fix show task bug;

TCeason · TCeason · commit 9d9d0d3ade64 · 2024-05-20T14:04:07.000+08:00
diff --git a/src/query/ast/tests/it/testdata/statement-error.txt b/src/query/ast/tests/it/testdata/statement-error.txt
@@ -923,7 +923,7 @@ error:
   --> SQL:1:22
   |
 1 | GRANT CREATE TASK ON task mytask1 TO role role1
-  | ----- ------         ^^^^ unexpected `task`, expecting `FALSE`, <QuotedString>, <LiteralInteger>, `TRUE`, `IDENTIFIER`, <PGLiteralHex>, <MySQLLiteralHex>, `*`, or <Ident>
+  | ----- ------         ^^^^ unexpected `task`, expecting <LiteralString>, `FALSE`, <LiteralInteger>, `TRUE`, `IDENTIFIER`, <PGLiteralHex>, <MySQLLiteralHex>, `*`, or <Ident>
   | |     |               
   | |     while parsing <privileges> ON <privileges_level>
   | while parsing `GRANT { ROLE <role_name> | schemaObjectPrivileges | ALL [ PRIVILEGES ] ON <privileges_level> } TO { [ROLE <role_name>] | [USER] <user> }`
@@ -948,7 +948,7 @@ error:
   --> SQL:1:17
   |
 1 | GRANT select ON task MyTask1 TO u2
-  |                 ^^^^ unexpected `task`, expecting `FALSE`, `TABLE`, <QuotedString>, <LiteralInteger>, `TRUE`, `IDENTIFIER`, <PGLiteralHex>, <MySQLLiteralHex>, `DATABASE`, `*`, or <Ident>
+  |                 ^^^^ unexpected `task`, expecting <LiteralString>, `FALSE`, `TABLE`, <LiteralInteger>, `TRUE`, `IDENTIFIER`, <PGLiteralHex>, <MySQLLiteralHex>, `DATABASE`, `*`, or <Ident>
 
 
 ---------- Input ----------
@@ -958,6 +958,6 @@ error:
   --> SQL:1:16
   |
 1 | GRANT usage ON task MyTask1 TO u1
-  |                ^^^^ unexpected `task`, expecting `FALSE`, `TABLE`, <QuotedString>, <LiteralInteger>, `TRUE`, `IDENTIFIER`, <PGLiteralHex>, <MySQLLiteralHex>, `DATABASE`, `UDF`, `*`, or <Ident>
+  |                ^^^^ unexpected `task`, expecting <LiteralString>, `FALSE`, `TABLE`, <LiteralInteger>, `TRUE`, `IDENTIFIER`, <PGLiteralHex>, <MySQLLiteralHex>, `DATABASE`, `UDF`, `*`, or <Ident>
 
 
diff --git a/src/query/ast/tests/it/testdata/statement.txt b/src/query/ast/tests/it/testdata/statement.txt
@@ -18353,13 +18353,13 @@ CreateDynamicTable(
 ---------- Input ----------
 GRANT CREATE TASK ON *.* TO role role1
 ---------- Output ---------
-GRANT CREATE DATABASE ON *.* TO ROLE 'role1'
+GRANT CREATE TASK ON *.* TO ROLE 'role1'
 ---------- AST ------------
 Grant(
     GrantStmt {
         source: Privs {
             privileges: [
-                CreateDatabase,
+                CreateTask,
             ],
             level: Global,
         },
diff --git a/src/query/storages/system/src/task_history_table.rs b/src/query/storages/system/src/task_history_table.rs
@@ -186,45 +186,60 @@ impl AsyncSystemTable for TaskHistoryTable {
             }
         }
 
