From ed3c8bba87cc342ca208aff89232b62556819736 Mon Sep 17 00:00:00 2001 From: zhangdong <493738387@qq.com> Date: Thu, 11 Jan 2024 14:45:43 +0800 Subject: [PATCH] [fix](auth)remove the key when priv is empty (#29522) - remove the key when priv is empty - check priv when create mv --- .../doris/analysis/CreateMaterializedViewStmt.java | 13 ++++++++++++- .../java/org/apache/doris/mysql/privilege/Role.java | 3 +++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java index f40033ed3c..4122b4f0d0 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java @@ -29,9 +29,13 @@ import org.apache.doris.catalog.PrimitiveType; import org.apache.doris.catalog.Type; import org.apache.doris.common.AnalysisException; import org.apache.doris.common.DdlException; +import org.apache.doris.common.ErrorCode; +import org.apache.doris.common.ErrorReport; import org.apache.doris.common.FeConstants; import org.apache.doris.common.FeNameFormat; import org.apache.doris.common.UserException; +import org.apache.doris.mysql.privilege.PrivPredicate; +import org.apache.doris.qe.ConnectContext; import org.apache.doris.rewrite.ExprRewriter; import org.apache.doris.rewrite.mvrewrite.CountFieldToSum; @@ -228,6 +232,13 @@ public class CreateMaterializedViewStmt extends DdlStmt { throw new AnalysisException("The limit clause is not supported in add materialized view clause, expr:" + " limit " + selectStmt.getLimit()); } + + // check access + if (!isReplay && ConnectContext.get() != null && !Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), dbName, + baseIndexName, PrivPredicate.ALTER)) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "ALTER"); + } } public void analyzeSelectClause(Analyzer analyzer) throws AnalysisException { @@ -631,7 +642,7 @@ public class CreateMaterializedViewStmt extends DdlStmt { public static String mvColumnBuilder(Optional functionName, String sourceColumnName) { return functionName.map(s -> mvAggregateColumnBuilder(s, sourceColumnName)) - .orElseGet(() -> mvColumnBuilder(sourceColumnName)); + .orElseGet(() -> mvColumnBuilder(sourceColumnName)); } public static String mvColumnBreaker(String name) { diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java index 9449d7441f..583184609f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java @@ -628,6 +628,9 @@ public class Role implements Writable, GsonPostProcessable { return; } existingPriv.remove(privs); + if (existingPriv.isEmpty()) { + tblPatternToPrivs.remove(tblPattern); + } revokePrivs(tblPattern, privs); revokeCols(colPrivileges); }