databendlabs · BohuTANG · Nov 8, 2021 · Nov 7, 2021 · Nov 8, 2021 · Nov 8, 2021
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/common/management/src/user/user_api.rs b/common/management/src/user/user_api.rs
@@ -19,13 +19,15 @@ use common_exception::ErrorCode;
 use common_exception::Result;
 use common_meta_types::AuthType;
 use common_meta_types::SeqV;
+use common_meta_types::UserPrivilege;
 
-#[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq, Ord, PartialOrd)]
+#[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq)]
 pub struct UserInfo {
     pub name: String,
     pub hostname: String,
     pub password: Vec<u8>,
     pub auth_type: AuthType,
+    pub privileges: UserPrivilege,
 }
 
 impl UserInfo {
@@ -35,11 +37,14 @@ impl UserInfo {
         password: Vec<u8>,
         auth_type: AuthType,
     ) -> Self {
+        // Default is no privileges.
+        let privileges = UserPrivilege::empty();
         UserInfo {
             name,
             hostname,
             password,
             auth_type,
+            privileges,
         }
     }
 }

diff --git a/common/meta/types/Cargo.toml b/common/meta/types/Cargo.toml
@@ -12,9 +12,9 @@ common-exception = {path = "../../exception"}
 
 async-raft = { git = "https://github.com/datafuse-extras/async-raft", tag = "v0.6.2-alpha.14" }
 derive_more = "0.99.16"
+enumflags2 = {version = "0.7.1", features = ["serde"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 
-
 [dev-dependencies]
 pretty_assertions = "1.0"
diff --git a/common/meta/types/src/lib.rs b/common/meta/types/src/lib.rs
@@ -18,6 +18,8 @@
 mod cluster_test;
 #[cfg(test)]
 mod match_seq_test;
+#[cfg(test)]
+mod user_privilege_test;
 
 pub use change::AddResult;
 pub use change::Change;
@@ -52,7 +54,9 @@ pub use table_info::TableIdent;
 pub use table_info::TableInfo;
 pub use table_info::TableMeta;
 pub use table_reply::CreateTableReply;
-pub use user::AuthType;
+pub use user_auth::AuthType;
+pub use user_privilege::UserPrivilege;
+pub use user_privilege::UserPrivilegeType;
 
