database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[enhance](auth)row policy support catalog and match name instead id (#32310)

Browse Source 
Follow up #32137

storage name instead id to meta,Prevent table deletion and reconstruction and causing ID changes
This commit is contained in:
zhangdong
2024-03-18 14:59:03 +08:00
committed by morningman
parent c0d7a5660e
commit 0a2d7379fc
11 changed files with 183 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
fe/fe-core/src/main/java/org/apache/doris/analysis/StmtRewriter.java
View File

@ -21,10 +21,8 @@
package org.apache.doris.analysis;
import org.apache.doris.catalog.Column;
import org.apache.doris.catalog.DatabaseIf;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.ScalarType;
import org.apache.doris.catalog.TableIf;
import org.apache.doris.catalog.Type;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.TableAliasGenerator;
@ -1327,16 +1325,17 @@ public class StmtRewriter {
if (!(tableRef instanceof BaseTableRef)) {
continue;
}
TableIf table = tableRef.getTable();
String tableName = tableRef.getName().getTbl();
String dbName = tableRef.getName().getDb();
if (dbName == null) {
dbName = analyzer.getDefaultDb();
}
DatabaseIf db = currentEnv.getCatalogMgr().getCatalogOrAnalysisException(tableRef.getName().getCtl())
.getDbOrAnalysisException(dbName);
long dbId = db.getId();
long tableId = table.getId();
RowPolicy matchPolicy = currentEnv.getPolicyMgr().getMatchTablePolicy(dbId, tableId, currentUserIdentity);
String ctlName = tableRef.getName().getCtl();
if (ctlName == null) {
ctlName = analyzer.getDefaultCatalog();
}
RowPolicy matchPolicy = currentEnv.getPolicyMgr()
.getMatchTablePolicy(ctlName, dbName, tableName, currentUserIdentity);
if (matchPolicy == null) {
continue;
}

3
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java
View File

@ -22,7 +22,6 @@ import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.AuthorizationInfo;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.authorizer.ranger.doris.RangerDorisAccessController;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.Config;
import org.apache.doris.common.UserException;
import org.apache.doris.datasource.CatalogIf;
@ -273,7 +272,7 @@ public class AccessControllerManager {
}
public List<? extends RowFilterPolicy> evalRowFilterPolicies(UserIdentity currentUser, String
ctl, String db, String tbl) throws AnalysisException {
ctl, String db, String tbl) {
Objects.requireNonNull(currentUser, "require currentUser object");
Objects.requireNonNull(ctl, "require ctl object");
Objects.requireNonNull(db, "require db object");

4
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/CatalogAccessController.java
View File

@ -18,7 +18,6 @@
package org.apache.doris.mysql.privilege;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.AuthorizationException;
import java.util.List;
@ -80,6 +79,5 @@ public interface CatalogAccessController {
Optional<DataMaskPolicy> evalDataMaskPolicy(UserIdentity currentUser, String ctl, String db, String tbl,
String col);
List<? extends RowFilterPolicy> evalRowFilterPolicies(UserIdentity currentUser, String ctl, String db, String tbl)
throws AnalysisException;
List<? extends RowFilterPolicy> evalRowFilterPolicies(UserIdentity currentUser, String ctl, String db, String tbl);
}

19
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/InternalAccessController.java
View File

@ -18,15 +18,8 @@
package org.apache.doris.mysql.privilege;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.Database;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.Table;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.AuthorizationException;
import org.apache.doris.datasource.InternalCatalog;
import org.apache.doris.policy.PolicyMgr;
import com.google.common.collect.Lists;
import java.util.List;
import java.util.Optional;
@ -83,15 +76,7 @@ public class InternalAccessController implements CatalogAccessController {
@Override
public List<? extends RowFilterPolicy> evalRowFilterPolicies(UserIdentity currentUser, String ctl, String db,
String tbl)
throws AnalysisException {
// current not support external catalog
if (!InternalCatalog.INTERNAL_CATALOG_NAME.equals(ctl)) {
return Lists.newArrayList();
}
PolicyMgr policyMgr = Env.getCurrentEnv().getPolicyMgr();
Database database = Env.getCurrentEnv().getInternalCatalog().getDbOrAnalysisException(db);
Table table = database.getTableOrAnalysisException(tbl);
return policyMgr.getUserPolicies(database.getId(), table.getId(), currentUser);
String tbl) {
return Env.getCurrentEnv().getPolicyMgr().getUserPolicies(ctl, db, tbl, currentUser);
}
}

