[enhance](auth)row policy support catalog and match name instead id

fe/fe-core/src/main/java/org/apache/doris/analysis/StmtRewriter.java

@@ -21,10 +21,8 @@
 package org.apache.doris.analysis;
 
 import org.apache.doris.catalog.Column;
-import org.apache.doris.catalog.DatabaseIf;
 import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.ScalarType;
-import org.apache.doris.catalog.TableIf;
 import org.apache.doris.catalog.Type;
 import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.TableAliasGenerator;
@@ -1327,16 +1325,17 @@ public static boolean rewriteByPolicy(StatementBase statementBase, Analyzer anal
             if (!(tableRef instanceof BaseTableRef)) {
                 continue;
             }
-            TableIf table = tableRef.getTable();
+            String tableName = tableRef.getName().getTbl();
             String dbName = tableRef.getName().getDb();
             if (dbName == null) {
                 dbName = analyzer.getDefaultDb();
             }
-            DatabaseIf db = currentEnv.getCatalogMgr().getCatalogOrAnalysisException(tableRef.getName().getCtl())
-                    .getDbOrAnalysisException(dbName);
-            long dbId = db.getId();
-            long tableId = table.getId();
-            RowPolicy matchPolicy = currentEnv.getPolicyMgr().getMatchTablePolicy(dbId, tableId, currentUserIdentity);
+            String ctlName = tableRef.getName().getCtl();
+            if (ctlName == null) {
+                ctlName = analyzer.getDefaultCatalog();
+            }
+            RowPolicy matchPolicy = currentEnv.getPolicyMgr()
+                    .getMatchTablePolicy(ctlName, dbName, tableName, currentUserIdentity);
             if (matchPolicy == null) {
                 continue;
             }

fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java

@@ -23,7 +23,6 @@
 import org.apache.doris.catalog.AuthorizationInfo;
 import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.authorizer.ranger.doris.RangerDorisAccessController;
-import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.Config;
 import org.apache.doris.common.UserException;
 import org.apache.doris.datasource.CatalogIf;
@@ -285,7 +284,7 @@ public Optional<DataMaskPolicy> evalDataMaskPolicy(UserIdentity currentUser, Str
     }
 
     public List<? extends RowFilterPolicy> evalRowFilterPolicies(UserIdentity currentUser, String
-            ctl, String db, String tbl) throws AnalysisException {
+            ctl, String db, String tbl) {
         Objects.requireNonNull(currentUser, "require currentUser object");
         Objects.requireNonNull(ctl, "require ctl object");
         Objects.requireNonNull(db, "require db object");

fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/CatalogAccessController.java

@@ -19,7 +19,6 @@
 
 import org.apache.doris.analysis.ResourceTypeEnum;
 import org.apache.doris.analysis.UserIdentity;
-import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.AuthorizationException;
 
 import java.util.List;
@@ -84,6 +83,5 @@ void checkColsPriv(UserIdentity currentUser, String ctl, String db, String tbl,
     Optional<DataMaskPolicy> evalDataMaskPolicy(UserIdentity currentUser, String ctl, String db, String tbl,
             String col);
 
-    List<? extends RowFilterPolicy> evalRowFilterPolicies(UserIdentity currentUser, String ctl, String db, String tbl)
-            throws AnalysisException;
+    List<? extends RowFilterPolicy> evalRowFilterPolicies(UserIdentity currentUser, String ctl, String db, String tbl);
 }

fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/InternalAccessController.java

@@ -19,15 +19,8 @@
 
 import org.apache.doris.analysis.ResourceTypeEnum;
 import org.apache.doris.analysis.UserIdentity;
-import org.apache.doris.catalog.Database;
 import org.apache.doris.catalog.Env;
-import org.apache.doris.catalog.Table;
-import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.AuthorizationException;
-import org.apache.doris.datasource.InternalCatalog;
-import org.apache.doris.policy.PolicyMgr;
-
-import com.google.common.collect.Lists;
 
 import java.util.List;
 import java.util.Optional;
@@ -90,15 +83,7 @@ public Optional<DataMaskPolicy> evalDataMaskPolicy(UserIdentity currentUser, Str
 
     @Override
     public List<? extends RowFilterPolicy> evalRowFilterPolicies(UserIdentity currentUser, String ctl, String db,
-            String tbl)
-            throws AnalysisException {
-        // current not support external catalog
-        if (!InternalCatalog.INTERNAL_CATALOG_NAME.equals(ctl)) {
-            return Lists.newArrayList();
-        }
-        PolicyMgr policyMgr = Env.getCurrentEnv().getPolicyMgr();
-        Database database = Env.getCurrentEnv().getInternalCatalog().getDbOrAnalysisException(db);
-        Table table = database.getTableOrAnalysisException(tbl);
-        return policyMgr.getUserPolicies(database.getId(), table.getId(), currentUser);
+            String tbl) {
+        return Env.getCurrentEnv().getPolicyMgr().getUserPolicies(ctl, db, tbl, currentUser);
     }
 }

fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/logical/LogicalCheckPolicy.java

