Skip to content

[fix](auth)fix missing authentication #33347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
morningman merged 70 commits into from
Apr 15, 2024
Merged

[fix](auth)fix missing authentication #33347

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
70 commits
Select commit Hold shift + click to select a range
673abb1
1
zddr Apr 8, 2024
5342d56
1
zddr Apr 9, 2024
f6fad54
1
zddr Apr 10, 2024
c2eeaa7
1
zddr Apr 10, 2024
3555876
1
zddr Apr 10, 2024
45c03c9
1
zddr Apr 10, 2024
c4a67d5
1
zddr Apr 10, 2024
9f8febe
1
zddr Apr 10, 2024
7823d6e
1
zddr Apr 10, 2024
018073c
1
zddr Apr 10, 2024
cb25644
1
zddr Apr 10, 2024
ac9585e
1
zddr Apr 10, 2024
c63316d
1
zddr Apr 10, 2024
f7a67cf
1
zddr Apr 10, 2024
fc0c3c3
1
zddr Apr 10, 2024
e3beedb
1
zddr Apr 10, 2024
0657358
1
zddr Apr 10, 2024
7173f80
1
zddr Apr 10, 2024
3423de9
1
zddr Apr 10, 2024
8b9ecff
1
zddr Apr 10, 2024
7297a3f
1
zddr Apr 10, 2024
e7a61b8
1
zddr Apr 10, 2024
df50758
1
zddr Apr 10, 2024
b2581dc
1
zddr Apr 10, 2024
4f948d9
1
zddr Apr 10, 2024
40d04d9
1
zddr Apr 10, 2024
ad0cafe
1
zddr Apr 10, 2024
4efba5e
1
zddr Apr 10, 2024
25a6bba
1
zddr Apr 10, 2024
be29416
1
zddr Apr 10, 2024
50a9c3a
1
zddr Apr 10, 2024
701be6d
1
zddr Apr 11, 2024
6466daa
1
zddr Apr 11, 2024
93ac167
1
zddr Apr 11, 2024
30746a3
1
zddr Apr 11, 2024
b09449d
1
zddr Apr 11, 2024
086ab49
1
zddr Apr 11, 2024
4e13521
1
zddr Apr 11, 2024
f4d046d
1
zddr Apr 11, 2024
7de7356
1
zddr Apr 11, 2024
e4384c0
1
zddr Apr 11, 2024
f22afa1
1
zddr Apr 11, 2024
ec51e0d
1
zddr Apr 11, 2024
6b2b1d8
1
zddr Apr 11, 2024
8486fb3
1
zddr Apr 11, 2024
767c83e
1
zddr Apr 11, 2024
b62cd8c
1
zddr Apr 11, 2024
5d383ec
1
zddr Apr 11, 2024
41c10d7
1
zddr Apr 11, 2024
1712fce
1
zddr Apr 11, 2024
d8a913b
1
zddr Apr 11, 2024
75f9a34
1
zddr Apr 11, 2024
f08f1ba
1
zddr Apr 11, 2024
a238589
1
zddr Apr 11, 2024
a5d11f4
1
zddr Apr 11, 2024
3f6e503
1
zddr Apr 11, 2024
a33d5fc
1
zddr Apr 11, 2024
4efaf37
1
zddr Apr 11, 2024
9ed69c9
1
zddr Apr 11, 2024
b4a6ec1
1
zddr Apr 11, 2024
fd694da
1
zddr Apr 11, 2024
e154617
1
zddr Apr 11, 2024
a0fee0d
1
zddr Apr 11, 2024
d53481d
1
zddr Apr 11, 2024
d848ef5
1
zddr Apr 11, 2024
a279382
1
zddr Apr 11, 2024
4571255
1
zddr Apr 12, 2024
d45cdde
1
zddr Apr 12, 2024
e7d9044
Merge branch 'master' into miss_auth
zddr Apr 12, 2024
c7ced18
1
zddr Apr 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/AdminCopyTabletStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,9 @@ public long getExpirationMinutes() {

