(doris) branch branch-2.1 updated: branch-2.1: [enhance](auth)When authorization includes create, not check if resources exist #45125 (#45166)

Tue, 10 Dec 2024 22:57:57 -0800 

This is an automated email from the ASF dual-hosted git repository.

yiguolei pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/branch-2.1 by this push:
     new e68460a7300 branch-2.1: [enhance](auth)When authorization includes 
create, not check if resources exist #45125 (#45166)
e68460a7300 is described below

commit e68460a73000aaaeb2ce16770c7b6dae0c1850e2
Author: github-actions[bot] 
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Wed Dec 11 14:57:46 2024 +0800

    branch-2.1: [enhance](auth)When authorization includes create, not check if 
resources exist #45125 (#45166)
    
    Cherry-picked from #45125
    
    Co-authored-by: zhangdong <zhangd...@selectdb.com>
---
 .../src/main/java/org/apache/doris/mysql/privilege/Auth.java      | 8 ++++++--
 regression-test/suites/auth_p0/test_grant_nonexist_table.groovy   | 4 +++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java 
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
index dca598ef4ba..5ea1a5f5199 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
@@ -598,7 +598,7 @@ public class Auth implements Writable {
         writeLock();
         try {
             if (!isReplay) {
-                checkTablePatternExist(tblPattern);
+                checkTablePatternExist(tblPattern, privs);
             }
             if (role == null) {
                 if (!doesUserExist(userIdent)) {
@@ -618,8 +618,12 @@ public class Auth implements Writable {
         }
     }
 
-    private void checkTablePatternExist(TablePattern tablePattern) throws 
DdlException {
+    private void checkTablePatternExist(TablePattern tablePattern, PrivBitSet 
privs) throws DdlException {
         Objects.requireNonNull(tablePattern, "tablePattern can not be null");
+        Objects.requireNonNull(privs, "privs can not be null");
+        if (privs.containsPrivs(Privilege.CREATE_PRIV)) {
+            return;
+        }
         PrivLevel privLevel = tablePattern.getPrivLevel();
         if (privLevel == PrivLevel.GLOBAL) {
             return;
diff --git a/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy 
b/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy
index 36e75707be7..74d211e5010 100644
--- a/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy
+++ b/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy
@@ -39,7 +39,9 @@ suite("test_grant_nonexist_table","p0,auth") {
             sql """grant select_priv on internal.${dbName}.non_exist_table to 
${user}"""
             exception "table"
         }
-
+    // contain create_triv should not check name, Same behavior as MySQL
+    sql """grant create_priv on internal.${dbName}.non_exist_table to 
${user}"""
+    sql """grant create_priv,select_priv on internal.${dbName}.non_exist_table 
to ${user}"""
 
     try_sql("DROP USER ${user}")
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to