This is an automated email from the ASF dual-hosted git repository.
morrysnow pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-3.0 by this push:
new 42b680d33b3 branch-3.0: [fix](auth)Fix the compatibility issue with
show_view_priv when replaying editLog #45949 (#46038)
42b680d33b3 is described below
commit 42b680d33b3c6a6c7c026f1f313c54c1952c73f6
Author: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Thu Jan 2 16:11:51 2025 +0800
branch-3.0: [fix](auth)Fix the compatibility issue with show_view_priv when
replaying editLog #45949 (#46038)
Cherry-picked from #45949
Co-authored-by: zhangdong <[email protected]>
---
.../org/apache/doris/mysql/privilege/Auth.java | 16 ++--
.../org/apache/doris/mysql/privilege/Role.java | 87 +++++++++++++---------
2 files changed, 62 insertions(+), 41 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
index 7f78f321e43..1c53287267b 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
@@ -654,17 +654,19 @@ public class Auth implements Writable {
public void replayGrant(PrivInfo privInfo) {
try {
+ PrivBitSet privs = privInfo.getPrivs();
+ Role.compatibilityAuthIndexChange(privs);
if (privInfo.getTblPattern() != null) {
grantInternal(privInfo.getUserIdent(), privInfo.getRole(),
- privInfo.getTblPattern(), privInfo.getPrivs(),
privInfo.getColPrivileges(),
+ privInfo.getTblPattern(), privs,
privInfo.getColPrivileges(),
true /* err on non exist */, true /* is replay */);
} else if (privInfo.getResourcePattern() != null) {
grantInternal(privInfo.getUserIdent(), privInfo.getRole(),
- privInfo.getResourcePattern(), privInfo.getPrivs(),
+ privInfo.getResourcePattern(), privs,
true /* err on non exist */, true /* is replay */);
} else if (privInfo.getWorkloadGroupPattern() != null) {
grantInternal(privInfo.getUserIdent(), privInfo.getRole(),
- privInfo.getWorkloadGroupPattern(),
privInfo.getPrivs(),
+ privInfo.getWorkloadGroupPattern(), privs,
true /* err on non exist */, true /* is replay */);
} else {
grantInternal(privInfo.getUserIdent(), privInfo.getRoles(),
true);
@@ -839,14 +841,16 @@ public class Auth implements Writable {
public void replayRevoke(PrivInfo info) {
try {
+ PrivBitSet privs = info.getPrivs();
+ Role.compatibilityAuthIndexChange(privs);
if (info.getTblPattern() != null) {
- revokeInternal(info.getUserIdent(), info.getRole(),
info.getTblPattern(), info.getPrivs(),
+ revokeInternal(info.getUserIdent(), info.getRole(),
info.getTblPattern(), privs,
info.getColPrivileges(), true /* err on non exist */,
true /* is replay */);
} else if (info.getResourcePattern() != null) {
- revokeInternal(info.getUserIdent(), info.getRole(),
info.getResourcePattern(), info.getPrivs(),
+ revokeInternal(info.getUserIdent(), info.getRole(),
info.getResourcePattern(), privs,
true /* err on non exist */, true /* is replay */);
} else if (info.getWorkloadGroupPattern() != null) {
- revokeInternal(info.getUserIdent(), info.getRole(),
info.getWorkloadGroupPattern(), info.getPrivs(),
+ revokeInternal(info.getUserIdent(), info.getRole(),
info.getWorkloadGroupPattern(), privs,
true /* err on non exist */, true /* is replay */);
} else {
revokeInternal(info.getUserIdent(), info.getRoles(), true /*
is replay */);
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
index edd964c555a..56e6b09641f 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
@@ -1116,53 +1116,70 @@ public class Role implements Writable,
GsonPostProcessable {
LOG.info("auth into compatibility logic, currentVersion={}",
currentVersion);
if (Config.isNotCloudMode() && currentVersion >=
FeMetaVersion.VERSION_129) {
- // not cloud mode,
- // For versions greater than VERSION_123,
- // the community requires versions above VERSION_129 to follow
compatibility logic.
-
- // SHOW_VIEW_PRIV_DEPRECATED -> SHOW_VIEW_PRIV (9 -> 14)
tblPatternToPrivs.values().forEach(privBitSet -> {
- if
(privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_DEPRECATED)) {
- // remove SHOW_VIEW_PRIV_DEPRECATED
-
privBitSet.unset(Privilege.SHOW_VIEW_PRIV_DEPRECATED.getIdx());
- // add SHOW_VIEW_PRIV
- privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
- }
+ compatibilityAuthIndexChange(privBitSet);
});
} else if (Config.isCloudMode()) {
- // cloud mode
- // For versions greater than VERSION_123, the cloud requires
compatibility logic.