9
fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/logical/LogicalCheckPolicy.java
View File

@ -133,13 +133,8 @@ public class LogicalCheckPolicy<CHILD_TYPE extends Plan> extends LogicalUnary<CH
String ctlName = catalogRelation.getDatabase().getCatalog().getName();
String dbName = catalogRelation.getDatabase().getFullName();
String tableName = catalogRelation.getTable().getName();
List<? extends RowFilterPolicy> policies = null;
try {
policies = accessManager.evalRowFilterPolicies(currentUserIdentity, ctlName,
dbName, tableName);
} catch (org.apache.doris.common.AnalysisException e) {
throw new AnalysisException(e.getMessage(), e);
}
List<? extends RowFilterPolicy> policies = accessManager.evalRowFilterPolicies(currentUserIdentity, ctlName,
dbName, tableName);
if (policies.isEmpty()) {
return Optional.empty();
}

42
fe/fe-core/src/main/java/org/apache/doris/policy/DropPolicyLog.java
View File

@ -19,18 +19,15 @@ package org.apache.doris.policy;
import org.apache.doris.analysis.DropPolicyStmt;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.Database;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.Table;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.io.Text;
import org.apache.doris.common.io.Writable;
import org.apache.doris.persist.gson.GsonUtils;
import org.apache.doris.qe.ConnectContext;
import com.google.gson.annotations.SerializedName;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.Setter;
import java.io.DataInput;
import java.io.DataOutput;
@ -41,14 +38,24 @@ import java.io.IOException;
**/
@AllArgsConstructor
@Getter
@Setter
public class DropPolicyLog implements Writable {
@Deprecated
@SerializedName(value = "dbId")
private long dbId;
@Deprecated
@SerializedName(value = "tableId")
private long tableId;
@SerializedName(value = "ctlName")
private String ctlName;
@SerializedName(value = "dbName")
private String dbName;
@SerializedName(value = "tableName")
private String tableName;
@SerializedName(value = "type")
private PolicyTypeEnum type;
@ -61,21 +68,32 @@ public class DropPolicyLog implements Writable {
@SerializedName(value = "roleName")
private String roleName;
public DropPolicyLog(PolicyTypeEnum type, String policyName) {
this.type = type;
this.policyName = policyName;
}
public DropPolicyLog(String ctlName, String dbName, String tableName, PolicyTypeEnum type, String policyName,
UserIdentity user, String roleName) {
this.ctlName = ctlName;
this.dbName = dbName;
this.tableName = tableName;
this.type = type;
this.policyName = policyName;
this.user = user;
this.roleName = roleName;
}
/**
* Generate delete logs through stmt.
**/
public static DropPolicyLog fromDropStmt(DropPolicyStmt stmt) throws AnalysisException {
switch (stmt.getType()) {
case STORAGE:
return new DropPolicyLog(-1, -1, stmt.getType(), stmt.getPolicyName(), null, null);
return new DropPolicyLog(stmt.getType(), stmt.getPolicyName());
case ROW:
String curDb = stmt.getTableName().getDb();
if (curDb == null) {
curDb = ConnectContext.get().getDatabase();
}
Database db = Env.getCurrentInternalCatalog().getDbOrAnalysisException(curDb);
Table table = db.getTableOrAnalysisException(stmt.getTableName().getTbl());
return new DropPolicyLog(db.getId(), table.getId(), stmt.getType(),
return new DropPolicyLog(stmt.getTableName().getCtl(), stmt.getTableName().getDb(),
stmt.getTableName().getTbl(), stmt.getType(),
stmt.getPolicyName(), stmt.getUser(), stmt.getRoleName());
default:
throw new AnalysisException("Invalid policy type: " + stmt.getType().name());