-        let owned_tasks_names = get_owned_task_names(user_api, &tenant, &all_effective_roles).await;
-        if let Some(task_name) = &task_name {
-            // The user does not have admin role and not own the task_name
-            // Need directly return empty block
-            if !all_effective_roles
-                .iter()
-                .any(|role| role.to_lowercase() == BUILTIN_ROLE_ACCOUNT_ADMIN)
-                && !owned_tasks_names.contains(task_name)
-            {
-                info!(
-                    "--task_history:198 all_effective_roles is {:?}, owned_tasks_names is {:?}, task_name is {:?}",
-                    all_effective_roles.clone(),
-                    owned_tasks_names.clone(),
-                    task_name.clone()
-                );
-                return parse_task_runs_to_datablock(vec![]);
+        let has_admin_role = all_effective_roles
+            .iter()
+            .any(|role| role.to_lowercase() == BUILTIN_ROLE_ACCOUNT_ADMIN);
+        let req = if has_admin_role {
+            ShowTaskRunsRequest {
+                tenant_id: tenant.tenant_name().to_string(),
+                scheduled_time_start: scheduled_time_start.unwrap_or("".to_string()),
+                scheduled_time_end: scheduled_time_end.unwrap_or("".to_string()),
+                task_name: task_name.unwrap_or("".to_string()),
+                result_limit: result_limit.unwrap_or(0), // 0 means default
+                error_only: false,
+                owners: all_effective_roles.clone(),
+                next_page_token: None,
+                page_size: None,
+                previous_page_token: None,
+                task_ids: vec![],
+                task_names: vec![],
+            }
+        } else {
+            let owned_tasks_names =
+                get_owned_task_names(user_api, &tenant, &all_effective_roles, has_admin_role).await;
+            if let Some(task_name) = &task_name {
+                // The user does not have admin role and not own the task_name
+                // Need directly return empty block
+                if !owned_tasks_names.contains(task_name) {
+                    info!(
+                        "--task_history:215 all_effective_roles is {:?}, owned_tasks_names is {:?}, task_name is {:?}",
+                        all_effective_roles.clone(),
+                        owned_tasks_names.clone(),
+                        task_name.clone()
+                    );
+                    return parse_task_runs_to_datablock(vec![]);
+                }
+            }
+            info!(
+                "--task_history:224 all_effective_roles is {:?}, owned_tasks_names is {:?}, task_name is {:?}",
+                all_effective_roles.clone(),
+                owned_tasks_names.clone(),
+                task_name.clone()
+            );
+            ShowTaskRunsRequest {
+                tenant_id: tenant.tenant_name().to_string(),
+                scheduled_time_start: scheduled_time_start.unwrap_or("".to_string()),
+                scheduled_time_end: scheduled_time_end.unwrap_or("".to_string()),
+                task_name: task_name.unwrap_or("".to_string()),
+                result_limit: result_limit.unwrap_or(0), // 0 means default
+                error_only: false,
+                owners: all_effective_roles.clone(),
+                next_page_token: None,
+                page_size: None,
+                previous_page_token: None,
+                task_ids: vec![],
+                task_names: owned_tasks_names.clone(),
             }
-        }
-
-        info!(
-            "--task_history:203 all_effective_roles is {:?}, owned_tasks_names is {:?}, task_name is {:?}",
-            all_effective_roles.clone(),
-            owned_tasks_names.clone(),
-            task_name.clone()
-        );
-
-        let req = ShowTaskRunsRequest {
-            tenant_id: tenant.tenant_name().to_string(),
-            scheduled_time_start: scheduled_time_start.unwrap_or("".to_string()),
-            scheduled_time_end: scheduled_time_end.unwrap_or("".to_string()),
-            task_name: task_name.unwrap_or("".to_string()),
-            result_limit: result_limit.unwrap_or(0), // 0 means default
-            error_only: false,
-            owners: all_effective_roles.clone(),
-            next_page_token: None,
-            page_size: None,
-            previous_page_token: None,
-            task_ids: vec![],
-            task_names: owned_tasks_names.clone(),
         };
 
