This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch branch-1.2-lts
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-1.2-lts by this push:
new 4c201f9667 [fix](auth)fix show tables do not display select_ priv
permission table for 1.2 (#23719)
4c201f9667 is described below
commit 4c201f966787ed9ce30b560f6fd82610612ea412
Author: zhangdong <[email protected]>
AuthorDate: Thu Aug 31 23:51:06 2023 +0800
[fix](auth)fix show tables do not display select_ priv permission table for
1.2 (#23719)
not pick from master, so do not have pr in master
---
.../java/org/apache/doris/mysql/privilege/PaloAuth.java | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PaloAuth.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PaloAuth.java
index 4db3fc8251..3b5990a387 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PaloAuth.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PaloAuth.java
@@ -57,6 +57,7 @@ import org.apache.doris.persist.LdapInfo;
import org.apache.doris.persist.PrivInfo;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.resource.Tag;
+import org.apache.doris.system.SystemInfoService;
import org.apache.doris.thrift.TFetchResourceResult;
import org.apache.doris.thrift.TPrivilegeStatus;
@@ -430,16 +431,17 @@ public class PaloAuth implements Writable {
currentUser, db);
return false;
}
-
+ String qualifiedDb =
ClusterNamespace.getFullName(SystemInfoService.DEFAULT_CLUSTER, db);
PrivBitSet savedPrivs = PrivBitSet.of();
if (checkGlobalInternal(currentUser, wanted, savedPrivs)
|| checkCatalogInternal(currentUser, ctl, wanted, savedPrivs)
- || checkDbInternal(currentUser, ctl, db, wanted, savedPrivs)) {
+ || checkDbInternal(currentUser, ctl, qualifiedDb, wanted,
savedPrivs)) {
return true;
}
// if user has any privs of table in this db, and the wanted priv is
SHOW, return true
- if (ctl != null && db != null && wanted == PrivPredicate.SHOW &&
checkAnyPrivWithinDb(currentUser, ctl, db)) {
+ if (ctl != null && qualifiedDb != null && wanted == PrivPredicate.SHOW
&& checkAnyPrivWithinDb(currentUser, ctl,
+ qualifiedDb)) {
return true;
}
@@ -496,12 +498,12 @@ public class PaloAuth implements Writable {
LOG.debug("should check NODE priv in GLOBAL level. user: {}, db:
{}, tbl: {}", currentUser, db, tbl);
return false;
}
-
+ String qualifiedDb =
ClusterNamespace.getFullName(SystemInfoService.DEFAULT_CLUSTER, db);
PrivBitSet savedPrivs = PrivBitSet.of();
if (checkGlobalInternal(currentUser, wanted, savedPrivs)
|| checkCatalogInternal(currentUser, ctl, wanted, savedPrivs)
- || checkDbInternal(currentUser, ctl, db, wanted, savedPrivs)
- || checkTblInternal(currentUser, ctl, db, tbl, wanted,
savedPrivs)) {
+ || checkDbInternal(currentUser, ctl, qualifiedDb, wanted,
savedPrivs)
+ || checkTblInternal(currentUser, ctl, qualifiedDb, tbl,
wanted, savedPrivs)) {
return true;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
