Skip to main content

risingwave_frontend/binder/relation/
table_or_source.rs

1// Copyright 2022 RisingWave Labs
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15use std::sync::Arc;
16
17use itertools::Itertools;
18use risingwave_common::acl::AclMode;
19use risingwave_common::bail_not_implemented;
20use risingwave_common::catalog::{Field, debug_assert_column_ids_distinct, is_system_schema};
21use risingwave_common::session_config::USER_NAME_WILD_CARD;
22use risingwave_connector::WithPropertiesExt;
23use risingwave_pb::user::grant_privilege::PbObject;
24use risingwave_sqlparser::ast::{AsOf, ObjectName, Statement, TableAlias};
25use risingwave_sqlparser::parser::Parser;
26use thiserror_ext::AsReport;
27
28use super::BoundShare;
29use crate::binder::relation::BoundShareInput;
30use crate::binder::{BindFor, Binder, Relation};
31use crate::catalog::root_catalog::SchemaPath;
32use crate::catalog::source_catalog::SourceCatalog;
33use crate::catalog::system_catalog::SystemTableCatalog;
34use crate::catalog::table_catalog::{TableCatalog, TableType};
35use crate::catalog::view_catalog::ViewCatalog;
36use crate::catalog::{CatalogError, DatabaseId, IndexCatalog, TableId};
37use crate::error::ErrorCode::PermissionDenied;
38use crate::error::{ErrorCode, Result, RwError};
39use crate::handler::privilege::ObjectCheckItem;
40
41#[derive(Debug, Clone)]
42pub struct BoundBaseTable {
43    pub table_id: TableId,
44    pub table_catalog: Arc<TableCatalog>,
45    pub table_indexes: Vec<Arc<IndexCatalog>>,
46    pub as_of: Option<AsOf>,
47}
48
49#[derive(Debug, Clone)]
50pub struct BoundSystemTable {
51    pub table_id: TableId,
52    pub sys_table_catalog: Arc<SystemTableCatalog>,
53}
54
55#[derive(Debug, Clone)]
56pub struct BoundSource {
57    pub catalog: SourceCatalog,
58    pub as_of: Option<AsOf>,
59}
60
61impl BoundSource {
62    pub fn is_shareable_cdc_connector(&self) -> bool {
63        self.catalog.with_properties.is_shareable_cdc_connector()
64    }
65
66    pub fn is_shared(&self) -> bool {
67        self.catalog.info.is_shared()
68    }
69}
70
71impl Binder {
72    pub fn bind_catalog_relation_by_object_name(
73        &mut self,
74        object_name: &ObjectName,
75        bind_creating_relations: bool,
76    ) -> Result<Relation> {
77        let (schema_name, table_name) =
78            Binder::resolve_schema_qualified_name(&self.db_name, object_name)?;
79        self.bind_catalog_relation_by_name(
80            None,
81            schema_name.as_deref(),
82            &table_name,
83            None,
84            None,
85            bind_creating_relations,
86        )
87    }
88
89    /// Binds table or source, or logical view according to what we get from the catalog.
90    pub fn bind_catalog_relation_by_name(
91        &mut self,
92        db_name: Option<&str>,
93        schema_name: Option<&str>,
94        table_name: &str,
95        alias: Option<&TableAlias>,
96        as_of: Option<&AsOf>,
97        bind_creating_relations: bool,
98    ) -> Result<Relation> {
99        // define some helper functions converting catalog to bound relation
100        let resolve_sys_table_relation = |sys_table_catalog: &Arc<SystemTableCatalog>| {
101            let table = BoundSystemTable {
102                table_id: sys_table_catalog.id(),
103                sys_table_catalog: sys_table_catalog.clone(),
104            };
105            (
106                Relation::SystemTable(Box::new(table)),
107                sys_table_catalog
108                    .columns
109                    .iter()
110                    .map(|c| (c.is_hidden, Field::from(&c.column_desc)))
111                    .collect_vec(),
112            )
113        };
114
115        // check db_name if exists first
116        if let Some(db_name) = db_name {
117            let _ = self.catalog.get_database_by_name(db_name)?;
118        }
119
120        // start to bind
121        let (ret, columns) = {
122            match schema_name {
123                Some(schema_name) => {
124                    let db_name = db_name.unwrap_or(&self.db_name).to_owned();
125                    let schema_path = SchemaPath::Name(schema_name);
126                    if is_system_schema(schema_name) {
127                        if let Ok(sys_table_catalog) =
128                            self.catalog
129                                .get_sys_table_by_name(&db_name, schema_name, table_name)
130                        {
131                            resolve_sys_table_relation(sys_table_catalog)
132                        } else if let Ok((view_catalog, _)) =
133                            self.catalog
134                                .get_view_by_name(&db_name, schema_path, table_name)
135                        {
136                            self.resolve_view_relation(&view_catalog.clone())?
