer bhStub.Reset() 6103 6104 stmt := &tree.AlterAccount{ 6105 IfExists: true, 6106 Name: "acc", 6107 } 6108 priv := determinePrivilegeSetOfStatement(stmt) 6109 ses := newSes(priv, ctrl) 6110 6111 //no result set 6112 bh.sql2result["begin;"] = nil 6113 bh.sql2result["commit;"] = nil 6114 bh.sql2result["rollback;"] = nil 6115 6116 sql := getSqlForCheckTenant(stmt.Name) 6117 bh.sql2result[sql] = nil 6118 6119 sql = getSqlForPasswordOfUser(stmt.AuthOption.AdminName) 6120 bh.sql2result[sql] = nil 6121 6122 sql = getSqlForUpdatePasswordOfUser(stmt.AuthOption.IdentifiedType.Str, stmt.AuthOption.AdminName) 6123 bh.sql2result[sql] = nil 6124 6125 err := doAlterAccount(ses.GetRequestContext(), ses, stmt) 6126 convey.So(err, convey.ShouldNotBeNil) 6127 }) 6128 6129 convey.Convey("alter account (auth_option) failed (two options)", t, func() { 6130 ctrl := gomock.NewController(t) 6131 defer ctrl.Finish() 6132 6133 bh := &backgroundExecTest{} 6134 bh.init() 6135 6136 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 6137 defer bhStub.Reset() 6138 6139 stmt := &tree.AlterAccount{ 6140 IfExists: true, 6141 Name: "acc", 6142 AuthOption: tree.AlterAccountAuthOption{ 6143 Exist: true, 6144 AdminName: "rootx", 6145 IdentifiedType: tree.AccountIdentified{ 6146 Typ: tree.AccountIdentifiedByPassword, 6147 Str: "111", 6148 }, 6149 }, 6150 StatusOption: tree.AccountStatus{ 6151 Exist: true, 6152 Option: tree.AccountStatusOpen, 6153 }, 6154 } 6155 priv := determinePrivilegeSetOfStatement(stmt) 6156 ses := newSes(priv, ctrl) 6157 6158 //no result set 6159 bh.sql2result["begin;"] = nil 6160 bh.sql2result["commit;"] = nil 6161 bh.sql2result["rollback;"] = nil 6162 6163 sql := getSqlForCheckTenant(stmt.Name) 6164 bh.sql2result[sql] = nil 6165 sql = getSqlForPasswordOfUser(stmt.AuthOption.AdminName) 6166 bh.sql2result[sql] = nil 6167 6168 sql = getSqlForUpdatePasswordOfUser(stmt.AuthOption.IdentifiedType.Str, stmt.AuthOption.AdminName) 6169 bh.sql2result[sql] = nil 6170 6171 err := doAlterAccount(ses.GetRequestContext(), ses, stmt) 6172 convey.So(err, convey.ShouldNotBeNil) 6173 }) 6174 6175 convey.Convey("alter account (auth_option) succ Comments", t, func() { 6176 ctrl := gomock.NewController(t) 6177 defer ctrl.Finish() 6178 6179 bh := &backgroundExecTest{} 6180 bh.init() 6181 6182 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 6183 defer bhStub.Reset() 6184 6185 stmt := &tree.AlterAccount{ 6186 Name: "acc", 6187 Comment: tree.AccountComment{ 6188 Exist: true, 6189 Comment: "new account", 6190 }, 6191 } 6192 priv := determinePrivilegeSetOfStatement(stmt) 6193 ses := newSes(priv, ctrl) 6194 6195 //no result set 6196 bh.sql2result["begin;"] = nil 6197 bh.sql2result["commit;"] = nil 6198 bh.sql2result["rollback;"] = nil 6199 6200 sql := getSqlForCheckTenant(stmt.Name) 6201 mrs := newMrsForCheckTenant([][]interface{}{ 6202 {0}, 6203 }) 6204 bh.sql2result[sql] = mrs 6205 6206 sql = getSqlForPasswordOfUser(stmt.AuthOption.AdminName) 6207 bh.sql2result[sql] = nil 6208 6209 sql = getSqlForUpdateCommentsOfAccount(stmt.Comment.Comment, stmt.Name) 6210 bh.sql2result[sql] = nil 6211 6212 err := doAlterAccount(ses.GetRequestContext(), ses, stmt) 6213 convey.So(err, convey.ShouldBeNil) 6214 }) 6215 6216 convey.Convey("alter account (auth_option) succ Status", t, func() { 6217 ctrl := gomock.NewController(t) 6218 defer ctrl.Finish() 6219 6220 bh := &backgroundExecTest{} 6221 bh.init() 6222 6223 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 6224 defer bhStub.Reset() 6225 6226 stmt := &tree.AlterAccount{ 6227 Name: "acc", 6228 StatusOption: tree.AccountStatus{ 6229 Exist: true, 6230 Option: tree.AccountStatusSuspend, 6231 }, 6232 } 6233 priv := determinePrivilegeSetOfStatement(stmt) 6234 ses := newSes(priv, ctrl) 6235 6236 //no result set 6237 bh.sql2result["begin;"] = nil 6238 bh.sql2result["commit;"] = nil 6239 bh.sql2result["rollback;"] = nil 6240 6241 sql := getSqlForCheckTenant(stmt.Name) 6242 mrs := newMrsForCheckTenant([][]interface{}{ 