ckaczor/sqltoolsservice
1
0
Fork 0
mirror of https://github.com/ckaczor/sqltoolsservice.git synced 2026-01-13 17:23:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

filter out db roles for user in sql db master (#2101)

Browse Source
This commit is contained in:
Hai Cao
2023-06-13 17:08:30 -07:00
committed by GitHub
parent c92bc71454
commit c21fde884f
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/ObjectTypes/User/UserHandler.cs
View File

@@ -201,6 +201,16 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
}
}
string[] dbRolesInDb;
if (isSqlAzure && string.Compare(parameters.Database, "master", true) == 0)
{
dbRolesInDb = currentUserPrototype.DatabaseRoleNames.Where(SecurableUtils.SpecialDbRolesInSqlDbMaster.Contains).ToArray();
}
else
{
dbRolesInDb = currentUserPrototype.DatabaseRoleNames.ToArray();
}
UserViewInfo userViewInfo = new UserViewInfo()
{
ObjectInfo = new UserInfo()
@@ -219,7 +229,7 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
Languages = languageOptionsList.ToArray(),
Schemas = currentUserPrototype.SchemaNames.ToArray(),
Logins = logins,
DatabaseRoles = currentUserPrototype.DatabaseRoleNames.ToArray(),
DatabaseRoles = dbRolesInDb,
SupportedSecurableTypes = SecurableUtils.GetSecurableTypeMetadata(SqlObjectType.User, dataContainer.Server.Version, parameters.Database, dataContainer.Server.DatabaseEngineType, dataContainer.Server.DatabaseEngineEdition)
};
var context = new UserViewContext(parameters, dataContainer.ServerConnection, currentUserPrototype.CurrentState);

4
src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/SecurableUtils.cs
View File

@@ -70,6 +70,10 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
</params>
</formdescription>";
// This is a set of special database roles exist only in the virtual master database of SQL DB.
// https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles?view=azuresqldb-current
public static HashSet<string> SpecialDbRolesInSqlDbMaster = new HashSet<string>(){"dbmanager", "loginmanager"};
public static SecurableTypeMetadata[] GetSecurableTypeMetadata(SqlObjectType objectType, Version serverVersion, string databaseName,DatabaseEngineType databaseEngineType, DatabaseEngineEdition engineEdition)
{
List<SecurableTypeMetadata> res = new List<SecurableTypeMetadata>();