6b8c1823a3
Currently, when preparing an authorization statement on a specific function, we're trying to "prepare" all cql types that appear in the function signature while parsing the statement. We cannot do that for UDTs, because we don't know the UDTs that are present in the databse at parsing time. As a result, such authorization statements fail. To work around this problem, we postpone the "preparation" of cql types until the actual statement validation and execution time. Until then, we store all type strings in the resource object. The "preparation" happens in the `maybe_correct_resource` method, which is called before every `execute` during a `check_access` call. At that point, we have access to the `query_processor`, and as a result, to `user_types_metadata` which allows us to prepare the argument types even for UDTs.
44 lines
1004 B
C++
44 lines
1004 B
C++
/*
|
|
* Copyright 2016-present ScyllaDB
|
|
*
|
|
* Modified by ScyllaDB
|
|
*/
|
|
|
|
/*
|
|
* SPDX-License-Identifier: (AGPL-3.0-or-later and Apache-2.0)
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include "cql3/cql_statement.hh"
|
|
#include "raw/parsed_statement.hh"
|
|
#include "transport/messages_fwd.hh"
|
|
|
|
namespace auth {
|
|
class resource;
|
|
}
|
|
|
|
namespace cql3 {
|
|
|
|
namespace statements {
|
|
|
|
class authorization_statement : public raw::parsed_statement, public cql_statement_no_metadata {
|
|
public:
|
|
authorization_statement() : cql_statement_no_metadata(&timeout_config::other_timeout) {}
|
|
|
|
uint32_t get_bound_terms() const override;
|
|
|
|
bool depends_on(std::string_view ks_name, std::optional<std::string_view> cf_name) const override;
|
|
|
|
future<> check_access(query_processor& qp, const service::client_state& state) const override;
|
|
|
|
void validate(query_processor&, const service::client_state& state) const override;
|
|
|
|
protected:
|
|
static void maybe_correct_resource(auth::resource&, const service::client_state&, query_processor&);
|
|
};
|
|
|
|
}
|
|
|
|
}
|