Skip to content

Commit

Permalink
[fix](auth)Fix the compatibility issue with show_view_priv when repla…
Browse files Browse the repository at this point in the history 
…ying editLog (#45949)

### What problem does this PR solve?

The previous version showed an index of 9 for show_view_priv, while the
new version has an index of 14
The previous logic was only compatible with the playback logic of
images, not with the playback logic of editLog
  • Loading branch information
@zddr
zddr authored Dec 26, 2024
1 parent b80b402 commit 6b51e9d
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 41 deletions.
16 changes: 10 additions & 6 deletions fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -658,17 +658,19 @@ public void grant(GrantStmt stmt) throws DdlException {

public void replayGrant(PrivInfo privInfo) {
try {
PrivBitSet privs = privInfo.getPrivs();
Role.compatibilityAuthIndexChange(privs);
if (privInfo.getTblPattern() != null) {
grantInternal(privInfo.getUserIdent(), privInfo.getRole(),
privInfo.getTblPattern(), privInfo.getPrivs(), privInfo.getColPrivileges(),
privInfo.getTblPattern(), privs, privInfo.getColPrivileges(),
true /* err on non exist */, true /* is replay */);
} else if (privInfo.getResourcePattern() != null) {
grantInternal(privInfo.getUserIdent(), privInfo.getRole(),
privInfo.getResourcePattern(), privInfo.getPrivs(),
privInfo.getResourcePattern(), privs,
true /* err on non exist */, true /* is replay */);
} else if (privInfo.getWorkloadGroupPattern() != null) {
grantInternal(privInfo.getUserIdent(), privInfo.getRole(),
privInfo.getWorkloadGroupPattern(), privInfo.getPrivs(),
privInfo.getWorkloadGroupPattern(), privs,
true /* err on non exist */, true /* is replay */);
} else {
grantInternal(privInfo.getUserIdent(), privInfo.getRoles(), true);
Expand Down Expand Up @@ -843,14 +845,16 @@ public void revoke(RevokeStmt stmt) throws DdlException {

public void replayRevoke(PrivInfo info) {
try {
PrivBitSet privs = info.getPrivs();
Role.compatibilityAuthIndexChange(privs);
if (info.getTblPattern() != null) {
revokeInternal(info.getUserIdent(), info.getRole(), info.getTblPattern(), info.getPrivs(),
revokeInternal(info.getUserIdent(), info.getRole(), info.getTblPattern(), privs,
info.getColPrivileges(), true /* err on non exist */, true /* is replay */);
} else if (info.getResourcePattern() != null) {
revokeInternal(info.getUserIdent(), info.getRole(), info.getResourcePattern(), info.getPrivs(),
revokeInternal(info.getUserIdent(), info.getRole(), info.getResourcePattern(), privs,
true /* err on non exist */, true /* is replay */);
} else if (info.getWorkloadGroupPattern() != null) {
revokeInternal(info.getUserIdent(), info.getRole(), info.getWorkloadGroupPattern(), info.getPrivs(),
revokeInternal(info.getUserIdent(), info.getRole(), info.getWorkloadGroupPattern(), privs,
true /* err on non exist */, true /* is replay */);
} else {
revokeInternal(info.getUserIdent(), info.getRoles(), true /* is replay */);
Expand Down
87 changes: 52 additions & 35 deletions fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1111,53 +1111,70 @@ private void compatibilityErrEnum() {

LOG.info("auth into compatibility logic, currentVersion={}", currentVersion);
if (Config.isNotCloudMode() && currentVersion >= FeMetaVersion.VERSION_129) {
// not cloud mode,
// For versions greater than VERSION_123,
// the community requires versions above VERSION_129 to follow compatibility logic.

// SHOW_VIEW_PRIV_DEPRECATED -> SHOW_VIEW_PRIV (9 -> 14)
tblPatternToPrivs.values().forEach(privBitSet -> {
if (privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_DEPRECATED)) {
// remove SHOW_VIEW_PRIV_DEPRECATED
privBitSet.unset(Privilege.SHOW_VIEW_PRIV_DEPRECATED.getIdx());
// add SHOW_VIEW_PRIV
privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
}
compatibilityAuthIndexChange(privBitSet);
});
} else if (Config.isCloudMode()) {
// cloud mode
// For versions greater than VERSION_123, the cloud requires compatibility logic.

