From 719e3da10aefc5441fc746f1e7b39e2d0f153e8a Mon Sep 17 00:00:00 2001 From: zhangdong <493738387@qq.com> Date: Thu, 11 Apr 2024 10:14:37 +0800 Subject: [PATCH] [auth](enhance)remove some method in AccessControllerManager (#33320) The authentication method must specify the catalog level to avoid forgetting to pass the catalogName --- .../doris/alter/MaterializedViewHandler.java | 5 +- .../doris/alter/SchemaChangeHandler.java | 4 +- .../doris/analysis/AbstractBackupStmt.java | 6 +- .../analysis/AlterColocateGroupStmt.java | 3 +- .../doris/analysis/AlterColumnStatsStmt.java | 5 +- .../doris/analysis/AlterDatabaseRename.java | 6 +- .../doris/analysis/AlterTableStatsStmt.java | 5 +- .../apache/doris/analysis/AlterTableStmt.java | 5 +- .../apache/doris/analysis/AlterViewStmt.java | 3 +- .../apache/doris/analysis/AnalyzeTblStmt.java | 6 +- .../doris/analysis/CancelAlterTableStmt.java | 13 ++-- .../doris/analysis/CancelBackupStmt.java | 4 +- .../doris/analysis/ChannelDescription.java | 6 +- .../apache/doris/analysis/CleanLabelStmt.java | 4 +- .../doris/analysis/CleanQueryStatsStmt.java | 6 +- .../apache/doris/analysis/CreateDbStmt.java | 3 +- .../analysis/CreateMaterializedViewStmt.java | 6 +- .../doris/analysis/CreateTableLikeStmt.java | 7 +- .../doris/analysis/CreateTableStmt.java | 3 +- .../apache/doris/analysis/CreateViewStmt.java | 5 +- .../doris/analysis/DataDescription.java | 11 ++- .../org/apache/doris/analysis/DeleteStmt.java | 3 +- .../org/apache/doris/analysis/DropDbStmt.java | 9 ++- .../analysis/DropMaterializedViewStmt.java | 5 +- .../apache/doris/analysis/DropStatsStmt.java | 7 +- .../apache/doris/analysis/DropTableStmt.java | 5 +- .../org/apache/doris/analysis/ExportStmt.java | 12 +-- .../doris/analysis/FunctionCallExpr.java | 3 +- .../analysis/InsertOverwriteTableStmt.java | 3 +- .../apache/doris/analysis/RecoverDbStmt.java | 6 +- .../doris/analysis/RecoverPartitionStmt.java | 5 +- .../doris/analysis/RecoverTableStmt.java | 3 +- .../doris/analysis/ShowAnalyzeStmt.java | 8 +- .../apache/doris/analysis/ShowBackupStmt.java | 4 +- .../doris/analysis/ShowColumnHistStmt.java | 3 +- .../doris/analysis/ShowColumnStatsStmt.java | 3 +- .../doris/analysis/ShowCreateDbStmt.java | 6 +- .../analysis/ShowCreateFunctionStmt.java | 3 +- .../ShowCreateMaterializedViewStmt.java | 3 +- .../doris/analysis/ShowDataSkewStmt.java | 7 +- .../apache/doris/analysis/ShowDataStmt.java | 8 +- .../doris/analysis/ShowEncryptKeysStmt.java | 5 +- .../doris/analysis/ShowFunctionsStmt.java | 3 +- .../doris/analysis/ShowQueryStatsStmt.java | 3 +- .../doris/analysis/ShowRestoreStmt.java | 4 +- .../doris/analysis/ShowSmallFilesStmt.java | 4 +- .../doris/analysis/ShowTableStatsStmt.java | 3 +- .../doris/analysis/ShowTypeCastStmt.java | 8 -- .../apache/doris/analysis/ShowViewStmt.java | 2 +- .../doris/analysis/TruncateTableStmt.java | 5 +- .../org/apache/doris/analysis/UpdateStmt.java | 3 +- .../doris/catalog/FunctionRegistry.java | 4 +- .../httpv2/controller/BaseController.java | 7 +- .../doris/httpv2/rest/CancelLoadAction.java | 5 +- .../doris/httpv2/rest/MetaInfoAction.java | 9 ++- .../doris/httpv2/restv2/MetaInfoActionV2.java | 9 ++- .../job/extensions/insert/InsertJob.java | 11 ++- .../org/apache/doris/load/DeleteHandler.java | 9 ++- .../java/org/apache/doris/load/ExportMgr.java | 12 +-- .../main/java/org/apache/doris/load/Load.java | 18 +++-- .../org/apache/doris/load/loadv2/LoadJob.java | 11 ++- .../apache/doris/load/loadv2/LoadManager.java | 3 + .../doris/load/loadv2/LoadingTaskPlanner.java | 4 +- .../load/routineload/RoutineLoadManager.java | 7 +- .../privilege/AccessControllerManager.java | 39 +--------- .../plans/commands/DeleteFromCommand.java | 6 +- .../trees/plans/commands/ExportCommand.java | 5 +- .../plans/commands/info/AlterMTMVInfo.java | 2 +- .../commands/info/CancelMTMVTaskInfo.java | 2 +- .../plans/commands/info/CreateMTMVInfo.java | 2 +- .../plans/commands/info/CreateTableInfo.java | 2 +- .../plans/commands/info/DropMTMVInfo.java | 2 +- .../plans/commands/info/PauseMTMVInfo.java | 2 +- .../plans/commands/info/RefreshMTMVInfo.java | 2 +- .../plans/commands/info/ResumeMTMVInfo.java | 2 +- .../insert/BatchInsertIntoTableCommand.java | 3 +- .../insert/InsertOverwriteTableCommand.java | 3 +- .../org/apache/doris/qe/ShowExecutor.java | 51 +++++++------ .../doris/service/FrontendServiceImpl.java | 29 +++++--- .../transaction/DatabaseTransactionMgr.java | 7 +- .../apache/doris/analysis/AccessTestUtil.java | 10 +-- .../analysis/AlterDatabaseQuotaStmtTest.java | 4 +- .../analysis/AlterRoutineLoadStmtTest.java | 4 +- .../doris/analysis/AlterTableStmtTest.java | 4 +- .../analysis/CreateDataSyncJobStmtTest.java | 2 +- .../DropMaterializedViewStmtTest.java | 2 +- .../doris/analysis/ShowBackupStmtTest.java | 2 +- .../ShowCreateMaterializedViewTest.java | 3 +- .../doris/analysis/ShowDataStmtTest.java | 4 +- .../apache/doris/backup/CatalogMocker.java | 4 +- .../routineload/RoutineLoadManagerTest.java | 14 ++-- .../doris/mysql/privilege/AuthTest.java | 74 +++++++++---------- .../doris/mysql/privilege/MockedAuth.java | 4 +- .../org/apache/doris/qe/SetExecutorTest.java | 4 +- 94 files changed, 379 insertions(+), 286 deletions(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/alter/MaterializedViewHandler.java b/fe/fe-core/src/main/java/org/apache/doris/alter/MaterializedViewHandler.java index f5d6d944cc0f6e..a6b6c709dd526a 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/alter/MaterializedViewHandler.java +++ b/fe/fe-core/src/main/java/org/apache/doris/alter/MaterializedViewHandler.java @@ -1218,8 +1218,9 @@ private void getAlterJobV2Infos(Database db, List> rollupJobInf continue; } if (ctx != null) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, db.getFullName(), - alterJob.getTableName(), PrivPredicate.ALTER)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ctx, db.getCatalog().getName(), db.getFullName(), + alterJob.getTableName(), PrivPredicate.ALTER)) { continue; } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/alter/SchemaChangeHandler.java b/fe/fe-core/src/main/java/org/apache/doris/alter/SchemaChangeHandler.java index b4d032dc78c89d..077d84a3e3e6a8 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/alter/SchemaChangeHandler.java +++ b/fe/fe-core/src/main/java/org/apache/doris/alter/SchemaChangeHandler.java @@ -79,6 +79,7 @@ import org.apache.doris.common.util.PropertyAnalyzer; import org.apache.doris.common.util.TimeUtils; import org.apache.doris.common.util.Util; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.persist.AlterLightSchemaChangeInfo; import org.apache.doris.persist.RemoveAlterJobV2OperationLog; @@ -1779,7 +1780,8 @@ private void getAlterJobV2Infos(Database db, List alterJobsV2, } if (ctx != null) { if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ctx, db.getFullName(), alterJob.getTableName(), PrivPredicate.ALTER)) { + .checkTblPriv(ctx, InternalCatalog.INTERNAL_CATALOG_NAME, db.getFullName(), + alterJob.getTableName(), PrivPredicate.ALTER)) { continue; } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AbstractBackupStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AbstractBackupStmt.java index a268047043fb2b..3aa0c54a5c52ff 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AbstractBackupStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AbstractBackupStmt.java @@ -23,6 +23,7 @@ import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -61,8 +62,9 @@ public void analyze(Analyzer analyzer) throws UserException { // user need database level privilege(not table level), because when doing restore operation, // the restore table may be newly created, so we can not judge its privileges. - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), - labelName.getDbName(), PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, + labelName.getDbName(), PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "LOAD"); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColocateGroupStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColocateGroupStmt.java index e268322dcc8f9f..2885d662555559 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColocateGroupStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColocateGroupStmt.java @@ -23,6 +23,7 @@ import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; import org.apache.doris.common.util.PrintableMap; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -60,7 +61,7 @@ public void analyze(Analyzer analyzer) throws UserException { } } else { if (!Env.getCurrentEnv().getAccessManager().checkDbPriv( - ConnectContext.get(), dbName, PrivPredicate.ADMIN)) { + ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, PrivPredicate.ADMIN)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, ConnectContext.get().getQualifiedUser(), dbName); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColumnStatsStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColumnStatsStmt.java index ef4357dc28553e..9e76b065921a03 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColumnStatsStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterColumnStatsStmt.java @@ -143,8 +143,9 @@ public void analyze(Analyzer analyzer) throws UserException { @Override public void checkPriv() throws AnalysisException { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tableName.getDb(), - tableName.getTbl(), PrivPredicate.ALTER)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), + tableName.getTbl(), PrivPredicate.ALTER)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "ALTER COLUMN STATS", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), tableName.getDb() + ": " + tableName.getTbl()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseRename.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseRename.java index 2f7d268047371f..cf32745e0b3344 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseRename.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseRename.java @@ -24,6 +24,7 @@ import org.apache.doris.common.FeNameFormat; import org.apache.doris.common.UserException; import org.apache.doris.common.util.InternalDatabaseUtil; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -53,8 +54,9 @@ public void analyze(Analyzer analyzer) throws AnalysisException, UserException { throw new AnalysisException("Database name is not set"); } InternalDatabaseUtil.checkDatabase(dbName, ConnectContext.get()); - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, - PrivPredicate.ALTER)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, + PrivPredicate.ALTER)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, analyzer.getQualifiedUser(), dbName); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStatsStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStatsStmt.java index 0129e6b27d3752..8a9e55f4ebf18e 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStatsStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStatsStmt.java @@ -97,8 +97,9 @@ public void analyze(Analyzer analyzer) throws UserException { @Override public void checkPriv() throws AnalysisException { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tableName.getDb(), - tableName.getTbl(), PrivPredicate.ALTER)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), + tableName.getTbl(), PrivPredicate.ALTER)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "ALTER COLUMN STATS", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), tableName.getDb() + ": " + tableName.getTbl()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStmt.java index d702f09022d858..d939bb0c3fba94 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStmt.java @@ -69,8 +69,9 @@ public void analyze(Analyzer analyzer) throws UserException { // disallow external catalog Util.prohibitExternalCatalog(tbl.getCtl(), this.getClass().getSimpleName()); InternalDatabaseUtil.checkDatabase(tbl.getDb(), ConnectContext.get()); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tbl.getDb(), tbl.getTbl(), - PrivPredicate.ALTER)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), tbl.getCtl(), tbl.getDb(), tbl.getTbl(), + PrivPredicate.ALTER)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "ALTER TABLE", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterViewStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterViewStmt.java index a46d580ffdc942..6e0da716b078bf 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterViewStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterViewStmt.java @@ -60,7 +60,8 @@ public void analyze(Analyzer analyzer) throws UserException { } if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), tableName.getDb(), tableName.getTbl(), PrivPredicate.ALTER)) { + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), tableName.getTbl(), + PrivPredicate.ALTER)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "ALTER VIEW", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), tableName.getDb() + ": " + tableName.getTbl()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AnalyzeTblStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AnalyzeTblStmt.java index 08efb31d6631fb..083af1dad0915e 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AnalyzeTblStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AnalyzeTblStmt.java @@ -146,7 +146,7 @@ public void check() throws AnalysisException { if (table instanceof View) { throw new AnalysisException("Analyze view is not allowed"); } - checkAnalyzePriv(tableName.getDb(), tableName.getTbl()); + checkAnalyzePriv(tableName.getCtl(), tableName.getDb(), tableName.getTbl()); if (columnNames == null) { columnNames = table.getSchemaAllIndexes(false).stream() // Filter unsupported type columns. @@ -288,14 +288,14 @@ public boolean isSamplingPartition() { return table instanceof HMSExternalTable && table.getPartitionNames().size() > partNum; } - private void checkAnalyzePriv(String dbName, String tblName) throws AnalysisException { + private void checkAnalyzePriv(String ctlName, String dbName, String tblName) throws AnalysisException { ConnectContext ctx = ConnectContext.get(); // means it a system analyze if (ctx == null) { return; } if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ctx, dbName, tblName, PrivPredicate.SELECT)) { + .checkTblPriv(ctx, ctlName, dbName, tblName, PrivPredicate.SELECT)) { ErrorReport.reportAnalysisException( ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "ANALYZE", diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CancelAlterTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CancelAlterTableStmt.java index 7273943a3e5f05..8c05483b770885 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CancelAlterTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CancelAlterTableStmt.java @@ -75,13 +75,14 @@ public void analyze(Analyzer analyzer) throws AnalysisException { Util.prohibitExternalCatalog(dbTableName.getCtl(), this.getClass().getSimpleName()); // check access - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), dbTableName.getDb(), - dbTableName.getTbl(), - PrivPredicate.ALTER)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), dbTableName.getCtl(), dbTableName.getDb(), + dbTableName.getTbl(), + PrivPredicate.ALTER)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "CANCEL ALTER TABLE", - ConnectContext.get().getQualifiedUser(), - ConnectContext.get().getRemoteIP(), - dbTableName.getDb() + ": " + dbTableName.getTbl()); + ConnectContext.get().getQualifiedUser(), + ConnectContext.get().getRemoteIP(), + dbTableName.getDb() + ": " + dbTableName.getTbl()); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CancelBackupStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CancelBackupStmt.java index 0e9db307558b40..ab1fb8c4b70d5e 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CancelBackupStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CancelBackupStmt.java @@ -22,6 +22,7 @@ import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -56,7 +57,8 @@ public void analyze(Analyzer analyzer) throws UserException { } // check auth - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "LOAD"); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ChannelDescription.