From d2354caf8f0fca681064fe838a9db8e4cba8beb2 Mon Sep 17 00:00:00 2001 From: Gerard Guillemas Martos Date: Fri, 23 Aug 2024 12:49:28 +0200 Subject: [PATCH] Rename access-related keys to prevent collisions (#4589) --- core/src/key/database/{access => }/ac.rs | 0 core/src/key/database/access/all.rs | 4 ++-- core/src/key/database/access/gr.rs | 8 ++++---- core/src/key/database/access/mod.rs | 1 - core/src/key/database/mod.rs | 1 + core/src/key/mod.rs | 21 ++++++++++++--------- core/src/key/namespace/{access => }/ac.rs | 0 core/src/key/namespace/access/all.rs | 4 ++-- core/src/key/namespace/access/gr.rs | 8 ++++---- core/src/key/namespace/access/mod.rs | 1 - core/src/key/namespace/mod.rs | 1 + core/src/key/root/{access => }/ac.rs | 0 core/src/key/root/access/all.rs | 4 ++-- core/src/key/root/access/gr.rs | 8 ++++---- core/src/key/root/access/mod.rs | 1 - core/src/key/root/mod.rs | 1 + core/src/kvs/tx.rs | 18 +++++++++--------- core/src/sql/statements/define/access.rs | 6 +++--- core/src/sql/statements/remove/access.rs | 6 +++--- 19 files changed, 48 insertions(+), 45 deletions(-) rename core/src/key/database/{access => }/ac.rs (100%) rename core/src/key/namespace/{access => }/ac.rs (100%) rename core/src/key/root/{access => }/ac.rs (100%) diff --git a/core/src/key/database/access/ac.rs b/core/src/key/database/ac.rs similarity index 100% rename from core/src/key/database/access/ac.rs rename to core/src/key/database/ac.rs diff --git a/core/src/key/database/access/all.rs b/core/src/key/database/access/all.rs index 5b148efc..7dd58f1f 100644 --- a/core/src/key/database/access/all.rs +++ b/core/src/key/database/access/all.rs @@ -34,7 +34,7 @@ impl<'a> Access<'a> { ns, _b: b'*', db, - _c: b'*', + _c: b'&', ac, } } @@ -52,7 +52,7 @@ mod tests { "testac", ); let enc = Access::encode(&val).unwrap(); - assert_eq!(enc, b"/*testns\0*testdb\0*testac\0"); + assert_eq!(enc, b"/*testns\0*testdb\0&testac\0"); let dec = Access::decode(&enc).unwrap(); assert_eq!(val, dec); diff --git a/core/src/key/database/access/gr.rs b/core/src/key/database/access/gr.rs index 2b02d123..dc6473f4 100644 --- a/core/src/key/database/access/gr.rs +++ b/core/src/key/database/access/gr.rs @@ -50,7 +50,7 @@ impl<'a> Gr<'a> { ns, _b: b'*', db, - _c: b'*', + _c: b'&', ac, _d: b'!', _e: b'g', @@ -73,7 +73,7 @@ mod tests { "testgr", ); let enc = Gr::encode(&val).unwrap(); - assert_eq!(enc, b"/*testns\0*testdb\0*testac\0!grtestgr\0"); + assert_eq!(enc, b"/*testns\0*testdb\0&testac\0!grtestgr\0"); let dec = Gr::decode(&enc).unwrap(); assert_eq!(val, dec); @@ -82,12 +82,12 @@ mod tests { #[test] fn test_prefix() { let val = super::prefix("testns", "testdb", "testac"); - assert_eq!(val, b"/*testns\0*testdb\0*testac\0!gr\0"); + assert_eq!(val, b"/*testns\0*testdb\0&testac\0!gr\0"); } #[test] fn test_suffix() { let val = super::suffix("testns", "testdb", "testac"); - assert_eq!(val, b"/*testns\0*testdb\0*testac\0!gr\xff"); + assert_eq!