This is an automated email from the ASF dual-hosted git repository.
zyk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 2c190fc60f [IOTDB-3889]List Privileges Role on Path cannot display a
wider range path pattern (#6718)
2c190fc60f is described below
commit 2c190fc60f358211ba48e1199496238736f38495
Author: Yifu Zhou <[email protected]>
AuthorDate: Wed Jul 20 18:15:47 2022 +0800
[IOTDB-3889]List Privileges Role on Path cannot display a wider range path
pattern (#6718)
[IOTDB-3889]List Privileges Role on Path cannot display a wider range path
pattern (#6718)
---
.../iotdb/confignode/persistence/AuthorInfo.java | 6 +-
.../Administration-Management/Administration.md | 84 ++++++++++------------
.../Administration-Management/Administration.md | 84 ++++++++++------------
.../org/apache/iotdb/commons/utils/AuthUtils.java | 17 +++++
.../iotdb/db/localconfignode/LocalConfigNode.java | 6 +-
.../apache/iotdb/db/qp/executor/PlanExecutor.java | 8 ++-
6 files changed, 106 insertions(+), 99 deletions(-)
diff --git
a/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
b/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
index 34178a99c4..5520b27a10 100644
---
a/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
+++
b/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
@@ -294,7 +294,7 @@ public class AuthorInfo implements SnapshotProcessor {
List<String> rolePrivilegesList = new ArrayList<>();
for (PathPrivilege pathPrivilege : role.getPrivilegeList()) {
if (plan.getNodeName().equals("")
- || AuthUtils.pathBelongsTo(plan.getNodeName(),
pathPrivilege.getPath())) {
+ || AuthUtils.pathOrBelongsTo(plan.getNodeName(),
pathPrivilege.getPath())) {
rolePrivilegesList.add(pathPrivilege.toString());
}
}
@@ -331,7 +331,7 @@ public class AuthorInfo implements SnapshotProcessor {
List<String> rolePrivileges = new ArrayList<>();
for (PathPrivilege pathPrivilege : user.getPrivilegeList()) {
if (plan.getNodeName().equals("")
- || AuthUtils.pathBelongsTo(plan.getNodeName(),
pathPrivilege.getPath())) {
+ || AuthUtils.pathOrBelongsTo(plan.getNodeName(),
pathPrivilege.getPath())) {
rolePrivileges.add("");
userPrivilegesList.add(pathPrivilege.toString());
}
@@ -343,7 +343,7 @@ public class AuthorInfo implements SnapshotProcessor {
}
for (PathPrivilege pathPrivilege : role.getPrivilegeList()) {
if (plan.getNodeName().equals("")
- || AuthUtils.pathBelongsTo(plan.getNodeName(),
pathPrivilege.getPath())) {
+ || AuthUtils.pathOrBelongsTo(plan.getNodeName(),
pathPrivilege.getPath())) {
rolePrivileges.add(roleN);
userPrivilegesList.add(pathPrivilege.toString());
}
diff --git a/docs/UserGuide/Administration-Management/Administration.md
b/docs/UserGuide/Administration-Management/Administration.md
index e46ec44891..22fe3d4e47 100644
--- a/docs/UserGuide/Administration-Management/Administration.md
+++ b/docs/UserGuide/Administration-Management/Administration.md
@@ -263,11 +263,28 @@ LIST ROLE
Eg: IoTDB > LIST ROLE
```
-* List Privileges
-
-```
-LIST PRIVILEGES USER <username> ON <path>;
-Eg: IoTDB > LIST PRIVILEGES USER `sgcc_write_user` ON root.sgcc.**;
+* List Related Privileges of Users(On Specific Path)
+
+```