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ChannelDescription.java index 8b64252ebe42f7..f4be72e25d4574 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ChannelDescription.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ChannelDescription.java @@ -23,6 +23,7 @@ import org.apache.doris.common.ErrorReport; import org.apache.doris.common.io.Text; import org.apache.doris.common.io.Writable; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.persist.gson.GsonUtils; import org.apache.doris.qe.ConnectContext; @@ -102,8 +103,9 @@ private void checkAuth(String fullDbName) throws AnalysisException { } // check target table auth - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), fullDbName, targetTable, - PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, fullDbName, targetTable, + PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "LOAD", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), fullDbName + ": " + targetTable); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CleanLabelStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CleanLabelStmt.java index a2031a20e2e04b..0be3adb9e60c59 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CleanLabelStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CleanLabelStmt.java @@ -21,6 +21,7 @@ import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -52,7 +53,8 @@ public void analyze(Analyzer analyzer) throws UserException { super.analyze(analyzer); label = Strings.nullToEmpty(label); // check auth - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), db, PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, db, PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "LOAD"); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CleanQueryStatsStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CleanQueryStatsStmt.java index 20af0299807354..f9dce80d4d4cd2 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CleanQueryStatsStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CleanQueryStatsStmt.java @@ -95,7 +95,8 @@ public void analyze(Analyzer analyzer) throws UserException { Env.getCurrentEnv().getCurrentCatalog().getDbOrAnalysisException(dbName); if (!Env.getCurrentEnv().getAccessManager() - .checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.ALTER)) { + .checkDbPriv(ConnectContext.get(), tableName.getCtl(), dbName, + PrivPredicate.ALTER)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "CLEAN DATABASE QUERY STATS FOR " + ClusterNamespace.getNameFromFullName(dbName)); } @@ -109,7 +110,8 @@ public void analyze(Analyzer analyzer) throws UserException { DatabaseIf db = Env.getCurrentEnv().getCurrentCatalog().getDbOrAnalysisException(dbName); db.getTableOrAnalysisException(tableName.getTbl()); if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), dbName, tableName.getTbl(), PrivPredicate.ALTER)) { + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), dbName, tableName.getTbl(), + PrivPredicate.ALTER)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "CLEAN TABLE QUERY STATS FROM " + tableName); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateDbStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateDbStmt.java index 39754244e96136..09ae61a1ee1a3c 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateDbStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateDbStmt.java @@ -70,7 +70,8 @@ public void analyze(Analyzer analyzer) throws UserException { FeNameFormat.checkCatalogName(ctlName); FeNameFormat.checkDbName(dbName); InternalDatabaseUtil.checkDatabase(dbName, ConnectContext.get()); - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.CREATE)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), ctlName, dbName, PrivPredicate.CREATE)) { ErrorReport.reportAnalysisException( ErrorCode.ERR_DBACCESS_DENIED_ERROR, analyzer.getQualifiedUser(), dbName); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java index be83640873a07b..e3f856c31a47b3 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateMaterializedViewStmt.java @@ -34,6 +34,7 @@ import org.apache.doris.common.FeConstants; import org.apache.doris.common.FeNameFormat; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; import org.apache.doris.rewrite.ExprRewriter; @@ -245,8 +246,9 @@ public void analyze(Analyzer analyzer) throws UserException { @Override public void checkPriv() throws AnalysisException { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), dbName, baseIndexName, - PrivPredicate.ALTER)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, baseIndexName, + PrivPredicate.ALTER)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "ALTER"); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableLikeStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableLikeStmt.java index a3d64c45907f11..f1bb757e95d5cd 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableLikeStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableLikeStmt.java @@ -95,8 +95,9 @@ public void analyze(Analyzer analyzer) throws UserException { // disallow external catalog Util.prohibitExternalCatalog(existedTableName.getCtl(), this.getClass().getSimpleName()); ConnectContext ctx = ConnectContext.get(); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, existedTableName.getDb(), - existedTableName.getTbl(), PrivPredicate.SELECT)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ctx, existedTableName.getCtl(), existedTableName.getDb(), + existedTableName.getTbl(), PrivPredicate.SELECT)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "SELECT"); } @@ -104,7 +105,7 @@ public void analyze(Analyzer analyzer) throws UserException { // disallow external catalog Util.prohibitExternalCatalog(tableName.getCtl(), this.getClass().getSimpleName()); FeNameFormat.checkTableName(getTableName()); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, tableName.getDb(), + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, tableName.getCtl(), tableName.getDb(), tableName.getTbl(), PrivPredicate.CREATE)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "CREATE"); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableStmt.java index bf0dc906fd9113..40383826f4036f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableStmt.java @@ -294,7 +294,8 @@ public void analyze(Analyzer analyzer) throws UserException { FeNameFormat.checkTableName(tableName.getTbl()); InternalDatabaseUtil.checkDatabase(tableName.getDb(), ConnectContext.get()); if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), tableName.getDb(), tableName.getTbl(), PrivPredicate.CREATE)) { + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), tableName.getTbl(), + PrivPredicate.CREATE)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "CREATE"); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateViewStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateViewStmt.java index 2eed97f0a018e5..8b53d18fd9b602 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateViewStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateViewStmt.java @@ -64,8 +64,9 @@ public void analyze(Analyzer analyzer) throws UserException { Util.prohibitExternalCatalog(tableName.getCtl(), this.getClass().getSimpleName()); // check privilege - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tableName.getDb(), - tableName.getTbl(), PrivPredicate.CREATE)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), + tableName.getTbl(), PrivPredicate.CREATE)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "CREATE"); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DataDescription.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DataDescription.java index 75cc514aa8c42c..ed4b6d7749b8da 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DataDescription.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DataDescription.java @@ -32,6 +32,7 @@ import org.apache.doris.common.util.FileFormatConstants; import org.apache.doris.common.util.SqlParserUtils; import org.apache.doris.common.util.Util; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.load.loadv2.LoadTask; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -1016,8 +1017,9 @@ private void checkLoadPriv(String fullDbName) throws AnalysisException { } // check auth - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), fullDbName, tableName, - PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, fullDbName, tableName, + PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "LOAD", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), fullDbName + ": " + tableName); @@ -1025,8 +1027,9 @@ private void checkLoadPriv(String fullDbName) throws AnalysisException { // check hive table auth if (isLoadFromTable()) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), fullDbName, srcTableName, - PrivPredicate.SELECT)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, fullDbName, srcTableName, + PrivPredicate.SELECT)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "SELECT", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), fullDbName + ": " + srcTableName); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DeleteStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DeleteStmt.java index fd7a50ea6caa8b..465cd6c16002b1 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DeleteStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DeleteStmt.java @@ -219,7 +219,8 @@ private void analyzeTargetTable(Analyzer analyzer) throws UserException { Util.prohibitExternalCatalog(tableName.getCtl(), this.getClass().getSimpleName()); // check load privilege, select privilege will check when analyze insert stmt if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), tableName.getDb(), tableName.getTbl(), PrivPredicate.LOAD)) { + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), tableName.getTbl(), + PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "LOAD", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), tableName.getDb() + ": " + tableName.getTbl()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropDbStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropDbStmt.java index bd00d06cc5cfce..a277f3a9ce5abe 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropDbStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropDbStmt.java @@ -24,10 +24,12 @@ import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; import org.apache.doris.common.util.InternalDatabaseUtil; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; import com.google.common.base.Strings; +import org.apache.commons.lang3.StringUtils; // DROP DB表达式 public class DropDbStmt extends DdlStmt { @@ -73,9 +75,12 @@ public void analyze(Analyzer analyzer) throws UserException { analyzer.getQualifiedUser(), dbName); } - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.DROP)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), + StringUtils.isEmpty(ctlName) ? InternalCatalog.INTERNAL_CATALOG_NAME : ctlName, dbName, + PrivPredicate.DROP)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, - ConnectContext.get().getQualifiedUser(), dbName); + ConnectContext.get().getQualifiedUser(), dbName); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropMaterializedViewStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropMaterializedViewStmt.java index 68cd29688d508c..9fe01f20a066fc 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropMaterializedViewStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropMaterializedViewStmt.java @@ -71,8 +71,9 @@ public void analyze(Analyzer analyzer) throws UserException { Util.prohibitExternalCatalog(tableName.getCtl(), this.getClass().getSimpleName()); // check access - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tableName.getDb(), - tableName.getTbl(), PrivPredicate.DROP)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), + tableName.getTbl(), PrivPredicate.DROP)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "DROP"); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropStatsStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropStatsStmt.java index c0ba720c130d91..de17116d73908f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropStatsStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropStatsStmt.java @@ -106,7 +106,7 @@ public void analyze(Analyzer analyzer) throws UserException { dbId = db.getId(); catalogId = catalog.getId(); // check permission - checkAnalyzePriv(db.getFullName(), table.getName()); + checkAnalyzePriv(catalogName, db.getFullName(), table.getName()); // check columnNames if (columnNames != null) { isAllColumns = false; @@ -173,9 +173,10 @@ public String toString() { return toSql(); } - private void checkAnalyzePriv(String dbName, String tblName) throws AnalysisException { + private void checkAnalyzePriv(String catalogName, String dbName, String tblName) throws AnalysisException { if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), dbName, tblName, PrivPredicate.DROP)) { + .checkTblPriv(ConnectContext.get(), catalogName, dbName, tblName, + PrivPredicate.DROP)) { ErrorReport.reportAnalysisException( ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "DROP", diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropTableStmt.java index ff679adc37732c..5df0a82c6f2e86 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropTableStmt.java @@ -89,8 +89,9 @@ public void analyze(Analyzer analyzer) throws UserException { tableName.analyze(analyzer); InternalDatabaseUtil.checkDatabase(tableName.getDb(), ConnectContext.get()); // check access - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tableName.getDb(), - tableName.getTbl(), PrivPredicate.DROP)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), + tableName.getTbl(), PrivPredicate.DROP)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "DROP"); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ExportStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ExportStmt.java index 681f6345486b91..3efda3bf8f8fc5 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ExportStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ExportStmt.java @@ -165,13 +165,13 @@ public void analyze(Analyzer analyzer) throws UserException { } // check auth - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), - tblName.getDb(), tblName.getTbl(), - PrivPredicate.SELECT)) { + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tblName.getCtl(), + tblName.getDb(), tblName.getTbl(), + PrivPredicate.SELECT)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "EXPORT", - ConnectContext.get().getQualifiedUser(), - ConnectContext.get().getRemoteIP(), - tblName.getDb() + ": " + tblName.getTbl()); + ConnectContext.get().getQualifiedUser(), + ConnectContext.get().getRemoteIP(), + tblName.getDb() + ": " + tblName.getTbl()); } qualifiedUser = ConnectContext.get().getQualifiedUser(); userIdentity = ConnectContext.get().getCurrentUserIdentity(); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/FunctionCallExpr.