From 31209e139e7daa640eac0258f8666ef67d42a5ab Mon Sep 17 00:00:00 2001
From: "al.krylov" <al.krylov@vk.team>
Date: Thu, 14 Aug 2025 12:22:44 +0300
Subject: [PATCH] NOTASK: teach queue grant tubes for roles

---
 queue/abstract.lua                 | 47 ++++++++++++++++--------------
 queue/abstract/driver/fifo.lua     |  6 ++--
 queue/abstract/driver/fifottl.lua  |  6 ++--
 queue/abstract/driver/utube.lua    |  8 ++---
 queue/abstract/driver/utubettl.lua |  8 ++---
 queue/abstract/queue_session.lua   |  6 ++--
 6 files changed, 42 insertions(+), 39 deletions(-)

diff --git a/queue/abstract.lua b/queue/abstract.lua
index 9c2d434..1ea9632 100644
--- a/queue/abstract.lua
+++ b/queue/abstract.lua
@@ -324,49 +324,52 @@ function tube.on_task_change(self, cb)
     return old_cb
 end
 
-function tube.grant(self, user, args)
+function tube.grant(self, grantee, args, opts)
+    local grant_provider = opts and opts.grant_provider or box.schema.user
+
     if not check_state("grant") then
         return
     end
-    local function tube_grant_space(user, name, tp)
-        box.schema.user.grant(user, tp or 'read,write', 'space', name, {
+    local function tube_grant_space(name, tp)
+        grant_provider.grant(grantee, tp or 'read,write', 'space', name, {
             if_not_exists = true,
         })
     end
 
-    local function tube_grant_func(user, name)
+    local function tube_grant_func(name)
         box.schema.func.create(name, { if_not_exists = true })
-        box.schema.user.grant(user, 'execute', 'function', name, {
+        grant_provider.grant(grantee, 'execute', 'function', name, {
             if_not_exists = true
         })
     end
 
     args = args or {}
 
-    tube_grant_space(user, '_queue', 'read')
-    tube_grant_space(user, '_queue_consumers')
-    tube_grant_space(user, '_queue_taken_2')
-    self.raw:grant(user, {if_not_exists = true})
-    session.grant(user)
+    tube_grant_space('_queue', 'read')
+    tube_grant_space('_queue_consumers')
+    tube_grant_space('_queue_taken_2')
+    self.raw:grant(grant_provider, grantee, {if_not_exists = true})
+    session.grant(grant_provider, grantee)
+
 
     if args.call then
-        tube_grant_func(user, 'queue.identify')
-        tube_grant_func(user, 'queue.statistics')
+        tube_grant_func('queue.identify')
+        tube_grant_func('queue.statistics')
         local prefix = (args.prefix or 'queue.tube') .. ('.%s:'):format(self.name)
-        tube_grant_func(user, prefix .. 'put')
-        tube_grant_func(user, prefix .. 'take')
-        tube_grant_func(user, prefix .. 'touch')
-        tube_grant_func(user, prefix .. 'ack')
-        tube_grant_func(user, prefix .. 'release')
-        tube_grant_func(user, prefix .. 'peek')
-        tube_grant_func(user, prefix .. 'bury')
-        tube_grant_func(user, prefix .. 'kick')
-        tube_grant_func(user, prefix .. 'delete')
+        tube_grant_func(prefix .. 'put')
+        tube_grant_func(prefix .. 'take')
+        tube_grant_func(prefix .. 'touch')
+        tube_grant_func(prefix .. 'ack')
+        tube_grant_func(prefix .. 'release')
+        tube_grant_func(prefix .. 'peek')
+        tube_grant_func(prefix .. 'bury')
+        tube_grant_func(prefix .. 'kick')
+        tube_grant_func(prefix .. 'delete')
     end
 
     if args.truncate then
         local prefix = (args.prefix or 'queue.tube') .. ('.%s:'):format(self.name)
-        tube_grant_func(user, prefix .. 'truncate')
+        tube_grant_func(prefix .. 'truncate')
     end
 
 end
diff --git a/queue/abstract/driver/fifo.lua b/queue/abstract/driver/fifo.lua
index 1cb65f9..ecf74b7 100644
--- a/queue/abstract/driver/fifo.lua
+++ b/queue/abstract/driver/fifo.lua
@@ -61,9 +61,9 @@ function tube.new(space, on_task_change)
     return self
 end
 