+LIST PRIVILEGES USER <username> ON <path>;
+Eg: IoTDB> LIST PRIVILEGES USER `tempuser` ON root.ln.**;
++--------+-----------------------------------+
+| role| privilege|
++--------+-----------------------------------+
+| | root.ln.** : ALTER_TIMESERIES|
+|temprole|root.ln.wf01.** : CREATE_TIMESERIES|
++--------+-----------------------------------+
+Total line number = 2
+It costs 0.005s
+IoTDB> LIST PRIVILEGES USER `tempuser` ON root.ln.wf01.wt01.**;
++--------+-----------------------------------+
+| role| privilege|
++--------+-----------------------------------+
+| | root.ln.** : ALTER_TIMESERIES|
+|temprole|root.ln.wf01.** : CREATE_TIMESERIES|
++--------+-----------------------------------+
+Total line number = 2
+It costs 0.005s
```
* List Privileges of Roles
@@ -277,11 +294,26 @@ LIST ROLE PRIVILEGES <roleName>
Eg: IoTDB > LIST ROLE PRIVILEGES `actor`;
```
-* List Privileges of Roles(On Specific Path)
+* List Related Privileges of Roles(On Specific Path)
```
LIST PRIVILEGES ROLE <roleName> ON <path>;
-Eg: IoTDB > LIST PRIVILEGES ROLE `write_role` ON root.sgcc.**;
+Eg: IoTDB> LIST PRIVILEGES ROLE `temprole` ON root.ln.**;
++-----------------------------------+
+| privilege|
++-----------------------------------+
+|root.ln.wf01.** : CREATE_TIMESERIES|
++-----------------------------------+
+Total line number = 1
+It costs 0.005s
+IoTDB> LIST PRIVILEGES ROLE `temprole` ON root.ln.wf01.wt01.**;
++-----------------------------------+
+| privilege|
++-----------------------------------+
+|root.ln.wf01.** : CREATE_TIMESERIES|
++-----------------------------------+
+Total line number = 1
+It costs 0.005s
```
* List Privileges of Users
@@ -442,44 +474,6 @@ Eg: IoTDB > unset schema template t1 from root.sg1.d1
Eg: IoTDB > drop schema template t1
```
-###### Tag and Attribute Management
-
-- Rename the tag/attribute key
-
-```text
-ALTER timeseries root.turbine.d1.s1 RENAME tag1 TO newTag1
-```
-
-- reset the tag/attribute value
-
-```text
-ALTER timeseries root.turbine.d1.s1 SET newTag1=newV1, attr1=newV1
-```
-
-- delete the existing tag/attribute
-
-```text
-ALTER timeseries root.turbine.d1.s1 DROP tag1, tag2
-```
-
-- add new tags
-
-```text
-ALTER timeseries root.turbine.d1.s1 ADD TAGS tag3=v3, tag4=v4
-```
-
-- add new attributes
-
-```text
-ALTER timeseries root.turbine.d1.s1 ADD ATTRIBUTES attr3=v3, attr4=v4
-```
-
-- upsert alias, tags and attributes
-
-```text
-ALTER timeseries root.turbine.d1.s1 UPSERT ALIAS=newAlias TAGS(tag3=v3,
tag4=v4) ATTRIBUTES(attr3=v3, attr4=v4)
-```
-
###### TsFile Management
- Load TsFiles
diff --git a/docs/zh/UserGuide/Administration-Management/Administration.md
b/docs/zh/UserGuide/Administration-Management/Administration.md
index c51787f1a1..9e6bf3c010 100644
--- a/docs/zh/UserGuide/Administration-Management/Administration.md
+++ b/docs/zh/UserGuide/Administration-Management/Administration.md
@@ -262,11 +262,28 @@ LIST ROLE
Eg: IoTDB > LIST ROLE
```
-* 列出权限
-
-```
-LIST PRIVILEGES USER <username> ON <path>;
-Eg: IoTDB > LIST PRIVILEGES USER `sgcc_write_user` ON root.sgcc.**;
+* 列出用户在具体路径上相关联的权限
+
+```
+LIST PRIVILEGES USER <username> ON <path>;
+Eg: IoTDB> LIST PRIVILEGES USER `tempuser` ON root.ln.**;
