Implement SHOW ROLE GRANTS rewrite

Extracted-From: prestodb/presto#10904
trinodb · Jan 29, 2019 · c8d8733 · c8d8733
1 parent 266fa20
commit c8d8733
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 0 deletions.
diff --git a/presto-main/src/main/java/io/prestosql/sql/rewrite/ShowQueriesRewrite.java b/presto-main/src/main/java/io/prestosql/sql/rewrite/ShowQueriesRewrite.java
@@ -34,6 +34,8 @@
 import io.prestosql.spi.connector.CatalogSchemaName;
 import io.prestosql.spi.connector.ConnectorTableMetadata;
 import io.prestosql.spi.connector.SchemaTableName;
+import io.prestosql.spi.security.PrestoPrincipal;
+import io.prestosql.spi.security.PrincipalType;
 import io.prestosql.spi.session.PropertyMetadata;
 import io.prestosql.sql.analyzer.QueryExplainer;
 import io.prestosql.sql.analyzer.SemanticException;
@@ -63,6 +65,7 @@
 import io.prestosql.sql.tree.ShowCreate;
 import io.prestosql.sql.tree.ShowFunctions;
 import io.prestosql.sql.tree.ShowGrants;
+import io.prestosql.sql.tree.ShowRoleGrants;
 import io.prestosql.sql.tree.ShowRoles;
 import io.prestosql.sql.tree.ShowSchemas;
 import io.prestosql.sql.tree.ShowSession;
@@ -280,6 +283,26 @@ protected Node visitShowRoles(ShowRoles node, Void context)
             }
         }
 
+        @Override
+        protected Node visitShowRoleGrants(ShowRoleGrants node, Void context)
+        {
+            if (!node.getCatalog().isPresent() && !session.getCatalog().isPresent()) {
+                throw new SemanticException(CATALOG_NOT_SPECIFIED, node, "Catalog must be specified when session catalog is not set");
+            }
+
+            String catalog = node.getCatalog().map(c -> c.getValue().toLowerCase(ENGLISH)).orElseGet(() -> session.getCatalog().get());
+            PrestoPrincipal principal = new PrestoPrincipal(PrincipalType.USER, session.getUser());
+
+            List<Expression> rows = metadata.listRoleGrants(session, catalog, principal).stream()
+                    .map(roleGrant -> row(new StringLiteral(roleGrant.getRoleName())))
+                    .collect(toList());
+
+            return simpleQuery(
+                    selectList(new AllColumns()),
+                    aliased(new Values(rows), "role_grants", ImmutableList.of("Role Grants")),
+                    ordering(ascending("Role Grants")));
+        }
+
         @Override
         protected Node visitShowSchemas(ShowSchemas node, Void context)
         {

diff --git a/presto-product-tests/src/main/java/io/prestosql/tests/hive/TestRoles.java b/presto-product-tests/src/main/java/io/prestosql/tests/hive/TestRoles.java
@@ -536,6 +536,30 @@ public void testShowCurrentRoles()
                         row("role2"));
     }
 
+    @Test(groups = {ROLES, AUTHORIZATION, PROFILE_SPECIFIC_TESTS})
+    public void testShowRoleGrants()
+    {
+        QueryAssert.assertThat(onPresto().executeQuery("SHOW ROLE GRANTS"))
+                .containsOnly(
+                        row("public"),
+                        row("admin"));
+        QueryAssert.assertThat(onPrestoAlice().executeQuery("SHOW ROLE GRANTS"))
+                .containsOnly(
+                        row("public"));
+        onPresto().executeQuery("CREATE ROLE role1");
+        onPresto().executeQuery("CREATE ROLE role2");
+        onPresto().executeQuery("GRANT role1 TO alice");
+        onPresto().executeQuery("GRANT role2 TO role1");
+        QueryAssert.assertThat(onPresto().executeQuery("SHOW ROLE GRANTS"))
+                .containsOnly(
+                        row("public"),
+                        row("admin"));
+        QueryAssert.assertThat(onPrestoAlice().executeQuery("SHOW ROLE GRANTS"))
+                .containsOnly(
+                        row("public"),
+                        row("role1"));
+    }
+
     private static QueryExecutor onPrestoAlice()
     {
         return connectToPresto("alice@presto");