[BUG]the permission to read resource status is incorrect #2190

h4ofanya · 2024-06-20T03:22:27Z

Describe the bug

even if the user is not one of the roles of the tenant, the corresponding tenant information can be read

To Reproduce

curl -X POST -u 'root:' 'http:https://127.0.0.1:8902/api/v1/sql?db=public' -d "create tenant tenant_delay with drop_after='7'"
curl -X POST -u 'root:' 'http:https://127.0.0.1:8902/api/v1/sql?db=public' -d "drop tenant tenant_delay"
curl -X POST -u 'root:' 'http:https://127.0.0.1:8902/api/v1/sql?db=public' -d 'create tenant if not exists test_rs_tenant1;'
curl -X POST -u 'root:' 'http:https://127.0.0.1:8902/api/v1/sql?db=public' -d 'create user if not exists test_rs_u1;'
curl -X POST -u 'root:' 'http:https://127.0.0.1:8902/api/v1/sql?db=public' -d 'alter tenant test_rs_tenant1 add user test_rs_u1 as owner'

curl -X POST -u 'test_rs_u1:' 'http:https://127.0.0.1:8902/api/v1/sql?tenant=test_rs_tenant1&db=public' -d 'select * from information_schema.resource_status'
time,name,action,try_count,status,comment
2024-06-25 07:39:09,tenant_delay,DropTenant,0,Schedule,

Expected behavior

No response

Additional context

No response

h4ofanya changed the title ~~the permission to read resource status is incorrect~~ [BUG]the permission to read resource status is incorrect Jun 21, 2024

h4ofanya mentioned this issue Jun 21, 2024

fix: only admin can read DropTenant #2196

Merged

4 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG]the permission to read resource status is incorrect #2190

[BUG]the permission to read resource status is incorrect #2190

h4ofanya commented Jun 20, 2024

[BUG]the permission to read resource status is incorrect #2190

[BUG]the permission to read resource status is incorrect #2190

Comments

h4ofanya commented Jun 20, 2024

Describe the bug

To Reproduce

Expected behavior

Additional context