This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new d2a574a084b [fix](auth)Delete from should not check select_priv
(#49239)
d2a574a084b is described below
commit d2a574a084b02bab811c494435efd3b88336823d
Author: zhangdong <zhangd...@selectdb.com>
AuthorDate: Fri Mar 28 11:56:41 2025 +0800
[fix](auth)Delete from should not check select_priv (#49239)
### What problem does this PR solve?
Problem Summary:
Delete from should not check select_priv
---
.../doris/nereids/trees/plans/commands/DeleteFromCommand.java | 9 ++++++++-
.../suites/auth_call/test_dml_delete_table_auth.groovy | 9 ---------
2 files changed, 8 insertions(+), 10 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
index 69ddcafaebe..896f7520683 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
@@ -128,7 +128,14 @@ public class DeleteFromCommand extends Command implements
ForwardWithSync, Expla
LogicalPlanAdapter logicalPlanAdapter = new
LogicalPlanAdapter(logicalQuery, ctx.getStatementContext());
updateSessionVariableForDelete(ctx.getSessionVariable());
NereidsPlanner planner = new NereidsPlanner(ctx.getStatementContext());
- planner.plan(logicalPlanAdapter, ctx.getSessionVariable().toThrift());
+ boolean originalIsSkipAuth = ctx.isSkipAuth();
+ // delete not need select priv
+ ctx.setSkipAuth(true);
+ try {
+ planner.plan(logicalPlanAdapter,
ctx.getSessionVariable().toThrift());
+ } finally {
+ ctx.setSkipAuth(originalIsSkipAuth);
+ }
executor.setPlanner(planner);
executor.checkBlockRules();
// if fe could do fold constant to get delete will do nothing for
table, just return.
diff --git a/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
b/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
index aec3ee4a994..caac3568c2e 100644
--- a/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
+++ b/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
@@ -64,15 +64,6 @@ suite("test_dml_delete_table_auth","p0,auth_call") {
assertTrue(del_res.size() == 0)
}
sql """grant load_priv on ${dbName}.${tableName} to ${user}"""
- connect(user, "${pwd}", context.config.jdbcUrl) {
- test {
- sql """DELETE FROM ${dbName}.${tableName} WHERE id = 3;"""
- exception "denied"
- }
- def del_res = sql """show DELETE from ${dbName}"""
- assertTrue(del_res.size() == 0)
- }
- sql """grant select_priv on ${dbName}.${tableName} to ${user}"""
connect(user, "${pwd}", context.config.jdbcUrl) {
sql """DELETE FROM ${dbName}.${tableName} WHERE id = 3;"""
def del_res = sql """show DELETE from ${dbName}"""
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
