This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 0305aad097 [fix](privilege)fix grant resource bug (#16045)
0305aad097 is described below
commit 0305aad097a22cb675dd678dd9d791825228f76b
Author: zhangdong <493738...@qq.com>
AuthorDate: Fri Jan 20 19:00:44 2023 +0800
[fix](privilege)fix grant resource bug (#16045)
GRANT USAGE_PRIV ON RESOURCE * TO user;
user will see all database
Describe your changes.
Set a PrivPredicate for show resources and remove USAGE under PrivPredicate
in SHOW_ PRIV
---
fe/fe-core/src/main/java/org/apache/doris/catalog/ResourceMgr.java | 2 +-
.../main/java/org/apache/doris/mysql/privilege/PrivPredicate.java | 7 +++++--
.../src/test/java/org/apache/doris/mysql/privilege/AuthTest.java | 4 ++++
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/fe/fe-core/src/main/java/org/apache/doris/catalog/ResourceMgr.java
b/fe/fe-core/src/main/java/org/apache/doris/catalog/ResourceMgr.java
index 3805b5848d..d9a79b8616 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/catalog/ResourceMgr.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/ResourceMgr.java
@@ -229,7 +229,7 @@ public class ResourceMgr implements Writable {
Resource resource = entry.getValue();
// check resource privs
if
(!Env.getCurrentEnv().getAuth().checkResourcePriv(ConnectContext.get(),
resource.getName(),
-
PrivPredicate.SHOW)) {
+
PrivPredicate.SHOW_RESOURCES)) {
continue;
}
resource.getProcNodeData(result);
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PrivPredicate.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PrivPredicate.java
index 7a805eefc2..3bf80cd149 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PrivPredicate.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PrivPredicate.java
@@ -27,8 +27,11 @@ public class PrivPredicate {
PaloPrivilege.LOAD_PRIV,
PaloPrivilege.ALTER_PRIV,
PaloPrivilege.CREATE_PRIV,
- PaloPrivilege.DROP_PRIV,
- PaloPrivilege.USAGE_PRIV),
+ PaloPrivilege.DROP_PRIV),
+ Operator.OR);
+ //show resources
+ public static final PrivPredicate SHOW_RESOURCES =
PrivPredicate.of(PrivBitSet.of(PaloPrivilege.ADMIN_PRIV,
+ PaloPrivilege.USAGE_PRIV),
Operator.OR);
// create/drop/alter/show user
public static final PrivPredicate GRANT =
PrivPredicate.of(PrivBitSet.of(PaloPrivilege.ADMIN_PRIV,
diff --git
a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java
b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java
index 50ecb8edec..a32f866bd3 100644
--- a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java
+++ b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java
@@ -1530,6 +1530,8 @@ public class AuthTest {
}
Assert.assertTrue(auth.checkResourcePriv(userIdentity, resourceName,
PrivPredicate.USAGE));
Assert.assertTrue(auth.checkGlobalPriv(userIdentity,
PrivPredicate.USAGE));
+ Assert.assertTrue(auth.checkGlobalPriv(userIdentity,
PrivPredicate.SHOW_RESOURCES));
+ Assert.assertFalse(auth.checkGlobalPriv(userIdentity,
PrivPredicate.SHOW));
// 3. revoke usage_priv on resource '*' from 'testUser'@'%'
revokeStmt = new RevokeStmt(userIdentity, null, anyResourcePattern,
usagePrivileges);
@@ -1542,6 +1544,8 @@ public class AuthTest {
}
Assert.assertFalse(auth.checkResourcePriv(userIdentity, resourceName,
PrivPredicate.USAGE));
Assert.assertFalse(auth.checkGlobalPriv(userIdentity,
PrivPredicate.USAGE));
+ Assert.assertFalse(auth.checkGlobalPriv(userIdentity,
PrivPredicate.SHOW_RESOURCES));
+ Assert.assertFalse(auth.checkGlobalPriv(userIdentity,
PrivPredicate.SHOW));
// 4. drop user
dropUserStmt = new DropUserStmt(userIdentity);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