@Override
public void analyze(Analyzer analyzer) throws AnalysisException {
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.OPERATOR)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "NODE");
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.ADMIN.getPrivs().toString());
}

if (properties == null) {
Expand Down
6 changes: 4 additions & 2 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/AlterPolicyStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,10 @@ public void analyze(Analyzer analyzer) throws UserException {
super.analyze(analyzer);

// check auth
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "ADMIN");
if (!Env.getCurrentEnv().getAccessManager()
.checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.ADMIN.getPrivs().toString());
}

if (properties == null || properties.isEmpty()) {
Expand Down
7 changes: 3 additions & 4 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/AlterViewStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,8 @@ public void analyze(Analyzer analyzer) throws UserException {
if (!Env.getCurrentEnv().getAccessManager()
.checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(), tableName.getTbl(),
PrivPredicate.ALTER)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "ALTER VIEW",
ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(),
tableName.getDb() + ": " + tableName.getTbl());
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLE_ACCESS_DENIED_ERROR,
PrivPredicate.ALTER.getPrivs().toString(), tableName.getTbl());
}

if (cols != null) {
Expand All @@ -74,7 +73,7 @@ public void analyze(Analyzer analyzer) throws UserException {
viewDefStmt.setNeedToSql(true);
Analyzer viewAnalyzer = new Analyzer(analyzer);
viewDefStmt.analyze(viewAnalyzer);

checkQueryAuth();
createColumnAndViewDefs(analyzer);
}

Expand Down
27 changes: 27 additions & 0 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/BaseViewStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,20 @@
package org.apache.doris.analysis;

import org.apache.doris.catalog.Column;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.Type;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.UserException;
import org.apache.doris.common.util.ToSqlContext;
import org.apache.doris.datasource.InternalCatalog;
import org.apache.doris.mysql.privilege.PrivPredicate;
import org.apache.doris.qe.ConnectContext;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

Expand Down Expand Up @@ -72,6 +77,28 @@ public String getInlineViewDef() {
return inlineViewDef;
}

protected void checkQueryAuth() throws UserException {
for (int i = 0; i < viewDefStmt.getBaseTblResultExprs().size(); ++i) {
Expr expr = viewDefStmt.getBaseTblResultExprs().get(i);
if (!(expr instanceof SlotRef)) {
continue;
}
SlotRef slotRef = (SlotRef) expr;
TableName queryTableName = slotRef.getTableName();
if (queryTableName == null) {
continue;
}
String queryColumnName = slotRef.getColumnName();
String ctlName = StringUtils.isEmpty(queryTableName.getCtl()) ? InternalCatalog.INTERNAL_CATALOG_NAME
: queryTableName.getCtl();
// check privilege
Env.getCurrentEnv().getAccessManager()
.checkColumnsPriv(ConnectContext.get().getCurrentUserIdentity(), ctlName,
queryTableName.getDb(), queryTableName.getTbl(), Sets.newHashSet(queryColumnName),
PrivPredicate.SELECT);
}
}

/**
* Sets the originalViewDef and the expanded inlineViewDef based on viewDefStmt.
* If columnNames were given, checks that they do not contain duplicate column names
Expand Down
9 changes: 9 additions & 0 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/CancelAlterSystemStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,12 @@

package org.apache.doris.analysis;

import org.apache.doris.catalog.Env;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.mysql.privilege.PrivPredicate;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.system.SystemInfoService;
import org.apache.doris.system.SystemInfoService.HostInfo;

Expand All @@ -44,6 +49,10 @@ public CancelAlterSystemStmt(List<String> params) {

