Skip to content

Commit

Permalink
在pgsql数据库查询时,仅检查当前选中的库的权限 (#2709)
Browse files Browse the repository at this point in the history
  • Loading branch information
@peixubin
peixubin authored Jul 1, 2024
1 parent 24f86de commit 5c9e83f
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 2 deletions.
4 changes: 2 additions & 2 deletions sql/query_privileges.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,8 +98,8 @@ def query_priv_check(user, instance, db_name, sql_content, limit_num):
result["msg"] = f"无法校验查询语句权限,请联系管理员,错误信息:{msg}"
# 其他类型实例仅校验库权限
else:
# 先获取查询语句涉及的库,redis、mssql特殊处理,仅校验当前选择的库
if instance.db_type in ["redis", "mssql"]:
# 先获取查询语句涉及的库,redis、mssql、pgsql特殊处理,仅校验当前选择的库
if instance.db_type in ["redis", "mssql", "pgsql"]:
dbs = [db_name]
else:
dbs = [
Expand Down
23 changes: 23 additions & 0 deletions sql/test_query_privileges.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -610,6 +610,29 @@ def test_query_priv_check_table_ref_Exception_and_no_db_priv(
},
)

@patch("sql.query_privileges._db_priv", return_value=False)
def test_query_priv_check_with_pgsql_db_priv(self, __db_priv):
"""
测试用户权限校验,pgsql实例、普通用户
"""
pgsql_instance = Instance(
instance_name="pgsql",
type="master",
db_type="pgsql",
host="some_host",
port=5432,
user="some_user",
password="some_str",
)
r = sql.query_privileges.query_priv_check(
user=self.user,
instance=pgsql_instance,
db_name=self.db_name,
sql_content="select * from should_not_used.sql_users;",
limit_num=100,
)
__db_priv.assert_called_with(self.user, pgsql_instance, self.db_name)

@patch("sql.query_privileges._db_priv", return_value=1000)
def test_query_priv_check_not_mysql_db_priv_exist(self, __db_priv):
"""
Expand Down

0 comments on commit 5c9e83f

Please sign in to comment.