This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.1 by this push:
new 4cab8c51789 [fix](auth)fix show load priv bug (#41723) (#42108)
4cab8c51789 is described below
commit 4cab8c51789f90bf30abe659c2f54aa0298059ea
Author: zhangdong <[email protected]>
AuthorDate: Fri Oct 18 22:21:50 2024 +0800
[fix](auth)fix show load priv bug (#41723) (#42108)
pick: https://github.com/apache/doris/pull/41723
---
.../org/apache/doris/load/loadv2/BulkLoadJob.java | 6 ++++
.../java/org/apache/doris/load/loadv2/LoadJob.java | 4 +--
.../org/apache/doris/load/loadv2/LoadManager.java | 30 ++---------------
.../apache/doris/load/loadv2/LoadManagerTest.java | 38 ----------------------
4 files changed, 10 insertions(+), 68 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BulkLoadJob.java
b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BulkLoadJob.java
index 42509a9062f..b32a23f86a1 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BulkLoadJob.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BulkLoadJob.java
@@ -141,6 +141,8 @@ public abstract class BulkLoadJob extends LoadJob {
bulkLoadJob.setComment(stmt.getComment());
bulkLoadJob.setJobProperties(stmt.getProperties());
bulkLoadJob.checkAndSetDataSourceInfo((Database) db,
stmt.getDataDescriptions());
+ // In the construction method, there may not be table information
yet
+ bulkLoadJob.rebuildAuthorizationInfo();
return bulkLoadJob;
} catch (MetaNotFoundException e) {
throw new DdlException(e.getMessage());
@@ -173,6 +175,10 @@ public abstract class BulkLoadJob extends LoadJob {
return new AuthorizationInfo(database.getFullName(), getTableNames());
}
+ public void rebuildAuthorizationInfo() throws MetaNotFoundException {
+ this.authorizationInfo = gatherAuthInfo();
+ }
+
@Override
public Set<String> getTableNamesForShow() {
Optional<Database> db = Env.getCurrentInternalCatalog().getDb(dbId);
diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java
b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java
index f02c0b289b8..e93035d913f 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java
@@ -494,7 +494,7 @@ public abstract class LoadJob extends
AbstractTxnStateChangeCallback implements
}
}
- private void checkAuth(String command) throws DdlException {
+ public void checkAuth(String command) throws DdlException {
if (authorizationInfo == null) {
// use the old method to check priv
checkAuthWithoutAuthInfo(command);
@@ -650,8 +650,6 @@ public abstract class LoadJob extends
AbstractTxnStateChangeCallback implements
public List<Comparable> getShowInfo() throws DdlException {
readLock();
try {
- // check auth
- checkAuth("SHOW LOAD");
List<Comparable> jobInfo = Lists.newArrayList();
// jobId
jobInfo.add(id);
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java
b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java
index 46964268a67..b1a501cdf00 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java
@@ -31,8 +31,6 @@ import org.apache.doris.common.CaseSensibility;
import org.apache.doris.common.Config;
import org.apache.doris.common.DataQualityException;
import org.apache.doris.common.DdlException;
-import org.apache.doris.common.ErrorCode;
-import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.LabelAlreadyUsedException;
import org.apache.doris.common.MetaNotFoundException;
import org.apache.doris.common.Pair;
@@ -635,14 +633,13 @@ public class LoadManager implements Writable {
}
// check auth
try {
- checkJobAuth(loadJob.getDb().getCatalog().getName(),
loadJob.getDb().getFullName(),
- loadJob.getTableNames());
- } catch (AnalysisException e) {
+ loadJob.checkAuth("show load");
+ } catch (DdlException e) {
continue;
}
// add load job info
loadJobInfos.add(loadJob.getShowInfo());
- } catch (RuntimeException | DdlException |
MetaNotFoundException e) {
+ } catch (RuntimeException | DdlException e) {
// ignore this load job
LOG.warn("get load job info failed. job id: {}",
loadJob.getId(), e);
}
@@ -653,27 +650,6 @@ public class LoadManager implements Writable {
}
}
- public void checkJobAuth(String ctlName, String dbName, Set<String>
tableNames) throws AnalysisException {
- if (tableNames.isEmpty()) {
- if (!Env.getCurrentEnv().getAccessManager()
- .checkDbPriv(ConnectContext.get(), ctlName, dbName,
- PrivPredicate.LOAD)) {
-
ErrorReport.reportAnalysisException(ErrorCode.ERR_DB_ACCESS_DENIED_ERROR,
- PrivPredicate.LOAD.getPrivs().toString(), dbName);
- }
- } else {
- for (String tblName : tableNames) {
- if (!Env.getCurrentEnv().getAccessManager()
- .checkTblPriv(ConnectContext.get(), ctlName, dbName,
- tblName, PrivPredicate.LOAD)) {
-
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLE_ACCESS_DENIED_ERROR,
- PrivPredicate.LOAD.getPrivs().toString(), tblName);
- return;
- }
- }
- }
- }
-
public List<List<Comparable>> getAllLoadJobInfos() {
LinkedList<List<Comparable>> loadJobInfos = new
LinkedList<List<Comparable>>();
diff --git
a/fe/fe-core/src/test/java/org/apache/doris/load/loadv2/LoadManagerTest.java
b/fe/fe-core/src/test/java/org/apache/doris/load/loadv2/LoadManagerTest.java
index 9c09c72bd79..e9b3278cfd0 100644
--- a/fe/fe-core/src/test/java/org/apache/doris/load/loadv2/LoadManagerTest.java
+++ b/fe/fe-core/src/test/java/org/apache/doris/load/loadv2/LoadManagerTest.java
@@ -21,16 +21,12 @@ import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.Database;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.Table;
-import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.Config;
import org.apache.doris.common.FeMetaVersion;
import org.apache.doris.common.jmockit.Deencapsulation;
import org.apache.doris.datasource.InternalCatalog;
import org.apache.doris.meta.MetaContext;
-import org.apache.doris.qe.ConnectContext;
-import org.apache.doris.utframe.TestWithFeService;
-import com.google.common.collect.Sets;
import mockit.Expectations;
import mockit.Injectable;
import mockit.Mocked;
@@ -44,8 +40,6 @@ import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
-import java.io.IOException;
-import java.util.HashSet;
import java.util.List;
import java.util.Map;
@@ -201,36 +195,4 @@ public class LoadManagerTest {
loadManager.readFields(dis);
return loadManager;
}
-
- @Test
- public void testJobAuth() throws IOException, AnalysisException {
- UserIdentity user1 = new UserIdentity("testJobAuthUser", "%");
- user1.analyze();
- new Expectations() {
- {
- ConnectContext.get();
- minTimes = 0;
- result = TestWithFeService.createCtx(user1, "%");
- }
- };
- LoadManager manager = new LoadManager(new LoadJobScheduler());
- HashSet<String> tableNames = Sets.newHashSet();
- try {
- // should check db auth
- manager.checkJobAuth("ctl1", "db1", tableNames);
- throw new RuntimeException("should exception");
- } catch (AnalysisException e) {
- Assert.assertTrue(e.getMessage().contains("Admin_priv,Load_priv"));
- Assert.assertTrue(e.getMessage().contains("db1"));
- }
- tableNames.add("table1");
- try {
- // should check db auth
- manager.checkJobAuth("ctl1", "db1", tableNames);
- throw new RuntimeException("should exception");
- } catch (AnalysisException e) {
- Assert.assertTrue(e.getMessage().contains("Admin_priv,Load_priv"));
- Assert.assertTrue(e.getMessage().contains("table1"));
- }
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
