This is an automated email from the ASF dual-hosted git repository.
morrysnow pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 6b51e9dfbd4 [fix](auth)Fix the compatibility issue with show_view_priv
when replaying editLog (#45949)
6b51e9dfbd4 is described below
commit 6b51e9dfbd4e655ea394ec548886edbf669dae32
Author: zhangdong <zhangd...@selectdb.com>
AuthorDate: Thu Dec 26 19:05:10 2024 +0800
[fix](auth)Fix the compatibility issue with show_view_priv when replaying
editLog (#45949)
### What problem does this PR solve?
The previous version showed an index of 9 for show_view_priv, while the
new version has an index of 14
The previous logic was only compatible with the playback logic of
images, not with the playback logic of editLog
---
.../org/apache/doris/mysql/privilege/Auth.java | 16 ++--
.../org/apache/doris/mysql/privilege/Role.java | 87 +++++++++++++---------
2 files changed, 62 insertions(+), 41 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
index 9d6f52d5a51..42e26cd4d05 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
@@ -658,17 +658,19 @@ public class Auth implements Writable {
public void replayGrant(PrivInfo privInfo) {
try {
+ PrivBitSet privs = privInfo.getPrivs();
+ Role.compatibilityAuthIndexChange(privs);
if (privInfo.getTblPattern() != null) {
grantInternal(privInfo.getUserIdent(), privInfo.getRole(),
- privInfo.getTblPattern(), privInfo.getPrivs(),
privInfo.getColPrivileges(),
+ privInfo.getTblPattern(), privs,
privInfo.getColPrivileges(),
true /* err on non exist */, true /* is replay */);
} else if (privInfo.getResourcePattern() != null) {
grantInternal(privInfo.getUserIdent(), privInfo.getRole(),
- privInfo.getResourcePattern(), privInfo.getPrivs(),
+ privInfo.getResourcePattern(), privs,
true /* err on non exist */, true /* is replay */);
} else if (privInfo.getWorkloadGroupPattern() != null) {
grantInternal(privInfo.getUserIdent(), privInfo.getRole(),
- privInfo.getWorkloadGroupPattern(),
privInfo.getPrivs(),
+ privInfo.getWorkloadGroupPattern(), privs,
true /* err on non exist */, true /* is replay */);
} else {
grantInternal(privInfo.getUserIdent(), privInfo.getRoles(),
true);
@@ -843,14 +845,16 @@ public class Auth implements Writable {
public void replayRevoke(PrivInfo info) {
try {
+ PrivBitSet privs = info.getPrivs();
+ Role.compatibilityAuthIndexChange(privs);
if (info.getTblPattern() != null) {
- revokeInternal(info.getUserIdent(), info.getRole(),
info.getTblPattern(), info.getPrivs(),
+ revokeInternal(info.getUserIdent(), info.getRole(),
info.getTblPattern(), privs,
info.getColPrivileges(), true /* err on non exist */,
true /* is replay */);
} else if (info.getResourcePattern() != null) {
- revokeInternal(info.getUserIdent(), info.getRole(),
info.getResourcePattern(), info.getPrivs(),
+ revokeInternal(info.getUserIdent(), info.getRole(),
info.getResourcePattern(), privs,
true /* err on non exist */, true /* is replay */);
} else if (info.getWorkloadGroupPattern() != null) {
- revokeInternal(info.getUserIdent(), info.getRole(),
info.getWorkloadGroupPattern(), info.getPrivs(),
+ revokeInternal(info.getUserIdent(), info.getRole(),
info.getWorkloadGroupPattern(), privs,
true /* err on non exist */, true /* is replay */);
} else {
revokeInternal(info.getUserIdent(), info.getRoles(), true /*
is replay */);
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
index 0054579062f..64feead6667 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
@@ -1111,53 +1111,70 @@ public class Role implements Writable,
GsonPostProcessable {
LOG.info("auth into compatibility logic, currentVersion={}",
currentVersion);
if (Config.isNotCloudMode() && currentVersion >=
FeMetaVersion.VERSION_129) {
- // not cloud mode,
- // For versions greater than VERSION_123,
- // the community requires versions above VERSION_129 to follow
compatibility logic.
-
- // SHOW_VIEW_PRIV_DEPRECATED -> SHOW_VIEW_PRIV (9 -> 14)
tblPatternToPrivs.values().forEach(privBitSet -> {
- if
(privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_DEPRECATED)) {
- // remove SHOW_VIEW_PRIV_DEPRECATED
-
privBitSet.unset(Privilege.SHOW_VIEW_PRIV_DEPRECATED.getIdx());
- // add SHOW_VIEW_PRIV
- privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
- }
+ compatibilityAuthIndexChange(privBitSet);
});
} else if (Config.isCloudMode()) {
- // cloud mode
- // For versions greater than VERSION_123, the cloud requires
compatibility logic.