137                        } else {
138                            bail_not_implemented!(
139                                issue = 1695,
140                                r###"{}.{} is not supported, please use `SHOW` commands for now.
141`SHOW TABLES`,
142`SHOW MATERIALIZED VIEWS`,
143`DESCRIBE <table>`,
144`SHOW COLUMNS FROM [table]`
145"###,
146                                schema_name,
147                                table_name
148                            );
149                        }
150                    } else if let Some(source_catalog) =
151                        self.temporary_source_manager.get_source(table_name)
152                    // don't care about the database and schema
153                    {
154                        self.resolve_source_relation(&source_catalog.clone(), as_of, true)?
155                    } else if let Ok((table_catalog, schema_name)) = self
156                        .catalog
157                        .get_any_table_by_name(&db_name, schema_path, table_name)
158                        && (bind_creating_relations
159                            || table_catalog.is_internal_table()
160                            || table_catalog.is_created())
161                    {
162                        self.resolve_table_relation(
163                            table_catalog.clone(),
164                            &db_name,
165                            schema_name,
166                            as_of,
167                        )?
168                    } else if let Ok((source_catalog, _)) =
169                        self.catalog
170                            .get_source_by_name(&db_name, schema_path, table_name)
171                    {
172                        self.resolve_source_relation(&source_catalog.clone(), as_of, false)?
173                    } else if let Ok((view_catalog, _)) =
174                        self.catalog
175                            .get_view_by_name(&db_name, schema_path, table_name)
176                    {
177                        self.resolve_view_relation(&view_catalog.clone())?
178                    } else if let Some(table_catalog) =
179                        self.staging_catalog_manager.get_table(table_name)
180                    {
181                        // don't care about the database and schema
182                        self.resolve_table_relation(
183                            table_catalog.clone().into(),
184                            &db_name,
185                            schema_name,
186                            as_of,
187                        )?
188                    } else {
189                        return Err(CatalogError::not_found("table or source", table_name).into());
190                    }
191                }
192                None => (|| {
193                    // If schema is not specified, db must be unspecified.
194                    // So we should always use current database here.
195                    assert!(db_name.is_none());
196                    let db_name = self.db_name.clone();
197                    let user_name = self.auth_context.user_name.clone();
198
199                    for path in self.search_path.path() {
200                        if is_system_schema(path)
201                            && let Ok(sys_table_catalog) = self
202                                .catalog
203                                .get_sys_table_by_name(&db_name, path, table_name)
204                        {
205                            return Ok(resolve_sys_table_relation(sys_table_catalog));
206                        } else {
207                            let schema_name = if path == USER_NAME_WILD_CARD {
208                                &user_name
209                            } else {
210                                &path.clone()
211                            };
212
213                            if let Ok(schema) =
214                                self.catalog.get_schema_by_name(&db_name, schema_name)
215                            {
216                                if let Some(source_catalog) =
217                                    self.temporary_source_manager.get_source(table_name)
218                                // don't care about the database and schema
219                                {
220                                    return self.resolve_source_relation(
221                                        &source_catalog.clone(),
222                                        as_of,
223                                        true,
224                                    );
225                                } else if let Some(table_catalog) =
226                                    schema.get_any_table_by_name(table_name)
227                                    && (bind_creating_relations
228                                        || table_catalog.is_internal_table()
229                                        || table_catalog.is_created())
230                                {
231                                    return self.resolve_table_relation(
232                                        table_catalog.clone(),
233                                        &db_name,
234                                        schema_name,
235                                        as_of,
236                                    );
237                                } else if let Some(source_catalog) =
238                                    schema.get_source_by_name(table_name)
239                                {
240                                    return self.resolve_source_relation(
241                                        &source_catalog.clone(),
242                                        as_of,
243                                        false,
244                                    );
245                                } else if let Some(view_catalog) =
246                                    schema.get_view_by_name(table_name)
247                                {
248                                    return self.resolve_view_relation(&view_catalog.clone());
249                                } else if let Some(table_catalog) =
250                                    self.staging_catalog_manager.get_table(table_name)
251                                {
252                                    // don't care about the database and schema
253                                    return self.resolve_table_relation(
254                                        table_catalog.clone().into(),
255                                        &db_name,
256                                        schema_name,
257                                        as_of,
258                                    );
259                                }
260                            }
261                        }
262                    }
263
264                    Err(CatalogError::not_found("table or source", table_name).into())
265                })()?,
266            }
267        };
268
269        self.bind_table_to_context(
270            columns,
271            table_name.to_owned(),
272            schema_name.map(|s| s.to_owned()),
273            alias,
274        )?;
275        Ok(ret)
276    }
277
278    pub(crate) fn check_privilege(
279        &self,
280        item: ObjectCheckItem,
281        database_id: DatabaseId,
282    ) -> Result<()> {
283        // security invoker is disabled for view, ignore privilege check.