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/FunctionCallExpr.java index 9bc857bacef1a6..b703948468cb1f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/FunctionCallExpr.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/FunctionCallExpr.java @@ -39,6 +39,7 @@ import org.apache.doris.common.AnalysisException; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.nereids.util.Utils; import org.apache.doris.qe.ConnectContext; @@ -2506,7 +2507,7 @@ public Function findUdf(FunctionName fnName, Analyzer analyzer) throws AnalysisE if (!Strings.isNullOrEmpty(dbName)) { // check operation privilege if (!analyzer.isReplay() && !Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), - dbName, PrivPredicate.SELECT)) { + InternalCatalog.INTERNAL_CATALOG_NAME, dbName, PrivPredicate.SELECT)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "SELECT"); } // TODO(gaoxin): ExternalDatabase not implement udf yet. diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/InsertOverwriteTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/InsertOverwriteTableStmt.java index 3b4e651cc02071..24713eed5c2ff0 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/InsertOverwriteTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/InsertOverwriteTableStmt.java @@ -85,7 +85,8 @@ public void analyze(Analyzer analyzer) throws UserException { target.getTblName().analyze(analyzer); InternalDatabaseUtil.checkDatabase(getDb(), ConnectContext.get()); if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), getDb(), getTbl(), PrivPredicate.LOAD)) { + .checkTblPriv(ConnectContext.get(), target.getTblName().getCtl(), getDb(), getTbl(), + PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "LOAD", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), getDb() + ": " + getTbl()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverDbStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverDbStmt.java index f84059319c5152..0d60664e100e18 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverDbStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverDbStmt.java @@ -22,6 +22,7 @@ import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -59,8 +60,9 @@ public void analyze(Analyzer analyzer) throws AnalysisException, UserException { ErrorReport.reportAnalysisException(ErrorCode.ERR_WRONG_DB_NAME, dbName); } - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, - PrivPredicate.ALTER_CREATE)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, + PrivPredicate.ALTER_CREATE)) { ErrorReport.reportAnalysisException( ErrorCode.ERR_DBACCESS_DENIED_ERROR, analyzer.getQualifiedUser(), dbName); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverPartitionStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverPartitionStmt.java index 0bbb78104baf9f..9b2f462680839f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverPartitionStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverPartitionStmt.java @@ -68,8 +68,9 @@ public void analyze(Analyzer analyzer) throws AnalysisException, UserException { dbTblName.analyze(analyzer); // disallow external catalog Util.prohibitExternalCatalog(dbTblName.getCtl(), this.getClass().getSimpleName()); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), dbTblName.getDb(), - dbTblName.getTbl(), PrivPredicate.ALTER_CREATE)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), dbTblName.getCtl(), dbTblName.getDb(), + dbTblName.getTbl(), PrivPredicate.ALTER_CREATE)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "RECOVERY", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverTableStmt.java index 528a0e284aed41..c4133c2ed9ac79 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/RecoverTableStmt.java @@ -64,7 +64,8 @@ public void analyze(Analyzer analyzer) throws AnalysisException, UserException { Util.prohibitExternalCatalog(dbTblName.getCtl(), this.getClass().getSimpleName()); if (!Env.getCurrentEnv().getAccessManager().checkTblPriv( - ConnectContext.get(), dbTblName.getDb(), dbTblName.getTbl(), PrivPredicate.ALTER_CREATE)) { + ConnectContext.get(), dbTblName.getCtl(), dbTblName.getDb(), dbTblName.getTbl(), + PrivPredicate.ALTER_CREATE)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "RECOVERY", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowAnalyzeStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowAnalyzeStmt.java index efcfc517024683..9ccfd956ca5d84 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowAnalyzeStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowAnalyzeStmt.java @@ -119,7 +119,8 @@ public void analyze(Analyzer analyzer) throws UserException { dbTableName.analyze(analyzer); String dbName = dbTableName.getDb(); String tblName = dbTableName.getTbl(); - checkShowAnalyzePriv(dbName, tblName); + String ctlName = dbTableName.getCtl(); + checkShowAnalyzePriv(ctlName, dbName, tblName); } // analyze where clause if not null @@ -142,9 +143,10 @@ public RedirectStatus getRedirectStatus() { return RedirectStatus.FORWARD_NO_SYNC; } - private void checkShowAnalyzePriv(String dbName, String tblName) throws AnalysisException { + private void checkShowAnalyzePriv(String ctlName, String dbName, String tblName) throws AnalysisException { if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), dbName, tblName, PrivPredicate.SHOW)) { + .checkTblPriv(ConnectContext.get(), ctlName, dbName, tblName, + PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException( ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "SHOW ANALYZE", diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowBackupStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowBackupStmt.java index 041345a198e176..3c06a1da29eecd 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowBackupStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowBackupStmt.java @@ -27,6 +27,7 @@ import org.apache.doris.common.PatternMatcher; import org.apache.doris.common.PatternMatcherWrapper; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.ShowResultSetMetaData; @@ -68,7 +69,8 @@ public void analyze(Analyzer analyzer) throws UserException { } // check auth - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, ConnectContext.get().getQualifiedUser(), dbName); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowColumnHistStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowColumnHistStmt.java index 20b5dbbd0d7ad5..88eb244589621b 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowColumnHistStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowColumnHistStmt.java @@ -92,7 +92,8 @@ public void analyze(Analyzer analyzer) throws UserException { } if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), tableName.getDb(), tableName.getTbl(), PrivPredicate.SHOW)) { + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), tableName.getTbl(), + PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "Permission denied", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), tableName.getDb() + ": " + tableName.getTbl()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowColumnStatsStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowColumnStatsStmt.java index a4216f55661e16..18bb916b8bdfce 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowColumnStatsStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowColumnStatsStmt.java @@ -108,7 +108,8 @@ public void analyze(Analyzer analyzer) throws UserException { } if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), tableName.getDb(), tableName.getTbl(), PrivPredicate.SHOW)) { + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), tableName.getTbl(), + PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "Permission denied", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), tableName.getDb() + ": " + tableName.getTbl()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateDbStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateDbStmt.java index 1a51546e186573..d6c00c959ee4cc 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateDbStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateDbStmt.java @@ -24,6 +24,7 @@ import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.ShowResultSetMetaData; @@ -66,8 +67,9 @@ public void analyze(Analyzer analyzer) throws AnalysisException, UserException { ErrorReport.reportAnalysisException(ErrorCode.ERR_WRONG_DB_NAME, db); } - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), db, - PrivPredicate.ALTER_CREATE_DROP)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, db, + PrivPredicate.ALTER_CREATE_DROP)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, ConnectContext.get().getQualifiedUser(), db); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateFunctionStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateFunctionStmt.java index 922e6d0fb44c7f..e1ff16ba8ddc8f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateFunctionStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateFunctionStmt.java @@ -26,6 +26,7 @@ import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.ShowResultSetMetaData; @@ -79,7 +80,7 @@ public void analyze(Analyzer analyzer) throws UserException { // check operation privilege , except global function if (!FunctionUtil.isGlobalFunction(this.type) && !Env.getCurrentEnv().getAccessManager() - .checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.SHOW)) { + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException( ErrorCode.ERR_DBACCESS_DENIED_ERROR, ConnectContext.get().getQualifiedUser(), dbName); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateMaterializedViewStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateMaterializedViewStmt.java index 34fc6d4f8034ba..f0c48520a5c64c 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateMaterializedViewStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateMaterializedViewStmt.java @@ -56,7 +56,8 @@ public void analyze(Analyzer analyzer) throws UserException { // disallow external catalog Util.prohibitExternalCatalog(tableName.getCtl(), this.getClass().getSimpleName()); if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), tableName.getDb(), tableName.getTbl(), PrivPredicate.SHOW)) { + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), tableName.getTbl(), + PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "SHOW CREATE MATERIALIZED", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDataSkewStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDataSkewStmt.java index a1806278358010..c1ccc521c3bf94 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDataSkewStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDataSkewStmt.java @@ -49,9 +49,10 @@ public void analyze(Analyzer analyzer) throws UserException { tblRef.getName().analyze(analyzer); // disallow external catalog Util.prohibitExternalCatalog(tblRef.getName().getCtl(), this.getClass().getSimpleName()); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tblRef.getName().getDb(), - tblRef.getName().getTbl(), - PrivPredicate.SHOW)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), tblRef.getName().getCtl(), tblRef.getName().getDb(), + tblRef.getName().getTbl(), + PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "SHOW DATA SKEW", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDataStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDataStmt.java index f84784e582652c..eed7073965bc00 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDataStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDataStmt.java @@ -35,6 +35,7 @@ import org.apache.doris.common.util.DebugUtil; import org.apache.doris.common.util.OrderByPair; import org.apache.doris.common.util.Util; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.ShowResultSetMetaData; @@ -159,9 +160,10 @@ public int compare(Table t1, Table t2) { }); for (Table table : tables) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), dbName, - table.getName(), - PrivPredicate.SHOW)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, + table.getName(), + PrivPredicate.SHOW)) { continue; } sortedTables.add(table); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowEncryptKeysStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowEncryptKeysStmt.java index 36c1162f720fb5..f72c972c6e1c91 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowEncryptKeysStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowEncryptKeysStmt.java @@ -24,6 +24,7 @@ import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.ShowResultSetMetaData; @@ -64,7 +65,9 @@ public void analyze(Analyzer analyzer) throws AnalysisException, UserException { } // must check after analyze dbName, for case dbName is null. - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.ADMIN)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, + PrivPredicate.ADMIN)) { ErrorReport.reportAnalysisException( ErrorCode.ERR_DBACCESS_DENIED_ERROR, ConnectContext.get().getQualifiedUser(), dbName); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowFunctionsStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowFunctionsStmt.java index f6ede6d7605e71..5abd18f74631f5 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowFunctionsStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowFunctionsStmt.java @@ -25,6 +25,7 @@ import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.ShowResultSetMetaData; @@ -107,7 +108,7 @@ public void analyze(Analyzer analyzer) throws UserException { } if (!FunctionUtil.isGlobalFunction(this.type) && !Env.getCurrentEnv().getAccessManager() - .checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.SHOW)) { + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException( ErrorCode.ERR_DBACCESS_DENIED_ERROR, ConnectContext.get().getQualifiedUser(), dbName); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowQueryStatsStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowQueryStatsStmt.java index 76b269a1f98de3..fee9809f96e36f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowQueryStatsStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowQueryStatsStmt.java @@ -128,6 +128,7 @@ public void analyze(Analyzer analyzer) throws UserException { dbName = tableName.getDb(); } Database db = (Database) Env.getCurrentEnv().getCurrentCatalog().getDbOrDdlException(dbName); + String ctlName = db.getCatalog().getName(); if (tableName != null) { db.getTableOrDdlException(tableName.getTbl()); } @@ -135,7 +136,7 @@ public void analyze(Analyzer analyzer) throws UserException { Map stats = QueryStatsUtil.getMergedDatabaseStats(catalog, dbName); stats.forEach((tableName, queryHit) -> { if (Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), dbName, tableName, PrivPredicate.SHOW)) { + .checkTblPriv(ConnectContext.get(), ctlName, dbName, tableName, PrivPredicate.SHOW)) { totalRows.add(Arrays.asList(tableName, String.valueOf(queryHit))); } }); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowRestoreStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowRestoreStmt.java index b2944ebbad1599..26016be7814dea 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowRestoreStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowRestoreStmt.java @@ -27,6 +27,7 @@ import org.apache.doris.common.PatternMatcher; import org.apache.doris.common.PatternMatcherWrapper; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.ShowResultSetMetaData; @@ -89,7 +90,8 @@ public void analyze(Analyzer analyzer) throws UserException { } // check auth - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, ConnectContext.get().getQualifiedUser(), dbName); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowSmallFilesStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowSmallFilesStmt.java index fb5464224f47fa..ad8c57b7a47734 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowSmallFilesStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowSmallFilesStmt.java @@ -23,6 +23,7 @@ import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.ShowResultSetMetaData; @@ -61,7 +62,8 @@ public void analyze(Analyzer analyzer) throws UserException { } } - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.SHOW)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException( ErrorCode.ERR_DBACCESS_DENIED_ERROR, ConnectContext.get().getQualifiedUser(), dbName); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatsStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatsStmt.java index 95d36867da2c7d..8d8cd32c454b52 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatsStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTableStatsStmt.java @@ -105,7 +105,8 @@ public void analyze(Analyzer analyzer) throws UserException { } } if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), tableName.getDb(), tableName.getTbl(), PrivPredicate.SHOW)) { + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), tableName.getTbl(), + PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "Permission denied", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), tableName.getDb() + ": " + tableName.getTbl()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTypeCastStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTypeCastStmt.java index afe695bea05a3b..c88c39a03db25a 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTypeCastStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTypeCastStmt.java @@ -18,14 +18,11 @@ package org.apache.doris.analysis; import org.apache.doris.catalog.Column; -import org.apache.doris.catalog.Env; import org.apache.doris.catalog.ScalarType; import org.apache.doris.common.AnalysisException; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; -import org.apache.doris.mysql.privilege.PrivPredicate; -import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.ShowResultSetMetaData; import com.google.common.base.Strings; @@ -70,11 +67,6 @@ public void analyze(Analyzer analyzer) throws UserException { } } - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.SHOW)) { - ErrorReport.reportAnalysisException( - ErrorCode.ERR_DBACCESS_DENIED_ERROR, ConnectContext.get().getQualifiedUser(), dbName); - } - if (expr != null) { throw new AnalysisException("Only support like 'function_pattern' syntax."); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowViewStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowViewStmt.java index 1cd4f7da7a6fab..67c77664cccdab 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowViewStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowViewStmt.java @@ -93,7 +93,7 @@ public void analyze(Analyzer analyzer) throws AnalysisException, UserException { String dbName = tbl.getDb(); if (!Env.getCurrentEnv().getAccessManager().checkTblPriv( - ConnectContext.get(), dbName, getTbl(), PrivPredicate.SHOW)) { + ConnectContext.get(), tbl.getCtl(), dbName, getTbl(), PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "SHOW VIEW", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/TruncateTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/TruncateTableStmt.java index b6f41ad409f94f..a275879692c397 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/TruncateTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/TruncateTableStmt.java @@ -54,8 +54,9 @@ public void analyze(Analyzer analyzer) throws AnalysisException, UserException { // check access // it requires LOAD privilege, because we consider this operation as 'delete data', which is also a // 'load' operation. - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tblRef.getName().getDb(), - tblRef.getName().getTbl(), PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), tblRef.getName().getCtl(), tblRef.getName().getDb(), + tblRef.getName().getTbl(), PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "LOAD"); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/UpdateStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/UpdateStmt.java index 5ab3cee4b9eec2..0a8dbf5bad9454 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/UpdateStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/UpdateStmt.java @@ -139,7 +139,8 @@ private void analyzeTargetTable(Analyzer analyzer) throws UserException { Util.prohibitExternalCatalog(tableName.getCtl(), this.getClass().getSimpleName()); // check load privilege, select privilege will check when analyze insert stmt if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), tableName.getDb(), tableName.getTbl(), PrivPredicate.LOAD)) { + .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), tableName.getTbl(), + PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "LOAD"); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java b/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java index 72a82b177b613a..020d3022325217 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java +++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java @@ -17,6 +17,7 @@ package org.apache.doris.catalog; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.nereids.annotation.Developing; import org.apache.doris.nereids.exceptions.AnalysisException; @@ -176,7 +177,8 @@ public List findUdfBuilder(String dbName, String name) { if (ConnectContext.get() != null) { dbName = dbName == null ? ConnectContext.get().getDatabase() : dbName; if (dbName == null || !Env.getCurrentEnv().getAccessManager() - .checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.SELECT)) { + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, + PrivPredicate.SELECT)) { scopes = ImmutableList.of(GLOBAL_FUNCTION); } else { scopes = ImmutableList.of(dbName, GLOBAL_FUNCTION); diff --git a/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java b/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java index cd753a100b62e7..026b1f8bda3552 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java +++ b/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java @@ -23,6 +23,7 @@ import org.apache.doris.common.AuthenticationException; import org.apache.doris.common.Config; import org.apache.doris.common.util.NetUtils; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.httpv2.HttpAuthManager; import org.apache.doris.httpv2.HttpAuthManager.SessionValue; import org.apache.doris.httpv2.exception.UnauthorizedException; @@ -208,7 +209,8 @@ protected void checkGlobalAuth(UserIdentity currentUser, PrivPredicate predicate protected void checkDbAuth(UserIdentity currentUser, String db, PrivPredicate predicate) throws UnauthorizedException { - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(currentUser, db, predicate)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(currentUser, InternalCatalog.INTERNAL_CATALOG_NAME, db, predicate)) { throw new UnauthorizedException("Access denied; you need (at least one of) the " + predicate.getPrivs().toString() + " privilege(s) for this operation"); } @@ -216,7 +218,8 @@ protected void checkDbAuth(UserIdentity currentUser, String db, PrivPredicate pr protected void checkTblAuth(UserIdentity currentUser, String db, String tbl, PrivPredicate predicate) throws UnauthorizedException { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(currentUser, db, tbl, predicate)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(currentUser, InternalCatalog.INTERNAL_CATALOG_NAME, db, tbl, predicate)) { throw new UnauthorizedException("Access denied; you need (at least one of) the " + predicate.getPrivs().toString() + " privilege(s) for this operation"); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/CancelLoadAction.java b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/CancelLoadAction.java index 6a2a8fed1d903f..3d0e7bc7c91e2a 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/CancelLoadAction.java +++ b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/CancelLoadAction.java @@ -21,6 +21,7 @@ import org.apache.doris.catalog.Env; import org.apache.doris.common.MetaNotFoundException; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.httpv2.entity.ResponseEntityBuilder; import org.apache.doris.httpv2.exception.UnauthorizedException; import org.apache.doris.mysql.privilege.PrivPredicate; @@ -74,7 +75,9 @@ public Object execute(@PathVariable(value = DB_KEY) final String dbName, // TODO(cmy): Currently we only check priv in db level. // Should check priv in table level. - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), fullDbName, PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, fullDbName, + PrivPredicate.LOAD)) { throw new UnauthorizedException("Access denied for user '" + ConnectContext.get().getQualifiedUser() + "' to database '" + fullDbName + "'"); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/MetaInfoAction.java b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/MetaInfoAction.java index 5873bb221322f7..1218736a2cbed9 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/MetaInfoAction.java +++ b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/MetaInfoAction.java @@ -105,7 +105,8 @@ public Object getAllDatabases( for (String fullName : dbNames) { final String db = ClusterNamespace.getNameFromFullName(fullName); if (!Env.getCurrentEnv().getAccessManager() - .checkDbPriv(ConnectContext.get(), fullName, PrivPredicate.SHOW)) { + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, fullName, + PrivPredicate.SHOW)) { continue; } dbNameSet.add(db); @@ -152,8 +153,10 @@ public Object getTables( List tblNames = Lists.newArrayList(); for (Table tbl : db.getTables()) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), fullDbName, tbl.getName(), - PrivPredicate.SHOW)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, fullDbName, + tbl.getName(), + PrivPredicate.SHOW)) { continue; } tblNames.add(tbl.getName()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/httpv2/restv2/MetaInfoActionV2.java b/fe/fe-core/src/main/java/org/apache/doris/httpv2/restv2/MetaInfoActionV2.java index 0f27ff63df4ebf..13a247ba6338e9 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/httpv2/restv2/MetaInfoActionV2.java +++ b/fe/fe-core/src/main/java/org/apache/doris/httpv2/restv2/MetaInfoActionV2.java @@ -27,6 +27,7 @@ import org.apache.doris.common.MetaNotFoundException; import org.apache.doris.common.Pair; import org.apache.doris.common.UserException; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.httpv2.entity.ResponseEntityBuilder; import org.apache.doris.httpv2.exception.BadRequestException; import org.apache.doris.httpv2.rest.RestBaseController; @@ -94,8 +95,9 @@ public Object getAllDatabases( List dbNameSet = Lists.newArrayList(); for (String fullName : dbNames) { final String db = ClusterNamespace.getNameFromFullName(fullName); - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), fullName, - PrivPredicate.SHOW)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, fullName, + PrivPredicate.SHOW)) { continue; } dbNameSet.add(db); @@ -144,7 +146,8 @@ public Object getTables( try { for (Table tbl : db.getTables()) { if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), fullDbName, tbl.getName(), PrivPredicate.SHOW)) { + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, fullDbName, + tbl.getName(), PrivPredicate.SHOW)) { continue; } tblNames.add(tbl.getName()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/job/extensions/insert/InsertJob.java b/fe/fe-core/src/main/java/org/apache/doris/job/extensions/insert/InsertJob.java index a5851892ec18de..a9e6bd4fc40497 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/job/extensions/insert/InsertJob.java +++ b/fe/fe-core/src/main/java/org/apache/doris/job/extensions/insert/InsertJob.java @@ -35,6 +35,7 @@ import org.apache.doris.common.util.LogBuilder; import org.apache.doris.common.util.LogKey; import org.apache.doris.common.util.TimeUtils; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.job.base.AbstractJob; import org.apache.doris.job.base.JobExecuteType; import org.apache.doris.job.base.JobExecutionConfiguration; @@ -556,15 +557,17 @@ private void checkAuthWithoutAuthInfo(String command) throws DdlException { // check auth if (tableNames == null || tableNames.isEmpty()) { // forward compatibility - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), db.getFullName(), - PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, db.getFullName(), + PrivPredicate.LOAD)) { ErrorReport.reportDdlException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, Privilege.LOAD_PRIV); } } else { for (String tblName : tableNames) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), db.getFullName(), - tblName, PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, db.getFullName(), + tblName, PrivPredicate.LOAD)) { ErrorReport.reportDdlException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, command, ConnectContext.get().getQualifiedUser(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/DeleteHandler.java b/fe/fe-core/src/main/java/org/apache/doris/load/DeleteHandler.java index ac51854f9f7cca..f70acc1c04712d 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/load/DeleteHandler.java +++ b/fe/fe-core/src/main/java/org/apache/doris/load/DeleteHandler.java @@ -29,6 +29,7 @@ import org.apache.doris.common.io.Writable; import org.apache.doris.common.util.ListComparator; import org.apache.doris.common.util.TimeUtils; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.persist.gson.GsonUtils; import org.apache.doris.qe.ConnectContext; @@ -244,6 +245,7 @@ public List> getDeleteInfosByDb(long dbId) { if (dbId == -1) { for (Long tempDbId : dbToDeleteInfos.keySet()) { if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), + InternalCatalog.INTERNAL_CATALOG_NAME, Env.getCurrentEnv().getCatalogMgr().getDbNullable(tempDbId).getFullName(), PrivPredicate.LOAD)) { continue; @@ -262,9 +264,10 @@ public List> getDeleteInfosByDb(long dbId) { } for (DeleteInfo deleteInfo : deleteInfoList) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), dbName, - deleteInfo.getTableName(), - PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, + deleteInfo.getTableName(), + PrivPredicate.LOAD)) { continue; } diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/ExportMgr.java b/fe/fe-core/src/main/java/org/apache/doris/load/ExportMgr.java index f72c0b44a6346c..4702dd7a9ae92b 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/load/ExportMgr.java +++ b/fe/fe-core/src/main/java/org/apache/doris/load/ExportMgr.java @@ -33,6 +33,7 @@ import org.apache.doris.common.util.ListComparator; import org.apache.doris.common.util.OrderByPair; import org.apache.doris.common.util.TimeUtils; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; import org.apache.doris.scheduler.exception.JobException; @@ -311,11 +312,11 @@ public boolean isJobShowable(ExportJob job) { return false; } if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), - db.getFullName(), PrivPredicate.SHOW)) { + InternalCatalog.INTERNAL_CATALOG_NAME, db.getFullName(), PrivPredicate.SHOW)) { return false; } } else { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), tableName.getTbl(), PrivPredicate.SHOW)) { return false; @@ -453,9 +454,10 @@ public long getJobNum(ExportJobState state) { readLock(); try { for (ExportJob job : exportIdToJob.values()) { - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), - Env.getCurrentEnv().getCatalogMgr().getDbNullable(job.getDbId()).getFullName(), - PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, + Env.getCurrentEnv().getCatalogMgr().getDbNullable(job.getDbId()).getFullName(), + PrivPredicate.LOAD)) { continue; } diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/Load.java b/fe/fe-core/src/main/java/org/apache/doris/load/Load.java index d5c316aaa877a0..398fba0d261662 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/load/Load.java +++ b/fe/fe-core/src/main/java/org/apache/doris/load/Load.java @@ -63,6 +63,7 @@ import org.apache.doris.common.UserException; import org.apache.doris.common.util.ListComparator; import org.apache.doris.common.util.TimeUtils; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.load.LoadJob.JobState; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.persist.ReplicaPersistInfo; @@ -1012,6 +1013,7 @@ public long getLoadJobNum(JobState jobState) { List loadJobs = new ArrayList<>(); for (Long dbId : dbToLoadJobs.keySet()) { if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), + InternalCatalog.INTERNAL_CATALOG_NAME, Env.getCurrentEnv().getCatalogMgr().getDbNullable(dbId).getFullName(), PrivPredicate.LOAD)) { continue; @@ -1047,6 +1049,7 @@ public LinkedList> getAllLoadJobInfos() { List loadJobs = new ArrayList<>(); for (Long dbId : dbToLoadJobs.keySet()) { if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), + InternalCatalog.INTERNAL_CATALOG_NAME, Env.getCurrentEnv().getCatalogMgr().getDbNullable(dbId).getFullName(), PrivPredicate.LOAD)) { continue; @@ -1070,8 +1073,9 @@ public LinkedList> getAllLoadJobInfos() { Set tableNames = loadJob.getTableNames(); boolean auth = true; for (String tblName : tableNames) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), dbName, - tblName, PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, + tblName, PrivPredicate.LOAD)) { auth = false; break; } @@ -1236,15 +1240,17 @@ public LinkedList> getLoadJobInfosByDb(long dbId, String dbName Set tableNames = loadJob.getTableNames(); if (tableNames.isEmpty()) { // forward compatibility - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, - PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, + PrivPredicate.LOAD)) { continue; } } else { boolean auth = true; for (String tblName : tableNames) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), dbName, - tblName, PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, + tblName, PrivPredicate.LOAD)) { auth = false; break; } diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java index 4eb6be72795434..737eb33b584be9 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java +++ b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java @@ -40,6 +40,7 @@ import org.apache.doris.common.util.LogBuilder; import org.apache.doris.common.util.LogKey; import org.apache.doris.common.util.TimeUtils; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.load.EtlJobType; import org.apache.doris.load.EtlStatus; import org.apache.doris.load.FailMsg; @@ -520,15 +521,17 @@ private void checkAuthWithoutAuthInfo(String command) throws DdlException { Set tableNames = getTableNames(); if (tableNames.isEmpty()) { // forward compatibility - if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), db.getFullName(), - PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, db.getFullName(), + PrivPredicate.LOAD)) { ErrorReport.reportDdlException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, Privilege.LOAD_PRIV); } } else { for (String tblName : tableNames) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), db.getFullName(), - tblName, PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, db.getFullName(), + tblName, PrivPredicate.LOAD)) { ErrorReport.reportDdlException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, command, ConnectContext.get().getQualifiedUser(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java index a1de8e4405a724..410cb62fbc7bae 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java +++ b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java @@ -40,6 +40,7 @@ import org.apache.doris.common.io.Writable; import org.apache.doris.common.util.LogBuilder; import org.apache.doris.common.util.LogKey; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.load.EtlJobType; import org.apache.doris.load.FailMsg; import org.apache.doris.load.FailMsg.CancelType; @@ -383,6 +384,7 @@ public int getLoadJobNum(JobState jobState) { Map> labelToLoadJobs = new HashMap<>(); for (Long dbId : dbIdToLabelToLoadJobs.keySet()) { if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), + InternalCatalog.INTERNAL_CATALOG_NAME, Env.getCurrentEnv().getCatalogMgr().getDbNullable(dbId).getFullName(), PrivPredicate.LOAD)) { continue; @@ -636,6 +638,7 @@ public List> getAllLoadJobInfos() { Map> labelToLoadJobs = new HashMap<>(); for (Long dbId : dbIdToLabelToLoadJobs.keySet()) { if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), + InternalCatalog.INTERNAL_CATALOG_NAME, Env.getCurrentEnv().getCatalogMgr().getDbNullable(dbId).getFullName(), PrivPredicate.LOAD)) { continue; diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadingTaskPlanner.java b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadingTaskPlanner.java index 7a7687329b219f..7d0503f39c6680 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadingTaskPlanner.java +++ b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadingTaskPlanner.java @@ -32,6 +32,7 @@ import org.apache.doris.common.MetaNotFoundException; import org.apache.doris.common.UserException; import org.apache.doris.common.util.DebugUtil; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.load.BrokerFileGroup; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.planner.DataPartition; @@ -105,7 +106,8 @@ public LoadingTaskPlanner(Long loadJobId, long txnId, long dbId, OlapTable table this.singleTabletLoadPerSink = singleTabletLoadPerSink; this.userInfo = userInfo; if (Env.getCurrentEnv().getAccessManager() - .checkDbPriv(userInfo, Env.getCurrentInternalCatalog().getDbNullable(dbId).getFullName(), + .checkDbPriv(userInfo, InternalCatalog.INTERNAL_CATALOG_NAME, + Env.getCurrentInternalCatalog().getDbNullable(dbId).getFullName(), PrivPredicate.SELECT)) { this.analyzer.setUDFAllowed(true); } else { diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/routineload/RoutineLoadManager.java b/fe/fe-core/src/main/java/org/apache/doris/load/routineload/RoutineLoadManager.java index 484fdc657fb214..7eb7806f5158a0 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/load/routineload/RoutineLoadManager.java +++ b/fe/fe-core/src/main/java/org/apache/doris/load/routineload/RoutineLoadManager.java @@ -42,6 +42,7 @@ import org.apache.doris.common.io.Writable; import org.apache.doris.common.util.LogBuilder; import org.apache.doris.common.util.LogKey; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.mysql.privilege.UserProperty; import org.apache.doris.persist.AlterRoutineLoadJobOperationLog; @@ -157,6 +158,7 @@ public void createRoutineLoadJob(CreateRoutineLoadStmt createRoutineLoadStmt) throws UserException { // check load auth if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), + InternalCatalog.INTERNAL_CATALOG_NAME, createRoutineLoadStmt.getDBName(), createRoutineLoadStmt.getTableName(), PrivPredicate.LOAD)) { @@ -253,6 +255,7 @@ public RoutineLoadJob checkPrivAndGetJob(String dbName, String jobName) } if (routineLoadJob.isMultiTable()) { if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), + InternalCatalog.INTERNAL_CATALOG_NAME, dbFullName, PrivPredicate.LOAD)) { // todo add new error code @@ -264,6 +267,7 @@ public RoutineLoadJob checkPrivAndGetJob(String dbName, String jobName) return routineLoadJob; } if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), + InternalCatalog.INTERNAL_CATALOG_NAME, dbFullName, tableName, PrivPredicate.LOAD)) { @@ -293,7 +297,8 @@ public List checkPrivAndGetAllJobs(String dbName) if (!job.getState().isFinalState()) { String tableName = job.getTableName(); if (!job.isMultiTable() && !Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), dbName, tableName, PrivPredicate.LOAD)) { + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, + tableName, PrivPredicate.LOAD)) { continue; } result.add(job); diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java index 3a264d6d217671..77d702f6da4ac1 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java @@ -30,7 +30,6 @@ import org.apache.doris.qe.ConnectContext; import com.google.common.base.Preconditions; -import com.google.common.collect.HashMultimap; import com.google.common.collect.Maps; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -144,14 +143,6 @@ public boolean checkCtlPriv(UserIdentity currentUser, String ctl, PrivPredicate } // ==== Database ==== - public boolean checkDbPriv(ConnectContext ctx, String qualifiedDb, PrivPredicate wanted) { - return checkDbPriv(ctx.getCurrentUserIdentity(), qualifiedDb, wanted); - } - - public boolean checkDbPriv(UserIdentity currentUser, String db, PrivPredicate wanted) { - return checkDbPriv(currentUser, Auth.DEFAULT_CATALOG, db, wanted); - } - public boolean checkDbPriv(ConnectContext ctx, String ctl, String db, PrivPredicate wanted) { return checkDbPriv(ctx.getCurrentUserIdentity(), ctl, db, wanted); } @@ -162,10 +153,6 @@ public boolean checkDbPriv(UserIdentity currentUser, String ctl, String db, Priv } // ==== Table ==== - public boolean checkTblPriv(ConnectContext ctx, String qualifiedDb, String tbl, PrivPredicate wanted) { - return checkTblPriv(ctx, Auth.DEFAULT_CATALOG, qualifiedDb, tbl, wanted); - } - public boolean checkTblPriv(ConnectContext ctx, TableName tableName, PrivPredicate wanted) { Preconditions.checkState(tableName.isFullyQualified()); return checkTblPriv(ctx, tableName.getCtl(), tableName.getDb(), tableName.getTbl(), wanted); @@ -179,28 +166,12 @@ public boolean checkTblPriv(ConnectContext ctx, String qualifiedCtl, return checkTblPriv(ctx.getCurrentUserIdentity(), qualifiedCtl, qualifiedDb, tbl, wanted); } - public boolean checkTblPriv(UserIdentity currentUser, String db, String tbl, PrivPredicate wanted) { - return checkTblPriv(currentUser, Auth.DEFAULT_CATALOG, db, tbl, wanted); - } - public boolean checkTblPriv(UserIdentity currentUser, String ctl, String db, String tbl, PrivPredicate wanted) { boolean hasGlobal = checkGlobalPriv(currentUser, wanted); return getAccessControllerOrDefault(ctl).checkTblPriv(hasGlobal, currentUser, ctl, db, tbl, wanted); } // ==== Column ==== - public void checkColumnsPriv(UserIdentity currentUser, String - ctl, HashMultimap tableToColsMap, - PrivPredicate wanted) throws UserException { - boolean hasGlobal = checkGlobalPriv(currentUser, wanted); - CatalogAccessController accessController = getAccessControllerOrDefault(ctl); - for (TableName tableName : tableToColsMap.keySet()) { - accessController.checkColsPriv(hasGlobal, currentUser, ctl, - tableName.getDb(), - tableName.getTbl(), tableToColsMap.get(tableName), wanted); - } - } - public void checkColumnsPriv(UserIdentity currentUser, String ctl, String qualifiedDb, String tbl, Set cols, PrivPredicate wanted) throws UserException { @@ -211,11 +182,6 @@ public void checkColumnsPriv(UserIdentity currentUser, String } - public void checkColumnsPriv(UserIdentity currentUser, String qualifiedDb, String tbl, Set cols, - PrivPredicate wanted) throws UserException { - checkColumnsPriv(currentUser, Auth.DEFAULT_CATALOG, qualifiedDb, tbl, cols, wanted); - } - // ==== Resource ==== public boolean checkResourcePriv(ConnectContext ctx, String resourceName, PrivPredicate wanted) { return checkResourcePriv(ctx.getCurrentUserIdentity(), resourceName, wanted); @@ -242,10 +208,11 @@ public boolean checkPrivByAuthInfo(ConnectContext ctx, AuthorizationInfo authInf return false; } if (authInfo.getTableNameList() == null || authInfo.getTableNameList().isEmpty()) { - return checkDbPriv(ctx, authInfo.getDbName(), wanted); + return checkDbPriv(ctx, InternalCatalog.INTERNAL_CATALOG_NAME, authInfo.getDbName(), wanted); } for (String tblName : authInfo.getTableNameList()) { - if (!checkTblPriv(ConnectContext.get(), authInfo.getDbName(), tblName, wanted)) { + if (!checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, authInfo.getDbName(), + tblName, wanted)) { return false; } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java index 43127d097fc03d..7fc4657a17fec3 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java @@ -124,8 +124,10 @@ public void run(ConnectContext ctx, StmtExecutor executor) throws Exception { UnboundRelation relation = optRelation.get(); PhysicalFilter filter = optFilter.get(); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), scan.getDatabase().getFullName(), - scan.getTable().getName(), PrivPredicate.LOAD)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), scan.getDatabase().getCatalog().getName(), + scan.getDatabase().getFullName(), + scan.getTable().getName(), PrivPredicate.LOAD)) { String message = ErrorCode.ERR_TABLEACCESS_DENIED_ERROR.formatErrorMsg("LOAD", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), scan.getDatabase().getFullName() + ": " + scan.getTable().getName()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ExportCommand.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ExportCommand.java index aed2b3e24db584..4b2121a5dc8a4c 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ExportCommand.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/ExportCommand.java @@ -129,8 +129,9 @@ public void run(ConnectContext ctx, StmtExecutor executor) throws Exception { qualifiedTableName.get(2)); // check auth - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, tblName.getDb(), tblName.getTbl(), - PrivPredicate.SELECT)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ctx, tblName.getCtl(), tblName.getDb(), tblName.getTbl(), + PrivPredicate.SELECT)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "EXPORT", ctx.getQualifiedUser(), ctx.getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/AlterMTMVInfo.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/AlterMTMVInfo.java index a2e96ee298d3be..3766de9b9815ac 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/AlterMTMVInfo.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/AlterMTMVInfo.java @@ -44,7 +44,7 @@ public AlterMTMVInfo(TableNameInfo mvName) { */ public void analyze(ConnectContext ctx) throws AnalysisException { mvName.analyze(ctx); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, mvName.getDb(), + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, mvName.getCtl(), mvName.getDb(), mvName.getTbl(), PrivPredicate.ALTER)) { String message = ErrorCode.ERR_TABLEACCESS_DENIED_ERROR.formatErrorMsg("ALTER", ctx.getQualifiedUser(), ctx.getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CancelMTMVTaskInfo.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CancelMTMVTaskInfo.java index 257769fe359f6b..4d55e35a253db1 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CancelMTMVTaskInfo.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CancelMTMVTaskInfo.java @@ -48,7 +48,7 @@ public CancelMTMVTaskInfo(TableNameInfo mvName, long taskId) { */ public void analyze(ConnectContext ctx) { mvName.analyze(ctx); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), mvName.getDb(), + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), mvName.getCtl(), mvName.getDb(), mvName.getTbl(), PrivPredicate.CREATE)) { String message = ErrorCode.ERR_TABLEACCESS_DENIED_ERROR.formatErrorMsg("CREATE", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateMTMVInfo.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateMTMVInfo.java index 3846cd99ff1851..ce02dff2470c6d 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateMTMVInfo.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateMTMVInfo.java @@ -140,7 +140,7 @@ public CreateMTMVInfo(boolean ifNotExists, TableNameInfo mvName, public void analyze(ConnectContext ctx) { // analyze table name mvName.analyze(ctx); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, mvName.getDb(), + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, mvName.getCtl(), mvName.getDb(), mvName.getTbl(), PrivPredicate.CREATE)) { String message = ErrorCode.ERR_TABLEACCESS_DENIED_ERROR.formatErrorMsg("CREATE", ctx.getQualifiedUser(), ctx.getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateTableInfo.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateTableInfo.java index 4a5a547f022d72..a4cf08efe744af 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateTableInfo.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateTableInfo.java @@ -236,7 +236,7 @@ public void validate(ConnectContext ctx) { } catch (org.apache.doris.common.AnalysisException e) { throw new AnalysisException(e.getMessage(), e.getCause()); } - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), dbName, + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), ctlName, dbName, tableName, PrivPredicate.CREATE)) { try { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/DropMTMVInfo.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/DropMTMVInfo.java index c64fb7cf67deec..8143c8c8f1532d 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/DropMTMVInfo.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/DropMTMVInfo.java @@ -46,7 +46,7 @@ public DropMTMVInfo(TableNameInfo mvName, boolean ifExists) { */ public void analyze(ConnectContext ctx) { mvName.analyze(ctx); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, mvName.getDb(), + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, mvName.getCtl(), mvName.getDb(), mvName.getTbl(), PrivPredicate.DROP)) { String message = ErrorCode.ERR_TABLEACCESS_DENIED_ERROR.formatErrorMsg("DROP", ctx.getQualifiedUser(), ctx.getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/PauseMTMVInfo.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/PauseMTMVInfo.java index c744e6667096fd..4b04fd8c4eafe0 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/PauseMTMVInfo.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/PauseMTMVInfo.java @@ -46,7 +46,7 @@ public PauseMTMVInfo(TableNameInfo mvName) { */ public void analyze(ConnectContext ctx) { mvName.analyze(ctx); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), mvName.getDb(), + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), mvName.getCtl(), mvName.getDb(), mvName.getTbl(), PrivPredicate.CREATE)) { String message = ErrorCode.ERR_TABLEACCESS_DENIED_ERROR.formatErrorMsg("CREATE", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/RefreshMTMVInfo.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/RefreshMTMVInfo.java index 5598c812594514..bf483f87a152c3 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/RefreshMTMVInfo.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/RefreshMTMVInfo.java @@ -56,7 +56,7 @@ public RefreshMTMVInfo(TableNameInfo mvName, List partitions, boolean is */ public void analyze(ConnectContext ctx) { mvName.analyze(ctx); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, mvName.getDb(), + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ctx, mvName.getCtl(), mvName.getDb(), mvName.getTbl(), PrivPredicate.CREATE)) { String message = ErrorCode.ERR_TABLEACCESS_DENIED_ERROR.formatErrorMsg("CREATE", ctx.getQualifiedUser(), ctx.getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/ResumeMTMVInfo.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/ResumeMTMVInfo.java index 541d5c878e3576..b3f1105770b6c0 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/ResumeMTMVInfo.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/ResumeMTMVInfo.java @@ -46,7 +46,7 @@ public ResumeMTMVInfo(TableNameInfo mvName) { */ public void analyze(ConnectContext ctx) { mvName.analyze(ctx); - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), mvName.getDb(), + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), mvName.getCtl(), mvName.getDb(), mvName.getTbl(), PrivPredicate.CREATE)) { String message = ErrorCode.ERR_TABLEACCESS_DENIED_ERROR.formatErrorMsg("CREATE", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/insert/BatchInsertIntoTableCommand.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/insert/BatchInsertIntoTableCommand.java index 82b81473948cfc..74d9fd6df357ae 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/insert/BatchInsertIntoTableCommand.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/insert/BatchInsertIntoTableCommand.java @@ -131,7 +131,8 @@ public void run(ConnectContext ctx, StmtExecutor executor) throws Exception { } // check auth if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), targetTable.getQualifiedDbName(), targetTable.getName(), + .checkTblPriv(ConnectContext.get(), targetTable.getDatabase().getCatalog().getName(), + targetTable.getQualifiedDbName(), targetTable.getName(), PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "LOAD", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/insert/InsertOverwriteTableCommand.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/insert/InsertOverwriteTableCommand.java index 44c17545be5891..ff3727a979f11d 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/insert/InsertOverwriteTableCommand.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/insert/InsertOverwriteTableCommand.java @@ -131,7 +131,8 @@ public void run(ConnectContext ctx, StmtExecutor executor) throws Exception { .checkDatabase(((OlapTable) targetTable).getQualifiedDbName(), ConnectContext.get()); // check auth if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), ((OlapTable) targetTable).getQualifiedDbName(), + .checkTblPriv(ConnectContext.get(), targetTable.getDatabase().getCatalog().getName(), + ((OlapTable) targetTable).getQualifiedDbName(), targetTable.getName(), PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "LOAD", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java index abc6d4a32f32b1..388cfd00a96c09 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java +++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java @@ -177,6 +177,7 @@ import org.apache.doris.common.util.TimeUtils; import org.apache.doris.common.util.Util; import org.apache.doris.datasource.CatalogIf; +import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.datasource.hive.HMSExternalCatalog; import org.apache.doris.datasource.hive.HMSExternalTable; import org.apache.doris.datasource.hive.HiveMetaStoreClientHelper; @@ -997,9 +998,9 @@ private void handleShowCreateDb() throws AnalysisException { org.apache.hadoop.hive.metastore.api.Database db = ((HMSExternalCatalog) catalog).getClient() .getDatabase(simpleDBName); sb.append("CREATE DATABASE `").append(simpleDBName).append("`") - .append(" LOCATION '") - .append(db.getLocationUri()) - .append("'"); + .append(" LOCATION '") + .append(db.getLocationUri()) + .append("'"); } else { DatabaseIf db = catalog.getDbOrAnalysisException(showStmt.getDb()); sb.append("CREATE DATABASE `").append(ClusterNamespace.getNameFromFullName(showStmt.getDb())).append("`"); @@ -1398,14 +1399,16 @@ private void handleShowLoadWarnings() throws AnalysisException { if (tableNames.isEmpty()) { // forward compatibility if (!Env.getCurrentEnv().getAccessManager() - .checkDbPriv(ConnectContext.get(), db.getFullName(), PrivPredicate.SHOW)) { + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, db.getFullName(), + PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, ConnectContext.get().getQualifiedUser(), db.getFullName()); } } else { for (String tblName : tableNames) { if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), db.getFullName(), tblName, PrivPredicate.SHOW)) { + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, db.getFullName(), + tblName, PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "SHOW LOAD WARNING", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), db.getFullName() + ": " + tblName); @@ -1532,7 +1535,8 @@ private void handleShowRoutineLoad() throws AnalysisException { } if (routineLoadJob.isMultiTable()) { if (!Env.getCurrentEnv().getAccessManager() - .checkDbPriv(ConnectContext.get(), dbFullName, PrivPredicate.LOAD)) { + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbFullName, + PrivPredicate.LOAD)) { LOG.warn(new LogBuilder(LogKey.ROUTINE_LOAD_JOB, routineLoadJob.getId()).add("operator", "show routine load job").add("user", ConnectContext.get().getQualifiedUser()) .add("remote_ip", ConnectContext.get().getRemoteIP()).add("db_full_name", dbFullName) @@ -1543,7 +1547,8 @@ private void handleShowRoutineLoad() throws AnalysisException { continue; } if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), dbFullName, tableName, PrivPredicate.LOAD)) { + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbFullName, + tableName, PrivPredicate.LOAD)) { LOG.warn(new LogBuilder(LogKey.ROUTINE_LOAD_JOB, routineLoadJob.getId()).add("operator", "show routine load job").add("user", ConnectContext.get().getQualifiedUser()) .add("remote_ip", ConnectContext.get().getRemoteIP()).add("db_full_name", dbFullName) @@ -1592,7 +1597,8 @@ private void handleShowRoutineLoadTask() throws AnalysisException { } if (routineLoadJob.isMultiTable()) { if (!Env.getCurrentEnv().getAccessManager() - .checkDbPriv(ConnectContext.get(), dbFullName, PrivPredicate.LOAD)) { + .