Skip to content

Commit

Permalink
[enhancement](priv) Clarify ccr releated FrontendServiceImpl call pri…
Browse files Browse the repository at this point in the history 
…vs (apache#25530)

Signed-off-by: Jack Drogon <[email protected]>
  • Loading branch information
@JackDrogon
JackDrogon authored Oct 18, 2023
1 parent 6f62646 commit ef9cbc4
Showing 1 changed file with 57 additions and 35 deletions.
92 changes: 57 additions & 35 deletions fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -525,7 +525,7 @@ public TAddColumnsResult addColumns(TAddColumnsRequest request) throws TExceptio

// index id -> index schema
Map<Long, LinkedList<Column>> indexSchemaMap = new HashMap<>();
//index id -> index col_unique_id supplier
// index id -> index col_unique_id supplier
Map<Long, IntSupplier> colUniqueIdSupplierMap = new HashMap<>();
for (Map.Entry<Long, List<Column>> entry : olapTable.getIndexIdToSchema(true).entrySet()) {
indexSchemaMap.put(entry.getKey(), new LinkedList<>(entry.getValue()));
Expand All @@ -544,13 +544,13 @@ public int getAsInt() {
}
colUniqueIdSupplierMap.put(entry.getKey(), colUniqueIdSupplier);
}
//4. call schame change function, only for dynamic table feature.
// 4. call schame change function, only for dynamic table feature.
SchemaChangeHandler schemaChangeHandler = new SchemaChangeHandler();

boolean lightSchemaChange = schemaChangeHandler.processAddColumns(
addColumnsClause, olapTable, indexSchemaMap, true, colUniqueIdSupplierMap);
if (lightSchemaChange) {
//for schema change add column optimize, direct modify table meta.
// for schema change add column optimize, direct modify table meta.
List<Index> newIndexes = olapTable.getCopiedIndexes();
long jobId = Env.getCurrentEnv().getNextId();
Env.getCurrentEnv().getSchemaChangeHandler().modifyTableLightSchemaChange(
Expand All @@ -562,7 +562,7 @@ public int getAsInt() {
}
}

//5. build all columns
// 5. build all columns
for (Column column : olapTable.getBaseSchema()) {
allColumns.add(column.toThrift());
}
Expand Down Expand Up @@ -756,7 +756,7 @@ public TListTableMetadataNameIdsResult listTableMetadataNameIds(TGetTablesParams
if (params.isSetPattern()) {
try {
matcher = PatternMatcher.createMysqlPattern(params.getPattern(),
CaseSensibility.TABLE.getCaseSensibility());
CaseSensibility.TABLE.getCaseSensibility());
} catch (PatternMatcherException e) {
throw new TException("Pattern is in bad format " + params.getPattern());
}
Expand Down Expand Up @@ -1095,24 +1095,39 @@ private List<String> getTableNames(String cluster, String dbName, List<Long> tab
return tableNames;
}

private void checkPasswordAndPrivs(String cluster, String user, String passwd, String db, String tbl,
String clientIp, PrivPredicate predicate) throws AuthenticationException {
private void checkSingleTablePasswordAndPrivs(String cluster, String user, String passwd, String db, String tbl,
String clientIp, PrivPredicate predicate) throws AuthenticationException {
checkPasswordAndPrivs(cluster, user, passwd, db, Lists.newArrayList(tbl), clientIp, predicate);
}

private void checkDbPasswordAndPrivs(String cluster, String user, String passwd, String db, String clientIp,
PrivPredicate predicate) throws AuthenticationException {
checkPasswordAndPrivs(cluster, user, passwd, db, null, clientIp, predicate);
}

private void checkPasswordAndPrivs(String cluster, String user, String passwd, String db, List<String> tables,
String clientIp, PrivPredicate predicate) throws AuthenticationException {
String clientIp, PrivPredicate predicate) throws AuthenticationException {

final String fullUserName = ClusterNamespace.getFullName(cluster, user);
final String fullDbName = ClusterNamespace.getFullName(cluster, db);
List<UserIdentity> currentUser = Lists.newArrayList();
Env.getCurrentEnv().getAuth().checkPlainPassword(fullUserName, clientIp, passwd, currentUser);