11
fe/fe-core/src/main/java/org/apache/doris/policy/Policy.java
View File

@ -19,9 +19,7 @@ package org.apache.doris.policy;
import org.apache.doris.analysis.CreatePolicyStmt;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.DatabaseIf;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.TableIf;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.DdlException;
import org.apache.doris.common.io.Text;
@ -113,16 +111,13 @@ public abstract class Policy implements Writable, GsonPostProcessable {
return storagePolicy;
case ROW:
// stmt must be analyzed.
DatabaseIf db = Env.getCurrentEnv().getCatalogMgr()
.getCatalogOrAnalysisException(stmt.getTableName().getCtl())
.getDbOrAnalysisException(stmt.getTableName().getDb());
UserIdentity userIdent = stmt.getUser();
if (userIdent != null) {
userIdent.analyze();
}
TableIf table = db.getTableOrAnalysisException(stmt.getTableName().getTbl());
return new RowPolicy(policyId, stmt.getPolicyName(), db.getId(), userIdent, stmt.getRoleName(),
stmt.getOrigStmt().originStmt, table.getId(), stmt.getFilterType(), stmt.getWherePredicate());
return new RowPolicy(policyId, stmt.getPolicyName(), stmt.getTableName().getCtl(),
stmt.getTableName().getDb(), stmt.getTableName().getTbl(), userIdent, stmt.getRoleName(),
stmt.getOrigStmt().originStmt, stmt.getFilterType(), stmt.getWherePredicate());
default:
throw new AnalysisException("Unknown policy type: " + stmt.getType());
}

