This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 1d0b7d1ecd7 [fix](auth) revoke column privs the second time failed
#34920
1d0b7d1ecd7 is described below
commit 1d0b7d1ecd74c90084953048e12a61143d0d956d
Author: camby <camby...@tencent.com>
AuthorDate: Thu May 16 06:47:19 2024 +0800
[fix](auth) revoke column privs the second time failed #34920
---
.../org/apache/doris/mysql/privilege/Role.java | 31 ++++++++++++++--------
.../authorization/column_authorization.groovy | 6 +++++
2 files changed, 26 insertions(+), 11 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
index ab1c55aeabc..2cea07bec0b 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
@@ -790,19 +790,22 @@ public class Role implements Writable,
GsonPostProcessable {
public void revokePrivs(TablePattern tblPattern, PrivBitSet privs,
Map<ColPrivilegeKey, Set<String>> colPrivileges,
boolean errOnNonExist)
throws DdlException {
- PrivBitSet existingPriv = tblPatternToPrivs.get(tblPattern);
- if (existingPriv == null) {
- if (errOnNonExist) {
- throw new DdlException(tblPattern + " does not exist in role "
+ roleName);
+ if (!colPrivileges.isEmpty()) {
+ revokeCols(colPrivileges);
+ } else {
+ PrivBitSet existingPriv = tblPatternToPrivs.get(tblPattern);
+ if (existingPriv == null) {
+ if (errOnNonExist) {
+ throw new DdlException(tblPattern + " does not exist in
role " + roleName);
+ }
+ return;
}
- return;
- }
- existingPriv.remove(privs);
- if (existingPriv.isEmpty()) {
- tblPatternToPrivs.remove(tblPattern);
+ existingPriv.remove(privs);
+ if (existingPriv.isEmpty()) {
+ tblPatternToPrivs.remove(tblPattern);
+ }
+ revokePrivs(tblPattern, privs);
}
- revokePrivs(tblPattern, privs);
- revokeCols(colPrivileges);
}
private void revokeCols(Map<ColPrivilegeKey, Set<String>> colPrivileges) {
@@ -814,6 +817,12 @@ public class Role implements Writable, GsonPostProcessable
{
colPrivMap.get(entry.getKey()).removeAll(entry.getValue());
if (CollectionUtils.isEmpty(colPrivMap.get(entry.getKey()))) {
colPrivMap.remove(entry.getKey());
+ TablePattern tblPattern = new
TablePattern(entry.getKey().getCtl(), entry.getKey().getDb(),
+ entry.getKey().getTbl());
+ PrivBitSet existingPriv =
tblPatternToPrivs.get(tblPattern);
+ if (existingPriv != null && existingPriv.isEmpty()) {
+ tblPatternToPrivs.remove(tblPattern);
+ }
}
}
}
diff --git
a/regression-test/suites/nereids_p0/authorization/column_authorization.groovy
b/regression-test/suites/nereids_p0/authorization/column_authorization.groovy
index 9bd1c512acc..493aa032436 100644
---
a/regression-test/suites/nereids_p0/authorization/column_authorization.groovy
+++
b/regression-test/suites/nereids_p0/authorization/column_authorization.groovy
@@ -36,6 +36,12 @@ suite("column_authorization") {
sql "drop user if exists ${user1}"
sql "create user ${user1}"
+
+ sql "grant SELECT_PRIV(id) on ${db}.${baseTable} to '${user1}'@'%';"
+ sql "grant SELECT_PRIV(name) on ${db}.${baseTable} to '${user1}'@'%';"
+ sql "revoke SELECT_PRIV(name) on ${db}.${baseTable} from '${user1}'@'%';"
+ sql "revoke SELECT_PRIV(id) on ${db}.${baseTable} from '${user1}'@'%';"
+
sql "grant SELECT_PRIV(id) on ${db}.${baseTable} to '${user1}'@'%';"
//cloud-mode
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
