[enhance](auth) add show privileges stmt(#32918) (#33951)

bp #32918 Co-authored-by: zhangdong <493738387@qq.com>
2024-04-22 12:40:18 +08:00
parent e384b495e3
commit 53d2f8fd3e
6 changed files with 109 additions and 11 deletions
--- a/fe/fe-core/src/main/cup/sql_parser.cup
+++ b/fe/fe-core/src/main/cup/sql_parser.cup
@ -533,6 +533,7 @@ terminal String
    KW_PRECEDING,
    KW_PERCENT,
    KW_RECYCLE,
+    KW_PRIVILEGES,
    KW_PROC,
    KW_PROCEDURE,
    KW_PROCESSLIST,
@ -4287,6 +4288,10 @@ show_param ::=
    {:
        RESULT = new ShowRolesStmt();
    :}
+    | KW_PRIVILEGES
+    {:
+        RESULT = new ShowPrivilegesStmt();
+    :}
    | opt_full opt_builtin:isBuiltin KW_FUNCTIONS opt_db:dbName opt_wild_where
    {:
        RESULT = new ShowFunctionsStmt(dbName, isBuiltin, parser.isVerbose, parser.wild, parser.where);
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowPrivilegesStmt.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowPrivilegesStmt.java
@ -0,0 +1,42 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.doris.analysis;
+
+import org.apache.doris.catalog.Column;
+import org.apache.doris.catalog.ScalarType;
+import org.apache.doris.qe.ShowResultSetMetaData;
+
+public class ShowPrivilegesStmt extends ShowStmt {
+    private static final ShowResultSetMetaData META_DATA;
+
+    static {
+        ShowResultSetMetaData.Builder builder = ShowResultSetMetaData.builder();
+
+        builder.addColumn(new Column("Privilege", ScalarType.createVarchar(100)));
+        builder.addColumn(new Column("Context", ScalarType.createVarchar(100)));
+        builder.addColumn(new Column("Comment", ScalarType.createVarchar(100)));
+
+        META_DATA = builder.build();
+    }
+
+    @Override
+    public ShowResultSetMetaData getMetaData() {
+        return META_DATA;
+    }
+
+}
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Privilege.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Privilege.java
@ -22,16 +22,17 @@ import com.google.common.collect.ImmutableMap;
 import java.util.Map;

 public enum Privilege {
-    NODE_PRIV("Node_priv", 0, "Privilege for cluster node operations"),
-    ADMIN_PRIV("Admin_priv", 1, "Privilege for admin user"),
-    GRANT_PRIV("Grant_priv", 2, "Privilege for granting privilege"),
-    SELECT_PRIV("Select_priv", 3, "Privilege for select data in tables"),
-    LOAD_PRIV("Load_priv", 4, "Privilege for loading data into tables"),
-    ALTER_PRIV("Alter_priv", 5, "Privilege for alter database or table"),
-    CREATE_PRIV("Create_priv", 6, "Privilege for creating database or table"),
-    DROP_PRIV("Drop_priv", 7, "Privilege for dropping database or table"),
-    USAGE_PRIV("Usage_priv", 8, "Privilege for using resource or workloadGroup"),
-    SHOW_VIEW_PRIV("Show_view_priv", 9, "Privilege for show create view");
+    NODE_PRIV("Node_priv", 0, "Privilege for cluster node operations", "GLOBAL"),
+    ADMIN_PRIV("Admin_priv", 1, "Privilege for admin user", "GLOBAL"),
+    GRANT_PRIV("Grant_priv", 2, "Privilege for granting privilege",
+            "GLOBAL,CATALOG,DATABASE,TABLE,RESOURCE,WORKLOAD GROUP"),
+    SELECT_PRIV("Select_priv", 3, "Privilege for select data in tables", "GLOBAL,CATALOG,DATABASE,TABLE"),
+    LOAD_PRIV("Load_priv", 4, "Privilege for loading data into tables", "GLOBAL,CATALOG,DATABASE,TABLE"),
+    ALTER_PRIV("Alter_priv", 5, "Privilege for alter database or table", "GLOBAL,CATALOG,DATABASE,TABLE"),
+    CREATE_PRIV("Create_priv", 6, "Privilege for creating database or table", "GLOBAL,CATALOG,DATABASE,TABLE"),
+    DROP_PRIV("Drop_priv", 7, "Privilege for dropping database or table", "GLOBAL,CATALOG,DATABASE,TABLE"),
+    USAGE_PRIV("Usage_priv", 8, "Privilege for using resource or workloadGroup", "RESOURCE,WORKLOAD GROUP"),
+    SHOW_VIEW_PRIV("Show_view_priv", 9, "Privilege for show create view", "GLOBAL,CATALOG,DATABASE,TABLE");

    public static Privilege[] privileges = {
            NODE_PRIV,
@ -88,11 +89,13 @@ public enum Privilege {
    private String name;
    private int idx;
    private String desc;
+    private String context;