284        if self.context.disable_security_invoker {
285            return Ok(());
286        }
287
288        match self.bind_for {
289            BindFor::Stream | BindFor::Batch => {
290                // reject sources for cross-db access
291                if matches!(self.bind_for, BindFor::Stream)
292                    && self.database_id != database_id
293                    && matches!(item.object, PbObject::SourceId(_))
294                {
295                    return Err(PermissionDenied(format!(
296                        "SOURCE \"{}\" is not allowed for cross-db access",
297                        item.name
298                    ))
299                    .into());
300                }
301                if let Some(user) = self.user.get_user_by_name(&self.auth_context.user_name) {
302                    if user.is_super || user.id == item.owner {
303                        return Ok(());
304                    }
305                    if !user.has_privilege(item.object, item.mode) {
306                        return Err(PermissionDenied(item.error_message()).into());
307                    }
308
309                    // check CONNECT privilege for cross-db access
310                    if self.database_id != database_id
311                        && !user.has_privilege(database_id, AclMode::Connect)
312                    {
313                        let db_name = self.catalog.get_database_by_id(database_id)?.name.clone();
314
315                        return Err(PermissionDenied(format!(
316                            "permission denied for database \"{db_name}\""
317                        ))
318                        .into());
319                    }
320                } else {
321                    return Err(PermissionDenied("Session user is invalid".to_owned()).into());
322                }
323            }
324            BindFor::Ddl | BindFor::System => {
325                // do nothing.
326            }
327        }
328        Ok(())
329    }
330
331    fn resolve_table_relation(
332        &mut self,
333        table_catalog: Arc<TableCatalog>,
334        db_name: &str,
335        schema_name: &str,
336        as_of: Option<&AsOf>,
337    ) -> Result<(Relation, Vec<(bool, Field)>)> {
338        let table_id = table_catalog.id();
339        let columns = table_catalog
340            .columns
341            .iter()
342            .map(|c| (c.is_hidden, Field::from(&c.column_desc)))
343            .collect_vec();
344        self.check_privilege(
345            ObjectCheckItem::new(
346                table_catalog.owner,
347                AclMode::Select,
348                table_catalog.name.clone(),
349                table_id,
350            ),
351            table_catalog.database_id,
352        )?;
353        self.included_relations.insert(table_id.as_object_id());
354
355        let table_indexes = self.resolve_table_indexes(db_name, schema_name, table_id)?;
356
357        let table = BoundBaseTable {
358            table_id,
359            table_catalog,
360            table_indexes,
361            as_of: as_of.cloned(),
362        };
363
364        Ok::<_, RwError>((Relation::BaseTable(Box::new(table)), columns))
365    }
366
367    fn resolve_source_relation(
368        &mut self,
369        source_catalog: &SourceCatalog,
370        as_of: Option<&AsOf>,
371        is_temporary: bool,
372    ) -> Result<(Relation, Vec<(bool, Field)>)> {
373        debug_assert_column_ids_distinct(&source_catalog.columns);
374        if !is_temporary {
375            self.check_privilege(
376                ObjectCheckItem::new(
377                    source_catalog.owner,
378                    AclMode::Select,
379                    source_catalog.name.clone(),
380                    source_catalog.id,
381                ),
382                source_catalog.database_id,
383            )?;
384        }
385        self.included_relations
386            .insert(source_catalog.id.as_object_id());
387        Ok((
388            Relation::Source(Box::new(BoundSource {
389                catalog: source_catalog.clone(),
390                as_of: as_of.cloned(),
391            })),
392            source_catalog
393                .columns
394                .iter()
395                .map(|c| (c.is_hidden, Field::from(&c.column_desc)))
396                .collect_vec(),
397        ))
398    }
399
400    fn resolve_view_relation(
401        &mut self,
402        view_catalog: &ViewCatalog,
403    ) -> Result<(Relation, Vec<(bool, Field)>)> {
404        if !view_catalog.is_system_view() {
405            self.check_privilege(
406                ObjectCheckItem::new(
407                    view_catalog.owner,
408                    AclMode::Select,
409                    view_catalog.name.clone(),
410                    view_catalog.id,
411                ),
412                view_catalog.database_id,
413            )?;
