[doris] 11/31: [fix](auth)fix not check udf auth in nereids (#25541)

Sun, 22 Oct 2023 09:57:52 -0700 

This is an automated email from the ASF dual-hosted git repository.

kxiao pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/doris.git

commit bf402c3acc172fbbeee0579e5eb317fa4df1d54b
Author: zhangdong <493738...@qq.com>
AuthorDate: Wed Oct 18 16:22:36 2023 +0800

    [fix](auth)fix not check udf auth in nereids (#25541)
---
 .../org/apache/doris/catalog/FunctionRegistry.java |  4 +-
 .../suites/javaudf_p0/test_javaudf_auth.groovy     | 69 ++++++++++++++++++++++
 2 files changed, 72 insertions(+), 1 deletion(-)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java 
b/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java
index 57fcbff6a49..f320f753ec7 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java
@@ -18,6 +18,7 @@
 package org.apache.doris.catalog;
 
 import org.apache.doris.cluster.ClusterNamespace;
+import org.apache.doris.mysql.privilege.PrivPredicate;
 import org.apache.doris.nereids.annotation.Developing;
 import org.apache.doris.nereids.exceptions.AnalysisException;
 import 
org.apache.doris.nereids.trees.expressions.functions.AggStateFunctionBuilder;
@@ -132,7 +133,8 @@ public class FunctionRegistry {
         if (ConnectContext.get() != null) {
             dbName = 
ClusterNamespace.getFullName(ConnectContext.get().getClusterName(),
                     dbName == null ? ConnectContext.get().getDatabase() : 
dbName);
-            if (dbName == null) {
+            if (dbName == null || !Env.getCurrentEnv().getAccessManager()
+                    .checkDbPriv(ConnectContext.get(), dbName, 
PrivPredicate.SELECT)) {
                 scopes = ImmutableList.of(GLOBAL_FUNCTION);
             } else {
                 scopes = ImmutableList.of(dbName, GLOBAL_FUNCTION);
diff --git a/regression-test/suites/javaudf_p0/test_javaudf_auth.groovy 
b/regression-test/suites/javaudf_p0/test_javaudf_auth.groovy
new file mode 100644
index 00000000000..5d08d8d0bd0
--- /dev/null
+++ b/regression-test/suites/javaudf_p0/test_javaudf_auth.groovy
@@ -0,0 +1,69 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+import org.codehaus.groovy.runtime.IOGroovyMethods
+
+import java.nio.charset.StandardCharsets
+import java.nio.file.Files
+import java.nio.file.Paths
+
+suite("test_javaudf_auth") {
+    def jarPath = 
"""${context.file.parent}/jars/java-udf-case-jar-with-dependencies.jar"""
+    log.info("Jar path: ${jarPath}".toString())
+    File path = new File(jarPath)
+    if (!path.exists()) {
+        throw new IllegalStateException("""${jarPath} doesn't exist! """)
+    }
+
+    def tokens = context.config.jdbcUrl.split('/')
+    def url=tokens[0] + "//" + tokens[2] + "/" + "information_schema" + "?"
+
+    def user = 'udf_auth_user'
+    def pwd = '123456'
+    def dbName = 'udf_auth_db'
+
+    try_sql("DROP USER ${user}")
+    try_sql("DROP FUNCTION IF EXISTS java_udf_auth_test(int);")
+    sql """DROP DATABASE IF EXISTS ${dbName}"""
+
+    sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'"""
+    sql """CREATE DATABASE ${dbName}"""
+
+    sql """USE ${dbName}"""
+    sql """ CREATE FUNCTION java_udf_auth_test(int) RETURNS int PROPERTIES (
+        "file"="file://${jarPath}",
+        "symbol"="org.apache.doris.udf.IntTest",
+        "type"="JAVA_UDF"
+    ); """
+    connect(user=user, password="${pwd}", url=url) {
+        try {
+            sql "select ${dbName}.java_udf_auth_test(1)"
+            fail()
+        } catch (Exception e) {
+            log.info(e.getMessage())
+        }
+    }
+
+    sql """GRANT SELECT_PRIV ON ${dbName}.* TO ${user}"""
+    connect(user=user, password="${pwd}", url=url) {
+        try {
+            sql "select ${dbName}.java_udf_auth_test(1)"
+        } catch (Exception e) {
+            fail()
+        }
+    }
+}


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to