(val, b"/*testns\0*testdb\0&testac\0!gr\xff"); } } diff --git a/core/src/key/database/access/mod.rs b/core/src/key/database/access/mod.rs index f88661a1..e41aa3d8 100644 --- a/core/src/key/database/access/mod.rs +++ b/core/src/key/database/access/mod.rs @@ -1,3 +1,2 @@ -pub mod ac; pub mod all; pub mod gr; diff --git a/core/src/key/database/mod.rs b/core/src/key/database/mod.rs index 5384da3e..d8232ad9 100644 --- a/core/src/key/database/mod.rs +++ b/core/src/key/database/mod.rs @@ -1,3 +1,4 @@ +pub mod ac; pub mod access; pub mod all; pub mod az; diff --git a/core/src/key/mod.rs b/core/src/key/mod.rs index 8feec5da..5954dce0 100644 --- a/core/src/key/mod.rs +++ b/core/src/key/mod.rs @@ -3,9 +3,7 @@ /// crate::key::version !v /// /// crate::key::root::all / -/// crate::key::root::access::all /*{ac} -/// crate::key::root::access::ac /!ac{ac} -/// crate::key::root::access::gr /*{ac}!gr{gr} +/// crate::key::root::ac /!ac{ac} /// crate::key::root::hb /!hb{ts}/{nd} /// crate::key::root::nd /!nd{nd} /// crate::key::root::ni /!ni @@ -15,19 +13,21 @@ /// crate::key::node::all /${nd} /// crate::key::node::lq /${nd}!lq{lq}{ns}{db} /// +/// crate::key::root::access::all /&{ac} +/// crate::key::root::access::gr /&{ac}!gr{gr} +/// /// crate::key::namespace::all /*{ns} -/// crate::key::namespace::access::all /*{ns}*{ac} -/// crate::key::namespace::access::ac /*{ns}!ac{ac} -/// crate::key::namespace::access::gr /*{ns}*{ac}!gr{gr} +/// crate::key::namespace::ac /*{ns}!ac{ac} /// crate::key::namespace::db /*{ns}!db{db} /// crate::key::namespace::di /+{ns id}!di /// crate::key::namespace::lg /*{ns}!lg{lg} /// crate::key::namespace::us /*{ns}!us{us} /// +/// crate::key::namespace::access::all /*{ns}&{ac} +/// crate::key::namespace::access::gr /*{ns}&{ac}!gr{gr} +/// /// crate::key::database::all /*{ns}*{db} -/// crate::key::database::access::all /*{ns}*{db}*{ac} -/// crate::key::database::access::ac /*{ns}*{db}!ac{ac} -/// crate::key::database::access::gr /*{ns}*{db}*{ac}!gr{gr} +/// crate::key::database::ac /*{ns}*{db}!ac{ac} /// crate::key::database::az /*{ns}*{db}!az{az} /// crate::key::database::fc /*{ns}*{db}!fn{fc} /// crate::key::database::ml /*{ns}*{db}!ml{ml}{vn} @@ -38,6 +38,9 @@ /// crate::key::database::us /*{ns}*{db}!us{us} /// crate::key::database::vs /*{ns}*{db}!vs /// +/// crate::key::database::access::all /*{ns}*{db}&{ac} +/// crate::key::database::access::gr /*{ns}*{db}&{ac}!gr{gr} +/// /// crate::key::table::all /*{ns}*{db}*{tb} /// crate::key::table::ev /*{ns}*{db}*{tb}!ev{ev} /// crate::key::table::fd /*{ns}*{db}*{tb}!fd{fd} diff --git a/core/src/key/namespace/access/ac.rs b/core/src/key/namespace/ac.rs similarity index 100% rename from core/src/key/namespace/access/ac.rs rename to core/src/key/namespace/ac.rs diff --git a/core/src/key/namespace/access/all.rs b/core/src/key/namespace/access/all.rs index 691faf6e..7b47caba 100644 --- a/core/src/key/namespace/access/all.rs +++ b/core/src/key/namespace/access/all.rs @@ -30,7 +30,7 @@ impl<'a> Access<'a> { __: b'/', _a: b'*', ns, - _b: b'*', + _b: b'&', ac, } } @@ -47,7 +47,7 @@ mod tests { "testac", ); let enc = Access::encode(&val).unwrap(); - assert_eq!(enc, b"/*testns\0*testac\0"); + assert_eq!