126
fe/fe-core/src/main/java/org/apache/doris/policy/PolicyMgr.java
View File

@ -34,8 +34,8 @@ import org.apache.doris.common.DdlException;
import org.apache.doris.common.UserException;
import org.apache.doris.common.io.Text;
import org.apache.doris.common.io.Writable;
import org.apache.doris.datasource.InternalCatalog;
import org.apache.doris.persist.gson.GsonUtils;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.qe.ShowResultSet;
import org.apache.doris.task.AgentBatchTask;
import org.apache.doris.task.AgentTaskExecutor;
@ -74,8 +74,8 @@ public class PolicyMgr implements Writable {
@SerializedName(value = "typeToPolicyMap")
private Map<PolicyTypeEnum, List<Policy>> typeToPolicyMap = Maps.newConcurrentMap();
// dbId -> tableId -> List<RowPolicy>
private Map<Long, Map<Long, List<RowPolicy>>> tablePolicies = Maps.newConcurrentMap();
// ctlName -> dbName -> tableName -> List<RowPolicy>
private Map<String, Map<String, Map<String, List<RowPolicy>>>> tablePolicies = Maps.newConcurrentMap();
private void writeLock() {
lock.writeLock().lock();
@ -277,6 +277,25 @@ public class PolicyMgr implements Writable {
}
public void replayCreate(Policy policy) {
// for compatible
if (policy instanceof RowPolicy) {
RowPolicy rowPolicy = (RowPolicy) policy;
if (StringUtils.isEmpty(rowPolicy.getCtlName())) {
Optional<Database> db = Env.getCurrentEnv().getInternalCatalog().getDb(rowPolicy.getDbId());
if (!db.isPresent()) {
LOG.warn("db may be dropped,ignore CreatePolicyLog. dbId:" + rowPolicy.getDbId());
return;
}
Optional<Table> table = db.get().getTable(rowPolicy.getTableId());
if (!table.isPresent()) {
LOG.warn("table may be dropped,ignore CreatePolicyLog. tableId:" + rowPolicy.getTableId());
return;
}
rowPolicy.setCtlName(InternalCatalog.INTERNAL_CATALOG_NAME);
rowPolicy.setDbName(db.get().getName());
rowPolicy.setTableName(table.get().getName());
}
}
unprotectedAdd(policy);
if (policy instanceof StoragePolicy) {
((StoragePolicy) policy).addResourceReference();
@ -298,6 +317,22 @@ public class PolicyMgr implements Writable {
}
public void replayDrop(DropPolicyLog log) {
// for compatible
if (log.getType() == PolicyTypeEnum.ROW && StringUtils.isEmpty(log.getCtlName())) {
Optional<Database> db = Env.getCurrentEnv().getInternalCatalog().getDb(log.getDbId());
if (!db.isPresent()) {
LOG.warn("db may be dropped,ignore DropPolicyLog. dbId:" + log.getDbId());
return;
}
Optional<Table> table = db.get().getTable(log.getTableId());
if (!table.isPresent()) {
LOG.warn("table may be dropped,ignore DropPolicyLog. tableId:" + log.getTableId());
return;
}
log.setCtlName(InternalCatalog.INTERNAL_CATALOG_NAME);
log.setDbName(db.get().getName());
log.setTableName(table.get().getName());
}
unprotectedDrop(log);
LOG.info("replay drop policy log: {}", log);
}
@ -333,18 +368,19 @@ public class PolicyMgr implements Writable {
/**
* Match row policy and return it.
**/
public RowPolicy getMatchTablePolicy(long dbId, long tableId, UserIdentity user) {
List<RowPolicy> res = getUserPolicies(dbId, tableId, user);
public RowPolicy getMatchTablePolicy(String ctlName, String dbName, String tableName, UserIdentity user) {
List<RowPolicy> res = getUserPolicies(ctlName, dbName, tableName, user);
if (CollectionUtils.isEmpty(res)) {
return null;
}
return mergeRowPolicies(res);
}
public List<RowPolicy> getUserPolicies(long dbId, long tableId, UserIdentity user) {
public List<RowPolicy> getUserPolicies(String ctlName, String dbName, String tableName, UserIdentity user) {
List<RowPolicy> res = Lists.newArrayList();
// Make a judgment in advance to reduce the number of times to obtain getRoles
if (!tablePolicies.containsKey(dbId) || !tablePolicies.get(dbId).containsKey(tableId)) {
if (!tablePolicies.containsKey(ctlName) || !tablePolicies.get(ctlName).containsKey(dbName)
|| !tablePolicies.get(ctlName).get(dbName).containsKey(tableName)) {
return res;
}
Set<String> roles = Env.getCurrentEnv().getAccessManager().getAuth().getRolesByUserWithLdap(user).stream()
@ -352,10 +388,11 @@ public class PolicyMgr implements Writable {
readLock();
try {
// double check in lock,avoid NPE
if (!tablePolicies.containsKey(dbId) || !tablePolicies.get(dbId).containsKey(tableId)) {
if (!tablePolicies.containsKey(ctlName) || !tablePolicies.get(ctlName).containsKey(dbName)
|| !tablePolicies.get(ctlName).get(dbName).containsKey(tableName)) {