Preconditions.checkState(currentUser.size() == 1);
if (tables == null || tables.isEmpty()) {
if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(currentUser.get(0), fullDbName, predicate)) {
throw new AuthenticationException(
"Access denied; you need (at least one of) the (" + predicate.toString()
+ ") privilege(s) for this operation");
}
return;
}

for (String tbl : tables) {
if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(currentUser.get(0), fullDbName, tbl, predicate)) {
throw new AuthenticationException(
"Access denied; you need (at least one of) the LOAD privilege(s) for this operation");
"Access denied; you need (at least one of) the (" + predicate.toString()
+ ") privilege(s) for this operation");
}
}
}
Expand Down Expand Up @@ -1184,7 +1199,8 @@ private TLoadTxnBeginResult loadTxnBeginImpl(TLoadTxnBeginRequest request, Strin
if (request.isSetAuthCode()) {
// TODO(cmy): find a way to check
} else if (Strings.isNullOrEmpty(request.getToken())) {
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(), request.getTbl(),
checkSingleTablePasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
request.getTbl(),
request.getUserIp(), PrivPredicate.LOAD);
}

Expand Down Expand Up @@ -1363,7 +1379,7 @@ private List<Table> queryLoadCommitTables(TLoadTxnCommitRequest request, Databas
}

List<String> tbNames;
//check has multi table
// check has multi table
if (CollectionUtils.isNotEmpty(request.getTbls())) {
tbNames = request.getTbls();
} else {
Expand All @@ -1374,7 +1390,7 @@ private List<Table> queryLoadCommitTables(TLoadTxnCommitRequest request, Databas
OlapTable table = (OlapTable) db.getTableOrMetaException(tbl, TableType.OLAP);
tables.add(table);
}
//if it has multi table, use multi table and update multi table running transaction table ids
// if it has multi table, use multi table and update multi table running transaction table ids
if (CollectionUtils.isNotEmpty(request.getTbls())) {
List<Long> multiTableIds = tables.stream().map(Table::getId).collect(Collectors.toList());
Env.getCurrentGlobalTransactionMgr().getDatabaseTransactionMgr(db.getId())
Expand All @@ -1398,11 +1414,12 @@ private void loadTxnPreCommitImpl(TLoadTxnCommitRequest request) throws UserExce
// refactoring it
if (CollectionUtils.isNotEmpty(request.getTbls())) {
for (String tbl : request.getTbls()) {
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(), tbl,
checkSingleTablePasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
tbl,
request.getUserIp(), PrivPredicate.LOAD);
}
} else {
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
checkSingleTablePasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
request.getTbl(),
request.getUserIp(), PrivPredicate.LOAD);
}
Expand Down Expand Up @@ -1510,7 +1527,8 @@ private void loadTxn2PCImpl(TLoadTxn2PCRequest request) throws UserException {
}
for (Table table : tableList) {
// check auth
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(), table.getName(),
checkSingleTablePasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
table.getName(),
request.getUserIp(), PrivPredicate.LOAD);
}

Expand Down Expand Up @@ -1578,7 +1596,7 @@ private boolean loadTxnCommitImpl(TLoadTxnCommitRequest request) throws UserExce
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
request.getTbls(), request.getUserIp(), PrivPredicate.LOAD);
} else {
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
checkSingleTablePasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
request.getTbl(), request.getUserIp(), PrivPredicate.LOAD);
}
}
Expand Down Expand Up @@ -1763,14 +1781,15 @@ private void loadTxnRollbackImpl(TLoadTxnRollbackRequest request) throws UserExc
} else if (request.isSetToken()) {
checkToken(request.getToken());
} else {
//multi table load
// multi table load
if (CollectionUtils.isNotEmpty(request.getTbls())) {
for (String tbl : request.getTbls()) {
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(), tbl,
checkSingleTablePasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
tbl,
request.getUserIp(), PrivPredicate.LOAD);
}
} else {
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
checkSingleTablePasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
request.getTbl(),
request.getUserIp(), PrivPredicate.LOAD);
}
Expand Down Expand Up @@ -2054,7 +2073,8 @@ private void httpStreamPutImpl(TStreamLoadPutRequest request, TStreamLoadPutResu
if (request.isSetAuthCode()) {
// TODO(cmy): find a way to check
} else if (Strings.isNullOrEmpty(request.getToken())) {
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(), request.getTbl(),
checkSingleTablePasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
request.getTbl(),
request.getUserIp(), PrivPredicate.LOAD);
}
ctx.setEnv(Env.getCurrentEnv());
Expand Down Expand Up @@ -2131,15 +2151,15 @@ private TExecPlanFragmentParams streamLoadPutImpl(TStreamLoadPutRequest request,
}

