func (self *LevelDbDatastore) ExecuteQuery(user common.User, database string,
query *parser.SelectQuery, yield func(*protocol.Series) error,
ringFilter func(database, series *string, time *int64) bool) error {
seriesAndColumns := query.GetReferencedColumns()
hasAccess := true
for series, columns := range seriesAndColumns {
if regex, ok := series.GetCompiledRegex(); ok {
seriesNames := self.getSeriesForDbAndRegex(database, regex)
for _, name := range seriesNames {
if !user.HasReadAccess(name) {
hasAccess = false
continue
}
err := self.executeQueryForSeries(database, name, columns, query, yield, ringFilter)
if err != nil {
return err
}
}
} else {
if !user.HasReadAccess(series.Name) {
hasAccess = false
continue
}
err := self.executeQueryForSeries(database, series.Name, columns, query, yield, ringFilter)
if err != nil {
return err
}
}
}
if !hasAccess {
return fmt.Errorf("You don't have permission to access one or more time series")
}
return nil
}
func (self *CoordinatorImpl) checkPermission(user common.User, querySpec *parser.QuerySpec) error {
// if this isn't a regex query do the permission check here
fromClause := querySpec.SelectQuery().GetFromClause()
for _, n := range fromClause.Names {
if _, ok := n.Name.GetCompiledRegex(); ok {
break
} else if name := n.Name.Name; !user.HasReadAccess(name) {
return fmt.Errorf("User doesn't have read access to %s", name)
}
}
return nil
}