6243 {0}, 6244 }) 6245 bh.sql2result[sql] = mrs 6246 6247 sql = getSqlForPasswordOfUser(stmt.AuthOption.AdminName) 6248 bh.sql2result[sql] = nil 6249 6250 sql = getSqlForUpdateStatusOfAccount(stmt.StatusOption.Option.String(), types.CurrentTimestamp().String2(time.UTC, 0), stmt.Name) 6251 bh.sql2result[sql] = nil 6252 6253 err := doAlterAccount(ses.GetRequestContext(), ses, stmt) 6254 convey.So(err, convey.ShouldBeNil) 6255 }) 6256 6257 convey.Convey("alter account (status_option) fail", t, func() { 6258 ctrl := gomock.NewController(t) 6259 defer ctrl.Finish() 6260 6261 bh := &backgroundExecTest{} 6262 bh.init() 6263 6264 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 6265 defer bhStub.Reset() 6266 6267 stmt := &tree.AlterAccount{ 6268 Name: "sys", 6269 StatusOption: tree.AccountStatus{ 6270 Exist: true, 6271 Option: tree.AccountStatusSuspend, 6272 }, 6273 } 6274 priv := determinePrivilegeSetOfStatement(stmt) 6275 ses := newSes(priv, ctrl) 6276 6277 //no result set 6278 bh.sql2result["begin;"] = nil 6279 bh.sql2result["commit;"] = nil 6280 bh.sql2result["rollback;"] = nil 6281 6282 sql := getSqlForCheckTenant(stmt.Name) 6283 bh.sql2result[sql] = nil 6284 6285 sql = getSqlForPasswordOfUser(stmt.AuthOption.AdminName) 6286 bh.sql2result[sql] = nil 6287 6288 sql = getSqlForUpdateStatusOfAccount(stmt.StatusOption.Option.String(), types.CurrentTimestamp().String2(time.UTC, 0), stmt.Name) 6289 bh.sql2result[sql] = nil 6290 6291 err := doAlterAccount(ses.GetRequestContext(), ses, stmt) 6292 convey.So(err, convey.ShouldNotBeNil) 6293 }) 6294 } 6295 6296 func newMrsForShowTables(rows [][]interface{}) *MysqlResultSet { 6297 mrs := &MysqlResultSet{} 6298 6299 col2 := &MysqlColumn{} 6300 col2.SetName("table") 6301 col2.SetColumnType(defines.MYSQL_TYPE_VARCHAR) 6302 mrs.AddColumn(col2) 6303 6304 for _, row := range rows { 6305 mrs.AddRow(row) 6306 } 6307 6308 return mrs 6309 } 6310 6311 func Test_doDropAccount(t *testing.T) { 6312 convey.Convey("drop account", t, func() { 6313 ctrl := gomock.NewController(t) 6314 defer ctrl.Finish() 6315 6316 bh := &backgroundExecTest{} 6317 bh.init() 6318 6319 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 6320 defer bhStub.Reset() 6321 6322 stmt := &tree.DropAccount{ 6323 Name: "acc", 6324 } 6325 priv := determinePrivilegeSetOfStatement(stmt) 6326 ses := newSes(priv, ctrl) 6327 6328 //no result set 6329 bh.sql2result["begin;"] = nil 6330 bh.sql2result["commit;"] = nil 6331 bh.sql2result["rollback;"] = nil 6332 6333 sql := getSqlForCheckTenant(stmt.Name) 6334 mrs := newMrsForCheckTenant([][]interface{}{ 6335 {0}, 6336 }) 6337 bh.sql2result[sql] = mrs 6338 6339 sql = getSqlForDeleteAccountFromMoAccount(stmt.Name) 6340 bh.sql2result[sql] = nil 6341 6342 for _, sql = range getSqlForDropAccount() { 6343 bh.sql2result[sql] = nil 6344 } 6345 6346 sql = "show databases;" 6347 bh.sql2result[sql] = newMrsForSqlForShowDatabases([][]interface{}{}) 6348 6349 bh.sql2result["show tables from mo_catalog;"] = newMrsForShowTables([][]interface{}{}) 6350 6351 err := doDropAccount(ses.GetRequestContext(), ses, stmt) 6352 convey.So(err, convey.ShouldBeNil) 6353 }) 6354 convey.Convey("drop account (if exists)", t, func() { 6355 ctrl := gomock.NewController(t) 6356 defer ctrl.Finish() 6357 6358 bh := &backgroundExecTest{} 6359 bh.init() 6360 6361 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 6362 defer bhStub.Reset() 6363 6364 stmt := &tree.DropAccount{ 6365 IfExists: true, 6366 Name: "acc", 6367 } 6368 priv := determinePrivilegeSetOfStatement(stmt) 6369 ses := newSes(priv, ctrl) 6370 6371 //no result set 6372 bh.sql2result["begin;"] = nil 6373 bh.sql2result["commit;"] = nil 6374 bh.sql2result["rollback;"] = nil 6375 6376 sql := getSqlForCheckTenant(stmt.Name) 6377 mrs := newMrsForCheckTenant([][]interface{}{}) 6378 bh.sql2result[sql] = mrs 6379 6380 sql = getSqlForDeleteAccountFromMoAccount(stmt.Name) 6381 bh.sql2result[sql] = nil 6382 6383 for _, sql = range getSqlForDropAccount() { 6384 