Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BugFix] Fix an issue when the privilege is merged,casue root privilge dropped. #46411

Merged
merged 2 commits into from
Jun 3, 2024
Merged

[BugFix] Fix an issue when the privilege is merged,casue root privilge dropped. #46411

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fbb139a
[BugFix] Fix an issue when the privilege is merged,casue root privile…
zhangheihei May 29, 2024
74baba2
[BugFix] Fix an issue when the privilege is merged,casue root privile…
zhangheihei May 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion fe/fe-core/src/main/java/com/starrocks/privilege/PrivilegeCollectionV2.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,9 @@ public void merge(PrivilegeCollectionV2 other) {
} else {
List<PrivilegeEntry> typeList = typeToPrivilegeEntryList.get(typeId);
for (PrivilegeEntry entry : otherList) {
grantObjectToList(entry.actionSet, entry.object, entry.withGrantOption, typeList);
//deep copy here
ActionSet actionSetClone = new ActionSet(entry.actionSet);
grantObjectToList(actionSetClone, entry.object, entry.withGrantOption, typeList);
} // for privilege entry in other.list
}
} // for typeId, privilegeEntryList in other
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The most risky bug in this code is:
Mixing semantics of isGrant with deep/shallow copy logic potentially leads to incorrect privilege management.

You can modify the code like this:

-            grantObjectToList(entry.actionSet, entry.object, entry.withGrantOption, typeList);
+            grantObjectToList(entry.actionSet, entry.object, entry.withGrantOption, typeList, true);

Specifically, ensure isDeepCopy parameter usage is consistent and aligned with the intention behind cloning or referencing ActionSet objects. This change ensures that whenever we're merging privileges from one collection to another (merge method), we're consciously deciding whether to clone (isDeepCopy = true) or merely reference (isDeepCopy = false) the ActionSet, preventing accidental state manipulation across different privilege entries.

Expand Down
Loading