From 53d2f8fd3e3f74c680c532f5eccfa33e7018e8f7 Mon Sep 17 00:00:00 2001
From: Mingyu Chen <morningman@163.com>
Date: Mon, 22 Apr 2024 12:40:18 +0800
Subject: [PATCH] [enhance](auth) add show privileges stmt(#32918) (#33951)

bp #32918
Co-authored-by: zhangdong <493738387@qq.com>
---
 fe/fe-core/src/main/cup/sql_parser.cup        |  5 +++
 .../doris/analysis/ShowPrivilegesStmt.java    | 42 +++++++++++++++++++
 .../doris/mysql/privilege/Privilege.java      | 33 ++++++++++-----
 .../org/apache/doris/qe/ShowExecutor.java     | 16 +++++++
 fe/fe-core/src/main/jflex/sql_scanner.flex    |  1 +
 .../account_p0/test_show_privileges.groovy    | 23 ++++++++++
 6 files changed, 109 insertions(+), 11 deletions(-)
 create mode 100644 fe/fe-core/src/main/java/org/apache/doris/analysis/ShowPrivilegesStmt.java
 create mode 100644 regression-test/suites/account_p0/test_show_privileges.groovy

diff --git a/fe/fe-core/src/main/cup/sql_parser.cup b/fe/fe-core/src/main/cup/sql_parser.cup
index 10c5977ddf..85c2033bcd 100644
--- a/fe/fe-core/src/main/cup/sql_parser.cup
+++ b/fe/fe-core/src/main/cup/sql_parser.cup
@@ -533,6 +533,7 @@ terminal String
     KW_PRECEDING,
     KW_PERCENT,
     KW_RECYCLE,
+    KW_PRIVILEGES,
     KW_PROC,
     KW_PROCEDURE,
     KW_PROCESSLIST,
@@ -4287,6 +4288,10 @@ show_param ::=
     {:
         RESULT = new ShowRolesStmt();
     :}
+    | KW_PRIVILEGES
+    {:
+        RESULT = new ShowPrivilegesStmt();
+    :}
     | opt_full opt_builtin:isBuiltin KW_FUNCTIONS opt_db:dbName opt_wild_where
     {:
         RESULT = new ShowFunctionsStmt(dbName, isBuiltin, parser.isVerbose, parser.wild, parser.where);
diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowPrivilegesStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowPrivilegesStmt.java
new file mode 100644
index 0000000000..31f2d0edea
--- /dev/null
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowPrivilegesStmt.java
@@ -0,0 +1,42 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.doris.analysis;
+
+import org.apache.doris.catalog.Column;
+import org.apache.doris.catalog.ScalarType;
+import org.apache.doris.qe.ShowResultSetMetaData;
+
+public class ShowPrivilegesStmt extends ShowStmt {
+    private static final ShowResultSetMetaData META_DATA;
+
+    static {
+        ShowResultSetMetaData.Builder builder = ShowResultSetMetaData.builder();
+
+        builder.addColumn(new Column("Privilege", ScalarType.createVarchar(100)));
+        builder.addColumn(new Column("Context", ScalarType.createVarchar(100)));
+        builder.addColumn(new Column("Comment", ScalarType.createVarchar(100)));
+
+        META_DATA = builder.build();
+    }
+
+    @Override
+    public ShowResultSetMetaData getMetaData() {
+        return META_DATA;
+    }
+
+}
diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Privilege.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Privilege.java
index 1c4a16c072..db1ece7c80 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Privilege.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Privilege.java
@@ -22,16 +22,17 @@ import com.google.common.collect.ImmutableMap;
 import java.util.Map;
 
 public enum Privilege {
-    NODE_PRIV("Node_priv", 0, "Privilege for cluster node operations"),
-    ADMIN_PRIV("Admin_priv", 1, "Privilege for admin user"),
-    GRANT_PRIV("Grant_priv", 2, "Privilege for granting privilege"),
-    SELECT_PRIV("Select_priv", 3, "Privilege for select data in tables"),
-    LOAD_PRIV("Load_priv", 4, "Privilege for loading data into tables"),
-    ALTER_PRIV("Alter_priv", 5, "Privilege for alter database or table"),
-    CREATE_PRIV("Create_priv", 6, "Privilege for creating database or table"),
-    DROP_PRIV("Drop_priv", 7, "Privilege for dropping database or table"),
-    USAGE_PRIV("Usage_priv", 8, "Privilege for using resource or workloadGroup"),
-    SHOW_VIEW_PRIV("Show_view_priv", 9, "Privilege for show create view");
+    NODE_PRIV("Node_priv", 0, "Privilege for cluster node operations", "GLOBAL"),
+    ADMIN_PRIV("Admin_priv", 1, "Privilege for admin user", "GLOBAL"),
+    GRANT_PRIV("Grant_priv", 2, "Privilege for granting privilege",
+            "GLOBAL,CATALOG,DATABASE,TABLE,RESOURCE,WORKLOAD GROUP"),
+    SELECT_PRIV("Select_priv", 3, "Privilege for select data in tables", "GLOBAL,CATALOG,DATABASE,TABLE"),
+    LOAD_PRIV("Load_priv", 4, "Privilege for loading data into tables", "GLOBAL,CATALOG,DATABASE,TABLE"),
+    ALTER_PRIV("Alter_priv", 5, "Privilege for alter database or table", "GLOBAL,CATALOG,DATABASE,TABLE"),
+    CREATE_PRIV("Create_priv", 6, "Privilege for creating database or table", "GLOBAL,CATALOG,DATABASE,TABLE"),
+    DROP_PRIV("Drop_priv", 7, "Privilege for dropping database or table", "GLOBAL,CATALOG,DATABASE,TABLE"),
+    USAGE_PRIV("Usage_priv", 8, "Privilege for using resource or workloadGroup", "RESOURCE,WORKLOAD GROUP"),
+    SHOW_VIEW_PRIV("Show_view_priv", 9, "Privilege for show create view", "GLOBAL,CATALOG,DATABASE,TABLE");
 
     public static Privilege[] privileges = {
             NODE_PRIV,
@@ -88,11 +89,13 @@ public enum Privilege {
     private String name;
     private int idx;
     private String desc;
+    private String context;
 
