Merge pull request ClickHouse#89237 from ClickHouse/backport/25.8/88588

Backport ClickHouse#88588 to 25.8: Fix SQL SECURITY DEFINER with *cluster functions

Author: vitlibar

src/Storages/StorageView.cpp

@@ -178,13 +178,15 @@ void StorageView::read(
 
     if (context->getSettingsRef()[Setting::allow_experimental_analyzer])
     {
-        InterpreterSelectQueryAnalyzer interpreter(current_inner_query, getViewContext(context, storage_snapshot), options, column_names);
+        auto view_context = getViewContext(context, storage_snapshot);
+        InterpreterSelectQueryAnalyzer interpreter(current_inner_query, view_context, options, column_names);
         interpreter.addStorageLimits(*query_info.storage_limits);
         query_plan = std::move(interpreter).extractQueryPlan();
     }
     else
     {
-        InterpreterSelectWithUnionQuery interpreter(current_inner_query, getViewContext(context, storage_snapshot), options, column_names);
+        auto view_context = getViewContext(context, storage_snapshot);
+        InterpreterSelectWithUnionQuery interpreter(current_inner_query, view_context, options, column_names);
         interpreter.addStorageLimits(*query_info.storage_limits);
         interpreter.buildQueryPlan(query_plan);
     }

tests/queries/0_stateless/03667_view_with_s3_cluster_and_sql_security_definer.reference

@@ -0,0 +1,4 @@
+4
+4
+4
+4

tests/queries/0_stateless/03667_view_with_s3_cluster_and_sql_security_definer.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+# Tags: no-fasttest
+# Tag no-fasttest: Depends on AWS
+
+CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+# shellcheck source=../shell_config.sh
+. "$CUR_DIR"/../shell_config.sh
+
+other_user="user03667_${CLICKHOUSE_DATABASE}_$RANDOM"
+db=${CLICKHOUSE_DATABASE}
+
+${CLICKHOUSE_CLIENT} <<EOF
+DROP USER IF EXISTS other_user;
+CREATE USER $other_user;
+GRANT SELECT ON $db.* TO $other_user;
+EOF
+
+${CLICKHOUSE_CLIENT} <<EOF
+CREATE VIEW $db.test_view
+SQL SECURITY DEFINER
+AS SELECT * FROM s3Cluster('test_cluster_two_shards_localhost', 'http://localhost:11111/test/a.tsv');
+EOF
+
+${CLICKHOUSE_CLIENT} --query "SELECT count() FROM $db.test_view"
+${CLICKHOUSE_CLIENT} --user $other_user --query "SELECT count() FROM $db.test_view"
+
+${CLICKHOUSE_CLIENT} --query "SELECT count() FROM $db.test_view SETTINGS enable_analyzer=0"
+${CLICKHOUSE_CLIENT} --user $other_user --query "SELECT count() FROM $db.test_view SETTINGS enable_analyzer=0"
+
+${CLICKHOUSE_CLIENT} <<EOF
+DROP VIEW IF EXISTS $db.test_view;
+DROP USER IF EXISTS $other_user;
+EOF