return res;
}
List<RowPolicy> policys = tablePolicies.get(dbId).get(tableId);
List<RowPolicy> policys = tablePolicies.get(ctlName).get(dbName).get(tableName);
for (RowPolicy rowPolicy : policys) {
// on rowPolicy to user
if ((rowPolicy.getUser() != null && rowPolicy.getUser().getQualifiedUser()
@ -409,7 +446,6 @@ public class PolicyMgr implements Writable {
**/
public ShowResultSet showPolicy(ShowPolicyStmt showStmt) throws AnalysisException {
List<List<String>> rows = Lists.newArrayList();
long currentDbId = ConnectContext.get().getCurrentDbId();
Policy checkedPolicy = null;
switch (showStmt.getType()) {
case STORAGE:
@ -424,9 +460,6 @@ public class PolicyMgr implements Writable {
if (!StringUtils.isEmpty(showStmt.getRoleName())) {
rowPolicy.setRoleName(showStmt.getRoleName());
}
if (currentDbId != -1) {
rowPolicy.setDbId(currentDbId);
}
checkedPolicy = rowPolicy;
}
final Policy finalCheckedPolicy = checkedPolicy;
@ -456,28 +489,71 @@ public class PolicyMgr implements Writable {
if (policy.getUser() != null) {
policy.getUser().setIsAnalyzed();
}
List<RowPolicy> policys = getOrCreateTblPolicies(policy.getDbId(), policy.getTableId());
List<RowPolicy> policys = getOrCreateTblPolicies(policy.getCtlName(), policy.getDbName(),
policy.getTableName());
policys.add(policy);
}
private void dropTablePolicies(RowPolicy policy) {
List<RowPolicy> policys = getOrCreateTblPolicies(policy.getDbId(), policy.getTableId());
List<RowPolicy> policys = getOrCreateTblPolicies(policy.getCtlName(), policy.getDbName(),
policy.getTableName());
policys.removeIf(p -> p.matchPolicy(policy));
}
private List<RowPolicy> getOrCreateTblPolicies(long dbId, long tableId) {
Map<Long, List<RowPolicy>> dbPolicyMap = getOrCreateDbPolicyMap(dbId);
if (!dbPolicyMap.containsKey(tableId)) {
dbPolicyMap.put(tableId, Lists.newArrayList());
private List<RowPolicy> getOrCreateTblPolicies(String ctlName, String dbName, String tableName) {
Map<String, List<RowPolicy>> dbPolicyMap = getOrCreateDbPolicyMap(ctlName, dbName);
if (!dbPolicyMap.containsKey(tableName)) {
dbPolicyMap.put(tableName, Lists.newArrayList());
}
return dbPolicyMap.get(tableId);
return dbPolicyMap.get(tableName);
}
private Map<Long, List<RowPolicy>> getOrCreateDbPolicyMap(Long dbId) {
if (!tablePolicies.containsKey(dbId)) {
tablePolicies.put(dbId, Maps.newConcurrentMap());
private Map<String, List<RowPolicy>> getOrCreateDbPolicyMap(String ctlName, String dbName) {
Map<String, Map<String, List<RowPolicy>>> ctlPolicyMap = getOrCreateCtlPolicyMap(ctlName);
if (!ctlPolicyMap.containsKey(dbName)) {
ctlPolicyMap.put(dbName, Maps.newConcurrentMap());
}
return ctlPolicyMap.get(dbName);
}
private Map<String, Map<String, List<RowPolicy>>> getOrCreateCtlPolicyMap(String ctlName) {
if (!tablePolicies.containsKey(ctlName)) {
tablePolicies.put(ctlName, Maps.newConcurrentMap());
}
return tablePolicies.get(ctlName);
}
private void compatible() {
readLock();
try {
if (!typeToPolicyMap.containsKey(PolicyTypeEnum.ROW)) {
return;
}
List<Policy> allPolicies = typeToPolicyMap.get(PolicyTypeEnum.ROW);
List<Policy> compatiblePolicies = Lists.newArrayList();
for (Policy policy : allPolicies) {
RowPolicy rowPolicy = (RowPolicy) policy;
if (StringUtils.isEmpty(rowPolicy.getCtlName())) {
Optional<Database> db = Env.getCurrentEnv().getInternalCatalog().getDb(rowPolicy.getDbId());
if (!db.isPresent()) {
LOG.warn("db may be dropped,ignore DropPolicyLog. dbId:" + rowPolicy.getDbId());
continue;
}
Optional<Table> table = db.get().getTable(rowPolicy.getTableId());
if (!table.isPresent()) {
LOG.warn("table may be dropped,ignore DropPolicyLog. tableId:" + rowPolicy.getTableId());
continue;
}
rowPolicy.setCtlName(InternalCatalog.INTERNAL_CATALOG_NAME);
rowPolicy.setDbName(db.get().getName());
rowPolicy.setTableName(table.get().getName());
}
compatiblePolicies.add(rowPolicy);
}
typeToPolicyMap.put(PolicyTypeEnum.ROW, compatiblePolicies);
} finally {
readUnlock();
}
return tablePolicies.get(dbId);
}
/**
@ -510,6 +586,8 @@ public class PolicyMgr implements Writable {
public static PolicyMgr read(DataInput in) throws IOException {
String json = Text.readString(in);
PolicyMgr policyMgr = GsonUtils.GSON.fromJson(json, PolicyMgr.class);
// for compatible
policyMgr.compatible();
// update merge policy cache and userPolicySet
policyMgr.updateTablePolicies();
return policyMgr;

