branch-2.1:[fix](auth)Delete from should not check select_priv (#49794)

pick: https://github.com/apache/doris/pull/49239
2025-04-04 20:46:43 +08:00
parent 15662c06e6
commit 3a282bd307
2 changed files with 9 additions and 12 deletions
--- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
@ -110,7 +110,14 @@ public class DeleteFromCommand extends Command implements ForwardWithSync, Expla
        LogicalPlanAdapter logicalPlanAdapter = new LogicalPlanAdapter(logicalQuery, ctx.getStatementContext());
        updateSessionVariableForDelete(ctx.getSessionVariable());
        NereidsPlanner planner = new NereidsPlanner(ctx.getStatementContext());
-        planner.plan(logicalPlanAdapter, ctx.getSessionVariable().toThrift());
+        boolean originalIsSkipAuth = ctx.isSkipAuth();
+        // delete not need select priv
+        ctx.setSkipAuth(true);
+        try {
+            planner.plan(logicalPlanAdapter, ctx.getSessionVariable().toThrift());
+        } finally {
+            ctx.setSkipAuth(originalIsSkipAuth);
+        }
        executor.setPlanner(planner);
        executor.checkBlockRules();
        // if fe could do fold constant to get delete will do nothing for table, just return.
--- a/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
+++ b/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
@ -64,17 +64,7 @@ suite("test_dml_delete_table_auth","p0,auth_call") {
        assertTrue(del_res.size() == 0)
    }
    sql """grant load_priv on ${dbName}.${tableName} to ${user}"""
-    connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
-        sql """set enable_fallback_to_original_planner=false;"""
-        test {
-            sql """DELETE FROM ${dbName}.${tableName} WHERE id = 3;"""
-            exception "denied"
-        }
-        def del_res = sql """show DELETE from ${dbName}"""
-        assertTrue(del_res.size() == 0)
-    }
-    sql """grant select_priv on ${dbName}.${tableName} to ${user}"""
-    connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+    connect(user, "${pwd}", context.config.jdbcUrl) {
        sql """DELETE FROM ${dbName}.${tableName} WHERE id = 3;"""
        def del_res = sql """show DELETE from ${dbName}"""
        logger.info("del_res: " + del_res)