@@ -133,13 +133,8 @@ public Optional<Expression> getFilter(LogicalRelation logicalRelation, ConnectCo
         String ctlName = catalogRelation.getDatabase().getCatalog().getName();
         String dbName = catalogRelation.getDatabase().getFullName();
         String tableName = catalogRelation.getTable().getName();
-        List<? extends RowFilterPolicy> policies = null;
-        try {
-            policies = accessManager.evalRowFilterPolicies(currentUserIdentity, ctlName,
-                    dbName, tableName);
-        } catch (org.apache.doris.common.AnalysisException e) {
-            throw new AnalysisException(e.getMessage(), e);
-        }
+        List<? extends RowFilterPolicy> policies = accessManager.evalRowFilterPolicies(currentUserIdentity, ctlName,
+                dbName, tableName);
         if (policies.isEmpty()) {
             return Optional.empty();
         }

fe/fe-core/src/main/java/org/apache/doris/policy/DropPolicyLog.java

@@ -19,18 +19,15 @@
 
 import org.apache.doris.analysis.DropPolicyStmt;
 import org.apache.doris.analysis.UserIdentity;
-import org.apache.doris.catalog.Database;
-import org.apache.doris.catalog.Env;
-import org.apache.doris.catalog.Table;
 import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.io.Text;
 import org.apache.doris.common.io.Writable;
 import org.apache.doris.persist.gson.GsonUtils;
-import org.apache.doris.qe.ConnectContext;
 
 import com.google.gson.annotations.SerializedName;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
+import lombok.Setter;
 
 import java.io.DataInput;
 import java.io.DataOutput;
@@ -41,14 +38,24 @@
  **/
 @AllArgsConstructor
 @Getter
+@Setter
 public class DropPolicyLog implements Writable {
 
+    @Deprecated
     @SerializedName(value = "dbId")
     private long dbId;
 
+    @Deprecated
     @SerializedName(value = "tableId")
     private long tableId;
 
+    @SerializedName(value = "ctlName")
+    private String ctlName;
+    @SerializedName(value = "dbName")
+    private String dbName;
+    @SerializedName(value = "tableName")
+    private String tableName;
+
     @SerializedName(value = "type")
     private PolicyTypeEnum type;
 
@@ -61,21 +68,32 @@ public class DropPolicyLog implements Writable {
     @SerializedName(value = "roleName")
     private String roleName;
 
+    public DropPolicyLog(PolicyTypeEnum type, String policyName) {
+        this.type = type;
+        this.policyName = policyName;
+    }
+
+    public DropPolicyLog(String ctlName, String dbName, String tableName, PolicyTypeEnum type, String policyName,
+            UserIdentity user, String roleName) {
+        this.ctlName = ctlName;
+        this.dbName = dbName;
+        this.tableName = tableName;
+        this.type = type;
+        this.policyName = policyName;
+        this.user = user;
+        this.roleName = roleName;
+    }
+
     /**
      * Generate delete logs through stmt.
      **/
     public static DropPolicyLog fromDropStmt(DropPolicyStmt stmt) throws AnalysisException {
         switch (stmt.getType()) {
             case STORAGE:
-                return new DropPolicyLog(-1, -1, stmt.getType(), stmt.getPolicyName(), null, null);
+                return new DropPolicyLog(stmt.getType(), stmt.getPolicyName());
             case ROW:
-                String curDb = stmt.getTableName().getDb();
-                if (curDb == null) {
-                    curDb = ConnectContext.get().getDatabase();
-                }
-                Database db = Env.getCurrentInternalCatalog().getDbOrAnalysisException(curDb);
-                Table table = db.getTableOrAnalysisException(stmt.getTableName().getTbl());
-                return new DropPolicyLog(db.getId(), table.getId(), stmt.getType(),
+                return new DropPolicyLog(stmt.getTableName().getCtl(), stmt.getTableName().getDb(),
+                        stmt.getTableName().getTbl(), stmt.getType(),
                         stmt.getPolicyName(), stmt.getUser(), stmt.getRoleName());
             default:
                 throw new AnalysisException("Invalid policy type: " + stmt.getType().name());

fe/fe-core/src/main/java/org/apache/doris/policy/Policy.java

@@ -19,9 +19,7 @@
 
 import org.apache.doris.analysis.CreatePolicyStmt;
 import org.apache.doris.analysis.UserIdentity;
-import org.apache.doris.catalog.DatabaseIf;
 import org.apache.doris.catalog.Env;
-import org.apache.doris.catalog.TableIf;
 import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.DdlException;
 import org.apache.doris.common.io.Text;
@@ -113,16 +111,13 @@ public static Policy fromCreateStmt(CreatePolicyStmt stmt) throws AnalysisExcept
                 return storagePolicy;
             case ROW:
                 // stmt must be analyzed.
-                DatabaseIf db = Env.getCurrentEnv().getCatalogMgr()
-                        .getCatalogOrAnalysisException(stmt.getTableName().getCtl())
-                        .getDbOrAnalysisException(stmt.getTableName().getDb());
                 UserIdentity userIdent = stmt.getUser();
                 if (userIdent != null) {
                     userIdent.analyze();
                 }
-                TableIf table = db.getTableOrAnalysisException(stmt.getTableName().getTbl());
-                return new RowPolicy(policyId, stmt.getPolicyName(), db.getId(), userIdent, stmt.getRoleName(),
-                        stmt.getOrigStmt().originStmt, table.getId(), stmt.getFilterType(), stmt.getWherePredicate());
+                return new RowPolicy(policyId, stmt.getPolicyName(), stmt.getTableName().getCtl(),
+                        stmt.getTableName().getDb(), stmt.getTableName().getTbl(), userIdent, stmt.getRoleName(),
+                        stmt.getOrigStmt().originStmt, stmt.getFilterType(), stmt.getWherePredicate());
             default:
                 throw new AnalysisException("Unknown policy type: " + stmt.getType());
         }