bh.sql2result[sql] = nil 6385 } 6386 6387 bh.sql2result["show tables from mo_catalog;"] = newMrsForShowTables([][]interface{}{}) 6388 6389 err := doDropAccount(ses.GetRequestContext(), ses, stmt) 6390 convey.So(err, convey.ShouldBeNil) 6391 }) 6392 convey.Convey("drop account fail", t, func() { 6393 ctrl := gomock.NewController(t) 6394 defer ctrl.Finish() 6395 6396 bh := &backgroundExecTest{} 6397 bh.init() 6398 6399 bhStub := gostub.StubFunc(&NewBackgroundHandler, bh) 6400 defer bhStub.Reset() 6401 6402 stmt := &tree.DropAccount{ 6403 Name: "acc", 6404 } 6405 priv := determinePrivilegeSetOfStatement(stmt) 6406 ses := newSes(priv, ctrl) 6407 6408 //no result set 6409 bh.sql2result["begin;"] = nil 6410 bh.sql2result["commit;"] = nil 6411 bh.sql2result["rollback;"] = nil 6412 6413 sql := getSqlForCheckTenant(stmt.Name) 6414 mrs := newMrsForCheckTenant([][]interface{}{}) 6415 bh.sql2result[sql] = mrs 6416 6417 sql = getSqlForDeleteAccountFromMoAccount(stmt.Name) 6418 bh.sql2result[sql] = nil 6419 6420 for _, sql = range getSqlForDropAccount() { 6421 bh.sql2result[sql] = nil 6422 } 6423 6424 err := doDropAccount(ses.GetRequestContext(), ses, stmt) 6425 convey.So(err, convey.ShouldBeError) 6426 }) 6427 } 6428 6429 func generateGrantPrivilege(grant, to string, exists bool, roleNames []string, withGrantOption bool) { 6430 names := "" 6431 for i, name := range roleNames { 6432 if i > 0 { 6433 names += "," 6434 } 6435 names += name 6436 } 6437 levels := make(map[objectType][]privilegeLevelType) 6438 levels[objectTypeTable] = []privilegeLevelType{ 6439 privilegeLevelStar, 6440 privilegeLevelStarStar, 6441 privilegeLevelDatabaseStar, 6442 privilegeLevelDatabaseTable, 6443 privilegeLevelTable, 6444 } 6445 levels[objectTypeDatabase] = []privilegeLevelType{ 6446 privilegeLevelStar, 6447 privilegeLevelStarStar, 6448 privilegeLevelDatabase, 6449 } 6450 levels[objectTypeAccount] = []privilegeLevelType{ 6451 privilegeLevelStar, 6452 } 6453 for i := PrivilegeTypeCreateAccount; i <= PrivilegeTypeExecute; i++ { 6454 switch i { 6455 case PrivilegeTypeCreateObject, PrivilegeTypeDropObject, PrivilegeTypeAlterObject: 6456 continue 6457 } 6458 for j := objectTypeDatabase; j <= objectTypeAccount; j++ { 6459 switch i.Scope() { 6460 case PrivilegeScopeSys, PrivilegeScopeAccount, PrivilegeScopeUser, PrivilegeScopeRole: 6461 if j != objectTypeAccount { 6462 continue 6463 } 6464 case PrivilegeScopeDatabase: 6465 if j != objectTypeDatabase { 6466 continue 6467 } 6468 case PrivilegeScopeTable: 6469 if j != objectTypeTable { 6470 continue 6471 } 6472 case PrivilegeScopeRoutine: 6473 if j != objectTypeFunction { 6474 continue 6475 } 6476 } 6477 if j == objectTypeFunction { 6478 continue 6479 } 6480 6481 for _, k := range levels[j] { 6482 bb := bytes.Buffer{} 6483 bb.WriteString(grant) 6484 if exists { 6485 bb.WriteString(" ") 6486 bb.WriteString("if exists") 6487 } 6488 6489 bb.WriteString(" ") 6490 s := fmt.Sprintf("%v on %v %v", i, j, k) 6491 bb.WriteString(s) 6492 bb.WriteString(" ") 6493 bb.WriteString(to) 6494 bb.WriteString(" ") 6495 bb.WriteString(names) 6496 if withGrantOption { 6497 bb.WriteString(" with grant option") 6498 } 6499 bb.WriteString(";") 6500 convey.So(len(s) != 0, convey.ShouldBeTrue) 6501 //fmt.Println(bb.String()) 6502 } 6503 } 6504 } 6505 } 6506 6507 func Test_generateGrantPrivilege(t *testing.T) { 6508 convey.Convey("grant privilege combination", t, func() { 6509 generateGrantPrivilege("grant", "to", false, []string{"role_r1"}, false) 6510 }) 6511 } 6512 6513 func Test_generateRevokePrivilege(t *testing.T) { 6514 convey.Convey("grant privilege combination", t, func() { 6515 generateGrantPrivilege("revoke", "from", true, []string{"role_r1", "rx"}, false) 6516 generateGrantPrivilege("revoke", "from", false, []string{"role_r1", "rx"}, false) 6517 }) 6518 } 6519 6520 func Test_Name(t *testing.T) { 6521 convey.Convey("test", t, func() { 6522 type arg struct { 6523 input string 6524 want string 6525 } 6526 6527 args := []arg{ 