Files
2026-07-13 12:32:25 +08:00

144 lines
4.5 KiB
Go

// Copyright 2023 Dolthub, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package ast
import (
"strings"
"github.com/cockroachdb/errors"
vitess "github.com/dolthub/vitess/go/vt/sqlparser"
"github.com/dolthub/doltgresql/postgres/parser/sem/tree"
pgnodes "github.com/dolthub/doltgresql/server/node"
)
// nodeCreateRole handles *tree.CreateRole nodes.
func nodeCreateRole(ctx *Context, node *tree.CreateRole) (vitess.Statement, error) {
if node == nil {
return nil, nil
}
if len(node.Name) == 0 {
// The parser should make this impossible, but extra error checking is never bad
return nil, errors.New(`role name cannot be empty`)
}
switch node.Name {
case `public`:
return nil, errors.New(`role name "public" is reserved`)
case `current_role`, `current_user`, `session_user`:
return nil, errors.Errorf(`%s cannot be used as a role name here`, strings.ToUpper(node.Name))
}
createRole := &pgnodes.CreateRole{
Name: node.Name,
IfNotExists: node.IfNotExists,
Password: "",
IsPasswordNull: true,
IsSuperUser: false,
CanCreateDB: false,
CanCreateRoles: false,
InheritPrivileges: true,
CanLogin: !node.IsRole,
IsReplicationRole: false,
CanBypassRowLevelSecurity: false,
ConnectionLimit: -1,
ValidUntil: "",
IsValidUntilSet: false,
AddToRoles: nil,
AddAsMembers: nil,
AddAsAdminMembers: nil,
}
for _, kvOption := range node.KVOptions {
switch strings.ToUpper(string(kvOption.Key)) {
case "BYPASSRLS":
createRole.CanBypassRowLevelSecurity = true
case "CONNECTION_LIMIT":
switch value := kvOption.Value.(type) {
case *tree.DInt:
if value == nil {
createRole.ConnectionLimit = -1
} else {
// We enforce that only int32 values will fit here in the parser
createRole.ConnectionLimit = int32(*value)
}
case tree.NullLiteral:
createRole.ConnectionLimit = -1
default:
return nil, errors.Errorf(`unknown role option value (%T) for option "%s"`, kvOption.Value, kvOption.Key)
}
case "CREATEDB":
createRole.CanCreateDB = true
case "CREATEROLE":
createRole.CanCreateRoles = true
case "INHERIT":
createRole.InheritPrivileges = true
case "LOGIN":
createRole.CanLogin = true
case "NOBYPASSRLS":
createRole.CanBypassRowLevelSecurity = false
case "NOCREATEDB":
createRole.CanCreateDB = false
case "NOCREATEROLE":
createRole.CanCreateRoles = false
case "NOINHERIT":
createRole.InheritPrivileges = false
case "NOLOGIN":
createRole.CanLogin = false
case "NOREPLICATION":
createRole.IsReplicationRole = false
case "NOSUPERUSER":
createRole.IsSuperUser = false
case "PASSWORD":
switch value := kvOption.Value.(type) {
case *tree.DString:
if value == nil {
createRole.Password = ""
createRole.IsPasswordNull = true
} else {
createRole.Password = string(*value)
createRole.IsPasswordNull = false
}
case tree.NullLiteral:
createRole.Password = ""
createRole.IsPasswordNull = true
default:
return nil, errors.Errorf(`unknown role option value (%T) for option "%s"`, kvOption.Value, kvOption.Key)
}
case "REPLICATION":
createRole.IsReplicationRole = true
case "SUPERUSER":
createRole.IsSuperUser = true
case "SYSID":
// This is an option that is ignored by Postgres. Assuming it used to be relevant, but not any longer.
case "VALID_UNTIL":
strVal, ok := kvOption.Value.(*tree.DString)
if !ok {
return nil, errors.Errorf(`unknown role option value (%T) for option "%s"`, kvOption.Value, kvOption.Key)
}
if strVal == nil {
createRole.ValidUntil = ""
createRole.IsValidUntilSet = false
} else {
createRole.ValidUntil = string(*strVal)
createRole.IsValidUntilSet = true
}
default:
return nil, errors.Errorf(`unknown role option "%s"`, kvOption.Key)
}
}
return vitess.InjectedStatement{
Statement: createRole,
Children: nil,
}, nil
}