This is an automated email from the ASF dual-hosted git repository.
kxiao pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.0 by this push:
new 5443cbfe347 [fix](auth)Auth support case insensitive (#36381) (#36558)
5443cbfe347 is described below
commit 5443cbfe3472da16fe850e458ad2d43bd5649d2a
Author: zhangdong <[email protected]>
AuthorDate: Thu Jun 20 14:12:56 2024 +0800
[fix](auth)Auth support case insensitive (#36381) (#36558)
---
.../main/java/org/apache/doris/catalog/Env.java | 4 ++
.../doris/mysql/privilege/TablePrivEntry.java | 3 +-
.../org/apache/doris/mysql/privilege/AuthTest.java | 56 ++++++++++++++++++++++
3 files changed, 62 insertions(+), 1 deletion(-)
diff --git a/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
b/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
index ed09c47d47a..3488af2fcaf 100755
--- a/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
@@ -5522,6 +5522,10 @@ public class Env {
return GlobalVariable.lowerCaseTableNames == 2;
}
+ public static boolean isTableNamesCaseSensitive() {
+ return GlobalVariable.lowerCaseTableNames == 0;
+ }
+
private static void getTableMeta(OlapTable olapTable, TGetMetaDBMeta
dbMeta) {
LOG.debug("get table meta. table: {}", olapTable.getName());
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/TablePrivEntry.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/TablePrivEntry.java
index c89104cde1c..27693bbf6a3 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/TablePrivEntry.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/TablePrivEntry.java
@@ -17,6 +17,7 @@
package org.apache.doris.mysql.privilege;
+import org.apache.doris.catalog.Env;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.CaseSensibility;
import org.apache.doris.common.PatternMatcher;
@@ -58,7 +59,7 @@ public class TablePrivEntry extends DbPrivEntry {
ctl, CaseSensibility.CATALOG.getCaseSensibility(),
ctl.equals(ANY_CTL));
PatternMatcher tblPattern = PatternMatcher.createFlatPattern(
- tbl, CaseSensibility.TABLE.getCaseSensibility(),
tbl.equals(ANY_TBL));
+ tbl, Env.isTableNamesCaseSensitive(), tbl.equals(ANY_TBL));
if (privs.containsNodePriv() || privs.containsResourcePriv()) {
throw new AnalysisException("Table privilege can not contains
global or resource privileges: " + privs);
diff --git
a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java
b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java
index 8e7a0508dbf..b37993f7403 100644
--- a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java
+++ b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java
@@ -2252,6 +2252,12 @@ public class AuthTest {
"Can not grant/revoke USAGE_PRIV to/from database or table",
() -> grantStmt3.analyze(analyzer));
}
+ private void dropUser(UserIdentity userIdentity) throws UserException {
+ DropUserStmt dropUserStmt = new DropUserStmt(userIdentity);
+ dropUserStmt.analyze(analyzer);
+ auth.dropUser(dropUserStmt);
+ }
+
private void createUser(UserIdentity userIdentity) throws UserException {
UserDesc userDesc = new UserDesc(userIdentity, "12345", true);
CreateUserStmt createUserStmt = new CreateUserStmt(false, userDesc,
null);
@@ -2337,6 +2343,56 @@ public class AuthTest {
revoke(revokeStmt);
}
+ @Test
+ public void testTableNamesCaseSensitive() throws UserException {
+ new Expectations() {
+ {
+ Env.isTableNamesCaseSensitive();
+ minTimes = 0;
+ result = true;
+ }
+ };
+ UserIdentity userIdentity = new UserIdentity("sensitiveUser", "%");
+ createUser(userIdentity);
+ // `load_priv` and `select_priv` can not `show create view`
+ GrantStmt grantStmt = new GrantStmt(userIdentity, null, new
TablePattern("sensitivedb", "sensitiveTable"),
+ Lists.newArrayList(new
AccessPrivilegeWithCols(AccessPrivilege.SELECT_PRIV)));
+ grant(grantStmt);
+ Assert.assertTrue(accessManager
+ .checkTblPriv(userIdentity,
InternalCatalog.INTERNAL_CATALOG_NAME, "sensitivedb", "sensitiveTable",
+ PrivPredicate.SELECT));
+
+ Assert.assertFalse(accessManager
+ .checkTblPriv(userIdentity,
InternalCatalog.INTERNAL_CATALOG_NAME, "sensitivedb", "sensitivetable",
+ PrivPredicate.SELECT));
+ dropUser(userIdentity);
+ }
+
+ @Test
+ public void testTableNamesCaseInsensitive() throws UserException {
+ new Expectations() {
+ {
+ Env.isTableNamesCaseSensitive();
+ minTimes = 0;
+ result = false;
+ }
+ };
+ UserIdentity userIdentity = new UserIdentity("sensitiveUser1", "%");
+ createUser(userIdentity);
+ // `load_priv` and `select_priv` can not `show create view`
+ GrantStmt grantStmt = new GrantStmt(userIdentity, null, new
TablePattern("sensitivedb1", "sensitiveTable"),
+ Lists.newArrayList(new
AccessPrivilegeWithCols(AccessPrivilege.SELECT_PRIV)));
+ grant(grantStmt);
+ Assert.assertTrue(accessManager
+ .checkTblPriv(userIdentity,
InternalCatalog.INTERNAL_CATALOG_NAME, "sensitivedb1", "sensitiveTable",
+ PrivPredicate.SELECT));
+
+ Assert.assertTrue(accessManager
+ .checkTblPriv(userIdentity,
InternalCatalog.INTERNAL_CATALOG_NAME, "sensitivedb1", "sensitivetable",
+ PrivPredicate.SELECT));
+ dropUser(userIdentity);
+ }
+
@Test
public void testSetInitialRootPassword() {
// Skip set root password if `initial_root_password` set to empty
string
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
