Merge pull request #6 from tipee-sa/user-checker

[IND-519] SQL: Add current user clause to every queries

go.mod

@@ -496,6 +496,7 @@ require (
 	github.com/mithrandie/go-file/v2 v2.1.0 // indirect
 	github.com/mithrandie/go-text v1.5.4 // indirect
 	github.com/mithrandie/ternary v1.1.1 // indirect
+	github.com/xwb1989/sqlparser v0.0.0-20180606152119-120387863bf2 // indirect
 )
 
 // Use fork of crewjam/saml with fixes for some issues until changes get merged into upstream

go.sum

@@ -3647,6 +3647,8 @@ github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
 github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM=
+github.com/xwb1989/sqlparser v0.0.0-20180606152119-120387863bf2 h1:zzrxE1FKn5ryBNl9eKOeqQ58Y/Qpo3Q9QNxKHX5uzzQ=
+github.com/xwb1989/sqlparser v0.0.0-20180606152119-120387863bf2/go.mod h1:hzfGeIUDq/j97IG+FhNqkowIyEcD88LrW6fyU3K3WqY=
 github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI=
 github.com/yalue/merged_fs v1.2.2 h1:vXHTpJBluJryju7BBpytr3PDIkzsPMpiEknxVGPhN/I=
 github.com/yalue/merged_fs v1.2.2/go.mod h1:WqqchfVYQyclV2tnR7wtRhBddzBvLVR83Cjw9BKQw0M=

pkg/tsdb/sqleng/sql_engine.go

@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/xwb1989/sqlparser"
 	"net"
 	"regexp"
 	"strconv"
@@ -183,7 +184,7 @@ func (e *DataSourceHandler) QueryData(ctx context.Context, req *backend.QueryDat
 		}
 
 		wg.Add(1)
-		go e.executeQuery(query, &wg, ctx, ch, queryjson)
+		go e.executeQuery(query, &wg, ctx, ch, queryjson, req)
 	}
 
 	wg.Wait()
@@ -205,7 +206,7 @@ func stackTrace(skip int) string {
 }
 
 func (e *DataSourceHandler) executeQuery(query backend.DataQuery, wg *sync.WaitGroup, queryContext context.Context,
-	ch chan DBDataResponse, queryJson QueryJson) {
+	ch chan DBDataResponse, queryJson QueryJson, req *backend.QueryDataRequest) {
 	defer wg.Done()
 	queryResult := DBDataResponse{
 		dataResponse: backend.DataResponse{},
@@ -254,6 +255,12 @@ func (e *DataSourceHandler) executeQuery(query backend.DataQuery, wg *sync.WaitG
 		return
 	}
 
+	interpolatedQuery, err = whereUsernameEquals(interpolatedQuery, req.PluginContext.User.Login)
+	if err != nil {
+		errAppendDebug("add current user clause failed", e.TransformQueryError(logger, err), interpolatedQuery)
+		return
+	}
+
 	rows, err := e.db.QueryContext(queryContext, interpolatedQuery)
 	if err != nil {
 		errAppendDebug("db query error", e.TransformQueryError(logger, err), interpolatedQuery)
@@ -366,6 +373,26 @@ func (e *DataSourceHandler) executeQuery(query backend.DataQuery, wg *sync.WaitG
 	ch <- queryResult
 }
 
+func whereUsernameEquals(query string, username string) (string, error) {
+	stmt, err := sqlparser.Parse(query)
+	if err != nil {
+		return "", err
+	}
+
+	selectStmt, ok := stmt.(*sqlparser.Select)
+	if !ok {
+		return query, nil
+	}
+
+	selectStmt.AddWhere(&sqlparser.ComparisonExpr{
+		Operator: sqlparser.EqualStr,
+		Left:     &sqlparser.ColName{Name: sqlparser.NewColIdent("username")},
+		Right:    sqlparser.NewStrVal([]byte(username)),
+	})
+
+	return sqlparser.String(selectStmt), nil
+}
+
 // Interpolate provides global macros/substitutions for all sql datasources.
 var Interpolate = func(query backend.DataQuery, timeRange backend.TimeRange, timeInterval string, sql string) string {
 	interval := query.Interval