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbFullName, + PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, "LOAD", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), dbFullName); @@ -1602,7 +1608,8 @@ private void handleShowRoutineLoadTask() throws AnalysisException { return; } if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), dbFullName, tableName, PrivPredicate.LOAD)) { + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbFullName, tableName, + PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "LOAD", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), dbFullName + ": " + tableName); @@ -1761,7 +1768,7 @@ private void handleShowHMSTablePartitions(ShowPartitionsStmt showStmt) throws An && (orderByPairs == null || !orderByPairs.get(0).isDesc())) { // hmsClient returns unordered partition list, hence if offset > 0 cannot pass limit partitionNames = catalog.getClient() - .listPartitionNames(dbName, showStmt.getTableName().getTbl(), limit.getLimit()); + .listPartitionNames(dbName, showStmt.getTableName().getTbl(), limit.getLimit()); } else { partitionNames = catalog.getClient().listPartitionNames(dbName, showStmt.getTableName().getTbl()); } @@ -2276,7 +2283,8 @@ private void handleShowDynamicPartition() throws AnalysisException { // check tbl privs if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), db.getFullName(), olapTable.getName(), + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, db.getFullName(), + olapTable.getName(), PrivPredicate.SHOW)) { continue; } @@ -2332,8 +2340,8 @@ private void handleShowTransaction() throws AnalysisException { resultSet = new ShowResultSet(showStmt.getMetaData(), transactionMgr.getDbTransInfoByStatus(db.getId(), status)); } else if (showStmt.labelMatch() && !showStmt.getLabel().isEmpty()) { - resultSet = new ShowResultSet(showStmt.getMetaData(), - transactionMgr.getDbTransInfoByLabelMatch(db.getId(), showStmt.getLabel())); + resultSet = new ShowResultSet(showStmt.getMetaData(), + transactionMgr.getDbTransInfoByLabelMatch(db.getId(), showStmt.getLabel())); } else { Long txnId = showStmt.getTxnId(); String label = showStmt.getLabel(); @@ -2414,7 +2422,8 @@ private void handleShowCreateRoutineLoad() throws AnalysisException { .build(), e); } if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(ConnectContext.get(), dbName, tableName, PrivPredicate.LOAD)) { + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, tableName, + PrivPredicate.LOAD)) { resultSet = new ShowResultSet(showCreateRoutineLoadStmt.getMetaData(), rows); continue; } @@ -2500,7 +2509,7 @@ private void handleShowColumnStats() throws AnalysisException { } private void getStatsForAllColumns(List, ColumnStatistic>> columnStatistics, - TableIf tableIf) throws AnalysisException { + TableIf tableIf) throws AnalysisException { List resultRows = StatisticsRepository.queryColumnStatisticsForTable(tableIf.getId()); // row[4] is index id, row[5] is column name. for (ResultRow row : resultRows) { @@ -2518,8 +2527,8 @@ private void getStatsForAllColumns(List, ColumnStatist } private void getStatsForSpecifiedColumns(List, ColumnStatistic>> columnStatistics, - Set columnNames, TableIf tableIf, boolean showCache, - TableName tableName, PartitionNames partitionNames) + Set columnNames, TableIf tableIf, boolean showCache, + TableName tableName, PartitionNames partitionNames) throws AnalysisException { for (String colName : columnNames) { // Olap base index use -1 as index id. @@ -2551,7 +2560,7 @@ private void getStatsForSpecifiedColumns(List, ColumnS } else { String finalIndexName = indexName; columnStatistics.addAll(StatisticsRepository.queryColumnStatisticsByPartitions(tableName, - colName, partitionNames.getPartitionNames()) + colName, partitionNames.getPartitionNames()) .stream().map(s -> Pair.of(Pair.of(finalIndexName, colName), s)) .collect(Collectors.toList())); } @@ -2723,16 +2732,16 @@ private void handleShowAnalyze() { row.add(analysisInfo.message); row.add(TimeUtils.DATETIME_FORMAT.format( LocalDateTime.ofInstant(Instant.ofEpochMilli(analysisInfo.lastExecTimeInMs), - ZoneId.systemDefault()))); + ZoneId.systemDefault()))); row.add(analysisInfo.state.toString()); row.add(Env.getCurrentEnv().getAnalysisManager().getJobProgress(analysisInfo.jobId)); row.add(analysisInfo.scheduleType.toString()); LocalDateTime startTime = LocalDateTime.ofInstant(Instant.ofEpochMilli(analysisInfo.startTime), - java.time.ZoneId.systemDefault()); + java.time.ZoneId.systemDefault()); LocalDateTime endTime = LocalDateTime.ofInstant(Instant.ofEpochMilli(analysisInfo.endTime), - java.time.ZoneId.systemDefault()); + java.time.ZoneId.systemDefault()); row.add(startTime.format(formatter)); row.add(endTime.format(formatter)); resultRows.add(row); diff --git a/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java b/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java index 64802093e0651f..bd86d83e3a2e8f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java +++ b/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java @@ -443,7 +443,8 @@ public TGetDbsResult getDbNames(TGetDbsParams params) throws TException { } for (DatabaseIf db : dbs) { String dbName = db.getFullName(); - if (!env.getAccessManager().checkDbPriv(currentUser, dbName, PrivPredicate.SHOW)) { + if (!env.getAccessManager() + .checkDbPriv(currentUser, catalog.getName(), dbName, PrivPredicate.SHOW)) { continue; } @@ -528,7 +529,8 @@ public TGetTablesResult getTableNames(TGetTablesParams params) throws TException LOG.debug("get table: {}, wait to check", tableName); } if (!Env.getCurrentEnv().getAccessManager() - .checkTblPriv(currentUser, dbName, tableName, PrivPredicate.SHOW)) { + .checkTblPriv(currentUser, catalogName, dbName, tableName, + PrivPredicate.SHOW)) { continue; } if (matcher != null && !matcher.match(tableName)) { @@ -592,8 +594,9 @@ public TListTableStatusResult listTableStatus(TGetTablesParams params) throws TE } } for (TableIf table : tables) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(currentUser, dbName, - table.getName(), PrivPredicate.SHOW)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(currentUser, catalogName, dbName, + table.getName(), PrivPredicate.SHOW)) { continue; } table.readLock(); @@ -672,7 +675,7 @@ public TListTableMetadataNameIdsResult listTableMetadataNameIds(TGetTablesParams if (db != null) { List tables = db.getTables(); for (TableIf table : tables) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(currentUser, dbName, + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(currentUser, catalogName, dbName, table.getName(), PrivPredicate.SHOW)) { continue; } @@ -1050,7 +1053,8 @@ private void checkPasswordAndPrivs(String user, String passwd, String db, List> getSingleTranInfo(long dbId, long txnId) throws Analys for (Long tblId : tblIds) { Table tbl = db.getTableNullable(tblId); if (tbl != null) { - if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), db.getFullName(), - tbl.getName(), PrivPredicate.SHOW)) { + if (!Env.getCurrentEnv().getAccessManager() + .checkTblPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, + db.getFullName(), + tbl.getName(), PrivPredicate.SHOW)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "SHOW TRANSACTION", ConnectContext.get().getQualifiedUser(), diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/AccessTestUtil.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/AccessTestUtil.java index 91733857c19fc3..8cfa88522992df 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/AccessTestUtil.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/AccessTestUtil.java @@ -77,11 +77,7 @@ public static AccessControllerManager fetchAdminAccess() { minTimes = 0; result = true; - accessManager.checkDbPriv((ConnectContext) any, anyString, (PrivPredicate) any); - minTimes = 0; - result = true; - - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkDbPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; @@ -227,11 +223,11 @@ public static AccessControllerManager fetchBlockAccess() { minTimes = 0; result = false; - accessManager.checkDbPriv((ConnectContext) any, anyString, (PrivPredicate) any); + accessManager.checkDbPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = false; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = false; } diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterDatabaseQuotaStmtTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterDatabaseQuotaStmtTest.java index 5cdb64e80ecb02..eb04e7615a9100 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterDatabaseQuotaStmtTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterDatabaseQuotaStmtTest.java @@ -46,11 +46,11 @@ public void setUp() { minTimes = 0; result = true; - accessManager.checkDbPriv((ConnectContext) any, anyString, (PrivPredicate) any); + accessManager.checkDbPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; } diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterRoutineLoadStmtTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterRoutineLoadStmtTest.java index 9b14629a9a82f7..16cc1f54890790 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterRoutineLoadStmtTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterRoutineLoadStmtTest.java @@ -56,11 +56,11 @@ public void setUp() throws MetaNotFoundException { minTimes = 0; result = true; - accessManager.checkDbPriv((ConnectContext) any, anyString, (PrivPredicate) any); + accessManager.checkDbPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; } diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterTableStmtTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterTableStmtTest.java index af60afb8f862b8..9f32556ce9c201 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterTableStmtTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/AlterTableStmtTest.java @@ -52,11 +52,11 @@ public void setUp() { minTimes = 0; result = true; - accessManager.checkDbPriv((ConnectContext) any, anyString, (PrivPredicate) any); + accessManager.checkDbPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; } diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/CreateDataSyncJobStmtTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/CreateDataSyncJobStmtTest.java index e3cf30d4a69268..dab36e8e78f47f 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/CreateDataSyncJobStmtTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/CreateDataSyncJobStmtTest.java @@ -80,7 +80,7 @@ public void setUp() { minTimes = 0; result = accessManager; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/DropMaterializedViewStmtTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/DropMaterializedViewStmtTest.java index 6bb4334c208212..617f6bf512e769 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/DropMaterializedViewStmtTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/DropMaterializedViewStmtTest.java @@ -50,7 +50,7 @@ public void testEmptyMVName(@Injectable TableName tableName) { public void testNoPermission(@Injectable TableName tableName) { new Expectations() { { - accessManager.checkTblPriv(ConnectContext.get(), tableName.getDb(), + accessManager.checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), tableName.getTbl(), PrivPredicate.DROP); result = false; } diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowBackupStmtTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowBackupStmtTest.java index d3bf61a307e140..dadfa1cfa5f96a 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowBackupStmtTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowBackupStmtTest.java @@ -66,7 +66,7 @@ public void testNormalAnalyze() throws Exception { AtomicBoolean privilege = new AtomicBoolean(true); new MockUp() { @Mock - public boolean checkDbPriv(ConnectContext ctx, String qualifiedDb, PrivPredicate wanted) { + public boolean checkDbPriv(ConnectContext ctx, String ctl, String qualifiedDb, PrivPredicate wanted) { return privilege.get(); } }; diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowCreateMaterializedViewTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowCreateMaterializedViewTest.java index 70bbd617c85c15..9cffa64c24ae21 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowCreateMaterializedViewTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowCreateMaterializedViewTest.java @@ -54,7 +54,8 @@ public void testAnalyse() throws Exception { AtomicBoolean privilege = new AtomicBoolean(false); new MockUp() { @Mock - public boolean checkTblPriv(ConnectContext ctx, String qualifiedDb, String tbl, PrivPredicate wanted) { + public boolean checkTblPriv(ConnectContext ctx, String ctl, String qualifiedDb, String tbl, + PrivPredicate wanted) { return privilege.get(); } }; diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowDataStmtTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowDataStmtTest.java index 01fd0a19528aa3..15f32f4a661109 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowDataStmtTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/ShowDataStmtTest.java @@ -119,11 +119,11 @@ public void setUp() throws UserException { minTimes = 0; result = true; - accessManager.checkDbPriv((ConnectContext) any, anyString, (PrivPredicate) any); + accessManager.checkDbPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; diff --git a/fe/fe-core/src/test/java/org/apache/doris/backup/CatalogMocker.java b/fe/fe-core/src/test/java/org/apache/doris/backup/CatalogMocker.java index abf45d4b132ff2..e6c6b8235aa9b1 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/backup/CatalogMocker.java +++ b/fe/fe-core/src/test/java/org/apache/doris/backup/CatalogMocker.java @@ -213,11 +213,11 @@ private static AccessControllerManager fetchAdminAccess() { minTimes = 0; result = true; - accessManager.checkDbPriv((ConnectContext) any, anyString, (PrivPredicate) any); + accessManager.checkDbPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; } diff --git a/fe/fe-core/src/test/java/org/apache/doris/load/routineload/RoutineLoadManagerTest.java b/fe/fe-core/src/test/java/org/apache/doris/load/routineload/RoutineLoadManagerTest.java index 156dae72234826..737936191e8074 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/load/routineload/RoutineLoadManagerTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/load/routineload/RoutineLoadManagerTest.java @@ -116,7 +116,7 @@ public KafkaRoutineLoadJob fromCreateStmt(CreateRoutineLoadStmt stmt) { env.getAccessManager(); minTimes = 0; result = accessManager; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, PrivPredicate.LOAD); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, PrivPredicate.LOAD); minTimes = 0; result = true; } @@ -176,7 +176,7 @@ public void testCreateJobAuthDeny(@Injectable AccessControllerManager accessMana env.getAccessManager(); minTimes = 0; result = accessManager; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, PrivPredicate.LOAD); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, PrivPredicate.LOAD); minTimes = 0; result = false; } @@ -628,7 +628,7 @@ public void testPauseRoutineLoadJob(@Injectable PauseRoutineLoadStmt pauseRoutin env.getAccessManager(); minTimes = 0; result = accessManager; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; } @@ -696,7 +696,7 @@ public void testResumeRoutineLoadJob(@Injectable ResumeRoutineLoadStmt resumeRou env.getAccessManager(); minTimes = 0; result = accessManager; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; } @@ -748,7 +748,7 @@ public void testStopRoutineLoadJob(@Injectable StopRoutineLoadStmt stopRoutineLo env.getAccessManager(); minTimes = 0; result = accessManager; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; } @@ -993,7 +993,7 @@ public void testAlterRoutineLoadJob(@Injectable StopRoutineLoadStmt stopRoutineL env.getAccessManager(); minTimes = 0; result = accessManager; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; } @@ -1057,7 +1057,7 @@ public void testPauseAndResumeAllRoutineLoadJob(@Injectable PauseRoutineLoadStmt env.getAccessManager(); minTimes = 0; result = accessManager; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; resumeRoutineLoadStmt.isAll(); diff --git a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java index f5f136e434c48d..43737066748469 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java @@ -386,7 +386,7 @@ public void test() Assert.assertEquals(1, currentUser2.size()); // check auth before grant Assert.assertFalse( - accessManager.checkDbPriv(currentUser2.get(0), "db1", + accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db1", PrivPredicate.CREATE)); try { @@ -397,12 +397,12 @@ public void test() } // 9.1 check auth - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db1", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db1", PrivPredicate.CREATE)); UserIdentity zhangsan1 = UserIdentity .createAnalyzedUserIdentWithIp("zhangsan", "172.1.1.1"); - Assert.assertFalse(accessManager.checkDbPriv(zhangsan1, "db1", + Assert.assertFalse(accessManager.checkDbPriv(zhangsan1, InternalCatalog.INTERNAL_CATALOG_NAME, "db1", PrivPredicate.CREATE)); // 10. grant auth for non exist user @@ -474,11 +474,11 @@ public void test() currentUser2); Assert.assertEquals(1, currentUser2.size()); - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db1", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db1", PrivPredicate.SELECT)); Assert.assertFalse(accessManager.checkGlobalPriv(currentUser2.get(0), PrivPredicate.SELECT)); Assert.assertTrue( - accessManager.checkTblPriv(currentUser2.get(0), "db1", + accessManager.checkTblPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db1", "tbl1", PrivPredicate.SELECT)); // 13. grant tbl auth to exist user @@ -506,11 +506,11 @@ public void test() currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertFalse( - accessManager.checkDbPriv(currentUser2.get(0), "db2", + accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db2", PrivPredicate.SELECT)); Assert.assertFalse(accessManager.checkGlobalPriv(currentUser2.get(0), PrivPredicate.SELECT)); Assert.assertTrue( - accessManager.checkTblPriv(currentUser2.get(0), "db2", "tbl2", + accessManager.checkTblPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db2", "tbl2", PrivPredicate.DROP)); // 13.1 grant external ctl tbl auth to exist user @@ -541,7 +541,7 @@ public void test() "ext_db1", "ext_tbl1", PrivPredicate.SELECT)); Assert.assertFalse( - accessManager.checkTblPriv(currentUser2.get(0), "ext_db1", + accessManager.checkTblPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "ext_db1", "ext_tbl1", PrivPredicate.SELECT)); @@ -569,7 +569,7 @@ public void test() auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db3", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db3", PrivPredicate.ALTER)); // 15. grant new auth to exist priv entry (exist ALTER/DROP, add SELECT) tablePattern = new TablePattern("db3", "*"); @@ -594,20 +594,20 @@ public void test() auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db3", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db3", PrivPredicate.SELECT)); currentUser2.clear(); auth.checkPlainPasswordForTest("zhangsan", "10.1.1.2", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db3", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db3", PrivPredicate.ALTER)); currentUser2.clear(); auth.checkPlainPasswordForTest("zhangsan", "10.1.1.3", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db3", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db3", PrivPredicate.DROP)); /* @@ -701,7 +701,7 @@ public void test() currentUser2.clear(); auth.checkPlainPasswordForTest("cmy", "172.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db", PrivPredicate.CREATE)); try { auth.revoke(revokeStmt); @@ -709,9 +709,9 @@ public void test() e.printStackTrace(); Assert.fail(); } - Assert.assertFalse(accessManager.checkDbPriv(currentUser2.get(0), "db", + Assert.assertFalse(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db", PrivPredicate.CREATE)); - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db", PrivPredicate.DROP)); // 19. revoke tbl privs from user @ ip @@ -731,7 +731,7 @@ public void test() currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertTrue( - accessManager.checkTblPriv(currentUser2.get(0), "db2", + accessManager.checkTblPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db2", "tbl2", PrivPredicate.ALTER)); try { auth.revoke(revokeStmt); @@ -745,9 +745,9 @@ public void test() currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertFalse( - accessManager.checkTblPriv(currentUser2.get(0), "db2", + accessManager.checkTblPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db2", "tbl2", PrivPredicate.ALTER)); - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db1", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db1", PrivPredicate.SELECT)); // 20. revoke privs from non exist user @ domain @@ -808,7 +808,7 @@ public void test() auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db3", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db3", PrivPredicate.DROP)); try { @@ -823,7 +823,7 @@ public void test() currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertFalse( - accessManager.checkDbPriv(currentUser2.get(0), "db3", + accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db3", PrivPredicate.DROP)); /* @@ -979,7 +979,7 @@ public void test() auth.checkPlainPasswordForTest("wangwu", "10.17.2.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db4", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db4", PrivPredicate.DROP)); // 28. create user@domain and set it as role1 @@ -1009,7 +1009,7 @@ public void test() auth.checkPlainPasswordForTest("chenliu", "20.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); - Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), "db4", + Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db4", PrivPredicate.DROP)); // 29. revoke auth on non exist db from role1 @@ -1053,7 +1053,7 @@ public void test() currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertFalse( - accessManager.checkDbPriv(currentUser2.get(0), "db4", + accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db4", PrivPredicate.DROP)); // 31. drop role, privs remain unchanged @@ -1076,7 +1076,7 @@ public void test() currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertFalse( - accessManager.checkDbPriv(currentUser2.get(0), "db4", + accessManager.checkDbPriv(currentUser2.get(0), InternalCatalog.INTERNAL_CATALOG_NAME, "db4", PrivPredicate.DROP)); // 31.1 drop role again with IF EXISTS @@ -1543,7 +1543,7 @@ public void testColAuth() { // check has select priv of column 'a' try { accessManager - .checkColumnsPriv(userIdentity, "db1", "tbl1", + .checkColumnsPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "db1", "tbl1", Sets.newHashSet("a"), PrivPredicate.SELECT); } catch (UserException e) { e.printStackTrace(); @@ -1552,7 +1552,7 @@ public void testColAuth() { // check has select priv of column 'c' try { accessManager - .checkColumnsPriv(userIdentity, "db1", "tbl1", + .checkColumnsPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "db1", "tbl1", Sets.newHashSet("c"), PrivPredicate.SELECT); Assert.fail(); } catch (UserException e) { @@ -1561,7 +1561,7 @@ public void testColAuth() { // check has load priv of column 'a' try { accessManager - .checkColumnsPriv(userIdentity, "db1", "tbl1", + .checkColumnsPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "db1", "tbl1", Sets.newHashSet("a"), PrivPredicate.LOAD); Assert.fail(); } catch (UserException e) { @@ -1570,7 +1570,7 @@ public void testColAuth() { // check 'create_priv' use checkColumnsPriv try { accessManager - .checkColumnsPriv(userIdentity, "db1", "tbl1", + .checkColumnsPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "db1", "tbl1", Sets.newHashSet("a"), PrivPredicate.CREATE); Assert.fail(); } catch (Exception e) { @@ -1634,7 +1634,7 @@ public void testGrantRole() { Assert.fail(); } Assert.assertFalse(accessManager - .checkDbPriv(userIdentity, "db1", PrivPredicate.SELECT)); + .checkDbPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "db1", PrivPredicate.SELECT)); // grant 'role1' to testUser grantStmt = new GrantStmt(Lists.newArrayList(role), userIdentity); try { @@ -1645,7 +1645,7 @@ public void testGrantRole() { Assert.fail(); } Assert.assertTrue(accessManager - .checkDbPriv(userIdentity, "db1", PrivPredicate.SELECT)); + .checkDbPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "db1", PrivPredicate.SELECT)); // revoke 'role1' from testUser RevokeStmt revokeStmt = new RevokeStmt(Lists.newArrayList(role), userIdentity); try { @@ -1656,7 +1656,7 @@ public void testGrantRole() { Assert.fail(); } Assert.assertFalse(accessManager - .checkDbPriv(userIdentity, "db1", PrivPredicate.SELECT)); + .checkDbPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "db1", PrivPredicate.SELECT)); // grant not exist role to testUser grantStmt = new GrantStmt(Lists.newArrayList("norole"), userIdentity); try { @@ -2315,14 +2315,14 @@ public void testShowViewPriv() throws UserException { new AccessPrivilegeWithCols(AccessPrivilege.LOAD_PRIV))); grant(grantStmt); Assert.assertFalse(accessManager - .checkDbPriv(userIdentity, "viewdb", PrivPredicate.SHOW_VIEW)); + .checkDbPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "viewdb", PrivPredicate.SHOW_VIEW)); // `SHOW_VIEW_PRIV` can `show create view` grantStmt = new GrantStmt(userIdentity, null, new TablePattern("viewdb", "*"), Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.SHOW_VIEW_PRIV))); grant(grantStmt); Assert.assertTrue(accessManager - .checkDbPriv(userIdentity, "viewdb", PrivPredicate.SHOW_VIEW)); + .checkDbPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "viewdb", PrivPredicate.SHOW_VIEW)); RevokeStmt revokeStmt = new RevokeStmt(userIdentity, null, new TablePattern("viewdb", "*"), Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.SHOW_VIEW_PRIV))); @@ -2333,7 +2333,7 @@ public void testShowViewPriv() throws UserException { Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.ADMIN_PRIV))); grant(grantStmt); Assert.assertTrue(accessManager - .checkDbPriv(userIdentity, "viewdb", PrivPredicate.SHOW_VIEW)); + .checkDbPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "viewdb", PrivPredicate.SHOW_VIEW)); revokeStmt = new RevokeStmt(userIdentity, null, new TablePattern("*", "*", "*"), Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.ADMIN_PRIV))); @@ -2344,7 +2344,7 @@ public void testShowViewPriv() throws UserException { Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.CREATE_PRIV))); grant(grantStmt); Assert.assertTrue(accessManager - .checkDbPriv(userIdentity, "viewdb", PrivPredicate.SHOW_VIEW)); + .checkDbPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "viewdb", PrivPredicate.SHOW_VIEW)); revokeStmt = new RevokeStmt(userIdentity, null, new TablePattern("viewdb", "*"), Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.CREATE_PRIV))); @@ -2355,7 +2355,7 @@ public void testShowViewPriv() throws UserException { Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.ALTER_PRIV))); grant(grantStmt); Assert.assertTrue(accessManager - .checkDbPriv(userIdentity, "viewdb", PrivPredicate.SHOW_VIEW)); + .checkDbPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "viewdb", PrivPredicate.SHOW_VIEW)); revokeStmt = new RevokeStmt(userIdentity, null, new TablePattern("viewdb", "*"), Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.ALTER_PRIV))); @@ -2366,7 +2366,7 @@ public void testShowViewPriv() throws UserException { Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.DROP_PRIV))); grant(grantStmt); Assert.assertTrue(accessManager - .checkDbPriv(userIdentity, "viewdb", PrivPredicate.SHOW_VIEW)); + .checkDbPriv(userIdentity, InternalCatalog.INTERNAL_CATALOG_NAME, "viewdb", PrivPredicate.SHOW_VIEW)); revokeStmt = new RevokeStmt(userIdentity, null, new TablePattern("viewdb", "*"), Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.DROP_PRIV))); diff --git a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/MockedAuth.java b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/MockedAuth.java index db8b3cd98f27d0..b7345682e1c3e4 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/MockedAuth.java +++ b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/MockedAuth.java @@ -32,7 +32,7 @@ public static void mockedAccess(AccessControllerManager accessManager) { minTimes = 0; result = true; - accessManager.checkDbPriv((ConnectContext) any, anyString, (PrivPredicate) any); + accessManager.checkDbPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; @@ -40,7 +40,7 @@ public static void mockedAccess(AccessControllerManager accessManager) { minTimes = 0; result = true; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; diff --git a/fe/fe-core/src/test/java/org/apache/doris/qe/SetExecutorTest.java b/fe/fe-core/src/test/java/org/apache/doris/qe/SetExecutorTest.java index 00b9170f69f502..6cafe0806e7198 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/qe/SetExecutorTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/qe/SetExecutorTest.java @@ -67,11 +67,11 @@ public void setUp() throws DdlException { minTimes = 0; result = true; - accessManager.checkDbPriv((ConnectContext) any, anyString, (PrivPredicate) any); + accessManager.checkDbPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true; - accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, (PrivPredicate) any); + accessManager.checkTblPriv((ConnectContext) any, anyString, anyString, anyString, (PrivPredicate) any); minTimes = 0; result = true;