@Override
public void analyze(Analyzer analyzer) throws AnalysisException {
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.OPERATOR)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.OPERATOR.getPrivs().toString());
}
for (String param : params) {
if (!param.contains(":")) {
ids.add(param);
Expand Down
16 changes: 12 additions & 4 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/CreatePolicyStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,12 @@ public void analyze(Analyzer analyzer) throws UserException {
throw new UserException("storage policy feature is disabled by default. "
+ "Enable it by setting 'enable_storage_policy=true' in fe.conf");
}
// check auth
if (!Env.getCurrentEnv().getAccessManager()
.checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.ADMIN.getPrivs().toString());
}
break;
case ROW:
default:
Expand All @@ -112,10 +118,12 @@ public void analyze(Analyzer analyzer) throws UserException {
user.getQualifiedUser(), user.getHost(), tableName.getTbl());
}
}
}
// check auth
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "ADMIN");
// check auth
if (!Env.getCurrentEnv().getAccessManager()
.checkGlobalPriv(ConnectContext.get(), PrivPredicate.GRANT)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.GRANT.getPrivs().toString());
}
}
}

Expand Down
5 changes: 3 additions & 2 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/CreateViewStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,8 @@ public void analyze(Analyzer analyzer) throws UserException {
if (!Env.getCurrentEnv().getAccessManager()
.checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(),
tableName.getTbl(), PrivPredicate.CREATE)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "CREATE");
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLE_ACCESS_DENIED_ERROR,
PrivPredicate.CREATE.getPrivs().toString(), tableName.getTbl());
}

// Do not rewrite nondeterministic functions to constant in create view's def stmt
Expand All @@ -84,7 +85,7 @@ public void analyze(Analyzer analyzer) throws UserException {
Analyzer viewAnalyzer = new Analyzer(analyzer);
viewDefStmt.forbiddenMVRewrite();
viewDefStmt.analyze(viewAnalyzer);

checkQueryAuth();
createColumnAndViewDefs(viewAnalyzer);
} finally {
// must reset this flag, otherwise, all following query statement in this connection
Expand Down
5 changes: 3 additions & 2 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/DropMaterializedViewStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,9 @@ public void analyze(Analyzer analyzer) throws UserException {
// check access
if (!Env.getCurrentEnv().getAccessManager()
.checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(),
tableName.getTbl(), PrivPredicate.DROP)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "DROP");
tableName.getTbl(), PrivPredicate.ALTER)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLE_ACCESS_DENIED_ERROR,
PrivPredicate.ALTER.getPrivs().toString(), tableName.getTbl());
}
}

Expand Down
16 changes: 12 additions & 4 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/DropPolicyStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,17 +60,25 @@ public void analyze(Analyzer analyzer) throws UserException {
super.analyze(analyzer);
switch (type) {
case STORAGE:
// check auth
if (!Env.getCurrentEnv().getAccessManager()
.checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.ADMIN.getPrivs().toString());
}
break;
case ROW:
default:
tableName.analyze(analyzer);
if (user != null) {
user.analyze();
}
}
// check auth
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "ADMIN");
// check auth
if (!Env.getCurrentEnv().getAccessManager()
.checkGlobalPriv(ConnectContext.get(), PrivPredicate.GRANT)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.GRANT.getPrivs().toString());
}
}
}

Expand Down
12 changes: 7 additions & 5 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/SetLdapPassVar.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,11 @@

package org.apache.doris.analysis;

import org.apache.doris.catalog.Env;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.mysql.privilege.Auth;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.mysql.privilege.PrivPredicate;
import org.apache.doris.qe.ConnectContext;

public class SetLdapPassVar extends SetVar {
Expand All @@ -35,11 +38,10 @@ public String getLdapPassword() {

@Override
public void analyze(Analyzer analyzer) throws AnalysisException {
if (!ConnectContext.get().getCurrentUserIdentity().getQualifiedUser().equals(Auth.ROOT_USER)
&& !ConnectContext.get().getCurrentUserIdentity().getQualifiedUser().equals(Auth.ADMIN_USER)) {
throw new AnalysisException("Only root and admin user can set ldap admin password.");
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.ADMIN.getPrivs().toString());
}

if (!passVar.isPlain()) {
throw new AnalysisException("Only support set ldap password with plain text");
}
Expand Down
11 changes: 11 additions & 0 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCatalogRecycleBinStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,17 @@
package org.apache.doris.analysis;

import org.apache.doris.catalog.Column;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.ScalarType;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.CaseSensibility;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.PatternMatcher;
import org.apache.doris.common.PatternMatcherWrapper;
import org.apache.doris.common.UserException;
import org.apache.doris.mysql.privilege.PrivPredicate;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.qe.ShowResultSetMetaData;

import com.google.common.base.Strings;
Expand Down Expand Up @@ -52,6 +57,12 @@ public String getNameValue() {
public void analyze(Analyzer analyzer) throws UserException {
super.analyze(analyzer);