44
fe/fe-core/src/main/java/org/apache/doris/policy/RowPolicy.java
View File

@ -23,10 +23,7 @@ import org.apache.doris.analysis.SqlParser;
import org.apache.doris.analysis.SqlScanner;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.Column;
import org.apache.doris.catalog.Database;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.ScalarType;
import org.apache.doris.catalog.Table;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.util.SqlParserUtils;
import org.apache.doris.mysql.privilege.RowFilterPolicy;
@ -57,6 +54,7 @@ public class RowPolicy extends Policy implements RowFilterPolicy {
public static final ShowResultSetMetaData ROW_META_DATA =
ShowResultSetMetaData.builder()
.addColumn(new Column("PolicyName", ScalarType.createVarchar(100)))
.addColumn(new Column("CatalogName", ScalarType.createVarchar(100)))
.addColumn(new Column("DbName", ScalarType.createVarchar(100)))
.addColumn(new Column("TableName", ScalarType.createVarchar(100)))
.addColumn(new Column("Type", ScalarType.createVarchar(20)))
@ -79,11 +77,20 @@ public class RowPolicy extends Policy implements RowFilterPolicy {
private String roleName = null;
@SerializedName(value = "dbId")
@Deprecated
private long dbId = -1;
@SerializedName(value = "tableId")
@Deprecated
private long tableId = -1;
@SerializedName(value = "ctlName")
private String ctlName;
@SerializedName(value = "dbName")
private String dbName;
@SerializedName(value = "tableName")
private String tableName;
/**
* PERMISSIVE | RESTRICTIVE, If multiple types exist, the last type prevails.
**/
@ -128,13 +135,25 @@ public class RowPolicy extends Policy implements RowFilterPolicy {
this.wherePredicate = wherePredicate;
}
public RowPolicy(long policyId, final String policyName, String ctlName, String dbName, String tableName,
UserIdentity user, String roleName,
String originStmt, final FilterType filterType, final Expr wherePredicate) {
super(policyId, PolicyTypeEnum.ROW, policyName);
this.user = user;
this.roleName = roleName;
this.ctlName = ctlName;
this.dbName = dbName;
this.tableName = tableName;
this.filterType = filterType;
this.originStmt = originStmt;
this.wherePredicate = wherePredicate;
}
/**
* Use for SHOW POLICY.
**/
public List<String> getShowInfo() throws AnalysisException {
Database database = Env.getCurrentInternalCatalog().getDbOrAnalysisException(this.dbId);
Table table = database.getTableOrAnalysisException(this.tableId);
return Lists.newArrayList(this.policyName, database.getFullName(), table.getName(), this.type.name(),
return Lists.newArrayList(this.policyName, ctlName, dbName, tableName, this.type.name(),
this.filterType.name(), this.wherePredicate.toSql(),
this.user == null ? null : this.user.getQualifiedUser(), this.roleName, this.originStmt);
}
@ -161,11 +180,12 @@ public class RowPolicy extends Policy implements RowFilterPolicy {
this.filterType, this.wherePredicate);
}
private boolean checkMatched(long dbId, long tableId, PolicyTypeEnum type,
private boolean checkMatched(String ctlName, String dbName, String tableName, PolicyTypeEnum type,
String policyName, UserIdentity user, String roleName) {
return super.checkMatched(type, policyName)
&& (dbId == -1 || dbId == this.dbId)
&& (tableId == -1 || tableId == this.tableId)
&& (StringUtils.isEmpty(ctlName) || StringUtils.equals(ctlName, this.ctlName))
&& (StringUtils.isEmpty(dbName) || StringUtils.equals(dbName, this.dbName))
&& (StringUtils.isEmpty(tableName) || StringUtils.equals(tableName, this.tableName))
&& (StringUtils.isEmpty(roleName) || StringUtils.equals(roleName, this.roleName))
&& (user == null || Objects.equals(user, this.user));
}
@ -176,13 +196,15 @@ public class RowPolicy extends Policy implements RowFilterPolicy {
return false;
}
RowPolicy rowPolicy = (RowPolicy) checkedPolicyCondition;
return checkMatched(rowPolicy.getDbId(), rowPolicy.getTableId(), rowPolicy.getType(),
return checkMatched(rowPolicy.getCtlName(), rowPolicy.getDbName(), rowPolicy.getTableName(),
rowPolicy.getType(),
rowPolicy.getPolicyName(), rowPolicy.getUser(), rowPolicy.getRoleName());
}
@Override
public boolean matchPolicy(DropPolicyLog checkedDropPolicyLogCondition) {
return checkMatched(checkedDropPolicyLogCondition.getDbId(), checkedDropPolicyLogCondition.getTableId(),
return checkMatched(checkedDropPolicyLogCondition.getCtlName(), checkedDropPolicyLogCondition.getDbName(),
checkedDropPolicyLogCondition.getTableName(),
checkedDropPolicyLogCondition.getType(), checkedDropPolicyLogCondition.getPolicyName(),
checkedDropPolicyLogCondition.getUser(), checkedDropPolicyLogCondition.getRoleName());
}

3
fe/fe-core/src/test/java/org/apache/doris/datasource/ColumnPrivTest.java
View File

@ -32,7 +32,6 @@ import org.apache.doris.catalog.Column;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.PrimitiveType;
import org.apache.doris.cluster.ClusterNamespace;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.AuthorizationException;
import org.apache.doris.common.FeConstants;
import org.apache.doris.datasource.test.TestExternalCatalog.TestCatalogProvider;
@ -327,7 +326,7 @@ public class ColumnPrivTest extends TestWithFeService {
@Override
public List<? extends RowFilterPolicy> evalRowFilterPolicies(UserIdentity currentUser, String ctl,
String db, String tbl) throws AnalysisException {
String db, String tbl) {
return null;
}
}

2
fe/fe-core/src/test/java/org/apache/doris/nereids/privileges/TestCheckPrivileges.java
View File

@ -310,7 +310,7 @@ public class TestCheckPrivileges extends TestWithFeService {
@Override
public List<? extends RowFilterPolicy> evalRowFilterPolicies(UserIdentity currentUser, String ctl, String db,
String tbl) throws org.apache.doris.common.AnalysisException {
String tbl) {
return Lists.newArrayList();
}
}