(enc, b"/*testns\0&testac\0"); let dec = Access::decode(&enc).unwrap(); assert_eq!(val, dec); diff --git a/core/src/key/namespace/access/gr.rs b/core/src/key/namespace/access/gr.rs index 3dccae0a..449bd983 100644 --- a/core/src/key/namespace/access/gr.rs +++ b/core/src/key/namespace/access/gr.rs @@ -46,7 +46,7 @@ impl<'a> Gr<'a> { __: b'/', _a: b'*', ns, - _b: b'*', + _b: b'&', ac, _c: b'!', _d: b'g', @@ -68,7 +68,7 @@ mod tests { "testgr", ); let enc = Gr::encode(&val).unwrap(); - assert_eq!(enc, b"/*testns\0*testac\0!grtestgr\0"); + assert_eq!(enc, b"/*testns\0&testac\0!grtestgr\0"); let dec = Gr::decode(&enc).unwrap(); assert_eq!(val, dec); @@ -77,12 +77,12 @@ mod tests { #[test] fn test_prefix() { let val = super::prefix("testns", "testac"); - assert_eq!(val, b"/*testns\0*testac\0!gr\0"); + assert_eq!(val, b"/*testns\0&testac\0!gr\0"); } #[test] fn test_suffix() { let val = super::suffix("testns", "testac"); - assert_eq!(val, b"/*testns\0*testac\0!gr\xff"); + assert_eq!(val, b"/*testns\0&testac\0!gr\xff"); } } diff --git a/core/src/key/namespace/access/mod.rs b/core/src/key/namespace/access/mod.rs index f88661a1..e41aa3d8 100644 --- a/core/src/key/namespace/access/mod.rs +++ b/core/src/key/namespace/access/mod.rs @@ -1,3 +1,2 @@ -pub mod ac; pub mod all; pub mod gr; diff --git a/core/src/key/namespace/mod.rs b/core/src/key/namespace/mod.rs index 132f569f..cd25efe8 100644 --- a/core/src/key/namespace/mod.rs +++ b/core/src/key/namespace/mod.rs @@ -1,3 +1,4 @@ +pub mod ac; pub mod access; pub mod all; pub mod db; diff --git a/core/src/key/root/access/ac.rs b/core/src/key/root/ac.rs similarity index 100% rename from core/src/key/root/access/ac.rs rename to core/src/key/root/ac.rs diff --git a/core/src/key/root/access/all.rs b/core/src/key/root/access/all.rs index 47229bdb..39ce1af6 100644 --- a/core/src/key/root/access/all.rs +++ b/core/src/key/root/access/all.rs @@ -26,7 +26,7 @@ impl<'a> Access<'a> { pub fn new(ac: &'a str) -> Self { Self { __: b'/', - _a: b'*', + _a: b'&', ac, } } @@ -42,7 +42,7 @@ mod tests { "testac", ); let enc = Access::encode(&val).unwrap(); - assert_eq!(enc, b"/*testac\0"); + assert_eq!(enc, b"/&testac\0"); let dec = Access::decode(&enc).unwrap(); assert_eq!(val, dec); diff --git a/core/src/key/root/access/gr.rs b/core/src/key/root/access/gr.rs index 3d34fadc..d48f1f4c 100644 --- a/core/src/key/root/access/gr.rs +++ b/core/src/key/root/access/gr.rs @@ -42,7 +42,7 @@ impl<'a> Gr<'a> { pub fn new(ac: &'a str, gr: &'a str) -> Self { Self { __: b'/', - _a: b'*', + _a: b'&', ac, _b: b'!', _c: b'g', @@ -63,7 +63,7 @@ mod tests { "testgr", ); let enc = Gr::encode(&val).unwrap(); - assert_eq!(enc, b"/*testac\0!grtestgr\0"); + assert_eq!(enc, b"/&testac\0!grtestgr\0"); let dec = Gr::decode(&enc).unwrap(); assert_eq!(val, dec); @@ -72,12 +72,12 @@ mod tests { #[test] fn test_prefix() { let val = super::prefix("testac"); - assert_eq!(val, b"/*testac\0!gr\0"); + assert_eq!(val, b"/&testac\0!gr\0"); } #[test] fn test_suffix() { let val = super::suffix("testac"); - assert_eq!