Fix a few securable search/permission issue related to Azure (#2056)

2026-01-13 17:23:02 -05:00 · 2023-05-11 13:15:08 -07:00
parent d525e88672
commit f655c6d660
2 changed files with 23 additions and 5 deletions
--- a/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/ObjectTypes/Security/LoginData.cs
+++ b/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/ObjectTypes/Security/LoginData.cs
@@ -2100,8 +2100,11 @@ INNER JOIN sys.sql_logins AS sql_logins
            this.comparer       = new SqlCollationSensitiveStringComparer(server.Information.Collation);
            this.securablePermissions = SecurableUtils.GetSecurablePermissions(this.exists, PrincipalType.Login, login, context);
            this.principal = SecurableUtils.CreatePrincipal(true, PrincipalType.Login, login, null, context);
+            if (context.Server.DatabaseEngineType != DatabaseEngineType.SqlAzureDatabase)
+            {
                this.principal.AddExistingSecurables();
            }
+        }

        /// <summary>
        /// constructor
--- a/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/SecurableUtils.cs
+++ b/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/SecurableUtils.cs
@@ -82,7 +82,7 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
                case SqlObjectType.ApplicationRole:
                case SqlObjectType.DatabaseRole:
                case SqlObjectType.User:
-                    AddSecurableTypeMetadata(res, securableTypesForDbLevel, null, serverVersion, databaseName, databaseEngineType, engineEdition);
+                    AddSecurableTypeMetadata(res, securableTypesForDbLevel, databaseEngineType == DatabaseEngineType.SqlAzureDatabase ? new SearchableObjectType[] {SearchableObjectType.ServiceQueue} : null, serverVersion, databaseName, databaseEngineType, engineEdition);
                    break;
                default:
                    break;
@@ -90,7 +90,7 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
            return res.ToArray();
        }

-        private static void AddSecurableTypeMetadata(List<SecurableTypeMetadata> res, SearchableObjectType[] supportedTypes, SearchableObjectType[] excludeList, Version serverVersion, string databaseName,DatabaseEngineType databaseEngineType, DatabaseEngineEdition engineEdition)
+        private static void AddSecurableTypeMetadata(List<SecurableTypeMetadata> res, SearchableObjectType[] supportedTypes, SearchableObjectType[]? excludeList, Version serverVersion, string databaseName,DatabaseEngineType databaseEngineType, DatabaseEngineEdition engineEdition)
        {
            foreach(SearchableObjectType t in supportedTypes)
            {
@@ -125,6 +125,11 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement

        public static SecurablePermissions[] GetSecurablePermissions(bool principalExists, PrincipalType principalType, SqlSmoObject o, CDataContainer dataContainer)
        {
+            if (principalType == PrincipalType.Login && dataContainer?.Server?.DatabaseEngineType == DatabaseEngineType.SqlAzureDatabase)
+            {
+                return new SecurablePermissions[0];
+            }
+
            List<SecurablePermissions> res = new List<SecurablePermissions>();
            Principal principal;

@@ -169,7 +174,7 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
                    Schema = s.Schema,
                    Type = s.TypeName,
                    Permissions = permissions,
-                    EffectivePermissions = CanHaveEffectivePermissions(principalType) ? GetEffectivePermissions(dataContainer, s, principal) : new string[0]
+                    EffectivePermissions = CanHaveEffectivePermissions(principalType, dataContainer) ? GetEffectivePermissions(dataContainer, s, principal) : new string[0]
                };
                res.Add(secPerm);
            }
@@ -177,8 +182,13 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
            return res.ToArray();
        }

-        public static bool CanHaveEffectivePermissions(PrincipalType principalType)
+        public static bool CanHaveEffectivePermissions(PrincipalType principalType, CDataContainer dataContainer)
        {
+            if (dataContainer?.Server?.DatabaseEngineType == DatabaseEngineType.SqlAzureDatabase)
+            {
+                return false;
+            }
+
            if (principalType == PrincipalType.ServerRole || principalType == PrincipalType.DatabaseRole || principalType == PrincipalType.ApplicationRole)
            {
                return false;
@@ -445,6 +455,11 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
                return;
            }

+            if (principal.PrincipalType == PrincipalType.Login && dataContainer.Server.DatabaseEngineType == DatabaseEngineType.SqlAzureDatabase)
+            {
+                return;
+            }
+
            if (!exists)
            {
                foreach (SecurablePermissions secPerm in securablePermissions)