414        }
415
416        let ast = Parser::parse_sql(&view_catalog.sql)
417            .expect("a view's sql should be parsed successfully");
418        let Statement::Query(query) = Itertools::exactly_one(ast.into_iter())
419            .expect("a view should contain only one statement")
420        else {
421            unreachable!("a view should contain a query statement");
422        };
423        let query = self.bind_query_for_view(&query).map_err(|e| {
424            ErrorCode::BindError(format!(
425                "failed to bind view {}, sql: {}\nerror: {}",
426                view_catalog.name,
427                view_catalog.sql,
428                e.as_report()
429            ))
430        })?;
431
432        let columns = view_catalog.columns.clone();
433
434        if !itertools::equal(
435            query.schema().fields().iter().map(|f| &f.data_type),
436            view_catalog.columns.iter().map(|f| &f.data_type),
437        ) {
438            return Err(ErrorCode::BindError(format!(
439                "failed to bind view {}. The SQL's schema is different from catalog's schema sql: {}, bound schema: {:?}, catalog schema: {:?}",
440                view_catalog.name, view_catalog.sql, query.schema(), columns
441            )).into());
442        }
443
444        let share_id = match self.shared_views.get(&view_catalog.id) {
445            Some(share_id) => *share_id,
446            None => {
447                let share_id = self.next_share_id();
448                self.shared_views.insert(view_catalog.id, share_id);
449                self.included_relations
450                    .insert(view_catalog.id.as_object_id());
451                share_id
452            }
453        };
454        Ok((
455            Relation::Share(Box::new(BoundShare {
456                share_id,
457                input: BoundShareInput::Query(query),
458            })),
459            columns.iter().map(|c| (false, c.clone())).collect_vec(),
460        ))
461    }
462
463    fn resolve_table_indexes(
464        &self,
465        db_name: &str,
466        schema_name: &str,
467        table_id: TableId,
468    ) -> Result<Vec<Arc<IndexCatalog>>> {
469        let schema = self.catalog.get_schema_by_name(db_name, schema_name)?;
470        assert!(
471            schema.get_table_by_id(table_id).is_some() || table_id.is_placeholder(),
472            "table {table_id} not found in {db_name}.{schema_name}"
473        );
474
475        Ok(schema.get_created_indexes_by_table_id(table_id))
476    }
477
478    pub(crate) fn bind_table(
479        &mut self,
480        schema_name: Option<&str>,
481        table_name: &str,
482    ) -> Result<BoundBaseTable> {
483        let db_name = &self.db_name;
484        let schema_path = self.bind_schema_path(schema_name);
485        let (table_catalog, schema_name) =
486            self.catalog
487                .get_created_table_by_name(db_name, schema_path, table_name)?;
488        let table_catalog = table_catalog.clone();
489
490        let table_id = table_catalog.id();
491        let table_indexes = self.resolve_table_indexes(db_name, schema_name, table_id)?;
492
493        let columns = table_catalog.columns.clone();
494
495        self.bind_table_to_context(
496            columns
497                .iter()
498                .map(|c| (c.is_hidden, (&c.column_desc).into())),
499            table_name.to_owned(),
500            Some(schema_name.to_owned()),
501            None,
502        )?;
503
504        Ok(BoundBaseTable {
505            table_id,
506            table_catalog,
507            table_indexes,
508            as_of: None,
509        })
510    }
511
512    pub(crate) fn check_for_dml(table: &TableCatalog, is_insert: bool) -> Result<()> {
513        let table_name = &table.name;
514        match table.table_type() {
515            TableType::Table => {}
516            TableType::Index | TableType::VectorIndex => {
517                return Err(ErrorCode::InvalidInputSyntax(format!(
518                    "cannot change index \"{table_name}\""
519                ))
520                .into());
521            }
522            TableType::MaterializedView => {
523                return Err(ErrorCode::InvalidInputSyntax(format!(
524                    "cannot change materialized view \"{table_name}\""
525                ))
526                .into());
527            }
528            TableType::Internal => {
529                return Err(ErrorCode::InvalidInputSyntax(format!(
530                    "cannot change internal table \"{table_name}\""
531                ))
532                .into());
533            }
534        }
535
536        if table.append_only && !is_insert {
537            return Err(ErrorCode::BindError(
538                "append-only table does not support update or delete".to_owned(),
539            )
540            .into());
541        }
542
543        Ok(())
544    }
545}