From 3a282bd3072ccb363f096502e36f89110f8f354c Mon Sep 17 00:00:00 2001
From: zhangdong <zhangdong@selectdb.com>
Date: Fri, 4 Apr 2025 20:46:43 +0800
Subject: [PATCH] branch-2.1:[fix](auth)Delete from should not check
 select_priv (#49794)

pick: https://github.com/apache/doris/pull/49239
---
 .../trees/plans/commands/DeleteFromCommand.java      |  9 ++++++++-
 .../auth_call/test_dml_delete_table_auth.groovy      | 12 +-----------
 2 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
index bdd00ab9b6..98f5ce17b7 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
@@ -110,7 +110,14 @@ public class DeleteFromCommand extends Command implements ForwardWithSync, Expla
         LogicalPlanAdapter logicalPlanAdapter = new LogicalPlanAdapter(logicalQuery, ctx.getStatementContext());
         updateSessionVariableForDelete(ctx.getSessionVariable());
         NereidsPlanner planner = new NereidsPlanner(ctx.getStatementContext());
-        planner.plan(logicalPlanAdapter, ctx.getSessionVariable().toThrift());
+        boolean originalIsSkipAuth = ctx.isSkipAuth();
+        // delete not need select priv
+        ctx.setSkipAuth(true);
+        try {
+            planner.plan(logicalPlanAdapter, ctx.getSessionVariable().toThrift());
+        } finally {
+            ctx.setSkipAuth(originalIsSkipAuth);
+        }
         executor.setPlanner(planner);
         executor.checkBlockRules();
         // if fe could do fold constant to get delete will do nothing for table, just return.
diff --git a/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy b/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
index b1bf53f46a..4a0d9fa32c 100644
--- a/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
+++ b/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
@@ -64,17 +64,7 @@ suite("test_dml_delete_table_auth","p0,auth_call") {
         assertTrue(del_res.size() == 0)
     }
     sql """grant load_priv on ${dbName}.${tableName} to ${user}"""
-    connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
-        sql """set enable_fallback_to_original_planner=false;"""
-        test {
-            sql """DELETE FROM ${dbName}.${tableName} WHERE id = 3;"""
-            exception "denied"
-        }
-        def del_res = sql """show DELETE from ${dbName}"""
-        assertTrue(del_res.size() == 0)
-    }
-    sql """grant select_priv on ${dbName}.${tableName} to ${user}"""
-    connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+    connect(user, "${pwd}", context.config.jdbcUrl) {
         sql """DELETE FROM ${dbName}.${tableName} WHERE id = 3;"""
         def del_res = sql """show DELETE from ${dbName}"""
         logger.info("del_res: " + del_res)