This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/doris.git
commit ec4414f383c2244786a658b5c680f5e8305dcbe5
Author: cambyzhu <camby...@tencent.com>
AuthorDate: Wed May 15 19:39:52 2024 +0800
revoke colum privs the second time failed
---
.../org/apache/doris/mysql/privilege/Role.java | 31 ++++++++++++++--------
.../authorization/column_authorization.groovy | 6 +++++
2 files changed, 26 insertions(+), 11 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
index fcb899e09a6..e4a68be4492 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
@@ -637,19 +637,22 @@ public class Role implements Writable,
GsonPostProcessable {
public void revokePrivs(TablePattern tblPattern, PrivBitSet privs,
Map<ColPrivilegeKey, Set<String>> colPrivileges,
boolean errOnNonExist)
throws DdlException {
- PrivBitSet existingPriv = tblPatternToPrivs.get(tblPattern);
- if (existingPriv == null) {
- if (errOnNonExist) {
- throw new DdlException(tblPattern + " does not exist in role "
+ roleName);
+ if (!colPrivileges.isEmpty()) {
+ revokeCols(colPrivileges);
+ } else {
+ PrivBitSet existingPriv = tblPatternToPrivs.get(tblPattern);
+ if (existingPriv == null) {
+ if (errOnNonExist) {
+ throw new DdlException(tblPattern + " does not exist in
role " + roleName);
+ }
+ return;
}
- return;
- }
- existingPriv.remove(privs);
- if (existingPriv.isEmpty()) {
- tblPatternToPrivs.remove(tblPattern);
+ existingPriv.remove(privs);
+ if (existingPriv.isEmpty()) {
+ tblPatternToPrivs.remove(tblPattern);
+ }
+ revokePrivs(tblPattern, privs);
}
- revokePrivs(tblPattern, privs);
- revokeCols(colPrivileges);
}
private void revokeCols(Map<ColPrivilegeKey, Set<String>> colPrivileges) {
@@ -661,6 +664,12 @@ public class Role implements Writable, GsonPostProcessable
{
colPrivMap.get(entry.getKey()).removeAll(entry.getValue());
if (CollectionUtils.isEmpty(colPrivMap.get(entry.getKey()))) {
colPrivMap.remove(entry.getKey());
+ TablePattern tblPattern = new
TablePattern(entry.getKey().getCtl(), entry.getKey().getDb(),
+ entry.getKey().getTbl());
+ PrivBitSet existingPriv =
tblPatternToPrivs.get(tblPattern);
+ if (existingPriv != null && existingPriv.isEmpty()) {
+ tblPatternToPrivs.remove(tblPattern);
+ }
}
}
}
diff --git
a/regression-test/suites/nereids_p0/authorization/column_authorization.groovy
b/regression-test/suites/nereids_p0/authorization/column_authorization.groovy
index 900bfbfb820..a092ce9a3b7 100644
---
a/regression-test/suites/nereids_p0/authorization/column_authorization.groovy
+++
b/regression-test/suites/nereids_p0/authorization/column_authorization.groovy
@@ -36,6 +36,12 @@ suite("column_authorization") {
sql "drop user if exists ${user1}"
sql "create user ${user1}"
+
+ sql "grant SELECT_PRIV(id) on ${db}.${baseTable} to '${user1}'@'%';"
+ sql "grant SELECT_PRIV(name) on ${db}.${baseTable} to '${user1}'@'%';"
+ sql "revoke SELECT_PRIV(name) on ${db}.${baseTable} from '${user1}'@'%';"
+ sql "revoke SELECT_PRIV(id) on ${db}.${baseTable} from '${user1}'@'%';"
+
sql "grant SELECT_PRIV(id) on ${db}.${baseTable} to '${user1}'@'%';"
sql 'sync'
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