// check auth
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.ADMIN.getPrivs().toString());
}

if (where == null) {
return;
}
Expand Down
10 changes: 4 additions & 6 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateDbStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.UserException;
import org.apache.doris.datasource.InternalCatalog;
import org.apache.doris.mysql.privilege.PrivPredicate;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.qe.ShowResultSetMetaData;
Expand Down Expand Up @@ -67,11 +66,10 @@ public void analyze(Analyzer analyzer) throws AnalysisException, UserException {
ErrorReport.reportAnalysisException(ErrorCode.ERR_WRONG_DB_NAME, db);
}

if (!Env.getCurrentEnv().getAccessManager()
.checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, db,
PrivPredicate.ALTER_CREATE_DROP)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR,
ConnectContext.get().getQualifiedUser(), db);
if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), ctl, db,
PrivPredicate.SHOW)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_DB_ACCESS_DENIED_ERROR,
PrivPredicate.SHOW.getPrivs().toString(), db);
}
}

Expand Down
11 changes: 10 additions & 1 deletion fe/fe-core/src/main/java/org/apache/doris/analysis/ShowCreateRepositoryStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,13 @@
package org.apache.doris.analysis;

import org.apache.doris.catalog.Column;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.ScalarType;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.mysql.privilege.PrivPredicate;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.qe.ShowResultSetMetaData;

// SHOW CREATE REPOSITORY statement
Expand All @@ -43,7 +48,11 @@ public String getRepoName() {

@Override
public void analyze(Analyzer analyzer) throws AnalysisException {

// check auth
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.ADMIN.getPrivs().toString());
}
}

@Override
Expand Down
7 changes: 6 additions & 1 deletion fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDataStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -424,7 +424,12 @@ public String toString() {
return toSql();
}

private void getAllDbStats() {
private void getAllDbStats() throws AnalysisException {
// check auth
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.ADMIN.getPrivs().toString());
}
List<String> dbNames = Env.getCurrentInternalCatalog().getDbNames();
if (dbNames == null || dbNames.isEmpty()) {
return;
Expand Down
12 changes: 4 additions & 8 deletions fe/fe-core/src/main/java/org/apache/doris/analysis/ShowEncryptKeysStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.UserException;
import org.apache.doris.datasource.InternalCatalog;
import org.apache.doris.mysql.privilege.PrivPredicate;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.qe.ShowResultSetMetaData;
Expand Down Expand Up @@ -64,14 +63,11 @@ public void analyze(Analyzer analyzer) throws AnalysisException, UserException {
}
}

// must check after analyze dbName, for case dbName is null.
if (!Env.getCurrentEnv().getAccessManager()
.checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName,
PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(
ErrorCode.ERR_DBACCESS_DENIED_ERROR, ConnectContext.get().getQualifiedUser(), dbName);
// check auth
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.ADMIN.getPrivs().toString());
}

}

public boolean like(String str) {
Expand Down
13 changes: 12 additions & 1 deletion fe/fe-core/src/main/java/org/apache/doris/analysis/ShowPluginsStmt.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,13 @@
package org.apache.doris.analysis;

import org.apache.doris.catalog.Column;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.ScalarType;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.mysql.privilege.PrivPredicate;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.qe.ShowResultSetMetaData;

// Show plugins statement.
Expand All @@ -39,7 +45,12 @@ public class ShowPluginsStmt extends ShowStmt {
.build();

@Override
public void analyze(Analyzer analyzer) {
public void analyze(Analyzer analyzer) throws AnalysisException {
// check auth
if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
PrivPredicate.ADMIN.getPrivs().toString());
}
}

@Override
Expand Down
Loading