-
- // CLUSTER_USAGE_PRIV_DEPRECATED -> CLUSTER_USAGE_PRIV (9 -> 12)
clusterPatternToPrivs.values().forEach(privBitSet -> {
- if
(privBitSet.containsPrivs(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED)) {
- // remove CLUSTER_USAGE_PRIV_DEPRECATED
-
privBitSet.unset(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED.getIdx());
- // add CLUSTER_USAGE_PRIV
- privBitSet.set(Privilege.CLUSTER_USAGE_PRIV.getIdx());
- }
+ compatibilityAuthIndexChange(privBitSet);
});
- // STAGE_USAGE_PRIV_DEPRECATED -> STAGE_USAGE_PRIV (10 -> 13)
stagePatternToPrivs.values().forEach(privBitSet -> {
- if
(privBitSet.containsPrivs(Privilege.STAGE_USAGE_PRIV_DEPRECATED)) {
- // remove CLUSTER_USAGE_PRIV_DEPRECATED
-
privBitSet.unset(Privilege.STAGE_USAGE_PRIV_DEPRECATED.getIdx());
- // add CLUSTER_USAGE_PRIV
- privBitSet.set(Privilege.STAGE_USAGE_PRIV.getIdx());
- }
+ compatibilityAuthIndexChange(privBitSet);
});
- // SHOW_VIEW_PRIV_CLOUD_DEPRECATED -> SHOW_VIEW_PRIV (11 -> 14)
tblPatternToPrivs.values().forEach(privBitSet -> {
- if
(privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED)) {
- // remove SHOW_VIEW_PRIV_CLOUD_DEPRECATED
-
privBitSet.unset(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED.getIdx());
- // add SHOW_VIEW_PRIV
- privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
- }
+ compatibilityAuthIndexChange(privBitSet);
});
}
}
+ public static void compatibilityAuthIndexChange(PrivBitSet privBitSet) {
+ if (privBitSet == null) {
+ return;
+ }
+ int currentVersion = Env.getCurrentEnvJournalVersion();
+ // not cloud mode,
+ // For versions greater than VERSION_123,
+ // the community requires versions above VERSION_129 to follow
compatibility logic.
+
+ // SHOW_VIEW_PRIV_DEPRECATED -> SHOW_VIEW_PRIV (9 -> 14)
+ if (Config.isNotCloudMode() && currentVersion >=
FeMetaVersion.VERSION_129) {
+ if (privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_DEPRECATED))
{
+ // remove SHOW_VIEW_PRIV_DEPRECATED
+ privBitSet.unset(Privilege.SHOW_VIEW_PRIV_DEPRECATED.getIdx());
+ // add SHOW_VIEW_PRIV
+ privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
+ }
+ } else if (Config.isCloudMode()) {
+ // cloud mode
+ // For versions greater than VERSION_123, the cloud requires
compatibility logic.
+
+ // CLUSTER_USAGE_PRIV_DEPRECATED -> CLUSTER_USAGE_PRIV (9 -> 12)
+
+ if
(privBitSet.containsPrivs(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED)) {
+ // remove CLUSTER_USAGE_PRIV_DEPRECATED
+
privBitSet.unset(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED.getIdx());
+ // add CLUSTER_USAGE_PRIV
+ privBitSet.set(Privilege.CLUSTER_USAGE_PRIV.getIdx());
+ }
+
+ // STAGE_USAGE_PRIV_DEPRECATED -> STAGE_USAGE_PRIV (10 -> 13)
+ if
(privBitSet.containsPrivs(Privilege.STAGE_USAGE_PRIV_DEPRECATED)) {
+ // remove CLUSTER_USAGE_PRIV_DEPRECATED
+
privBitSet.unset(Privilege.STAGE_USAGE_PRIV_DEPRECATED.getIdx());
+ // add CLUSTER_USAGE_PRIV
+ privBitSet.set(Privilege.STAGE_USAGE_PRIV.getIdx());
+ }
+
+ // SHOW_VIEW_PRIV_CLOUD_DEPRECATED -> SHOW_VIEW_PRIV (11 -> 14)
+ if
(privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED)) {
+ // remove SHOW_VIEW_PRIV_CLOUD_DEPRECATED
+
privBitSet.unset(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED.getIdx());
+ // add SHOW_VIEW_PRIV
+ privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
+ }
+ }
+ }
+
private void rebuildPrivTables() {
globalPrivTable = new GlobalPrivTable();
catalogPrivTable = new CatalogPrivTable();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
