(doris) branch branch-2.0 updated: [Improvement](priv) move check priv out of analyze (#30403) (#30527)

Mon, 29 Jan 2024 18:46:04 -0800 

This is an automated email from the ASF dual-hosted git repository.

kxiao pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/branch-2.0 by this push:
     new f6afed05f44 [Improvement](priv) move check priv out of analyze 
(#30403) (#30527)
f6afed05f44 is described below

commit f6afed05f443ce4b0168e176ca99ebef86b156d4
Author: Pxl <[email protected]>
AuthorDate: Tue Jan 30 10:45:52 2024 +0800

    [Improvement](priv) move check priv out of analyze (#30403) (#30527)
    
    move check priv out of analyze
---
 .../apache/doris/analysis/AlterColumnStatsStmt.java    | 18 ++++++++++--------
 .../org/apache/doris/analysis/AlterTableStatsStmt.java | 17 ++++++++++-------
 .../doris/analysis/CreateMaterializedViewStmt.java     |  9 +++++----
 .../java/org/apache/doris/analysis/StatementBase.java  |  3 +++
 .../main/java/org/apache/doris/qe/StmtExecutor.java    |  1 +
 5 files changed, 29 insertions(+), 19 deletions(-)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColumnStatsStmt.java 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColumnStatsStmt.java
index 8b3786b2a00..7780f7833f7 100644
--- 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColumnStatsStmt.java
+++ 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColumnStatsStmt.java
@@ -126,14 +126,6 @@ public class AlterColumnStatsStmt extends DdlStmt {
             throw new AnalysisException(optional.get() + " is invalid 
statistics");
         }
 
-        // check auth
-        if (!Env.getCurrentEnv().getAccessManager()
-                .checkTblPriv(ConnectContext.get(), tableName.getDb(), 
tableName.getTbl(), PrivPredicate.ALTER)) {
-            
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, 
"ALTER COLUMN STATS",
-                    ConnectContext.get().getQualifiedUser(), 
ConnectContext.get().getRemoteIP(),
-                    tableName.getDb() + ": " + tableName.getTbl());
-        }
-
         // get statsTypeToValue
         properties.forEach((key, value) -> {
             StatsType statsType = StatsType.fromString(key);
@@ -141,6 +133,16 @@ public class AlterColumnStatsStmt extends DdlStmt {
         });
     }
 
+    @Override
+    public void checkPriv() throws AnalysisException {
+        if 
(!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), 
tableName.getDb(),
+                tableName.getTbl(), PrivPredicate.ALTER)) {
+            
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, 
"ALTER COLUMN STATS",
+                    ConnectContext.get().getQualifiedUser(), 
ConnectContext.get().getRemoteIP(),
+                    tableName.getDb() + ": " + tableName.getTbl());
+        }
+    }
+
     private void checkPartitionAndColumn() throws AnalysisException {
         CatalogIf catalog = 
analyzer.getEnv().getCatalogMgr().getCatalog(tableName.getCtl());
         DatabaseIf db = catalog.getDbOrAnalysisException(tableName.getDb());
diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStatsStmt.java 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStatsStmt.java
index b56140ee099..0129e6b27d3 100644
--- 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStatsStmt.java
+++ 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStatsStmt.java
@@ -85,13 +85,6 @@ public class AlterTableStatsStmt extends DdlStmt {
             throw new AnalysisException(optional.get() + " is invalid 
statistics");
         }
 
-        if (!Env.getCurrentEnv().getAccessManager()
-                .checkTblPriv(ConnectContext.get(), tableName.getDb(), 
tableName.getTbl(), PrivPredicate.ALTER)) {
-            
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, 
"ALTER COLUMN STATS",
-                    ConnectContext.get().getQualifiedUser(), 
ConnectContext.get().getRemoteIP(),
-                    tableName.getDb() + ": " + tableName.getTbl());
-        }
-
         properties.forEach((key, value) -> {
             StatsType statsType = StatsType.fromString(key);
             statsTypeToValue.put(statsType, value);
@@ -102,6 +95,16 @@ public class AlterTableStatsStmt extends DdlStmt {
         tableId = table.getId();
     }
 
+    @Override
+    public void checkPriv() throws AnalysisException {
+        if 
(!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), 
tableName.getDb(),
+                tableName.getTbl(), PrivPredicate.ALTER)) {
+            
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, 
"ALTER COLUMN STATS",
+                    ConnectContext.get().getQualifiedUser(), 
ConnectContext.get().getRemoteIP(),
+                    tableName.getDb() + ": " + tableName.getTbl());
+        }
+    }
+
     public long getTableId() {
         return tableId;
     }
diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
index dc3f519f752..74d0a7cec2e 100644
--- 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
+++ 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java
@@ -232,11 +232,12 @@ public class CreateMaterializedViewStmt extends DdlStmt {
             throw new AnalysisException("The limit clause is not supported in 
add materialized view clause, expr:"
                     + " limit " + selectStmt.getLimit());
         }
+    }
 
-        // check access
-        if (!isReplay && ConnectContext.get() != null && 
!Env.getCurrentEnv().getAccessManager()
-                .checkTblPriv(ConnectContext.get(), dbName,
-                        baseIndexName, PrivPredicate.ALTER)) {
+    @Override
+    public void checkPriv() throws AnalysisException {
+        if 
(!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), 
dbName, baseIndexName,
+                PrivPredicate.ALTER)) {
             
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, 
"ALTER");
         }
     }
diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/StatementBase.java 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/StatementBase.java
index 015edb2fe50..198bf0b8972 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/StatementBase.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/StatementBase.java
@@ -90,6 +90,9 @@ public abstract class StatementBase implements ParseNode {
         this.clusterName = analyzer.getClusterName();
     }
 
+    public void checkPriv() throws AnalysisException {
+    }
+
     public Analyzer getAnalyzer() {
         return analyzer;
     }
diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java 
b/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java
index bd385e1bfa6..5a97a3b1c88 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java
@@ -716,6 +716,7 @@ public class StmtExecutor {
             } else {
                 analyzer = new Analyzer(context.getEnv(), context);
                 parsedStmt.analyze(analyzer);
+                parsedStmt.checkPriv();
             }
 
             if (prepareStmt instanceof PrepareStmt && !isExecuteStmt) {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to