Fix Dolt table function privilege checks when current database is revision-qualified

go/libraries/doltcore/sqle/dtablefunctions/dolt_diff.go

@@ -396,7 +396,8 @@ func (dtf *DiffTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.Privileg
 		return ExpressionIsDeferred(dtf.tableNameExpr)
 	}
 
-	subject := sql.PrivilegeCheckSubject{Database: dtf.database.Name(), Table: tableName}
+	baseDB, _ := doltdb.SplitRevisionDbName(dtf.database.Name())
+	subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tableName}
 	// TODO: Add tests for privilege checking
 	return opChecker.UserHasPrivileges(ctx,
 		sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))

go/libraries/doltcore/sqle/dtablefunctions/dolt_diff_stat.go

@@ -162,6 +162,7 @@ func (ds *DiffStatTableFunction) WithChildren(children ...sql.Node) (sql.Node, e
 
 // CheckAuth implements the interface sql.AuthorizationCheckerNode.
 func (ds *DiffStatTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.PrivilegedOperationChecker) bool {
+	baseDB, _ := doltdb.SplitRevisionDbName(ds.database.Name())
 	if ds.tableNameExpr != nil {
 		if !types.IsText(ds.tableNameExpr.Type()) {
 			return ExpressionIsDeferred(ds.tableNameExpr)
@@ -176,7 +177,7 @@ func (ds *DiffStatTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.Privi
 			return false
 		}
 
-		subject := sql.PrivilegeCheckSubject{Database: ds.database.Name(), Table: tableName}
+		subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tableName}
 		return opChecker.UserHasPrivileges(ctx, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 	}
 
@@ -187,7 +188,7 @@ func (ds *DiffStatTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.Privi
 
 	operations := make([]sql.PrivilegedOperation, 0, len(tblNames))
 	for _, tblName := range tblNames {
-		subject := sql.PrivilegeCheckSubject{Database: ds.database.Name(), Table: tblName}
+		subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tblName}
 		operations = append(operations, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 	}
 

go/libraries/doltcore/sqle/dtablefunctions/dolt_diff_summary.go

@@ -153,6 +153,7 @@ func (ds *DiffSummaryTableFunction) WithChildren(children ...sql.Node) (sql.Node
 
 // CheckAuth implements the interface sql.AuthorizationCheckerNode.
 func (ds *DiffSummaryTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.PrivilegedOperationChecker) bool {
+	baseDB, _ := doltdb.SplitRevisionDbName(ds.database.Name())
 	if ds.tableNameExpr != nil {
 		if !types.IsText(ds.tableNameExpr.Type()) {
 			return ExpressionIsDeferred(ds.tableNameExpr)
@@ -170,7 +171,7 @@ func (ds *DiffSummaryTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.Pr
 			return false
 		}
 
-		subject := sql.PrivilegeCheckSubject{Database: ds.database.Name(), Table: tableName}
+		subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tableName}
 		// TODO: Add tests for privilege checking
 		return opChecker.UserHasPrivileges(ctx, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 	}
@@ -182,7 +183,7 @@ func (ds *DiffSummaryTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.Pr
 
 	var operations []sql.PrivilegedOperation
 	for _, tblName := range tblNames {
-		subject := sql.PrivilegeCheckSubject{Database: ds.database.Name(), Table: tblName}
+		subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tblName}
 		operations = append(operations, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 	}
 

go/libraries/doltcore/sqle/dtablefunctions/dolt_log.go

@@ -312,14 +312,15 @@ func (ltf *LogTableFunction) WithChildren(children ...sql.Node) (sql.Node, error
 
 // CheckAuth implements the interface sql.AuthorizationCheckerNode.
 func (ltf *LogTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.PrivilegedOperationChecker) bool {
+	baseDB, _ := doltdb.SplitRevisionDbName(ltf.database.Name())
 	tblNames, err := ltf.database.GetTableNames(ctx)
 	if err != nil {
 		return false
 	}
 
 	var operations []sql.PrivilegedOperation
 	for _, tblName := range tblNames {
-		subject := sql.PrivilegeCheckSubject{Database: ltf.database.Name(), Table: tblName}
+		subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tblName}
 		operations = append(operations, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 	}
 

go/libraries/doltcore/sqle/dtablefunctions/dolt_patch.go

@@ -308,6 +308,7 @@ func (p *PatchTableFunction) WithChildren(children ...sql.Node) (sql.Node, error
 
 // CheckAuth implements the interface sql.AuthorizationCheckerNode.
 func (p *PatchTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.PrivilegedOperationChecker) bool {
+	baseDB, _ := doltdb.SplitRevisionDbName(p.database.Name())
 	if p.tableNameExpr != nil {
 		if !sqltypes.IsText(p.tableNameExpr.Type()) {
 			return ExpressionIsDeferred(p.tableNameExpr)
@@ -322,7 +323,7 @@ func (p *PatchTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.Privilege
 			return false
 		}
 
-		subject := sql.PrivilegeCheckSubject{Database: p.database.Name(), Table: tableName}
+		subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tableName}
 		return opChecker.UserHasPrivileges(ctx, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 	}
 
