[fix](auth)fix show load priv bug (apache#41723)

fix when user have `load_priv` on table,but can not show load about this table ps: We will add cases to other PRs as a whole:apache#41802
morningman · Oct 21, 2024 · fda7ba0 · fda7ba0
1 parent e73b6aa
commit fda7ba0
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 71 deletions.
diff --git a/fe/fe-core/src/main/java/org/apache/doris/cloud/load/CloudLoadManager.java b/fe/fe-core/src/main/java/org/apache/doris/cloud/load/CloudLoadManager.java
@@ -219,14 +219,13 @@ public List<List<Comparable>> getLoadJobInfosByDb(long dbId, String labelValue,
                     }
                     // check auth
                     try {
-                        checkJobAuth(loadJob.getDb().getCatalog().getName(), loadJob.getDb().getName(),
-                                loadJob.getTableNames());
-                    } catch (AnalysisException e) {
+                        loadJob.checkAuth("show load");
+                    } catch (DdlException e) {
                         continue;
                     }
                     // add load job info
                     loadJobInfos.add(loadJob.getShowInfo());
-                } catch (RuntimeException | DdlException | MetaNotFoundException e) {
+                } catch (RuntimeException | DdlException e) {
                     // ignore this load job
                     LOG.warn("get load job info failed. job id: {}", loadJob.getId(), e);
                 }

diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BulkLoadJob.java b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BulkLoadJob.java
@@ -147,6 +147,8 @@ public static BulkLoadJob fromLoadStmt(LoadStmt stmt) throws DdlException {
             bulkLoadJob.setComment(stmt.getComment());
             bulkLoadJob.setJobProperties(stmt.getProperties());
             bulkLoadJob.checkAndSetDataSourceInfo((Database) db, stmt.getDataDescriptions());
+            // In the construction method, there may not be table information yet
+            bulkLoadJob.rebuildAuthorizationInfo();
             return bulkLoadJob;
         } catch (MetaNotFoundException e) {
             throw new DdlException(e.getMessage());
@@ -179,6 +181,10 @@ private AuthorizationInfo gatherAuthInfo() throws MetaNotFoundException {
         return new AuthorizationInfo(database.getFullName(), getTableNames());
     }
 
+    public void rebuildAuthorizationInfo() throws MetaNotFoundException {
+        this.authorizationInfo = gatherAuthInfo();
+    }
+
     @Override
     public Set<String> getTableNamesForShow() {
         Optional<Database> db = Env.getCurrentInternalCatalog().getDb(dbId);

diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java
@@ -518,7 +518,7 @@ public void cancelJob(FailMsg failMsg) throws DdlException {
         }
     }
 
-    private void checkAuth(String command) throws DdlException {
+    public void checkAuth(String command) throws DdlException {
         if (authorizationInfo == null) {
             // use the old method to check priv
             checkAuthWithoutAuthInfo(command);
@@ -747,7 +747,6 @@ public List<Comparable> getShowInfo() throws DdlException {
 
     protected List<Comparable> getShowInfoUnderLock() throws DdlException {
         // check auth
-        checkAuth("SHOW LOAD");
         List<Comparable> jobInfo = Lists.newArrayList();
         // jobId
         jobInfo.add(id);

diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java
@@ -31,8 +31,6 @@
 import org.apache.doris.common.Config;
 import org.apache.doris.common.DataQualityException;
 import org.apache.doris.common.DdlException;
-import org.apache.doris.common.ErrorCode;
-import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.LabelAlreadyUsedException;
 import org.apache.doris.common.MetaNotFoundException;
 import org.apache.doris.common.Pair;
@@ -635,14 +633,13 @@ public List<List<Comparable>> getLoadJobInfosByDb(long dbId, String labelValue,
                     }
                     // check auth
                     try {
-                        checkJobAuth(loadJob.getDb().getCatalog().getName(), loadJob.getDb().getName(),
-                                loadJob.getTableNames());
-                    } catch (AnalysisException e) {
+                        loadJob.checkAuth("show load");
+                    } catch (DdlException e) {
                         continue;
                     }
                     // add load job info
                     loadJobInfos.add(loadJob.getShowInfo());
-                } catch (RuntimeException | DdlException | MetaNotFoundException e) {
+                } catch (RuntimeException | DdlException e) {
                     // ignore this load job
                     LOG.warn("get load job info failed. job id: {}", loadJob.getId(), e);
                 }
@@ -653,27 +650,6 @@ public List<List<Comparable>> getLoadJobInfosByDb(long dbId, String labelValue,
         }
     }
 