-    private Privilege(String name, int index, String desc) {
+    private Privilege(String name, int index, String desc, String context) {
         this.name = name;
         this.idx = index;
         this.desc = desc;
+        this.context = context;
     }
 
     public String getName() {
@@ -107,6 +110,14 @@ public enum Privilege {
         return desc;
     }
 
+    public String getContext() {
+        return context;
+    }
+
+    public boolean isDeprecated() {
+        return idx >= 9 && idx <= 11;
+    }
+
     public static Privilege getPriv(int index) {
         if (index < 0 || index > Privilege.values().length - 1) {
             return null;
diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java
index 406bd12be5..abc6d4a32f 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java
@@ -71,6 +71,7 @@ import org.apache.doris.analysis.ShowPartitionIdStmt;
 import org.apache.doris.analysis.ShowPartitionsStmt;
 import org.apache.doris.analysis.ShowPluginsStmt;
 import org.apache.doris.analysis.ShowPolicyStmt;
+import org.apache.doris.analysis.ShowPrivilegesStmt;
 import org.apache.doris.analysis.ShowProcStmt;
 import org.apache.doris.analysis.ShowProcesslistStmt;
 import org.apache.doris.analysis.ShowQueryProfileStmt;
@@ -190,6 +191,7 @@ import org.apache.doris.load.LoadJob.JobState;
 import org.apache.doris.load.loadv2.LoadManager;
 import org.apache.doris.load.routineload.RoutineLoadJob;
 import org.apache.doris.mysql.privilege.PrivPredicate;
+import org.apache.doris.mysql.privilege.Privilege;
 import org.apache.doris.statistics.AnalysisInfo;
 import org.apache.doris.statistics.ColumnStatistic;
 import org.apache.doris.statistics.Histogram;
@@ -367,6 +369,8 @@ public class ShowExecutor {
             handleShowGrants();
         } else if (stmt instanceof ShowRolesStmt) {
             handleShowRoles();
+        } else if (stmt instanceof ShowPrivilegesStmt) {
+            handleShowPrivileges();
         } else if (stmt instanceof ShowTrashStmt) {
             handleShowTrash();
         } else if (stmt instanceof ShowTrashDiskStmt) {
@@ -2175,6 +2179,18 @@ public class ShowExecutor {
         resultSet = new ShowResultSet(showStmt.getMetaData(), infos);
     }
 
+    private void handleShowPrivileges() {
+        ShowPrivilegesStmt showStmt = (ShowPrivilegesStmt) stmt;
+        List<List<String>> infos = Lists.newArrayList();
+        Privilege[] values = Privilege.values();
+        for (Privilege privilege : values) {
+            if (!privilege.isDeprecated()) {
+                infos.add(Lists.newArrayList(privilege.getName(), privilege.getContext(), privilege.getDesc()));
+            }
+        }
+        resultSet = new ShowResultSet(showStmt.getMetaData(), infos);
+    }
+
     private void handleShowTrash() {
         ShowTrashStmt showStmt = (ShowTrashStmt) stmt;
         List<List<String>> infos = Lists.newArrayList();
diff --git a/fe/fe-core/src/main/jflex/sql_scanner.flex b/fe/fe-core/src/main/jflex/sql_scanner.flex
index 6dd7fb9452..11ceee1b7e 100644
--- a/fe/fe-core/src/main/jflex/sql_scanner.flex
+++ b/fe/fe-core/src/main/jflex/sql_scanner.flex
@@ -379,6 +379,7 @@ import org.apache.doris.qe.SqlModeHelper;
         keywordMap.put("policy", new Integer(SqlParserSymbols.KW_POLICY));
         keywordMap.put("preceding", new Integer(SqlParserSymbols.KW_PRECEDING));
         keywordMap.put("percent", new Integer(SqlParserSymbols.KW_PERCENT));
+        keywordMap.put("privileges", new Integer(SqlParserSymbols.KW_PRIVILEGES));
         keywordMap.put("proc", new Integer(SqlParserSymbols.KW_PROC));
         keywordMap.put("procedure", new Integer(SqlParserSymbols.KW_PROCEDURE));
         keywordMap.put("processlist", new Integer(SqlParserSymbols.KW_PROCESSLIST));
diff --git a/regression-test/suites/account_p0/test_show_privileges.groovy b/regression-test/suites/account_p0/test_show_privileges.groovy
new file mode 100644
index 0000000000..d637d54a35
--- /dev/null
+++ b/regression-test/suites/account_p0/test_show_privileges.groovy
@@ -0,0 +1,23 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+import org.junit.Assert;
+
+suite("test_show_privileges") {
+    // only check syntax
+    sql """show privileges"""
+}