++--------+-----------------------------------+
+| role| privilege|
++--------+-----------------------------------+
+| | root.ln.** : ALTER_TIMESERIES|
+|temprole|root.ln.wf01.** : CREATE_TIMESERIES|
++--------+-----------------------------------+
+Total line number = 2
+It costs 0.005s
+IoTDB> LIST PRIVILEGES USER `tempuser` ON root.ln.wf01.wt01.**;
++--------+-----------------------------------+
+| role| privilege|
++--------+-----------------------------------+
+| | root.ln.** : ALTER_TIMESERIES|
+|temprole|root.ln.wf01.** : CREATE_TIMESERIES|
++--------+-----------------------------------+
+Total line number = 2
+It costs 0.005s
```
* 列出角色权限
@@ -276,11 +293,26 @@ LIST ROLE PRIVILEGES <roleName>
Eg: IoTDB > LIST ROLE PRIVILEGES `actor`;
```
-* 列出角色在具体路径上的权限
+* 列出角色在具体路径上相关联的权限
```
LIST PRIVILEGES ROLE <roleName> ON <path>;
-Eg: IoTDB > LIST PRIVILEGES ROLE `write_role` ON root.sgcc.**;
+Eg: IoTDB> LIST PRIVILEGES ROLE `temprole` ON root.ln.**;
++-----------------------------------+
+| privilege|
++-----------------------------------+
+|root.ln.wf01.** : CREATE_TIMESERIES|
++-----------------------------------+
+Total line number = 1
+It costs 0.005s
+IoTDB> LIST PRIVILEGES ROLE `temprole` ON root.ln.wf01.wt01.**;
++-----------------------------------+
+| privilege|
++-----------------------------------+
+|root.ln.wf01.** : CREATE_TIMESERIES|
++-----------------------------------+
+Total line number = 1
+It costs 0.005s
```
* 列出用户权限
@@ -438,44 +470,6 @@ Eg: IoTDB > unset schema template t1 from root.sg1.d1
Eg: IoTDB > drop schema template t1
```
-###### 标签点管理
-
-- 重命名标签或属性
-
-```text
-ALTER timeseries root.turbine.d1.s1 RENAME tag1 TO newTag1
-```
-
-- 重新设置标签或属性的值
-
-```text
-ALTER timeseries root.turbine.d1.s1 SET newTag1=newV1, attr1=newV1
-```
-
-- 删除已经存在的标签或属性
-
-```text
-ALTER timeseries root.turbine.d1.s1 DROP tag1, tag2
-```
-
-- 添加新的标签
-
-```text
-ALTER timeseries root.turbine.d1.s1 ADD TAGS tag3=v3, tag4=v4
-```
-
-- 添加新的属性
-
-```text
-ALTER timeseries root.turbine.d1.s1 ADD ATTRIBUTES attr3=v3, attr4=v4
-```
-
-- 更新插入别名,标签和属性
-
-```text
-ALTER timeseries root.turbine.d1.s1 UPSERT ALIAS=newAlias TAGS(tag2=newV2,
tag3=v3) ATTRIBUTES(attr3=v3, attr4=v4)
-```
-
###### TsFile管理
- 加载TsFile
diff --git
a/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java
b/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java
index 4306eb28ed..edab238ff8 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java
@@ -216,6 +216,23 @@ public class AuthUtils {
}
}
+ /**
+ * check if pathA either belongs to pathB or pathB belongs to pathA
according to path pattern.
+ *
+ * @param pathA path
+ * @param pathB path
+ * @return True if pathA is a sub pattern of pathB, or pathB is a sub
pattern of pathA
+ */
+ public static boolean pathOrBelongsTo(String pathA, String pathB) throws
AuthException {
+ try {
+ PartialPath partialPathA = new PartialPath(pathA);
+ PartialPath partialPathB = new PartialPath(pathB);
+ return partialPathB.matchFullPath(partialPathA) ||
partialPathA.matchFullPath(partialPathB);
+ } catch (IllegalPathException e) {
+ throw new AuthException(e);
+ }
+ }
+
/**
* check privilege.