-    private Privilege(String name, int index, String desc) {
+    private Privilege(String name, int index, String desc, String context) {
        this.name = name;
        this.idx = index;
        this.desc = desc;
+        this.context = context;
    }

    public String getName() {
@ -107,6 +110,14 @@ public enum Privilege {
        return desc;
    }

+    public String getContext() {
+        return context;
+    }
+
+    public boolean isDeprecated() {
+        return idx >= 9 && idx <= 11;
+    }
+
    public static Privilege getPriv(int index) {
        if (index < 0 || index > Privilege.values().length - 1) {
            return null;
--- a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java
@ -71,6 +71,7 @@ import org.apache.doris.analysis.ShowPartitionIdStmt;
 import org.apache.doris.analysis.ShowPartitionsStmt;
 import org.apache.doris.analysis.ShowPluginsStmt;
 import org.apache.doris.analysis.ShowPolicyStmt;
+import org.apache.doris.analysis.ShowPrivilegesStmt;
 import org.apache.doris.analysis.ShowProcStmt;
 import org.apache.doris.analysis.ShowProcesslistStmt;
 import org.apache.doris.analysis.ShowQueryProfileStmt;
@ -190,6 +191,7 @@ import org.apache.doris.load.LoadJob.JobState;
 import org.apache.doris.load.loadv2.LoadManager;
 import org.apache.doris.load.routineload.RoutineLoadJob;
 import org.apache.doris.mysql.privilege.PrivPredicate;
+import org.apache.doris.mysql.privilege.Privilege;
 import org.apache.doris.statistics.AnalysisInfo;
 import org.apache.doris.statistics.ColumnStatistic;
 import org.apache.doris.statistics.Histogram;
@ -367,6 +369,8 @@ public class ShowExecutor {
            handleShowGrants();
        } else if (stmt instanceof ShowRolesStmt) {
            handleShowRoles();
+        } else if (stmt instanceof ShowPrivilegesStmt) {
+            handleShowPrivileges();
        } else if (stmt instanceof ShowTrashStmt) {
            handleShowTrash();
        } else if (stmt instanceof ShowTrashDiskStmt) {
@ -2175,6 +2179,18 @@ public class ShowExecutor {
        resultSet = new ShowResultSet(showStmt.getMetaData(), infos);
    }

+    private void handleShowPrivileges() {
+        ShowPrivilegesStmt showStmt = (ShowPrivilegesStmt) stmt;
+        List<List<String>> infos = Lists.newArrayList();
+        Privilege[] values = Privilege.values();
+        for (Privilege privilege : values) {
+            if (!privilege.isDeprecated()) {
+                infos.add(Lists.newArrayList(privilege.getName(), privilege.getContext(), privilege.getDesc()));
+            }
+        }
+        resultSet = new ShowResultSet(showStmt.getMetaData(), infos);
+    }
+
    private void handleShowTrash() {
        ShowTrashStmt showStmt = (ShowTrashStmt) stmt;
        List<List<String>> infos = Lists.newArrayList();
--- a/fe/fe-core/src/main/jflex/sql_scanner.flex
+++ b/fe/fe-core/src/main/jflex/sql_scanner.flex
@ -379,6 +379,7 @@ import org.apache.doris.qe.SqlModeHelper;
        keywordMap.put("policy", new Integer(SqlParserSymbols.KW_POLICY));
        keywordMap.put("preceding", new Integer(SqlParserSymbols.KW_PRECEDING));
        keywordMap.put("percent", new Integer(SqlParserSymbols.KW_PERCENT));
+        keywordMap.put("privileges", new Integer(SqlParserSymbols.KW_PRIVILEGES));
        keywordMap.put("proc", new Integer(SqlParserSymbols.KW_PROC));
        keywordMap.put("procedure", new Integer(SqlParserSymbols.KW_PROCEDURE));
        keywordMap.put("processlist", new Integer(SqlParserSymbols.KW_PROCESSLIST));
--- a/regression-test/suites/account_p0/test_show_privileges.groovy
+++ b/regression-test/suites/account_p0/test_show_privileges.groovy
@ -0,0 +1,23 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+import org.junit.Assert;
+
+suite("test_show_privileges") {
+    // only check syntax
+    sql """show privileges"""
+}