6528 {" abc ", "abc"}, 6529 } 6530 6531 for _, a := range args { 6532 ret, _ := normalizeName(context.TODO(), a.input) 6533 convey.So(ret == a.want, convey.ShouldBeTrue) 6534 } 6535 }) 6536 6537 convey.Convey("test2", t, func() { 6538 type arg struct { 6539 input string 6540 want bool 6541 } 6542 6543 args := []arg{ 6544 {"abc", false}, 6545 {"a:bc", true}, 6546 {" a:bc ", true}, 6547 } 6548 6549 for _, a := range args { 6550 ret := nameIsInvalid(a.input) 6551 convey.So(ret == a.want, convey.ShouldBeTrue) 6552 } 6553 }) 6554 } 6555 6556 func genRevokeCases1(A [][]string, path []string, cur int, exists bool, out *[]string) { 6557 if cur == len(A) { 6558 bb := bytes.Buffer{} 6559 bb.WriteString("revoke ") 6560 if exists { 6561 bb.WriteString("if exists ") 6562 } 6563 bb.WriteString(path[0]) 6564 bb.WriteString(",") 6565 bb.WriteString(path[1]) 6566 bb.WriteString(" ") 6567 bb.WriteString("from ") 6568 bb.WriteString(path[2]) 6569 bb.WriteString(",") 6570 bb.WriteString(path[3]) 6571 bb.WriteString(";") 6572 *out = append(*out, bb.String()) 6573 } else { 6574 for i := 0; i < len(A[cur]); i++ { 6575 path[cur] = A[cur][i] 6576 genRevokeCases1(A, path, cur+1, exists, out) 6577 } 6578 } 6579 } 6580 6581 func Test_genRevokeCases(t *testing.T) { 6582 A := [][]string{ 6583 {"r1", "role_r1"}, 6584 {"r2", "role_r2"}, 6585 {"u1", "role_u1"}, 6586 {"u2", "role_u2"}, 6587 } 6588 Path := []string{"", "", "", ""} 6589 Out := []string{} 6590 genRevokeCases1(A, Path, 0, true, &Out) 6591 genRevokeCases1(A, Path, 0, false, &Out) 6592 for _, s := range Out { 6593 fmt.Println(s) 6594 } 6595 } 6596 6597 func newSes(priv *privilege, ctrl *gomock.Controller) *Session { 6598 pu := config.NewParameterUnit(&config.FrontendParameters{}, nil, nil, nil, nil) 6599 pu.SV.SetDefaultValues() 6600 6601 ctx := context.WithValue(context.TODO(), config.ParameterUnitKey, pu) 6602 ioses := mock_frontend.NewMockIOSession(ctrl) 6603 ioses.EXPECT().OutBuf().Return(buf.NewByteBuf(1024)).AnyTimes() 6604 ioses.EXPECT().Write(gomock.Any(), gomock.Any()).Return(nil).AnyTimes() 6605 ioses.EXPECT().RemoteAddress().Return("").AnyTimes() 6606 ioses.EXPECT().Ref().AnyTimes() 6607 proto := NewMysqlClientProtocol(0, ioses, 1024, pu.SV) 6608 6609 ses := NewSession(proto, nil, pu, GSysVariables, false) 6610 tenant := &TenantInfo{ 6611 Tenant: sysAccountName, 6612 User: rootName, 6613 DefaultRole: moAdminRoleName, 6614 TenantID: sysAccountID, 6615 UserID: rootID, 6616 DefaultRoleID: moAdminRoleID, 6617 } 6618 ses.SetTenantInfo(tenant) 6619 ses.priv = priv 6620 ses.SetRequestContext(ctx) 6621 return ses 6622 } 6623 6624 func newBh(ctrl *gomock.Controller, sql2result map[string]ExecResult) BackgroundExec { 6625 var currentSql string 6626 bh := mock_frontend.NewMockBackgroundExec(ctrl) 6627 bh.EXPECT().ClearExecResultSet().AnyTimes() 6628 bh.EXPECT().Close().Return().AnyTimes() 6629 bh.EXPECT().Exec(gomock.Any(), gomock.Any()).DoAndReturn(func(_ context.Context, sql string) error { 6630 currentSql = sql 6631 return nil 6632 }).AnyTimes() 6633 bh.EXPECT().GetExecResultSet().DoAndReturn(func() []interface{} { 6634 return []interface{}{sql2result[currentSql]} 6635 }).AnyTimes() 6636 return bh 6637 } 6638 6639 type backgroundExecTest struct { 6640 currentSql string 6641 sql2result map[string]ExecResult 6642 } 6643 6644 func (bt *backgroundExecTest) init() { 6645 bt.sql2result = make(map[string]ExecResult) 6646 } 6647 6648 func (bt *backgroundExecTest) Close() { 6649 } 6650 6651 func (bt *backgroundExecTest) Exec(ctx context.Context, s string) error { 6652 bt.currentSql = s 6653 return nil 6654 } 6655 6656 func (bt *backgroundExecTest) GetExecResultSet() []interface{} { 6657 return []interface{}{bt.sql2result[bt.currentSql]} 6658 } 6659 6660 func (bt *backgroundExecTest) ClearExecResultSet() { 6661 //bt.init() 6662 } 6663 6664 var _ BackgroundExec = &backgroundExecTest{} 6665 6666 func newMrsForSqlForShowDatabases(rows [][]interface{}) *MysqlResultSet { 6667 mrs := &MysqlResultSet{} 6668 6669 col1 := &MysqlColumn{} 6670 col1.SetName("Database") 6671 col1.SetColumnType(defines.MYSQL_TYPE_VARCHAR) 6672 mrs.AddColumn(col1) 6673 6674 for _, row := range rows { 6675 mrs.AddRow(row) 6676 } 6677 6678 return mrs 6679 } 6680 6681 func newMrsForSqlForCheckUserHasRole(rows [][]interface{}) *MysqlResultSet { 6682 mrs := &MysqlResultSet{} 6683 6684 col1 := &MysqlColumn{} 6685 col1.SetName("user_id") 6686 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6687 6688 col2 := &MysqlColumn{} 6689 col2.SetName("role_id") 6690 col2.