This is an automated email from the ASF dual-hosted git repository.
dataroaring pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-3.0 by this push:
new 549cf65060e branch-3.0: [enhance](auth)When authorization includes
create, not check if resources exist #45125 (#45165)
549cf65060e is described below
commit 549cf65060e6d4f0151aff09e804462479b94cd1
Author: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Fri Dec 20 00:35:04 2024 +0800
branch-3.0: [enhance](auth)When authorization includes create, not check if
resources exist #45125 (#45165)
Cherry-picked from #45125
Co-authored-by: zhangdong <[email protected]>
---
.../src/main/java/org/apache/doris/mysql/privilege/Auth.java | 8 ++++++--
regression-test/suites/auth_p0/test_grant_nonexist_table.groovy | 4 +++-
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
index 4d1ed22bc23..7f78f321e43 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
@@ -682,7 +682,7 @@ public class Auth implements Writable {
writeLock();
try {
if (!isReplay) {
- checkTablePatternExist(tblPattern);
+ checkTablePatternExist(tblPattern, privs);
}
if (role == null) {
if (!doesUserExist(userIdent)) {
@@ -702,8 +702,12 @@ public class Auth implements Writable {
}
}
- private void checkTablePatternExist(TablePattern tablePattern) throws
DdlException {
+ private void checkTablePatternExist(TablePattern tablePattern, PrivBitSet
privs) throws DdlException {
Objects.requireNonNull(tablePattern, "tablePattern can not be null");
+ Objects.requireNonNull(privs, "privs can not be null");
+ if (privs.containsPrivs(Privilege.CREATE_PRIV)) {
+ return;
+ }
PrivLevel privLevel = tablePattern.getPrivLevel();
if (privLevel == PrivLevel.GLOBAL) {
return;
diff --git a/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy
b/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy
index 36e75707be7..74d211e5010 100644
--- a/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy
+++ b/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy
@@ -39,7 +39,9 @@ suite("test_grant_nonexist_table","p0,auth") {
sql """grant select_priv on internal.${dbName}.non_exist_table to
${user}"""
exception "table"
}
-
+ // contain create_triv should not check name, Same behavior as MySQL
+ sql """grant create_priv on internal.${dbName}.non_exist_table to
${user}"""
+ sql """grant create_priv,select_priv on internal.${dbName}.non_exist_table
to ${user}"""
try_sql("DROP USER ${user}")
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
