Skip to content

Commit

Permalink
fix: sequence table next value acl permission to writer role (#16509)
Browse files Browse the repository at this point in the history
Signed-off-by: Harshit Gangal <harshit@planetscale.com>
  • Loading branch information
harshit-gangal authored Aug 1, 2024
1 parent d122ac6 commit 33030b7
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 5 deletions.
8 changes: 7 additions & 1 deletion go/vt/vttablet/tabletserver/planbuilder/permission.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,13 @@ func BuildPermissions(stmt sqlparser.Statement) []Permission {
var permissions []Permission
// All Statement types myst be covered here.
switch node := stmt.(type) {
case *sqlparser.Union, *sqlparser.Select:
case *sqlparser.Select:
role := tableacl.READER
if _, ok := node.SelectExprs[0].(*sqlparser.Nextval); ok {
role = tableacl.WRITER
}
permissions = buildSubqueryPermissions(node, role, permissions)
case *sqlparser.Union:
permissions = buildSubqueryPermissions(node, tableacl.READER, permissions)
case *sqlparser.Insert:
permissions = buildTableExprPermissions(node.Table, tableacl.WRITER, permissions)
Expand Down
6 changes: 6 additions & 0 deletions go/vt/vttablet/tabletserver/planbuilder/permission_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,12 @@ func TestBuildPermissions(t *testing.T) {
}, {
TableName: "t1", // derived table in update or delete needs reader permission as they cannot be modified.
}},
}, {
input: "select next 10 values from seq",
output: []Permission{{
TableName: "seq",
Role: tableacl.WRITER,
}},
}}

for _, tcase := range tcases {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@
"Permissions": [
{
"TableName": "seq",
"Role": 0
"Role": 1
}
],
"NextCount": "1"
Expand All @@ -154,7 +154,7 @@
"Permissions": [
{
"TableName": "seq",
"Role": 0
"Role": 1
}
],
"NextCount": "10"
Expand All @@ -169,7 +169,7 @@
"Permissions": [
{
"TableName": "seq",
"Role": 0
"Role": 1
}
],
"NextCount": ":a"
Expand All @@ -183,7 +183,7 @@
"Permissions": [
{
"TableName": "seq",
"Role": 0
"Role": 1
}
],
"NextCount": "12345667852342342342323423423"
Expand Down

0 comments on commit 33030b7

Please sign in to comment.