private TExecPlanFragmentParams generatePlanFragmentParams(TStreamLoadPutRequest request, Database db,
String fullDbName, OlapTable table,
long timeoutMs) throws UserException {
String fullDbName, OlapTable table,
long timeoutMs) throws UserException {
return generatePlanFragmentParams(request, db, fullDbName, table, timeoutMs, 1, false);
}

private TExecPlanFragmentParams generatePlanFragmentParams(TStreamLoadPutRequest request, Database db,
String fullDbName, OlapTable table,
long timeoutMs, int multiTableFragmentInstanceIdIndex,
boolean isMultiTableRequest)
String fullDbName, OlapTable table,
long timeoutMs, int multiTableFragmentInstanceIdIndex,
boolean isMultiTableRequest)
throws UserException {
if (!table.tryReadLock(timeoutMs, TimeUnit.MILLISECONDS)) {
throw new UserException(
Expand Down Expand Up @@ -2191,10 +2211,10 @@ private TPipelineFragmentParams pipelineStreamLoadPutImpl(TStreamLoadPutRequest
}

private TPipelineFragmentParams generatePipelineStreamLoadPut(TStreamLoadPutRequest request, Database db,
String fullDbName, OlapTable table,
long timeoutMs,
int multiTableFragmentInstanceIdIndex,
boolean isMultiTableRequest)
String fullDbName, OlapTable table,
long timeoutMs,
int multiTableFragmentInstanceIdIndex,
boolean isMultiTableRequest)
throws UserException {
if (db == null) {
String dbName = fullDbName;
Expand Down Expand Up @@ -2746,7 +2766,8 @@ private TGetBinlogResult getBinlogImpl(TGetBinlogRequest request, String clientI
cluster = SystemInfoService.DEFAULT_CLUSTER;
}
if (Strings.isNullOrEmpty(request.getToken())) {
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(), request.getTable(),
checkSingleTablePasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
request.getTable(),
request.getUserIp(), PrivPredicate.SELECT);
}

Expand Down Expand Up @@ -2867,8 +2888,8 @@ private TGetSnapshotResult getSnapshotImpl(TGetSnapshotRequest request, String c
request.getUser(), request.getDb(), request.getLabelName(), request.getSnapshotName(),
request.getSnapshotType());
if (Strings.isNullOrEmpty(request.getToken())) {
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
request.getTable(), clientIp, PrivPredicate.LOAD);
checkSingleTablePasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
request.getTable(), clientIp, PrivPredicate.SELECT);
}

// Step 3: get snapshot
Expand Down Expand Up @@ -2952,8 +2973,8 @@ private TRestoreSnapshotResult restoreSnapshotImpl(TRestoreSnapshotRequest reque
}

if (Strings.isNullOrEmpty(request.getToken())) {
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
request.getTable(), clientIp, PrivPredicate.LOAD);
checkDbPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(), clientIp,
PrivPredicate.LOAD);
}

// Step 3: get snapshot
Expand Down Expand Up @@ -3085,7 +3106,8 @@ private TGetBinlogLagResult getBinlogLagImpl(TGetBinlogRequest request, String c
cluster = SystemInfoService.DEFAULT_CLUSTER;
}
if (Strings.isNullOrEmpty(request.getToken())) {
checkPasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(), request.getTable(),
checkSingleTablePasswordAndPrivs(cluster, request.getUser(), request.getPasswd(), request.getDb(),
request.getTable(),
request.getUserIp(), PrivPredicate.SELECT);
}

Expand Down

0 comments on commit ef9cbc4

Please sign in to comment.