[doris] branch branch-1.2-lts updated: [fix](auth)fix show tables do not display select_ priv permission table for 1.2 (#23719)

Thu, 31 Aug 2023 08:51:17 -0700 

This is an automated email from the ASF dual-hosted git repository.

morningman pushed a commit to branch branch-1.2-lts
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/branch-1.2-lts by this push:
     new 4c201f9667 [fix](auth)fix show tables do not display select_ priv 
permission table for 1.2 (#23719)
4c201f9667 is described below

commit 4c201f966787ed9ce30b560f6fd82610612ea412
Author: zhangdong <493738...@qq.com>
AuthorDate: Thu Aug 31 23:51:06 2023 +0800

    [fix](auth)fix show tables do not display select_ priv permission table for 
1.2 (#23719)
    
    not pick from master, so do not have pr in master
---
 .../java/org/apache/doris/mysql/privilege/PaloAuth.java    | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PaloAuth.java 
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PaloAuth.java
index 4db3fc8251..3b5990a387 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PaloAuth.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PaloAuth.java
@@ -57,6 +57,7 @@ import org.apache.doris.persist.LdapInfo;
 import org.apache.doris.persist.PrivInfo;
 import org.apache.doris.qe.ConnectContext;
 import org.apache.doris.resource.Tag;
+import org.apache.doris.system.SystemInfoService;
 import org.apache.doris.thrift.TFetchResourceResult;
 import org.apache.doris.thrift.TPrivilegeStatus;
 
@@ -430,16 +431,17 @@ public class PaloAuth implements Writable {
                     currentUser, db);
             return false;
         }
-
+        String qualifiedDb = 
ClusterNamespace.getFullName(SystemInfoService.DEFAULT_CLUSTER, db);
         PrivBitSet savedPrivs = PrivBitSet.of();
         if (checkGlobalInternal(currentUser, wanted, savedPrivs)
                 || checkCatalogInternal(currentUser, ctl, wanted, savedPrivs)
-                || checkDbInternal(currentUser, ctl, db, wanted, savedPrivs)) {
+                || checkDbInternal(currentUser, ctl, qualifiedDb, wanted, 
savedPrivs)) {
             return true;
         }
 
         // if user has any privs of table in this db, and the wanted priv is 
SHOW, return true
-        if (ctl != null && db != null && wanted == PrivPredicate.SHOW && 
checkAnyPrivWithinDb(currentUser, ctl, db)) {
+        if (ctl != null && qualifiedDb != null && wanted == PrivPredicate.SHOW 
&& checkAnyPrivWithinDb(currentUser, ctl,
+                qualifiedDb)) {
             return true;
         }
 
@@ -496,12 +498,12 @@ public class PaloAuth implements Writable {
             LOG.debug("should check NODE priv in GLOBAL level. user: {}, db: 
{}, tbl: {}", currentUser, db, tbl);
             return false;
         }
-
+        String qualifiedDb = 
ClusterNamespace.getFullName(SystemInfoService.DEFAULT_CLUSTER, db);
         PrivBitSet savedPrivs = PrivBitSet.of();
         if (checkGlobalInternal(currentUser, wanted, savedPrivs)
                 || checkCatalogInternal(currentUser, ctl, wanted, savedPrivs)
-                || checkDbInternal(currentUser, ctl, db, wanted, savedPrivs)
-                || checkTblInternal(currentUser, ctl, db, tbl, wanted, 
savedPrivs)) {
+                || checkDbInternal(currentUser, ctl, qualifiedDb, wanted, 
savedPrivs)
+                || checkTblInternal(currentUser, ctl, qualifiedDb, tbl, 
wanted, savedPrivs)) {
             return true;
         }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to