database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[fix](auth)Fix no priv to insert to mysql catalog (#25678)

Browse Source 
fix user can not insert to mysql catalog even if he has load permission
This commit is contained in:
zhangdong
2023-10-30 10:59:53 +08:00
committed by GitHub
parent 15ba886725
commit d47a946aab
2 changed files with 34 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
fe/fe-core/src/main/java/org/apache/doris/analysis/NativeInsertStmt.java
View File

@ -278,16 +278,17 @@ public class NativeInsertStmt extends InsertStmt {
}
String dbName = tblName.getDb();
String tableName = tblName.getTbl();
String ctlName = tblName.getCtl();
// check exist
DatabaseIf db = analyzer.getEnv().getCatalogMgr().getCatalog(tblName.getCtl()).getDbOrAnalysisException(dbName);
TableIf table = db.getTableOrAnalysisException(tblName.getTbl());
// check access
if (!Env.getCurrentEnv().getAccessManager()
.checkTblPriv(ConnectContext.get(), dbName, tableName, PrivPredicate.LOAD)) {
.checkTblPriv(ConnectContext.get(), ctlName, dbName, tableName, PrivPredicate.LOAD)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "LOAD",
ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(),
dbName + ": " + tableName);
ctlName + ": " + dbName + ": " + tableName);
}
tableMap.put(table.getId(), table);
@ -334,11 +335,13 @@ public class NativeInsertStmt extends InsertStmt {
}
// Check privilege
if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tblName.getDb(),
tblName.getTbl(), PrivPredicate.LOAD)) {
if (!Env.getCurrentEnv().getAccessManager()
.checkTblPriv(ConnectContext.get(), tblName.getCtl(), tblName.getDb(),
tblName.getTbl(), PrivPredicate.LOAD)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "LOAD",
ConnectContext.get().getQualifiedUser(),
ConnectContext.get().getRemoteIP(), tblName.getDb() + ": " + tblName.getTbl());
ConnectContext.get().getRemoteIP(),
tblName.getCtl() + ": " + tblName.getDb() + ": " + tblName.getTbl());
}
// check partition