(doris) branch master updated: [fix](auth) Prohibit deleting admin user (#44751)

morrysnow Mon, 02 Dec 2024 03:45:45 -0800

This is an automated email from the ASF dual-hosted git repository.

morrysnow pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git



The following commit(s) were added to refs/heads/master by this push:
     new ce9c7174fb5 [fix](auth) Prohibit deleting admin user (#44751)
ce9c7174fb5 is described below

commit ce9c7174fb5ea04781d042d72b69a677793bb965
Author: zhangdong <[email protected]>
AuthorDate: Mon Dec 2 19:45:27 2024 +0800

    [fix](auth) Prohibit deleting admin user (#44751)
---
 .../org/apache/doris/analysis/DropUserStmt.java    |  4 +--
 .../org/apache/doris/analysis/UserIdentity.java    |  4 +++
 .../trees/plans/commands/DropUserCommand.java      |  4 +--
 .../suites/account_p0/test_system_user.groovy      | 39 ++++++++++++++++++++++
 4 files changed, 47 insertions(+), 4 deletions(-)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropUserStmt.java 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropUserStmt.java
index f9bb218744f..5f9872e42ad 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropUserStmt.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropUserStmt.java
@@ -63,8 +63,8 @@ public class DropUserStmt extends DdlStmt implements 
NotFallbackInParser {
 
         userIdent.analyze();
 
-        if (userIdent.isRootUser()) {
-            ErrorReport.reportAnalysisException(ErrorCode.ERR_COMMON_ERROR, 
"Can not drop root user");
+        if (userIdent.isSystemUser()) {
+            ErrorReport.reportAnalysisException(ErrorCode.ERR_COMMON_ERROR, 
"Can not drop system user");
         }
 
         // only user with GLOBAL level's GRANT_PRIV can drop user.
diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java
index 122f28ca450..6898915dab7 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java
@@ -189,6 +189,10 @@ public class UserIdentity implements Writable, 
GsonPostProcessable {
         return user.equals(Auth.ADMIN_USER);
     }
 
+    public boolean isSystemUser() {
+        return isRootUser() || isAdminUser();
+    }
+
     public TUserIdentity toThrift() {
         Preconditions.checkState(isAnalyzed);
         TUserIdentity tUserIdent = new TUserIdentity();
diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropUserCommand.java
 
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropUserCommand.java
index 094ce06c361..5c4fb407e40 100644
--- 
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropUserCommand.java
+++ 
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropUserCommand.java
@@ -55,8 +55,8 @@ public class DropUserCommand extends DropCommand {
 
         userIdent.analyze();
 
-        if (userIdent.isRootUser()) {
-            ErrorReport.reportAnalysisException(ErrorCode.ERR_COMMON_ERROR, 
"Can not drop root user");
+        if (userIdent.isSystemUser()) {
+            ErrorReport.reportAnalysisException(ErrorCode.ERR_COMMON_ERROR, 
"Can not drop system user");
         }
 
         // only user with GLOBAL level's GRANT_PRIV can drop user.
diff --git a/regression-test/suites/account_p0/test_system_user.groovy 
b/regression-test/suites/account_p0/test_system_user.groovy
new file mode 100644
index 00000000000..1805f1669ea
--- /dev/null
+++ b/regression-test/suites/account_p0/test_system_user.groovy
@@ -0,0 +1,39 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+import org.junit.Assert;
+
+suite("test_system_user") {
+    test {
+          sql """
+              create user `root`;
+          """
+          exception "root"
+    }
+    test {
+          sql """
+              drop user `root`;
+          """
+          exception "system"
+    }
+    test {
+          sql """
+              drop user `admin`;
+          """
+          exception "system"
+    }
+}


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(doris) branch master updated: [fix](auth) Prohibit deleting admin user (#44751)

Reply via email to