(val, b"/*testac\0!gr\xff"); + assert_eq!(val, b"/&testac\0!gr\xff"); } } diff --git a/core/src/key/root/access/mod.rs b/core/src/key/root/access/mod.rs index f88661a1..e41aa3d8 100644 --- a/core/src/key/root/access/mod.rs +++ b/core/src/key/root/access/mod.rs @@ -1,3 +1,2 @@ -pub mod ac; pub mod all; pub mod gr; diff --git a/core/src/key/root/mod.rs b/core/src/key/root/mod.rs index 49f34212..86c96f2b 100644 --- a/core/src/key/root/mod.rs +++ b/core/src/key/root/mod.rs @@ -1,3 +1,4 @@ +pub mod ac; pub mod access; pub mod all; pub mod nd; diff --git a/core/src/kvs/tx.rs b/core/src/kvs/tx.rs index 2fb61b1b..6c1d5419 100644 --- a/core/src/kvs/tx.rs +++ b/core/src/kvs/tx.rs @@ -347,12 +347,12 @@ impl Transaction { /// Retrieve all ROOT level accesses in a datastore. #[instrument(level = "trace", target = "surrealdb::core::kvs::tx", skip(self))] pub async fn all_root_accesses(&self) -> Result, Error> { - let key = crate::key::root::access::ac::prefix(); + let key = crate::key::root::ac::prefix(); let res = self.cache.get_value_or_guard_async(&key).await; Ok(match res { Ok(val) => val, Err(cache) => { - let end = crate::key::root::access::ac::suffix(); + let end = crate::key::root::ac::suffix(); let val = self.getr(key..end).await?; let val = val.convert().into(); let val = Entry::Ras(Arc::clone(&val)); @@ -423,12 +423,12 @@ impl Transaction { /// Retrieve all namespace access definitions for a specific namespace. #[instrument(level = "trace", target = "surrealdb::core::kvs::tx", skip(self))] pub async fn all_ns_accesses(&self, ns: &str) -> Result, Error> { - let key = crate::key::namespace::access::ac::prefix(ns); + let key = crate::key::namespace::ac::prefix(ns); let res = self.cache.get_value_or_guard_async(&key).await; Ok(match res { Ok(val) => val, Err(cache) => { - let end = crate::key::namespace::access::ac::suffix(ns); + let end = crate::key::namespace::ac::suffix(ns); let val = self.getr(key..end).await?; let val = val.convert().into(); let val = Entry::Nas(Arc::clone(&val)); @@ -511,12 +511,12 @@ impl Transaction { ns: &str, db: &str, ) -> Result, Error> { - let key = crate::key::database::access::ac::prefix(ns, db); + let key = crate::key::database::ac::prefix(ns, db); let res = self.cache.get_value_or_guard_async(&key).await; Ok(match res { Ok(val) => val, Err(cache) => { - let end = crate::key::database::access::ac::suffix(ns, db); + let end = crate::key::database::ac::suffix(ns, db); let val = self.getr(key..end).await?; let val = val.convert().into(); let val = Entry::Das(Arc::clone(&val)); @@ -825,7 +825,7 @@ impl Transaction { /// Retrieve a specific root access definition. #[instrument(level = "trace", target = "surrealdb::core::kvs::tx", skip(self))] pub async fn get_root_access(&self, ra: &str) -> Result, Error> { - let key = crate::key::root::access::ac::new(ra).encode()?; + let key = crate::key::root::ac::new(ra).encode()?; let res = self.cache.get_value_or_guard_async(&key).await; Ok(match res { Ok(val) => val, @@ -916,7 +916,7 @@ impl Transaction { ns: &str, na: &str, ) -> Result, Error> { - let