--- method.grant grants provided user to all spaces of driver.
-function method.grant(self, user, opts)
-    box.schema.user.grant(user, 'read,write', 'space', self.space.name, opts)
+-- method.grant grants provided grantee to all spaces of driver.
+function method.grant(self, grant_provider, grantee, opts)
+    grant_provider.grant(grantee, 'read,write', 'space', self.space.name, opts)
 end
 
 -- normalize task: cleanup all internal fields
diff --git a/queue/abstract/driver/fifottl.lua b/queue/abstract/driver/fifottl.lua
index e44a476..980b801 100644
--- a/queue/abstract/driver/fifottl.lua
+++ b/queue/abstract/driver/fifottl.lua
@@ -202,9 +202,9 @@ function tube.new(space, on_task_change, opts)
     return self
 end
 
--- method.grant grants provided user to all spaces of driver.
-function method.grant(self, user, opts)
-    box.schema.user.grant(user, 'read,write', 'space', self.space.name, opts)
+-- method.grant grants provided grantee to all spaces of driver.
+function method.grant(self, grant_provider, grantee, opts)
+    grant_provider.grant(grantee, 'read,write', 'space', self.space.name, opts)
 end
 
 -- cleanup internal fields in task
diff --git a/queue/abstract/driver/utube.lua b/queue/abstract/driver/utube.lua
index 0a7faf9..71a7ec7 100644
--- a/queue/abstract/driver/utube.lua
+++ b/queue/abstract/driver/utube.lua
@@ -126,11 +126,11 @@ function tube.new(space, on_task_change, opts)
     return self
 end
 
--- method.grant grants provided user to all spaces of driver.
-function method.grant(self, user, opts)
-    box.schema.user.grant(user, 'read,write', 'space', self.space.name, opts)
+-- method.grant grants provided grantee to all spaces of driver.
+function method.grant(self, grant_provider, grantee, opts)
+    grant_provider.grant(grantee, 'read,write', 'space', self.space.name, opts)
     if self.space_ready_buffer ~= nil then
-        box.schema.user.grant(user, 'read,write', 'space', self.space_ready_buffer.name, opts)
+        grant_provider.grant(grantee, 'read,write', 'space', self.space_ready_buffer.name, opts)
     end
 end
 
diff --git a/queue/abstract/driver/utubettl.lua b/queue/abstract/driver/utubettl.lua
index 619b759..4520fcb 100644
--- a/queue/abstract/driver/utubettl.lua
+++ b/queue/abstract/driver/utubettl.lua
@@ -386,11 +386,11 @@ function tube.new(space, on_task_change, opts)
     return self
 end
 
--- method.grant grants provided user to all spaces of driver.
-function method.grant(self, user, opts)
-    box.schema.user.grant(user, 'read,write', 'space', self.space.name, opts)
+-- method.grant grants provided grantee to all spaces of driver.
+function method.grant(self, grant_provider, grantee, opts)
+    grant_provider.grant(grantee, 'read,write', 'space', self.space.name, opts)
     if self.space_ready_buffer ~= nil then
-        box.schema.user.grant(user, 'read,write', 'space', self.space_ready_buffer.name, opts)
+        grant_provider.grant(grantee, 'read,write', 'space', self.space_ready_buffer.name, opts)
     end
 end
 
diff --git a/queue/abstract/queue_session.lua b/queue/abstract/queue_session.lua
index 9f32a8e..a9c73e8 100644
--- a/queue/abstract/queue_session.lua
+++ b/queue/abstract/queue_session.lua
@@ -285,10 +285,10 @@ local function disconnect(conn_id)
     end
 end
 
-local function grant(user)
-    box.schema.user.grant(user, 'read, write', 'space', '_queue_session_ids',
+local function grant(grant_provider, grantee)
+    grant_provider.grant(grantee, 'read, write', 'space', '_queue_session_ids',
         { if_not_exists = true })
-    box.schema.user.grant(user, 'read, write', 'space', '_queue_shared_sessions',
+    grant_provider.grant(grantee, 'read, write', 'space', '_queue_shared_sessions',
         { if_not_exists = true })
 end