-
- // CLUSTER_USAGE_PRIV_DEPRECATED -> CLUSTER_USAGE_PRIV (9 -> 12)
clusterPatternToPrivs.values().forEach(privBitSet -> {
- if
(privBitSet.containsPrivs(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED)) {
- // remove CLUSTER_USAGE_PRIV_DEPRECATED
-
privBitSet.unset(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED.getIdx());
- // add CLUSTER_USAGE_PRIV
- privBitSet.set(Privilege.CLUSTER_USAGE_PRIV.getIdx());
- }
+ compatibilityAuthIndexChange(privBitSet);
});
- // STAGE_USAGE_PRIV_DEPRECATED -> STAGE_USAGE_PRIV (10 -> 13)
stagePatternToPrivs.values().forEach(privBitSet -> {
- if
(privBitSet.containsPrivs(Privilege.STAGE_USAGE_PRIV_DEPRECATED)) {
- // remove CLUSTER_USAGE_PRIV_DEPRECATED
-
privBitSet.unset(Privilege.STAGE_USAGE_PRIV_DEPRECATED.getIdx());
- // add CLUSTER_USAGE_PRIV
- privBitSet.set(Privilege.STAGE_USAGE_PRIV.getIdx());
- }
+ compatibilityAuthIndexChange(privBitSet);
});
- // SHOW_VIEW_PRIV_CLOUD_DEPRECATED -> SHOW_VIEW_PRIV (11 -> 14)
tblPatternToPrivs.values().forEach(privBitSet -> {
- if
(privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED)) {
- // remove SHOW_VIEW_PRIV_CLOUD_DEPRECATED
-
privBitSet.unset(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED.getIdx());
- // add SHOW_VIEW_PRIV
- privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
- }
+ compatibilityAuthIndexChange(privBitSet);
});
}
}
+ public static void compatibilityAuthIndexChange(PrivBitSet privBitSet) {
+ if (privBitSet == null) {
+ return;
+ }
+ int currentVersion = Env.getCurrentEnvJournalVersion();
+ // not cloud mode,
+ // For versions greater than VERSION_123,
+ // the community requires versions above VERSION_129 to follow
compatibility logic.
+
+ // SHOW_VIEW_PRIV_DEPRECATED -> SHOW_VIEW_PRIV (9 -> 14)
+ if (Config.isNotCloudMode() && currentVersion >=
FeMetaVersion.VERSION_129) {
+ if (privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_DEPRECATED))
{
+ // remove SHOW_VIEW_PRIV_DEPRECATED
+ privBitSet.unset(Privilege.SHOW_VIEW_PRIV_DEPRECATED.getIdx());
+ // add SHOW_VIEW_PRIV
+ privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
+ }
+ } else if (Config.isCloudMode()) {
+ // cloud mode
+ // For versions greater than VERSION_123, the cloud requires
compatibility logic.
+
+ // CLUSTER_USAGE_PRIV_DEPRECATED -> CLUSTER_USAGE_PRIV (9 -> 12)
+
+ if
(privBitSet.containsPrivs(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED)) {
+ // remove CLUSTER_USAGE_PRIV_DEPRECATED
+
privBitSet.unset(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED.getIdx());
+ // add CLUSTER_USAGE_PRIV
+ privBitSet.set(Privilege.CLUSTER_USAGE_PRIV.getIdx());
+ }
+
+ // STAGE_USAGE_PRIV_DEPRECATED -> STAGE_USAGE_PRIV (10 -> 13)
+ if
(privBitSet.containsPrivs(Privilege.STAGE_USAGE_PRIV_DEPRECATED)) {
+ // remove CLUSTER_USAGE_PRIV_DEPRECATED
+
privBitSet.unset(Privilege.STAGE_USAGE_PRIV_DEPRECATED.getIdx());
+ // add CLUSTER_USAGE_PRIV
+ privBitSet.set(Privilege.STAGE_USAGE_PRIV.getIdx());
+ }
+
+ // SHOW_VIEW_PRIV_CLOUD_DEPRECATED -> SHOW_VIEW_PRIV (11 -> 14)
+ if
(privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED)) {
+ // remove SHOW_VIEW_PRIV_CLOUD_DEPRECATED
+
privBitSet.unset(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED.getIdx());
+ // add SHOW_VIEW_PRIV
+ privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
+ }
+ }
+ }
+
private void rebuildPrivTables() {
globalPrivTable = new GlobalPrivTable();
catalogPrivTable = new CatalogPrivTable();
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
