(doris) 01/27: [fix](auth)remove the key when priv is empty (#29522)

[yiguolei]

This is an automated email from the ASF dual-hosted git repository.

yiguolei pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/doris.git

commit ed3c8bba87cc342ca208aff89232b62556819736
Author: zhangdong <493738...@qq.com>
AuthorDate: Thu Jan 11 14:45:43 2024 +0800

    [fix](auth)remove the key when priv is empty (#29522)
    
    - remove the key when priv is empty
    - check priv when create mv
---
 .../apache/doris/analysis/CreateMaterializedViewStmt.java   | 13 ++++++++++++-
 .../main/java/org/apache/doris/mysql/privilege/Role.java    |  3 +++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
index f40033ed3cd..4122b4f0d09 100644
--- 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
+++ 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
@@ -29,9 +29,13 @@ import org.apache.doris.catalog.PrimitiveType;
 import org.apache.doris.catalog.Type;
 import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.DdlException;
+import org.apache.doris.common.ErrorCode;
+import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.FeConstants;
 import org.apache.doris.common.FeNameFormat;
 import org.apache.doris.common.UserException;
+import org.apache.doris.mysql.privilege.PrivPredicate;
+import org.apache.doris.qe.ConnectContext;
 import org.apache.doris.rewrite.ExprRewriter;
 import org.apache.doris.rewrite.mvrewrite.CountFieldToSum;
 
@@ -228,6 +232,13 @@ public class CreateMaterializedViewStmt extends DdlStmt {
             throw new AnalysisException("The limit clause is not supported in 
add materialized view clause, expr:"
                     + " limit " + selectStmt.getLimit());
         }
+
+        // check access
+        if (!isReplay && ConnectContext.get() != null && 
!Env.getCurrentEnv().getAccessManager()
+                .checkTblPriv(ConnectContext.get(), dbName,
+                        baseIndexName, PrivPredicate.ALTER)) {
+            
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, 
"ALTER");
+        }
     }
 
     public void analyzeSelectClause(Analyzer analyzer) throws 
AnalysisException {
@@ -631,7 +642,7 @@ public class CreateMaterializedViewStmt extends DdlStmt {
 
     public static String mvColumnBuilder(Optional<String> functionName, String 
sourceColumnName) {
         return functionName.map(s -> mvAggregateColumnBuilder(s, 
sourceColumnName))
-                    .orElseGet(() -> mvColumnBuilder(sourceColumnName));
+                .orElseGet(() -> mvColumnBuilder(sourceColumnName));
     }
 
     public static String mvColumnBreaker(String name) {
diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java 
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
index 9449d7441fb..583184609f4 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
@@ -628,6 +628,9 @@ public class Role implements Writable, GsonPostProcessable {
             return;
         }
         existingPriv.remove(privs);
+        if (existingPriv.isEmpty()) {
+            tblPatternToPrivs.remove(tblPattern);
+        }
         revokePrivs(tblPattern, privs);
         revokeCols(colPrivileges);
     }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org