From 68448bc994c882059c852deef33827ce658bc635 Mon Sep 17 00:00:00 2001
From: HangyuanLiu <460660596@qq.com>
Date: Thu, 3 Aug 2023 14:06:36 +0800
Subject: [PATCH] [BugFix] Fix bug the user has the query permission of mv, but
 cannot use database (#28545)

Fixes #issue

## What type of PR is this:
- [x] BugFix
- [ ] Feature
- [ ] Enhancement
- [ ] Refactor
- [ ] UT
- [ ] Doc
- [ ] Tool

## Checklist:
- [ ] I have added test cases for my bug fix or my new feature
- [ ] This pr will affect users' behaviors
- [ ] This pr needs user documentation (for new or modified features or
behaviors)
  - [ ] I have added documentation for my new feature or new function

## Bugfix cherry-pick branch check:
- [ ] I have checked the version labels which the pr will be
auto-backported to the target branch
  - [ ] 3.1
  - [ ] 3.0
  - [ ] 2.5
  - [ ] 2.4

Signed-off-by: HangyuanLiu <460660596@qq.com>
---
 .../com/starrocks/http/rest/RestBaseAction.java  |  2 --
 .../starrocks/privilege/NativeAccessControl.java |  2 +-
 .../privilege/AuthorizationMgrTest.java          | 16 ++++++++++++++++
 .../sql/analyzer/PrivilegeCheckerTest.java       |  1 -
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/fe/fe-core/src/main/java/com/starrocks/http/rest/RestBaseAction.java b/fe/fe-core/src/main/java/com/starrocks/http/rest/RestBaseAction.java
index 35579ab8bc170..640466f0b8188 100644
--- a/fe/fe-core/src/main/java/com/starrocks/http/rest/RestBaseAction.java
+++ b/fe/fe-core/src/main/java/com/starrocks/http/rest/RestBaseAction.java
@@ -42,9 +42,7 @@
 import com.starrocks.http.BaseAction;
 import com.starrocks.http.BaseRequest;
 import com.starrocks.http.BaseResponse;
-import com.starrocks.http.HttpConnectContext;
 import com.starrocks.privilege.AccessDeniedException;
-import com.starrocks.http.UnauthorizedException;
 import com.starrocks.qe.ConnectContext;
 import com.starrocks.server.GlobalStateMgr;
 import com.starrocks.sql.ast.UserIdentity;
diff --git a/fe/fe-core/src/main/java/com/starrocks/privilege/NativeAccessControl.java b/fe/fe-core/src/main/java/com/starrocks/privilege/NativeAccessControl.java
index ae547fb4855ce..8257395c7c18e 100644
--- a/fe/fe-core/src/main/java/com/starrocks/privilege/NativeAccessControl.java
+++ b/fe/fe-core/src/main/java/com/starrocks/privilege/NativeAccessControl.java
@@ -142,7 +142,7 @@ public void checkAnyActionOnMaterializedView(UserIdentity currentUser, Set<Long>
 
     @Override
     public void checkAnyActionOnAnyMaterializedView(UserIdentity currentUser, Set<Long> roleIds, String db) {
-        checkAnyActionOnView(currentUser, roleIds, new TableName(db, "*"));
+        checkAnyActionOnMaterializedView(currentUser, roleIds, new TableName(db, "*"));
     }
 
     @Override
diff --git a/fe/fe-core/src/test/java/com/starrocks/privilege/AuthorizationMgrTest.java b/fe/fe-core/src/test/java/com/starrocks/privilege/AuthorizationMgrTest.java
index 24b9e8d16ad11..78672f3a2b26a 100644
--- a/fe/fe-core/src/test/java/com/starrocks/privilege/AuthorizationMgrTest.java
+++ b/fe/fe-core/src/test/java/com/starrocks/privilege/AuthorizationMgrTest.java
@@ -1573,6 +1573,22 @@ public void testGrantView() throws Exception {
                 new TableName("db", "view1"), PrivilegeType.ALTER);
     }
 
+    @Test
+    public void testGrantMaterializedView() throws Exception {
+        DDLStmtExecutor.execute(UtFrameUtils.parseStmtWithNewParser(
+                "create user mv_user", ctx), ctx);
+        DDLStmtExecutor.execute(UtFrameUtils.parseStmtWithNewParser(
+                "grant select on materialized view db3.mv1 to mv_user", ctx), ctx);
+        UserIdentity user = UserIdentity.createAnalyzedUserIdentWithIp("mv_user", "%");
+        setCurrentUserAndRoles(ctx, user);
+        new NativeAccessControl().checkMaterializedViewAction(ctx.getCurrentUserIdentity(), ctx.getCurrentRoleIds(),
+                new TableName("db3", "mv1"), PrivilegeType.SELECT);
+        new NativeAccessControl().checkAnyActionOnMaterializedView(ctx.getCurrentUserIdentity(), ctx.getCurrentRoleIds(),
+                new TableName("db3", "mv1"));
+        new NativeAccessControl().checkAnyActionOnAnyMaterializedView(ctx.getCurrentUserIdentity(), ctx.getCurrentRoleIds(),
+                "db3");
+    }
+
     @Test
     public void testGrantBrief() throws Exception {
         ctx.setDatabase("db");
diff --git a/fe/fe-core/src/test/java/com/starrocks/sql/analyzer/PrivilegeCheckerTest.java b/fe/fe-core/src/test/java/com/starrocks/sql/analyzer/PrivilegeCheckerTest.java
index be890ccae7a64..2a92fa33c865c 100644
--- a/fe/fe-core/src/test/java/com/starrocks/sql/analyzer/PrivilegeCheckerTest.java
+++ b/fe/fe-core/src/test/java/com/starrocks/sql/analyzer/PrivilegeCheckerTest.java
@@ -58,7 +58,6 @@
 import com.starrocks.sql.ast.ShowStmt;
 import com.starrocks.sql.ast.StatementBase;
 import com.starrocks.sql.ast.UserIdentity;
-import com.starrocks.sql.common.StarRocksPlannerException;
 import com.starrocks.sql.plan.ConnectorPlanTestBase;
 import com.starrocks.statistic.AnalyzeJob;
 import com.starrocks.statistic.AnalyzeMgr;