fix bad attach name (#1113)

* add test

* fix auth using attach alias instead of target

libsql-server/src/auth/authenticated.rs

@@ -63,7 +63,7 @@ impl Authenticated {
             Authenticated::Authorized(a) => {
                 if !a.has_right(Scope::Namespace(namespace.clone()), perm) {
                     Err(crate::Error::NotAuthorized(format!(
-                                "Current session doest not have {perm:?} permission to namespace {namespace}")))
+                                "Current session doesn't not have {perm:?} permission to namespace {namespace}")))
                 } else {
                     Ok(())
                 }

libsql-server/src/query_analysis.rs

@@ -125,7 +125,10 @@ impl StmtKind {
                 savepoint_name: Some(_),
                 ..
             }) => Some(Self::Release),
-            Cmd::Stmt(Stmt::Attach { db_name, .. }) => Some(Self::Attach(
+            Cmd::Stmt(Stmt::Attach {
+                expr: Expr::Id(Id(db_name)),
+                ..
+            }) => Some(Self::Attach(
                 NamespaceName::from_string(db_name.to_string()).ok()?,
             )),
             Cmd::Stmt(Stmt::Detach(_)) => Some(Self::Detach),

libsql-server/tests/standalone/attach.rs

@@ -181,6 +181,34 @@ fn attach_auth() {
         // succeeds!
         assert_debug_snapshot!(rows.next().await);
 
+        // mixed claims
+        let claims = serde_json::json!({
+            "id": "foo",
+            "p": {
+                "roa": {
+                    "ns": ["bar"]
+                }
+            }
+        });
+        let token = encode(&claims, &enc);
+
+        let foo_db = Database::open_remote_with_connector(
+            "http://foo.primary:8080",
+            &token,
+            TurmoilConnector,
+        )?;
+        let foo_conn = foo_db.connect().unwrap();
+        let txn = foo_conn.transaction().await.unwrap();
+        txn.execute("ATTACH DATABASE bar as attached", ())
+            .await
+            .unwrap();
+        let mut rows = txn
+            .query("SELECT * FROM attached.bar_table", ())
+            .await
+            .unwrap();
+        // succeeds!
+        assert_debug_snapshot!(rows.next().await);
+
         Ok(())
     });
 

libsql-server/tests/standalone/snapshots/tests__standalone__attach__attach_auth-2.snap

@@ -4,6 +4,6 @@ expression: "txn.execute(\"ATTACH DATABASE bar as bar\", ()).await.unwrap_err()"
 ---
 Hrana(
     Api(
-        "{\"error\":\"Internal Error: `Not authorized to execute query: Current session doest not have AttachRead permission to namespace bar`\"}",
+        "{\"error\":\"Internal Error: `Not authorized to execute query: Current session doesn't not have AttachRead permission to namespace bar`\"}",
     ),
 )

libsql-server/tests/standalone/snapshots/tests__standalone__attach__attach_auth-5.snap

@@ -0,0 +1,23 @@
+---
+source: libsql-server/tests/standalone/attach.rs
+expression: rows.next().await
+---
+Ok(
+    Some(
+        Row {
+            cols: [
+                Col {
+                    name: Some(
+                        "x",
+                    ),
+                    decltype: None,
+                },
+            ],
+            inner: [
+                Integer {
+                    value: 43,
+                },
+            ],
+        },
+    ),
+)

libsql-server/tests/standalone/snapshots/tests__standalone__attach__attach_auth.snap

@@ -4,6 +4,6 @@ expression: "bar_conn.execute(\"ATTACH foo as foo\", ()).await.unwrap_err()"
 ---
 Hrana(
     Api(
-        "{\"error\":\"Internal Error: `Not authorized to execute query: Current session doest not have AttachRead permission to namespace foo`\"}",
+        "{\"error\":\"Internal Error: `Not authorized to execute query: Current session doesn't not have AttachRead permission to namespace foo`\"}",
     ),
 )