From a7a783f9ae3ac241e70bbdf0bcf2278b6cea6cf9 Mon Sep 17 00:00:00 2001 From: zhangdong Date: Mon, 9 Dec 2024 02:30:36 +0800 Subject: [PATCH] [enhance](auth)When authorization includes create, not check if resources exist (#45125) ### What problem does this PR solve? Issue Number: close #xxx Related PR: #39597 Problem Summary: When authorization includes create, not check if resources exist --- .../main/java/org/apache/doris/mysql/privilege/Auth.java | 8 ++++++-- .../suites/auth_p0/test_grant_nonexist_table.groovy | 4 +++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java index cf856de3b7e2f8..b2e7fe38ec3640 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java @@ -583,7 +583,7 @@ private void grantInternal(UserIdentity userIdent, String role, TablePattern tbl writeLock(); try { if (!isReplay) { - checkTablePatternExist(tblPattern); + checkTablePatternExist(tblPattern, privs); } if (role == null) { if (!doesUserExist(userIdent)) { @@ -603,8 +603,12 @@ private void grantInternal(UserIdentity userIdent, String role, TablePattern tbl } } - private void checkTablePatternExist(TablePattern tablePattern) throws DdlException { + private void checkTablePatternExist(TablePattern tablePattern, PrivBitSet privs) throws DdlException { Objects.requireNonNull(tablePattern, "tablePattern can not be null"); + Objects.requireNonNull(privs, "privs can not be null"); + if (privs.containsPrivs(Privilege.CREATE_PRIV)) { + return; + } PrivLevel privLevel = tablePattern.getPrivLevel(); if (privLevel == PrivLevel.GLOBAL) { return; diff --git a/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy b/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy index 36e75707be7252..74d211e5010201 100644 --- a/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy +++ b/regression-test/suites/auth_p0/test_grant_nonexist_table.groovy @@ -39,7 +39,9 @@ suite("test_grant_nonexist_table","p0,auth") { sql """grant select_priv on internal.${dbName}.non_exist_table to ${user}""" exception "table" } - + // contain create_triv should not check name, Same behavior as MySQL + sql """grant create_priv on internal.${dbName}.non_exist_table to ${user}""" + sql """grant create_priv,select_priv on internal.${dbName}.non_exist_table to ${user}""" try_sql("DROP USER ${user}") }