func (self *LevelDbDatastore) ExecuteQuery(user common.User, database string, query *parser.SelectQuery, yield func(*protocol.Series) error, ringFilter func(database, series *string, time *int64) bool) error { seriesAndColumns := query.GetReferencedColumns() hasAccess := true for series, columns := range seriesAndColumns { if regex, ok := series.GetCompiledRegex(); ok { seriesNames := self.getSeriesForDbAndRegex(database, regex) for _, name := range seriesNames { if !user.HasReadAccess(name) { hasAccess = false continue } err := self.executeQueryForSeries(database, name, columns, query, yield, ringFilter) if err != nil { return err } } } else { if !user.HasReadAccess(series.Name) { hasAccess = false continue } err := self.executeQueryForSeries(database, series.Name, columns, query, yield, ringFilter) if err != nil { return err } } } if !hasAccess { return fmt.Errorf("You don't have permission to access one or more time series") } return nil }
func (self *CoordinatorImpl) checkPermission(user common.User, querySpec *parser.QuerySpec) error { // if this isn't a regex query do the permission check here fromClause := querySpec.SelectQuery().GetFromClause() for _, n := range fromClause.Names { if _, ok := n.Name.GetCompiledRegex(); ok { break } else if name := n.Name.Name; !user.HasReadAccess(name) { return fmt.Errorf("User doesn't have read access to %s", name) } } return nil }