fix wrong scope

Signed-off-by: lance6716 <[email protected]>
pingcap · Nov 30, 2022 · 8dc362c · 8dc362c
1 parent 76dc163
commit 8dc362c
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 17 deletions.
diff --git a/dm/pkg/checker/privilege.go b/dm/pkg/checker/privilege.go
@@ -364,6 +364,7 @@ func VerifyPrivileges(
 				}
 			}
 		case ast.GrantLevelTable:
+			dbName := grantStmt.Level.DBName
 			for _, privElem := range grantStmt.Privs {
 				// all privileges available at a given privilege level (except GRANT OPTION)
 				// from https://dev.mysql.com/doc/refman/5.7/en/privileges-provided.html#priv_all
@@ -372,36 +373,28 @@ func VerifyPrivileges(
 						if privs.needGlobal {
 							continue
 						}
-						for dbName, dbPrivs := range privs.dbs {
-							if dbPrivs.wholeDB {
-								continue
-							}
-							if !stringutil.DoMatch(dbName, dbPatChar, dbPatType) {
-								continue
-							}
-							delete(dbPrivs.tables, tableName)
+						dbPrivs, ok := privs.dbs[dbName]
+						if !ok || dbPrivs.wholeDB {
+							continue
 						}
+						delete(dbPrivs.tables, tableName)
 					}
 					continue
 				}
 				privs, ok := lackPrivs[privElem.Priv]
 				if !ok || privs.needGlobal {
 					continue
 				}
+				dbPrivs, ok := privs.dbs[dbName]
+				if !ok || dbPrivs.wholeDB {
+					continue
+				}
 				// dumpling could report error if an allow-list table is lack of privilege.
 				// we only check that SELECT is granted on all columns, otherwise we can't SHOW CREATE TABLE
 				if privElem.Priv == mysql.SelectPriv && len(privElem.Cols) != 0 {
 					continue
 				}
-				for dbName, dbPrivs := range privs.dbs {
-					if dbPrivs.wholeDB {
-						continue
-					}
-					if !stringutil.DoMatch(dbName, dbPatChar, dbPatType) {
-						continue
-					}
-					delete(dbPrivs.tables, tableName)
-				}
+				delete(dbPrivs.tables, tableName)
 			}
 		}
 	}

diff --git a/dm/pkg/checker/privilege_test.go b/dm/pkg/checker/privilege_test.go
@@ -382,6 +382,17 @@ func TestVerifyPrivilegesWildcard(t *testing.T) {
 			replicationState: StateFailure,
 			errStr:           "lack of Select privilege: {`block_db`.`t1`}; ",
 		},
+		{
+			grants: []string{
+				"GRANT SELECT ON `demo_db`.`t1` TO `dmuser`@`%`",
+			},
+			checkTables: []filter.Table{
+				{Schema: "demo_db", Name: "t1"},
+				{Schema: "demo2db", Name: "t1"},
+			},
+			replicationState: StateFailure,
+			errStr:           "lack of Select privilege: {`demo2db`.`t1`}; ",
+		},
 	}
 
 	for i, cs := range cases {