From ad74fb0068553c9f47d80c1ef92b3f9e5cf2f7fe Mon Sep 17 00:00:00 2001
From: 0xacc <heyongyi1998@gmail.com>
Date: Tue, 22 Aug 2023 09:18:19 +0000
Subject: [PATCH] [CP] [to #51373389] fix user privilege check of AUTHID
 DEFINER routines

---
 src/sql/engine/expr/ob_expr_user_can_access_obj.cpp | 8 ++++++--
 src/sql/engine/expr/ob_expr_userenv.cpp             | 7 ++++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/sql/engine/expr/ob_expr_user_can_access_obj.cpp b/src/sql/engine/expr/ob_expr_user_can_access_obj.cpp
index bab13d7242..3b55548888 100644
--- a/src/sql/engine/expr/ob_expr_user_can_access_obj.cpp
+++ b/src/sql/engine/expr/ob_expr_user_can_access_obj.cpp
@@ -258,16 +258,20 @@ int ObExprUserCanAccessObj::check_user_access_obj(
   }
   if (OB_SUCC(ret) && syn_base_obj_exists) {
     uint64_t dbid = OB_INVALID_ID;
+    const ObUserInfo *user_info = schema_guard->get_user_info(
+                                    session->get_effective_tenant_id(),
+                                    session->get_priv_user_id());
     OZ (build_raw_obj_priv(obj_type, raw_obj_priv_array));
+
     /* get dbid of same name as user */
     OZ (schema_guard->get_database_id(session->get_effective_tenant_id(),
-                                      session->get_user_name(),
+                                      user_info ? user_info->get_user_name_str() : session->get_user_name(),
                                       dbid));
     OZX2 (ObOraSysChecker::check_ora_obj_privs_or(
                 *schema_guard,
                 session->get_effective_tenant_id(),
                 dbid,   /* userid */
-                session->get_user_id(),
+                user_info ? user_info->get_user_id() : session->get_user_id(),
                 ObString(""),
                 obj_id,    /* object id */
                 OBJ_LEVEL_FOR_TAB_PRIV,
diff --git a/src/sql/engine/expr/ob_expr_userenv.cpp b/src/sql/engine/expr/ob_expr_userenv.cpp
index c97bdb1b93..7403158004 100644
--- a/src/sql/engine/expr/ob_expr_userenv.cpp
+++ b/src/sql/engine/expr/ob_expr_userenv.cpp
@@ -204,12 +204,17 @@ int ObExprUserEnv::eval_schemaid_result1(const ObExpr &expr, ObEvalCtx &ctx, ObD
       // 所以在这里，ob返回databaseid，即user名字对应的相同名字的database的id
       uint64_t dbid = OB_INVALID_ID;
       share::schema::ObSchemaGetterGuard schema_guard;
+      const ObUserInfo *user_info = nullptr;
       if (OB_FAIL(ObExprSysContext::get_schema_guard(schema_guard,
                   ctx.exec_ctx_.get_my_session()->get_effective_tenant_id()))) {
         LOG_WARN("failed to get schema guard", K(ret));
+      } else if (FALSE_IT(user_info = schema_guard.get_user_info(
+                  ctx.exec_ctx_.get_my_session()->get_effective_tenant_id(),
+                  ctx.exec_ctx_.get_my_session()->get_priv_user_id()))) {
+        // do nothing
       } else if (OB_FAIL(schema_guard.get_database_id(
         ctx.exec_ctx_.get_my_session()->get_effective_tenant_id(),
-        ctx.exec_ctx_.get_my_session()->get_user_name(),
+        user_info ? user_info->get_user_name_str() : ctx.exec_ctx_.get_my_session()->get_user_name(),
         dbid))) {
         LOG_WARN("fail to get database id", K(ret));
       } else {