         let cloud_api = CloudControlApiProvider::instance();
diff --git a/src/query/storages/system/src/tasks_table.rs b/src/query/storages/system/src/tasks_table.rs
@@ -159,38 +159,53 @@ impl AsyncSystemTable for TasksTable {
                 });
             }
         }
-        let owned_tasks_names = get_owned_task_names(user_api, &tenant, &all_effective_roles).await;
-        if let Some(task_name) = &task_name {
-            // The user does not have admin role and not own the task_name
-            // Need directly return empty block
-            if !all_effective_roles
-                .iter()
-                .any(|role| role.to_lowercase() == BUILTIN_ROLE_ACCOUNT_ADMIN)
-                && !owned_tasks_names.contains(task_name)
-            {
-                info!(
-                    "--tasks:171 all_effective_roles is {:?}, owned_tasks_names is {:?}, task_name is {:?}",
-                    all_effective_roles.clone(),
-                    owned_tasks_names.clone(),
-                    task_name.clone()
-                );
+
+        let has_admin_role = all_effective_roles
+            .iter()
+            .any(|role| role.to_lowercase() == BUILTIN_ROLE_ACCOUNT_ADMIN);
+
+        let req = if has_admin_role {
+            ShowTasksRequest {
+                tenant_id: tenant.tenant_name().to_string(),
+                name_like: "".to_string(),
+                result_limit: 10000, // TODO: use plan.limit pushdown
+                owners: all_effective_roles.clone(),
+                task_ids: vec![],
+                task_names: vec![],
+            }
+        } else {
+            let owned_tasks_names =
+                get_owned_task_names(user_api, &tenant, &all_effective_roles, has_admin_role).await;
+            if let Some(task_name) = &task_name {
+                // The user does not have admin role and not own the task_name
+                // Need directly return empty block
+                if !owned_tasks_names.contains(task_name) {
+                    info!(
+                        "--tasks:184 all_effective_roles is {:?}, owned_tasks_names is {:?}, task_name is {:?}",
+                        all_effective_roles.clone(),
+                        owned_tasks_names.clone(),
+                        task_name.clone()
+                    );
+                    return parse_task_runs_to_datablock(vec![]);
+                }
+            }
+            info!(
+                "--tasks:193 all_effective_roles is {:?}, owned_tasks_names is {:?}, task_name is {:?}",
+                all_effective_roles.clone(),
+                owned_tasks_names.clone(),
+                task_name.clone()
+            );
+            if owned_tasks_names.is_empty() {
                 return parse_task_runs_to_datablock(vec![]);
             }
-        }
-        info!(
-            "--tasks:175 all_effective_roles is {:?}, owned_tasks_names is {:?}, task_name is {:?}",
-            all_effective_roles.clone(),
-            owned_tasks_names.clone(),
-            task_name.clone()
-        );
-
-        let req = ShowTasksRequest {
-            tenant_id: tenant.tenant_name().to_string(),
-            name_like: "".to_string(),
-            result_limit: 10000, // TODO: use plan.limit pushdown
-            owners: all_effective_roles.clone(),
-            task_ids: vec![],
-            task_names: owned_tasks_names.clone(),
+            ShowTasksRequest {
+                tenant_id: tenant.tenant_name().to_string(),
+                name_like: "".to_string(),
+                result_limit: 10000, // TODO: use plan.limit pushdown
+                owners: all_effective_roles.clone(),
+                task_ids: vec![],
+                task_names: owned_tasks_names.clone(),
+            }
         };
 
         let cloud_api = CloudControlApiProvider::instance();
diff --git a/src/query/storages/system/src/util.rs b/src/query/storages/system/src/util.rs
@@ -19,7 +19,6 @@ use databend_common_expression::Scalar;
 use databend_common_meta_app::principal::OwnershipObject;
 use databend_common_meta_app::tenant::Tenant;
 use databend_common_users::UserApiProvider;
-use databend_common_users::BUILTIN_ROLE_ACCOUNT_ADMIN;
 
 pub fn find_eq_filter(expr: &Expr<String>, visitor: &mut impl FnMut(&str, &Scalar)) {
     match expr {
@@ -118,12 +117,10 @@ pub(crate) async fn get_owned_task_names(
     user_api: Arc<UserApiProvider>,
     tenant: &Tenant,
     all_effective_roles: &[String],
+    has_admin_role: bool,
 ) -> Vec<String> {
     let mut owned_tasks_names = vec![];
-    let has_admin_role = all_effective_roles
-        .iter()
-        .any(|role| role.to_lowercase() == BUILTIN_ROLE_ACCOUNT_ADMIN);
-    if has_admin_role {
+    if !has_admin_role {
         // Note: In old version databend-query the hashmap maybe empty
         let task_ownerships = user_api
             .list_tasks_ownerships(tenant)
