This is an automated email from the ASF dual-hosted git repository.
dataroaring pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-3.0 by this push:
new d5544ca247b branch-3.0: [fix](auth)Delete from should not check
select_priv #49239 (#49620)
d5544ca247b is described below
commit d5544ca247b1a22afc6845099e00be070c6984f0
Author: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Sun Mar 30 10:32:51 2025 +0800
branch-3.0: [fix](auth)Delete from should not check select_priv #49239
(#49620)
Cherry-picked from #49239
Co-authored-by: zhangdong <zhangd...@selectdb.com>
---
.../doris/nereids/trees/plans/commands/DeleteFromCommand.java | 9 ++++++++-
.../suites/auth_call/test_dml_delete_table_auth.groovy | 9 ---------
2 files changed, 8 insertions(+), 10 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
index 8cc5135af86..9ba1c6eb7b2 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java
@@ -111,7 +111,14 @@ public class DeleteFromCommand extends Command implements
ForwardWithSync, Expla
LogicalPlanAdapter logicalPlanAdapter = new
LogicalPlanAdapter(logicalQuery, ctx.getStatementContext());
updateSessionVariableForDelete(ctx.getSessionVariable());
NereidsPlanner planner = new NereidsPlanner(ctx.getStatementContext());
- planner.plan(logicalPlanAdapter, ctx.getSessionVariable().toThrift());
+ boolean originalIsSkipAuth = ctx.isSkipAuth();
+ // delete not need select priv
+ ctx.setSkipAuth(true);
+ try {
+ planner.plan(logicalPlanAdapter,
ctx.getSessionVariable().toThrift());
+ } finally {
+ ctx.setSkipAuth(originalIsSkipAuth);
+ }
executor.setPlanner(planner);
executor.checkBlockRules();
// if fe could do fold constant to get delete will do nothing for
table, just return.
diff --git a/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
b/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
index bda3059157c..f956e626103 100644
--- a/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
+++ b/regression-test/suites/auth_call/test_dml_delete_table_auth.groovy
@@ -64,15 +64,6 @@ suite("test_dml_delete_table_auth","p0,auth_call") {
assertTrue(del_res.size() == 0)
}
sql """grant load_priv on ${dbName}.${tableName} to ${user}"""
- connect(user, "${pwd}", context.config.jdbcUrl) {
- test {
- sql """DELETE FROM ${dbName}.${tableName} WHERE id = 3;"""
- exception "denied"
- }
- def del_res = sql """show DELETE from ${dbName}"""
- assertTrue(del_res.size() == 0)
- }
- sql """grant select_priv on ${dbName}.${tableName} to ${user}"""
connect(user, "${pwd}", context.config.jdbcUrl) {
sql """DELETE FROM ${dbName}.${tableName} WHERE id = 3;"""
def del_res = sql """show DELETE from ${dbName}"""
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