@@ -333,7 +334,7 @@ func (p *PatchTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.Privilege
 
 	operations := make([]sql.PrivilegedOperation, 0, len(tblNames))
 	for _, tblName := range tblNames {
-		subject := sql.PrivilegeCheckSubject{Database: p.database.Name(), Table: tblName}
+		subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tblName}
 		operations = append(operations, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 	}
 

go/libraries/doltcore/sqle/dtablefunctions/dolt_preview_merge_conflicts.go

@@ -171,7 +171,8 @@ func (pm *PreviewMergeConflictsTableFunction) CheckAuth(ctx *sql.Context, opChec
 		return false
 	}
 
-	subject := sql.PrivilegeCheckSubject{Database: pm.database.Name(), Table: tableName}
+	baseDB, _ := doltdb.SplitRevisionDbName(pm.database.Name())
+	subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tableName}
 	// TODO: Add tests for privilege checking
 	return opChecker.UserHasPrivileges(ctx, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 }

go/libraries/doltcore/sqle/dtablefunctions/dolt_preview_merge_conflicts_summary.go

@@ -128,14 +128,15 @@ func (pm *PreviewMergeConflictsSummaryTableFunction) WithChildren(children ...sq
 
 // CheckAuth implements the interface sql.AuthorizationCheckerNode.
 func (pm *PreviewMergeConflictsSummaryTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.PrivilegedOperationChecker) bool {
+	baseDB, _ := doltdb.SplitRevisionDbName(pm.database.Name())
 	tblNames, err := pm.database.GetTableNames(ctx)
 	if err != nil {
 		return false
 	}
 
 	var operations []sql.PrivilegedOperation
 	for _, tblName := range tblNames {
-		subject := sql.PrivilegeCheckSubject{Database: pm.database.Name(), Table: tblName}
+		subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tblName}
 		operations = append(operations, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 	}
 

go/libraries/doltcore/sqle/dtablefunctions/dolt_query_diff.go

@@ -19,6 +19,7 @@ import (
 	"io"
 	"strings"
 
+	"github.com/dolthub/dolt/go/libraries/doltcore/doltdb"
 	"github.com/dolthub/dolt/go/libraries/doltcore/schema"
 
 	gms "github.com/dolthub/go-mysql-server"
@@ -320,7 +321,8 @@ func (tf *QueryDiffTableFunction) WithChildren(node ...sql.Node) (sql.Node, erro
 
 // CheckAuth implements the interface sql.AuthorizationCheckerNode.
 func (tf *QueryDiffTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.PrivilegedOperationChecker) bool {
-	subject := sql.PrivilegeCheckSubject{Database: tf.database.Name()}
+	baseDB, _ := doltdb.SplitRevisionDbName(tf.database.Name())
+	subject := sql.PrivilegeCheckSubject{Database: baseDB}
 	return opChecker.UserHasPrivileges(ctx, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 }
 

go/libraries/doltcore/sqle/dtablefunctions/dolt_schema_diff.go

@@ -25,6 +25,7 @@ import (
 	"github.com/dolthub/go-mysql-server/sql/types"
 
 	"github.com/dolthub/dolt/go/libraries/doltcore/diff"
+	"github.com/dolthub/dolt/go/libraries/doltcore/doltdb"
 	"github.com/dolthub/dolt/go/libraries/doltcore/schema"
 	"github.com/dolthub/dolt/go/libraries/doltcore/sqle/dsess"
 	"github.com/dolthub/dolt/go/libraries/doltcore/sqle/sqlfmt"
@@ -171,13 +172,14 @@ func (ds *SchemaDiffTableFunction) WithChildren(children ...sql.Node) (sql.Node,
 
 // CheckAuth implements the interface sql.AuthorizationCheckerNode.
 func (ds *SchemaDiffTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.PrivilegedOperationChecker) bool {
+	baseDB, _ := doltdb.SplitRevisionDbName(ds.Database().Name())
 	if ds.tableNameExpr != nil {
 		_, _, _, tableName, err := ds.evaluateArguments()
 		if err != nil {
 			return ExpressionIsDeferred(ds.tableNameExpr)
 		}
 
-		subject := sql.PrivilegeCheckSubject{Database: ds.database.Name(), Table: tableName}
+		subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tableName}
 		return opChecker.UserHasPrivileges(ctx, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 	}
 
@@ -187,7 +189,7 @@ func (ds *SchemaDiffTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.Pri
 	}
 	operations := make([]sql.PrivilegedOperation, 0, len(tblNames))
 	for _, tblName := range tblNames {
-		subject := sql.PrivilegeCheckSubject{Database: ds.database.Name(), Table: tblName}
+		subject := sql.PrivilegeCheckSubject{Database: baseDB, Table: tblName}
 		operations = append(operations, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 	}
 

go/libraries/doltcore/sqle/dtablefunctions/dolt_test_run.go

@@ -143,7 +143,8 @@ func (trtf *TestsRunTableFunction) WithChildren(node ...sql.Node) (sql.Node, err
 
 // CheckAuth implements the interface sql.AuthorizationCheckerNode
 func (trtf *TestsRunTableFunction) CheckAuth(ctx *sql.Context, opChecker sql.PrivilegedOperationChecker) bool {
-	subject := sql.PrivilegeCheckSubject{Database: trtf.database.Name()}
+	baseDB, _ := doltdb.SplitRevisionDbName(trtf.database.Name())
+	subject := sql.PrivilegeCheckSubject{Database: baseDB}
 	return opChecker.UserHasPrivileges(ctx, sql.NewPrivilegedOperation(subject, sql.PrivilegeType_Select))
 }