key = crate::key::namespace::access::ac::new(ns, na).encode()?; + let key = crate::key::namespace::ac::new(ns, na).encode()?; let res = self.cache.get_value_or_guard_async(&key).await; Ok(match res { Ok(val) => val, @@ -1017,7 +1017,7 @@ impl Transaction { db: &str, da: &str, ) -> Result, Error> { - let key = crate::key::database::access::ac::new(ns, db, da).encode()?; + let key = crate::key::database::ac::new(ns, db, da).encode()?; let res = self.cache.get_value_or_guard_async(&key).await; Ok(match res { Ok(val) => val, diff --git a/core/src/sql/statements/define/access.rs b/core/src/sql/statements/define/access.rs index 366d9b30..a78feceb 100644 --- a/core/src/sql/statements/define/access.rs +++ b/core/src/sql/statements/define/access.rs @@ -83,7 +83,7 @@ impl DefineAccessStatement { } } // Process the statement - let key = crate::key::root::access::ac::new(&self.name); + let key = crate::key::root::ac::new(&self.name); txn.set( key, DefineAccessStatement { @@ -115,7 +115,7 @@ impl DefineAccessStatement { } } // Process the statement - let key = crate::key::namespace::access::ac::new(opt.ns()?, &self.name); + let key = crate::key::namespace::ac::new(opt.ns()?, &self.name); txn.get_or_add_ns(opt.ns()?, opt.strict).await?; txn.set( key, @@ -149,7 +149,7 @@ impl DefineAccessStatement { } } // Process the statement - let key = crate::key::database::access::ac::new(opt.ns()?, opt.db()?, &self.name); + let key = crate::key::database::ac::new(opt.ns()?, opt.db()?, &self.name); txn.get_or_add_ns(opt.ns()?, opt.strict).await?; txn.get_or_add_db(opt.ns()?, opt.db()?, opt.strict).await?; txn.set( diff --git a/core/src/sql/statements/remove/access.rs b/core/src/sql/statements/remove/access.rs index fb02d15e..61b39624 100644 --- a/core/src/sql/statements/remove/access.rs +++ b/core/src/sql/statements/remove/access.rs @@ -33,7 +33,7 @@ impl RemoveAccessStatement { // Get the definition let ac = txn.get_root_access(&self.name).await?; // Delete the definition - let key = crate::key::root::access::ac::new(&ac.name); + let key = crate::key::root::ac::new(&ac.name); txn.del(key).await?; // Delete any associated data including access grants. let key = crate::key::root::access::all::new(&ac.name); @@ -49,7 +49,7 @@ impl RemoveAccessStatement { // Get the definition let ac = txn.get_ns_access(opt.ns()?, &self.name).await?; // Delete the definition - let key = crate::key::namespace::access::ac::new(opt.ns()?, &ac.name); + let key = crate::key::namespace::ac::new(opt.ns()?, &ac.name); txn.del(key).await?; // Delete any associated data including access grants. let key = crate::key::namespace::access::all::new(opt.ns()?, &ac.name); @@ -65,7 +65,7 @@ impl RemoveAccessStatement { // Get the definition let ac = txn.get_db_access(opt.ns()?, opt.db()?, &self.name).await?; // Delete the definition - let key = crate::key::database::access::ac::new(opt.ns()?, opt.db()?, &ac.name); + let key = crate::key::database::ac::new(opt.ns()?, opt.db()?, &ac.name); txn.del(key).await?; // Delete any associated data including access grants. let key =