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6691 6692 mrs.AddColumn(col1) 6693 mrs.AddColumn(col2) 6694 6695 for _, row := range rows { 6696 mrs.AddRow(row) 6697 } 6698 6699 return mrs 6700 } 6701 6702 func newMrsForRoleIdOfRole(rows [][]interface{}) *MysqlResultSet { 6703 mrs := &MysqlResultSet{} 6704 6705 col1 := &MysqlColumn{} 6706 col1.SetName("role_id") 6707 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6708 6709 mrs.AddColumn(col1) 6710 6711 for _, row := range rows { 6712 mrs.AddRow(row) 6713 } 6714 6715 return mrs 6716 } 6717 6718 func newMrsForRoleIdOfUserId(rows [][]interface{}) *MysqlResultSet { 6719 mrs := &MysqlResultSet{} 6720 6721 col1 := &MysqlColumn{} 6722 col1.SetName("role_id") 6723 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6724 6725 col2 := &MysqlColumn{} 6726 col2.SetName("with_grant_option") 6727 col2.SetColumnType(defines.MYSQL_TYPE_BOOL) 6728 6729 mrs.AddColumn(col1) 6730 mrs.AddColumn(col2) 6731 6732 for _, row := range rows { 6733 mrs.AddRow(row) 6734 } 6735 6736 return mrs 6737 } 6738 6739 func newMrsForCheckRoleHasPrivilege(rows [][]interface{}) *MysqlResultSet { 6740 mrs := &MysqlResultSet{} 6741 6742 col1 := &MysqlColumn{} 6743 col1.SetName("role_id") 6744 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6745 6746 col2 := &MysqlColumn{} 6747 col2.SetName("with_grant_option") 6748 col2.SetColumnType(defines.MYSQL_TYPE_BOOL) 6749 6750 mrs.AddColumn(col1) 6751 mrs.AddColumn(col2) 6752 6753 for _, row := range rows { 6754 mrs.AddRow(row) 6755 } 6756 6757 return mrs 6758 } 6759 6760 func newMrsForInheritedRoleIdOfRoleId(rows [][]interface{}) *MysqlResultSet { 6761 mrs := &MysqlResultSet{} 6762 6763 col1 := &MysqlColumn{} 6764 col1.SetName("granted_id") 6765 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6766 6767 col2 := &MysqlColumn{} 6768 col2.SetName("with_grant_option") 6769 col2.SetColumnType(defines.MYSQL_TYPE_BOOL) 6770 6771 mrs.AddColumn(col1) 6772 mrs.AddColumn(col2) 6773 6774 for _, row := range rows { 6775 mrs.AddRow(row) 6776 } 6777 6778 return mrs 6779 } 6780 6781 func newMrsForGetAllStuffRoleGrant(rows [][]interface{}) *MysqlResultSet { 6782 mrs := &MysqlResultSet{} 6783 6784 col1 := &MysqlColumn{} 6785 col1.SetName("granted_id") 6786 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6787 6788 col2 := &MysqlColumn{} 6789 col2.SetName("grantee_id") 6790 col2.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6791 6792 col3 := &MysqlColumn{} 6793 col3.SetName("with_grant_option") 6794 col3.SetColumnType(defines.MYSQL_TYPE_BOOL) 6795 6796 mrs.AddColumn(col1) 6797 mrs.AddColumn(col2) 6798 mrs.AddColumn(col3) 6799 6800 for _, row := range rows { 6801 mrs.AddRow(row) 6802 } 6803 6804 return mrs 6805 } 6806 6807 func newMrsForCheckRoleGrant(rows [][]interface{}) *MysqlResultSet { 6808 mrs := &MysqlResultSet{} 6809 6810 col1 := &MysqlColumn{} 6811 col1.SetName("granted_id") 6812 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6813 6814 col2 := &MysqlColumn{} 6815 col2.SetName("grantee_id") 6816 col2.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6817 6818 col3 := &MysqlColumn{} 6819 col3.SetName("with_grant_option") 6820 col3.SetColumnType(defines.MYSQL_TYPE_BOOL) 6821 6822 mrs.AddColumn(col1) 6823 mrs.AddColumn(col2) 6824 mrs.AddColumn(col3) 6825 6826 for _, row := range rows { 6827 mrs.AddRow(row) 6828 } 6829 6830 return mrs 6831 } 6832 6833 func newMrsForPasswordOfUser(rows [][]interface{}) *MysqlResultSet { 6834 mrs := &MysqlResultSet{} 6835 6836 col1 := &MysqlColumn{} 6837 col1.SetName("user_id") 6838 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6839 6840 col2 := &MysqlColumn{} 6841 col2.SetName("authentication_string") 6842 col2.