// CLUSTER_USAGE_PRIV_DEPRECATED -> CLUSTER_USAGE_PRIV (9 -> 12)
clusterPatternToPrivs.values().forEach(privBitSet -> {
if (privBitSet.containsPrivs(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED)) {
// remove CLUSTER_USAGE_PRIV_DEPRECATED
privBitSet.unset(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED.getIdx());
// add CLUSTER_USAGE_PRIV
privBitSet.set(Privilege.CLUSTER_USAGE_PRIV.getIdx());
}
compatibilityAuthIndexChange(privBitSet);
});
// STAGE_USAGE_PRIV_DEPRECATED -> STAGE_USAGE_PRIV (10 -> 13)
stagePatternToPrivs.values().forEach(privBitSet -> {
if (privBitSet.containsPrivs(Privilege.STAGE_USAGE_PRIV_DEPRECATED)) {
// remove CLUSTER_USAGE_PRIV_DEPRECATED
privBitSet.unset(Privilege.STAGE_USAGE_PRIV_DEPRECATED.getIdx());
// add CLUSTER_USAGE_PRIV
privBitSet.set(Privilege.STAGE_USAGE_PRIV.getIdx());
}
compatibilityAuthIndexChange(privBitSet);
});
// SHOW_VIEW_PRIV_CLOUD_DEPRECATED -> SHOW_VIEW_PRIV (11 -> 14)
tblPatternToPrivs.values().forEach(privBitSet -> {
if (privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED)) {
// remove SHOW_VIEW_PRIV_CLOUD_DEPRECATED
privBitSet.unset(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED.getIdx());
// add SHOW_VIEW_PRIV
privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
}
compatibilityAuthIndexChange(privBitSet);
});
}
}

public static void compatibilityAuthIndexChange(PrivBitSet privBitSet) {
if (privBitSet == null) {
return;
}
int currentVersion = Env.getCurrentEnvJournalVersion();
// not cloud mode,
// For versions greater than VERSION_123,
// the community requires versions above VERSION_129 to follow compatibility logic.

// SHOW_VIEW_PRIV_DEPRECATED -> SHOW_VIEW_PRIV (9 -> 14)
if (Config.isNotCloudMode() && currentVersion >= FeMetaVersion.VERSION_129) {
if (privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_DEPRECATED)) {
// remove SHOW_VIEW_PRIV_DEPRECATED
privBitSet.unset(Privilege.SHOW_VIEW_PRIV_DEPRECATED.getIdx());
// add SHOW_VIEW_PRIV
privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
}
} else if (Config.isCloudMode()) {
// cloud mode
// For versions greater than VERSION_123, the cloud requires compatibility logic.

// CLUSTER_USAGE_PRIV_DEPRECATED -> CLUSTER_USAGE_PRIV (9 -> 12)

if (privBitSet.containsPrivs(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED)) {
// remove CLUSTER_USAGE_PRIV_DEPRECATED
privBitSet.unset(Privilege.CLUSTER_USAGE_PRIV_DEPRECATED.getIdx());
// add CLUSTER_USAGE_PRIV
privBitSet.set(Privilege.CLUSTER_USAGE_PRIV.getIdx());
}

// STAGE_USAGE_PRIV_DEPRECATED -> STAGE_USAGE_PRIV (10 -> 13)
if (privBitSet.containsPrivs(Privilege.STAGE_USAGE_PRIV_DEPRECATED)) {
// remove CLUSTER_USAGE_PRIV_DEPRECATED
privBitSet.unset(Privilege.STAGE_USAGE_PRIV_DEPRECATED.getIdx());
// add CLUSTER_USAGE_PRIV
privBitSet.set(Privilege.STAGE_USAGE_PRIV.getIdx());
}

// SHOW_VIEW_PRIV_CLOUD_DEPRECATED -> SHOW_VIEW_PRIV (11 -> 14)
if (privBitSet.containsPrivs(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED)) {
// remove SHOW_VIEW_PRIV_CLOUD_DEPRECATED
privBitSet.unset(Privilege.SHOW_VIEW_PRIV_CLOUD_DEPRECATED.getIdx());
// add SHOW_VIEW_PRIV
privBitSet.set(Privilege.SHOW_VIEW_PRIV.getIdx());
}
}
}

private void rebuildPrivTables() {
globalPrivTable = new GlobalPrivTable();
catalogPrivTable = new CatalogPrivTable();
Expand Down

0 comments on commit 6b51e9d

Please sign in to comment.