Re: [PR] [fix](auth)Http api check auth [doris]

Wed, 11 Sep 2024 21:22:38 -0700 


morningman commented on code in PR #40688:
URL: https://github.com/apache/doris/pull/40688#discussion_r1756088150


##########
fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/ShowAction.java:
##########
@@ -212,18 +214,25 @@ public Object show_data(HttpServletRequest request, 
HttpServletResponse response
 
     @RequestMapping(path = "/api/show_table_data", method = RequestMethod.GET)
     public Object show_table_data(HttpServletRequest request, 
HttpServletResponse response) {
-        if (Config.enable_all_http_auth) {
-            executeCheckPassword(request, response);
-            checkGlobalAuth(ConnectContext.get().getCurrentUserIdentity(), 
PrivPredicate.ADMIN);
-        }
+        executeCheckPassword(request, response);
 
         String dbName = request.getParameter(DB_KEY);
         String tableName = request.getParameter(TABLE_KEY);
+
+        if (StringUtils.isEmpty(dbName) && StringUtils.isEmpty(tableName)) {
+            return ResponseEntityBuilder.okWithCommonError("dbName and 
tableName cannot be empty at the same time");

Review Comment:
   ```suggestion
               return ResponseEntityBuilder.okWithCommonError("db and table 
cannot be empty at the same time");
   ```



##########
fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/MetaInfoAction.java:
##########
@@ -105,18 +105,18 @@ public Object getAllDatabases(
         for (String fullName : dbNames) {
             final String db = ClusterNamespace.getNameFromFullName(fullName);
             if (!Env.getCurrentEnv().getAccessManager()
-                    .checkDbPriv(ConnectContext.get(), 
InternalCatalog.INTERNAL_CATALOG_NAME, fullName,
+                    .checkDbPriv(ConnectContext.get(), ns, fullName,
                             PrivPredicate.SHOW)) {
                 continue;
             }
             dbNameSet.add(db);
         }
 
-        Collections.sort(dbNames);
+        Collections.sort(dbNameSet);

Review Comment:
   rename to `filteredDbNames`



##########
fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/ShowAction.java:
##########
@@ -236,6 +245,11 @@ public Object show_table_data(HttpServletRequest request, 
HttpServletResponse re
                 if (db == null || !(db instanceof Database) || ((Database) db) 
instanceof MysqlCompatibleDatabase) {
                     continue;
                 }
+                if (!Env.getCurrentEnv().getAccessManager()

Review Comment:
   ditto



##########
fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/ShowAction.java:
##########
@@ -212,18 +214,25 @@ public Object show_data(HttpServletRequest request, 
HttpServletResponse response
 
     @RequestMapping(path = "/api/show_table_data", method = RequestMethod.GET)
     public Object show_table_data(HttpServletRequest request, 
HttpServletResponse response) {
-        if (Config.enable_all_http_auth) {
-            executeCheckPassword(request, response);
-            checkGlobalAuth(ConnectContext.get().getCurrentUserIdentity(), 
PrivPredicate.ADMIN);
-        }
+        executeCheckPassword(request, response);
 
         String dbName = request.getParameter(DB_KEY);
         String tableName = request.getParameter(TABLE_KEY);
+
+        if (StringUtils.isEmpty(dbName) && StringUtils.isEmpty(tableName)) {
+            return ResponseEntityBuilder.okWithCommonError("dbName and 
tableName cannot be empty at the same time");
+        }
+
         String singleReplica = request.getParameter(SINGLE_REPLICA_KEY);
         boolean singleReplicaBool = Boolean.parseBoolean(singleReplica);
         Map<String, Map<String, Long>> oneEntry = Maps.newHashMap();
+        UserIdentity user = ConnectContext.get().getCurrentUserIdentity();

Review Comment:
   Add `if (Config.enable_all_http_auth)`
   Only check auth when enable_all_http_auth is true



##########
fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/ShowAction.java:
##########
@@ -212,18 +214,25 @@ public Object show_data(HttpServletRequest request, 
HttpServletResponse response
 
     @RequestMapping(path = "/api/show_table_data", method = RequestMethod.GET)
     public Object show_table_data(HttpServletRequest request, 
HttpServletResponse response) {
-        if (Config.enable_all_http_auth) {
-            executeCheckPassword(request, response);
-            checkGlobalAuth(ConnectContext.get().getCurrentUserIdentity(), 
PrivPredicate.ADMIN);
-        }
+        executeCheckPassword(request, response);

Review Comment:
   keep `if (Config.enable_all_http_auth)`



##########
fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/ShowAction.java:
##########
@@ -331,6 +345,12 @@ private Map<String, Long> getDataSizeOfTables(DatabaseIf 
db, String tableName, b
             if (Strings.isNullOrEmpty(tableName)) {
                 List<Table> tables = db.getTables();
                 for (Table table : tables) {
+                    if (!Env.getCurrentEnv().getAccessManager()

Review Comment:
   ditto



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to