 mod change;
 mod cluster;
@@ -71,4 +75,5 @@ mod seq_num;
 mod seq_value;
 mod table_info;
 mod table_reply;
-mod user;
+mod user_auth;
+mod user_privilege;
diff --git a/common/meta/types/src/user.rs → common/meta/types/src/user_auth.rs b/common/meta/types/src/user.rs → common/meta/types/src/user_auth.rs
diff --git a/common/meta/types/src/user_privilege.rs b/common/meta/types/src/user_privilege.rs
@@ -0,0 +1,65 @@
+// Copyright 2021 Datafuse Labs.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use enumflags2::bitflags;
+use enumflags2::make_bitflags;
+use enumflags2::BitFlags;
+
+#[bitflags]
+#[repr(u64)]
+#[derive(serde::Serialize, serde::Deserialize, Clone, Copy, Debug, Eq, PartialEq)]
+pub enum UserPrivilegeType {
+    // UsagePrivilege is a synonym for “no privileges”
+    Usage = 1 << 0,
+    // Privilege to create databases and tables.
+    Create = 1 << 1,
+    // Privilege to select rows from tables in a database.
+    Select = 1 << 2,
+    // Privilege to insert into tables in a database.
+    Insert = 1 << 3,
+    // Privilege to SET variables.
+    Set = 1 << 4,
+}
+
+const ALL_PRIVILEGES: BitFlags<UserPrivilegeType> = make_bitflags!(
+    UserPrivilegeType::{Create
+        | Select
+        | Insert
+        | Set}
+);
+
+#[derive(serde::Serialize, serde::Deserialize, Clone, Copy, Debug, Eq, PartialEq)]
+pub struct UserPrivilege {
+    privileges: BitFlags<UserPrivilegeType>,
+}
+
+impl UserPrivilege {
+    pub fn empty() -> Self {
+        UserPrivilege {
+            privileges: BitFlags::empty(),
+        }
+    }
+
+    pub fn set_privilege(&mut self, privilege: UserPrivilegeType) {
+        self.privileges |= privilege;
+    }
+
+    pub fn has_privilege(&mut self, privilege: UserPrivilegeType) -> bool {
+        self.privileges.contains(privilege)
+    }
+
+    pub fn set_all_privileges(&mut self) {
+        self.privileges |= ALL_PRIVILEGES;
+    }
+}
diff --git a/common/meta/types/src/user_privilege_test.rs b/common/meta/types/src/user_privilege_test.rs
@@ -0,0 +1,35 @@
+// Copyright 2021 Datafuse Labs.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use common_exception::exception::Result;
+
+use crate::UserPrivilege;
+use crate::UserPrivilegeType;
+
+#[test]
+fn test_user_privilege() -> Result<()> {
+    let mut privileges = UserPrivilege::empty();
+    let r = privileges.has_privilege(UserPrivilegeType::Set);
+    assert!(!r);
+
+    privileges.set_privilege(UserPrivilegeType::Set);
+    let r = privileges.has_privilege(UserPrivilegeType::Set);
+    assert!(r);
+
+    privileges.set_all_privileges();
+    let r = privileges.has_privilege(UserPrivilegeType::Create);
+    assert!(r);
+
+    Ok(())
+}
diff --git a/query/src/datasources/database/system/users_table_test.rs b/query/src/datasources/database/system/users_table_test.rs
@@ -18,6 +18,7 @@ use common_base::tokio;
 use common_exception::Result;
 use common_management::UserInfo;
 use common_meta_types::AuthType;
+use common_meta_types::UserPrivilege;
 use futures::TryStreamExt;
 use pretty_assertions::assert_eq;
 
@@ -36,6 +37,7 @@ async fn test_users_table() -> Result<()> {
             hostname: "localhost".to_string(),
             password: Vec::from(""),
             auth_type: AuthType::None,
+            privileges: UserPrivilege::empty(),
         })
         .await?;
     ctx.get_sessions_manager()
@@ -45,6 +47,7 @@ async fn test_users_table() -> Result<()> {
             hostname: "%".to_string(),
             password: Vec::from("123456789"),
             auth_type: AuthType::PlainText,
+            privileges: UserPrivilege::empty(),
         })
         .await?;
 

diff --git a/query/src/interpreters/interpreter_user_create.rs b/query/src/interpreters/interpreter_user_create.rs
@@ -16,6 +16,7 @@ use std::sync::Arc;
 
 use common_exception::Result;
 use common_management::UserInfo;
+use common_meta_types::UserPrivilege;
 use common_planners::CreateUserPlan;
 use common_streams::DataBlockStream;
 use common_streams::SendableDataBlockStream;
@@ -55,6 +56,7 @@ impl Interpreter for CreatUserInterpreter {
             hostname: plan.hostname,
             password: plan.password,
             auth_type: plan.auth_type,
+            privileges: UserPrivilege::empty(),
         };
         user_mgr.add_user(user_info).await?;
 

diff --git a/query/src/users/user.rs b/query/src/users/user.rs
@@ -15,6 +15,7 @@
 
 use common_management::UserInfo;
 use common_meta_types::AuthType;
+use common_meta_types::UserPrivilege;
 
 #[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq, Ord, PartialOrd)]
 pub struct User {
@@ -42,11 +43,13 @@ impl User {
 
 impl From<&User> for UserInfo {
     fn from(user: &User) -> Self {
+        let privileges = UserPrivilege::empty();
         UserInfo {
             name: user.name.clone(),
             hostname: user.hostname.clone(),
             password: Vec::from(user.password.clone()),
             auth_type: user.auth_type.clone(),
+            privileges,
         }
     }
 }