*
diff --git
a/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java
b/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java
index 8584677ab0..aea7b4e71d 100644
---
a/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java
+++
b/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java
@@ -1199,7 +1199,7 @@ public class LocalConfigNode {
List<String> rolePrivilegesList = new ArrayList<>();
for (PathPrivilege pathPrivilege : role.getPrivilegeList()) {
if (authorStatement.getNodeName().getFullPath().equals("")
- || AuthUtils.pathBelongsTo(
+ || AuthUtils.pathOrBelongsTo(
authorStatement.getNodeName().getFullPath(),
pathPrivilege.getPath())) {
rolePrivilegesList.add(pathPrivilege.toString());
}
@@ -1231,7 +1231,7 @@ public class LocalConfigNode {
List<String> rolePrivileges = new ArrayList<>();
for (PathPrivilege pathPrivilege : user.getPrivilegeList()) {
if (authorStatement.getNodeName().getFullPath().equals("")
- || AuthUtils.pathBelongsTo(
+ || AuthUtils.pathOrBelongsTo(
authorStatement.getNodeName().getFullPath(),
pathPrivilege.getPath())) {
rolePrivileges.add("");
userPrivilegesList.add(pathPrivilege.toString());
@@ -1244,7 +1244,7 @@ public class LocalConfigNode {
}
for (PathPrivilege pathPrivilege : role.getPrivilegeList()) {
if (authorStatement.getNodeName().getFullPath().equals("")
- || AuthUtils.pathBelongsTo(
+ || AuthUtils.pathOrBelongsTo(
authorStatement.getNodeName().getFullPath(),
pathPrivilege.getPath())) {
rolePrivileges.add(roleN);
userPrivilegesList.add(pathPrivilege.toString());
diff --git
a/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
b/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
index a3c3ebc80c..95f6381c6c 100644
--- a/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
+++ b/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
@@ -2368,7 +2368,8 @@ public class PlanExecutor implements IPlanExecutor {
ListDataSet dataSet = new ListDataSet(headerList, typeList);
int index = 0;
for (PathPrivilege pathPrivilege : role.getPrivilegeList()) {
- if (path == null || AuthUtils.pathBelongsTo(path.getFullPath(),
pathPrivilege.getPath())) {
+ if (path == null
+ || AuthUtils.pathOrBelongsTo(path.getFullPath(),
pathPrivilege.getPath())) {
RowRecord record = new RowRecord(index++);
Field field = new Field(TSDataType.TEXT);
field.setBinaryV(new Binary(pathPrivilege.toString()));
@@ -2410,7 +2411,8 @@ public class PlanExecutor implements IPlanExecutor {
typeList.add(TSDataType.TEXT);
ListDataSet dataSet = new ListDataSet(headerList, typeList);
for (PathPrivilege pathPrivilege : user.getPrivilegeList()) {
- if (path == null || AuthUtils.pathBelongsTo(path.getFullPath(),
pathPrivilege.getPath())) {
+ if (path == null
+ || AuthUtils.pathOrBelongsTo(path.getFullPath(),
pathPrivilege.getPath())) {
RowRecord record = new RowRecord(index++);
Field roleF = new Field(TSDataType.TEXT);
roleF.setBinaryV(new Binary(""));
@@ -2428,7 +2430,7 @@ public class PlanExecutor implements IPlanExecutor {
}
for (PathPrivilege pathPrivilege : role.getPrivilegeList()) {
if (path == null
- || AuthUtils.pathBelongsTo(path.getFullPath(),
pathPrivilege.getPath())) {
+ || AuthUtils.pathOrBelongsTo(path.getFullPath(),
pathPrivilege.getPath())) {
RowRecord record = new RowRecord(index++);
Field roleF = new Field(TSDataType.TEXT);
roleF.setBinaryV(new Binary(roleN));
