Propagate grants in continuous aggregates

Before this commit, grants on continuous aggregates were not propagated to the materialized hypertable, direct view, and partial view. With this commit, grants on a continuous aggregate is propagated. Fixes #2413
timescale · Sep 23, 2020 · 24eba1b · 24eba1b
1 parent 17724b8
commit 24eba1b
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 11 deletions.
diff --git a/src/process_utility.c b/src/process_utility.c
@@ -1063,6 +1063,18 @@ process_drop_tablespace(ProcessUtilityArgs *args)
 	return DDL_CONTINUE;
 }
 
+static void
+process_grant_add_by_rel(GrantStmt *stmt, RangeVar *relation)
+{
+	stmt->objects = lappend(stmt->objects, relation);
+}
+
+static void
+process_grant_add_by_name(GrantStmt *stmt, Name schema_name, Name table_name)
+{
+	process_grant_add_by_rel(stmt, makeRangeVar(NameStr(*schema_name), NameStr(*table_name), -1));
+}
+
 /*
  * Handle GRANT / REVOKE.
  *
@@ -1090,6 +1102,7 @@ process_grant_and_revoke(ProcessUtilityArgs *args)
 			ts_tablespace_validate_revoke(stmt);
 			result = DDL_DONE;
 			break;
+
 		case OBJECT_TABLE:
 			/*
 			 * Collect the hypertables in the grant statement. We only need to
@@ -1099,6 +1112,27 @@ process_grant_and_revoke(ProcessUtilityArgs *args)
 				Cache *hcache = ts_hypertable_cache_pin();
 				ListCell *cell;
 
+				/* First process all continuous aggregates in the list and add
+				 * the associated hypertables and views to the list of objects
+				 * to process */
+				foreach (cell, stmt->objects)
+				{
+					RangeVar *relation = lfirst_node(RangeVar, cell);
+					ContinuousAgg *const cagg = ts_continuous_agg_find_by_rv(relation);
+					if (cagg)
+					{
+						Hypertable *ht = ts_hypertable_get_by_id(cagg->data.mat_hypertable_id);
+						process_grant_add_by_name(stmt, &ht->fd.schema_name, &ht->fd.table_name);
+						process_grant_add_by_name(stmt,
+												  &cagg->data.direct_view_schema,
+												  &cagg->data.direct_view_name);
+						process_grant_add_by_name(stmt,
+												  &cagg->data.partial_view_schema,
+												  &cagg->data.partial_view_name);
+					}
+				}
+
+				/* Process all hypertables, including those added in the loop above */
 				foreach (cell, stmt->objects)
 				{
 					RangeVar *relation = lfirst_node(RangeVar, cell);

diff --git a/tsl/test/expected/continuous_aggs_permissions.out b/tsl/test/expected/continuous_aggs_permissions.out
@@ -8,10 +8,10 @@ DELETE FROM _timescaledb_config.bgw_job WHERE TRUE;
 CREATE VIEW cagg_info AS
 WITH
   caggs AS (
-    SELECT format('%s.%s', user_view_schema, user_view_name)::regclass AS user_view,
-           format('%s.%s', direct_view_schema, direct_view_name)::regclass AS direct_view,
-           format('%s.%s', partial_view_schema, partial_view_name)::regclass AS partial_view,
-           format('%s.%s', ht.schema_name, ht.table_name)::regclass AS mat_relid
+    SELECT format('%I.%I', user_view_schema, user_view_name)::regclass AS user_view,
+           format('%I.%I', direct_view_schema, direct_view_name)::regclass AS direct_view,
+           format('%I.%I', partial_view_schema, partial_view_name)::regclass AS partial_view,
+           format('%I.%I', ht.schema_name, ht.table_name)::regclass AS mat_relid
       FROM _timescaledb_catalog.hypertable ht,
            _timescaledb_catalog.continuous_agg cagg
      WHERE ht.id = cagg.mat_hypertable_id
@@ -251,10 +251,10 @@ SELECT * FROM cagg_info WHERE user_view::text = 'devices_summary';
 user_view         | devices_summary
 user_view_perm    | {default_perm_user_2=arwdDxt/default_perm_user_2,default_perm_user=arwdDxt/default_perm_user_2}
 mat_table         | _materialized_hypertable_10
-mat_table_perm    | 
+mat_table_perm    | {default_perm_user_2=arwdDxt/default_perm_user_2,default_perm_user=arwdDxt/default_perm_user_2}
 direct_view       | _timescaledb_internal._direct_view_10
-direct_view_perm  | 
+direct_view_perm  | {default_perm_user_2=arwdDxt/default_perm_user_2,default_perm_user=arwdDxt/default_perm_user_2}
 partial_view      | _timescaledb_internal._partial_view_10
-partial_view_perm | 
+partial_view_perm | {default_perm_user_2=arwdDxt/default_perm_user_2,default_perm_user=arwdDxt/default_perm_user_2}
 
 \x off
diff --git a/tsl/test/sql/continuous_aggs_permissions.sql b/tsl/test/sql/continuous_aggs_permissions.sql
@@ -11,10 +11,10 @@ DELETE FROM _timescaledb_config.bgw_job WHERE TRUE;
 CREATE VIEW cagg_info AS
 WITH
   caggs AS (
-    SELECT format('%s.%s', user_view_schema, user_view_name)::regclass AS user_view,
-           format('%s.%s', direct_view_schema, direct_view_name)::regclass AS direct_view,
-           format('%s.%s', partial_view_schema, partial_view_name)::regclass AS partial_view,
-           format('%s.%s', ht.schema_name, ht.table_name)::regclass AS mat_relid
+    SELECT format('%I.%I', user_view_schema, user_view_name)::regclass AS user_view,
+           format('%I.%I', direct_view_schema, direct_view_name)::regclass AS direct_view,
+           format('%I.%I', partial_view_schema, partial_view_name)::regclass AS partial_view,
+           format('%I.%I', ht.schema_name, ht.table_name)::regclass AS mat_relid
       FROM _timescaledb_catalog.hypertable ht,
            _timescaledb_catalog.continuous_agg cagg
      WHERE ht.id = cagg.mat_hypertable_id