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6843 6844 col3 := &MysqlColumn{} 6845 col3.SetName("default_role") 6846 col3.SetColumnType(defines.MYSQL_TYPE_BOOL) 6847 6848 mrs.AddColumn(col1) 6849 mrs.AddColumn(col2) 6850 mrs.AddColumn(col3) 6851 6852 for _, row := range rows { 6853 mrs.AddRow(row) 6854 } 6855 6856 return mrs 6857 } 6858 6859 func newMrsForCheckUserGrant(rows [][]interface{}) *MysqlResultSet { 6860 mrs := &MysqlResultSet{} 6861 6862 col1 := &MysqlColumn{} 6863 col1.SetName("role_id") 6864 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6865 6866 col2 := &MysqlColumn{} 6867 col2.SetName("user_id") 6868 col2.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6869 6870 col3 := &MysqlColumn{} 6871 col3.SetName("with_grant_option") 6872 col3.SetColumnType(defines.MYSQL_TYPE_BOOL) 6873 6874 mrs.AddColumn(col1) 6875 mrs.AddColumn(col2) 6876 mrs.AddColumn(col3) 6877 6878 for _, row := range rows { 6879 mrs.AddRow(row) 6880 } 6881 6882 return mrs 6883 } 6884 6885 func newMrsForRoleOfUser(rows [][]interface{}) *MysqlResultSet { 6886 mrs := &MysqlResultSet{} 6887 6888 col1 := &MysqlColumn{} 6889 col1.SetName("role_id") 6890 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6891 6892 mrs.AddColumn(col1) 6893 6894 for _, row := range rows { 6895 mrs.AddRow(row) 6896 } 6897 6898 return mrs 6899 } 6900 6901 func newMrsForCheckDatabase(rows [][]interface{}) *MysqlResultSet { 6902 mrs := &MysqlResultSet{} 6903 6904 col1 := &MysqlColumn{} 6905 col1.SetName("dat_id") 6906 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6907 6908 mrs.AddColumn(col1) 6909 6910 for _, row := range rows { 6911 mrs.AddRow(row) 6912 } 6913 6914 return mrs 6915 } 6916 6917 func newMrsForCheckDatabaseTable(rows [][]interface{}) *MysqlResultSet { 6918 mrs := &MysqlResultSet{} 6919 6920 col1 := &MysqlColumn{} 6921 col1.SetName("rel_id") 6922 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6923 6924 mrs.AddColumn(col1) 6925 6926 for _, row := range rows { 6927 mrs.AddRow(row) 6928 } 6929 6930 return mrs 6931 } 6932 6933 func newMrsForCheckTenant(rows [][]interface{}) *MysqlResultSet { 6934 mrs := &MysqlResultSet{} 6935 6936 col1 := &MysqlColumn{} 6937 col1.SetName("account_id") 6938 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6939 6940 col2 := &MysqlColumn{} 6941 col2.SetName("account_name") 6942 col2.SetColumnType(defines.MYSQL_TYPE_VARCHAR) 6943 mrs.AddColumn(col1) 6944 mrs.AddColumn(col2) 6945 6946 for _, row := range rows { 6947 mrs.AddRow(row) 6948 } 6949 6950 return mrs 6951 } 6952 6953 func makeRowsOfMoRole(sql2result map[string]ExecResult, roleNames []string, rows [][][]interface{}) { 6954 for i, name := range roleNames { 6955 sql2result[getSqlForRoleIdOfRole(name)] = newMrsForRoleIdOfRole(rows[i]) 6956 } 6957 } 6958 6959 func makeRowsOfMoUserGrant(sql2result map[string]ExecResult, userId int, rows [][]interface{}) { 6960 sql2result[getSqlForRoleIdOfUserId(userId)] = newMrsForRoleIdOfUserId(rows) 6961 } 6962 6963 func makeRowsOfMoRolePrivs(sql2result map[string]ExecResult, roleIds []int, entries []privilegeEntry, rowsOfMoRolePrivs [][]interface{}) { 6964 for _, roleId := range roleIds { 6965 for _, entry := range entries { 6966 sql, _ := getSqlFromPrivilegeEntry(context.TODO(), int64(roleId), entry) 6967 sql2result[sql] = newMrsForCheckRoleHasPrivilege(rowsOfMoRolePrivs) 6968 } 6969 } 6970 } 6971 6972 func makeRowsOfMoRoleGrant(sql2result map[string]ExecResult, roleIds []int, rowsOfMoRoleGrant [][]interface{}) { 6973 for _, roleId := range roleIds { 6974 sql := getSqlForInheritedRoleIdOfRoleId(int64(roleId)) 6975 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId(rowsOfMoRoleGrant) 6976 } 6977 } 6978 6979 func newMrsForWithGrantOptionPrivilege(rows [][]interface{}) *MysqlResultSet { 6980 mrs := &MysqlResultSet{} 6981 6982 col1 := &MysqlColumn{} 6983 col1.SetName("privilege_id") 6984 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 6985 6986 col2 := &MysqlColumn{} 6987 col2.SetName("with_grant_option") 6988 col2.SetColumnType(defines.MYSQL_TYPE_BOOL) 6989 6990 mrs.AddColumn(col1) 6991 mrs.AddColumn(col2) 6992 6993 for _, row := range rows { 6994 mrs.AddRow(row) 6995 } 6996 6997 return mrs 6998 } 6999 7000 func newMrsForRoleWGO(rows [][]interface{}) *MysqlResultSet { 7001 mrs := &MysqlResultSet{} 7002 7003 col1 := &MysqlColumn{} 7004 col1.SetName("grantee_id") 7005 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 7006 7007 mrs.AddColumn(col1) 7008 7009 for _, row := range rows { 7010 mrs.AddRow(row) 7011 } 7012 7013 return mrs 7014 } 7015 7016 func newMrsForPrivilegeWGO(rows [][]interface{}) *MysqlResultSet { 7017 mrs := &MysqlResultSet{} 7018 7019 col1 := &MysqlColumn{} 7020 col1.SetName("role_id") 7021 col1.SetColumnType(defines.MYSQL_TYPE_LONGLONG) 7022 7023 mrs.AddColumn(col1) 7024 7025 for _, row := range rows { 7026 mrs.AddRow(row) 7027 } 7028 7029 return mrs 7030 } 7031 7032 func makeRowsOfWithGrantOptionPrivilege(sql2result map[string]ExecResult, sql string, rows [][]interface{}) { 7033 sql2result[sql] = newMrsForWithGrantOptionPrivilege(rows) 7034 } 7035 7036 func makeSql2ExecResult(userId int, 7037 rowsOfMoUserGrant [][]interface{}, 7038 roleIdsInMoRolePrivs []int, entries []privilegeEntry, rowsOfMoRolePrivs [][]interface{}, 7039 roleIdsInMoRoleGrant []int, rowsOfMoRoleGrant [][]interface{}) map[string]ExecResult { 7040 sql2result := make(map[string]ExecResult) 7041 makeRowsOfMoUserGrant(sql2result, userId, rowsOfMoUserGrant) 7042 makeRowsOfMoRolePrivs(sql2result, roleIdsInMoRolePrivs, entries, rowsOfMoRolePrivs) 7043 makeRowsOfMoRoleGrant(sql2result, roleIdsInMoRoleGrant, rowsOfMoRoleGrant) 7044 return sql2result 7045 } 7046 7047 func makeSql2ExecResult2(userId int, rowsOfMoUserGrant [][]interface{}, roleIdsInMoRolePrivs []int, entries []privilegeEntry, rowsOfMoRolePrivs [][][][]interface{}, roleIdsInMoRoleGrant []int, rowsOfMoRoleGrant [][][]interface{}, grantedIds []int, granteeRows [][][]interface{}) map[string]ExecResult { 7048 sql2result := make(map[string]ExecResult) 7049 makeRowsOfMoUserGrant(sql2result, userId, rowsOfMoUserGrant) 7050 for i, roleId := range roleIdsInMoRolePrivs { 7051 for j, entry := range entries { 7052 sql, _ := getSqlFromPrivilegeEntry(context.TODO(), int64(roleId), entry) 7053 sql2result[sql] = newMrsForCheckRoleHasPrivilege(rowsOfMoRolePrivs[i][j]) 7054 } 7055 } 7056 7057 for i, roleId := range roleIdsInMoRoleGrant { 7058 sql := getSqlForInheritedRoleIdOfRoleId(int64(roleId)) 7059 sql2result[sql] = newMrsForInheritedRoleIdOfRoleId(rowsOfMoRoleGrant[i]) 7060 } 7061 7062 for i, id := range grantedIds { 7063 sql := getSqlForCheckRoleGrantWGO(int64(id)) 7064 sql2result[sql] = newMrsForRoleWGO(granteeRows[i]) 7065 } 7066 7067 return sql2result 7068 } 7069 7070 func Test_graph(t *testing.T) { 7071 convey.Convey("create graph", t, func() { 7072 g := NewGraph() 7073 7074 g.addEdge(1, 2) 7075 g.addEdge(2, 3) 7076 g.addEdge(3, 4) 7077 7078 convey.So(g.hasLoop(1), convey.ShouldBeFalse) 7079 7080 g2 := NewGraph() 7081 g2.addEdge(1, 2) 7082 g2.addEdge(2, 3) 7083 g2.addEdge(3, 4) 7084 e1 := g2.addEdge(4, 1) 7085 7086 convey.So(g2.hasLoop(1), convey.ShouldBeTrue) 7087 7088 g2.removeEdge(e1) 7089 convey.So(g2.hasLoop(1), convey.ShouldBeFalse) 7090 7091 g2.addEdge(4, 1) 7092 convey.So(g2.hasLoop(1), convey.ShouldBeTrue) 7093 }) 7094 } 7095 7096 func Test_cache(t *testing.T) { 7097 type arg struct { 7098 db string 7099 table string 7100 } 7101 cnt := 10 7102 args := make([]arg, 10) 7103 for i := 0; i < cnt; i++ { 7104 args[i].db = fmt.Sprintf("db%d", i) 7105 args[i].table = fmt.Sprintf("table%d", i) 7106 } 7107 7108 cache1 := &privilegeCache{} 7109 convey.Convey("has", t, func() { 7110 for _, a := range args { 7111 ret := cache1.has(objectTypeTable, privilegeLevelStar, a.db, a.table, PrivilegeTypeCreateAccount) 7112 convey.So(ret, convey.ShouldBeFalse) 7113 } 7114 }) 7115 7116 //add some privilege 7117 for _, a := range args { 7118 for i := PrivilegeTypeCreateAccount; i < PrivilegeTypeCreateObject; i++ { 7119 cache1.add(objectTypeTable, privilegeLevelStar, a.db, a.table, i) 7120 } 7121 } 7122 7123 convey.Convey("has2", t, func() { 7124 for _, a := range args { 7125 ret := cache1.has(objectTypeTable, privilegeLevelStar, a.db, a.table, PrivilegeTypeCreateAccount) 7126 convey.So(ret, convey.ShouldBeTrue) 7127 ret = cache1.has(objectTypeTable, privilegeLevelStar, a.db, a.table, PrivilegeTypeCreateObject) 7128 convey.So(ret, convey.ShouldBeFalse) 7129 } 7130 }) 7131 7132 for _, a := range args { 7133 for i := PrivilegeTypeCreateObject; i < PrivilegeTypeExecute; i++ { 7134 cache1.add(objectTypeTable, privilegeLevelStar, a.db, a.table, i) 7135 } 7136 } 7137 7138 convey.Convey("has3", t, func() { 7139 for _, a := range args { 7140 ret := cache1.has(objectTypeTable, privilegeLevelStar, a.db, a.table, PrivilegeTypeCreateAccount) 7141 convey.So(ret, convey.ShouldBeTrue) 7142 ret = cache1.has(objectTypeTable, privilegeLevelStar, a.db, a.table, PrivilegeTypeCreateObject) 7143 convey.So(ret, convey.ShouldBeTrue) 7144 } 7145 }) 7146 7147 //set 7148 for _, a := range args { 7149 for i := PrivilegeTypeCreateObject; i < PrivilegeTypeExecute; i++ { 7150 cache1.set(objectTypeTable, privilegeLevelStar, a.db, a.table) 7151 } 7152 } 7153 7154 convey.Convey("has4", t, func() { 7155 for _, a := range args { 7156 ret := cache1.has(objectTypeTable, privilegeLevelStar, a.db, a.table, PrivilegeTypeCreateAccount) 7157 convey.So(ret, convey.ShouldBeFalse) 7158 ret = cache1.has(objectTypeTable, privilegeLevelStar, a.db, a.table, PrivilegeTypeCreateObject) 7159 convey.So(ret, convey.ShouldBeFalse) 7160 } 7161 }) 7162 7163 for _, a := range args { 7164 for i := PrivilegeTypeCreateAccount; i < PrivilegeTypeExecute; i++ { 7165 cache1.add(objectTypeTable, privilegeLevelStarStar, a.db, a.table, i) 7166 } 7167 } 7168 7169 convey.Convey("has4", t, func() { 7170 for _, a := range args { 7171 ret := cache1.has(objectTypeTable, privilegeLevelStar, a.db, a.table, PrivilegeTypeCreateAccount) 7172 convey.So(ret, convey.ShouldBeFalse) 7173 ret = cache1.has(objectTypeTable, privilegeLevelStarStar, a.db, a.table, PrivilegeTypeCreateObject) 7174 convey.So(ret, convey.ShouldBeTrue) 7175 } 7176 }) 7177 7178 cache1.invalidate() 7179 convey.Convey("has4", t, func() { 7180 for _, a := range args { 7181 ret := cache1.has(objectTypeTable, privilegeLevelStar, a.db, a.table, PrivilegeTypeCreateAccount) 7182 convey.So(ret, convey.ShouldBeFalse) 7183 ret = cache1.has(objectTypeTable, privilegeLevelStar, a.db, a.table, PrivilegeTypeCreateObject) 7184 convey.So(ret, convey.ShouldBeFalse) 7185 } 7186 }) 7187 } 7188 7189 func Test_DropDatabaseOfAccount(t *testing.T) { 7190 convey.Convey("drop account", t, func() { 7191 var db string 7192 databases := map[string]int8{ 7193 "abc": 0, 7194 "mo_catalog": 0, 7195 "system": 0, 7196 "ABC": 0, 7197 } 7198 var sqlsForDropDatabases []string 7199 prefix := "drop database if exists " 7200 for db = range databases { 7201 if db == "mo_catalog" { 7202 continue 7203 } 7204 bb := &bytes.Buffer{} 7205 bb.WriteString(prefix) 7206 //handle the database annotated by '`' 7207 if db != strings.ToLower(db) { 7208 bb.WriteString("`") 7209 bb.WriteString(db) 7210 bb.WriteString("`") 7211 } else { 7212 bb.WriteString(db) 7213 } 7214 bb.WriteString(";") 7215 sqlsForDropDatabases = append(sqlsForDropDatabases, bb.String()) 7216 } 7217 7218 has := func(s string) bool { 7219 for _, sql := range sqlsForDropDatabases { 7220 if strings.Contains(sql, s) { 7221 return true 7222 } 7223 } 7224 return false 7225 } 7226 7227 convey.So(has("ABC"), convey.ShouldBeTrue) 7228 convey.So(has("system"), convey.ShouldBeTrue) 7229 convey.So(has("mo_catalog"), convey.ShouldBeFalse) 7230 }) 7231 }