This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new ef38130e056 [fix](auth)remove the key when priv is empty (#29522)
ef38130e056 is described below
commit ef38130e05607ac0df7e8f775e5f864480577c50
Author: zhangdong <[email protected]>
AuthorDate: Thu Jan 11 14:45:43 2024 +0800
[fix](auth)remove the key when priv is empty (#29522)
- remove the key when priv is empty
- check priv when create mv
---
.../apache/doris/analysis/CreateMaterializedViewStmt.java | 13 ++++++++++++-
.../main/java/org/apache/doris/mysql/privilege/Role.java | 3 +++
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
index f40033ed3cd..4122b4f0d09 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
@@ -29,9 +29,13 @@ import org.apache.doris.catalog.PrimitiveType;
import org.apache.doris.catalog.Type;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.DdlException;
+import org.apache.doris.common.ErrorCode;
+import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.FeConstants;
import org.apache.doris.common.FeNameFormat;
import org.apache.doris.common.UserException;
+import org.apache.doris.mysql.privilege.PrivPredicate;
+import org.apache.doris.qe.ConnectContext;
import org.apache.doris.rewrite.ExprRewriter;
import org.apache.doris.rewrite.mvrewrite.CountFieldToSum;
@@ -228,6 +232,13 @@ public class CreateMaterializedViewStmt extends DdlStmt {
throw new AnalysisException("The limit clause is not supported in
add materialized view clause, expr:"
+ " limit " + selectStmt.getLimit());
}
+
+ // check access
+ if (!isReplay && ConnectContext.get() != null &&
!Env.getCurrentEnv().getAccessManager()
+ .checkTblPriv(ConnectContext.get(), dbName,
+ baseIndexName, PrivPredicate.ALTER)) {
+
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
"ALTER");
+ }
}
public void analyzeSelectClause(Analyzer analyzer) throws
AnalysisException {
@@ -631,7 +642,7 @@ public class CreateMaterializedViewStmt extends DdlStmt {
public static String mvColumnBuilder(Optional<String> functionName, String
sourceColumnName) {
return functionName.map(s -> mvAggregateColumnBuilder(s,
sourceColumnName))
- .orElseGet(() -> mvColumnBuilder(sourceColumnName));
+ .orElseGet(() -> mvColumnBuilder(sourceColumnName));
}
public static String mvColumnBreaker(String name) {
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
index 9449d7441fb..583184609f4 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
@@ -628,6 +628,9 @@ public class Role implements Writable, GsonPostProcessable {
return;
}
existingPriv.remove(privs);
+ if (existingPriv.isEmpty()) {
+ tblPatternToPrivs.remove(tblPattern);
+ }
revokePrivs(tblPattern, privs);
revokeCols(colPrivileges);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