-    public void checkJobAuth(String ctlName, String dbName, Set<String> tableNames) throws AnalysisException {
-        if (tableNames.isEmpty()) {
-            if (!Env.getCurrentEnv().getAccessManager()
-                    .checkDbPriv(ConnectContext.get(), ctlName, dbName,
-                            PrivPredicate.LOAD)) {
-                ErrorReport.reportAnalysisException(ErrorCode.ERR_DB_ACCESS_DENIED_ERROR,
-                        PrivPredicate.LOAD.getPrivs().toString(), dbName);
-            }
-        } else {
-            for (String tblName : tableNames) {
-                if (!Env.getCurrentEnv().getAccessManager()
-                        .checkTblPriv(ConnectContext.get(), ctlName, dbName,
-                                tblName, PrivPredicate.LOAD)) {
-                    ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLE_ACCESS_DENIED_ERROR,
-                            PrivPredicate.LOAD.getPrivs().toString(), tblName);
-                    return;
-                }
-            }
-        }
-    }
-
     public List<List<Comparable>> getAllLoadJobInfos() {
         LinkedList<List<Comparable>> loadJobInfos = new LinkedList<List<Comparable>>();
 

diff --git a/fe/fe-core/src/test/java/org/apache/doris/load/loadv2/LoadManagerTest.java b/fe/fe-core/src/test/java/org/apache/doris/load/loadv2/LoadManagerTest.java
@@ -21,16 +21,12 @@
 import org.apache.doris.catalog.Database;
 import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.Table;
-import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.Config;
 import org.apache.doris.common.FeMetaVersion;
 import org.apache.doris.common.jmockit.Deencapsulation;
 import org.apache.doris.datasource.InternalCatalog;
 import org.apache.doris.meta.MetaContext;
-import org.apache.doris.qe.ConnectContext;
-import org.apache.doris.utframe.TestWithFeService;
 
-import com.google.common.collect.Sets;
 import mockit.Expectations;
 import mockit.Injectable;
 import mockit.Mocked;
@@ -44,8 +40,6 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
-import java.io.IOException;
-import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 
@@ -203,36 +197,4 @@ private LoadManager deserializeFromFile(File file) throws Exception {
         loadManager.readFields(dis);
         return loadManager;
     }
-
-    @Test
-    public void testJobAuth() throws IOException, AnalysisException {
-        UserIdentity user1 = new UserIdentity("testJobAuthUser", "%");
-        user1.analyze();
-        new Expectations() {
-            {
-                ConnectContext.get();
-                minTimes = 0;
-                result = TestWithFeService.createCtx(user1, "%");
-            }
-        };
-        LoadManager manager = new LoadManager(new LoadJobScheduler());
-        HashSet<String> tableNames = Sets.newHashSet();
-        try {
-            // should check db auth
-            manager.checkJobAuth("ctl1", "db1", tableNames);
-            throw new RuntimeException("should exception");
-        } catch (AnalysisException e) {
-            Assert.assertTrue(e.getMessage().contains("Admin_priv,Load_priv"));
-            Assert.assertTrue(e.getMessage().contains("db1"));
-        }
-        tableNames.add("table1");
-        try {
-            // should check db auth
-            manager.checkJobAuth("ctl1", "db1", tableNames);
-            throw new RuntimeException("should exception");
-        } catch (AnalysisException e) {
-            Assert.assertTrue(e.getMessage().contains("Admin_priv,Load_priv"));
-            Assert.assertTrue(e.getMessage().contains("table1"));
-        }
-    }
 }