This is an automated email from the ASF dual-hosted git repository.
haonan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 2427167706 [IOTDB-2782] When users are not granted READ_TIMESERIES or
INSERT_TIMESERIES, the verification prompt needs to be unified (#7173)
2427167706 is described below
commit 24271677060e6ee70541d5649cd4b44647e80b88
Author: 任宇华 <[email protected]>
AuthorDate: Wed Aug 31 15:55:49 2022 +0800
[IOTDB-2782] When users are not granted READ_TIMESERIES or
INSERT_TIMESERIES, the verification prompt needs to be unified (#7173)
---
docs/UserGuide/API/Status-Codes.md | 2 +-
.../Administration-Management/Administration.md | 4 ++--
docs/UserGuide/Query-Data/Fill-Null-Value.md | 6 +++---
.../Administration-Management/Administration.md | 4 ++--
docs/zh/UserGuide/Query-Data/Fill-Null-Value.md | 6 +++---
.../iotdb/db/integration/IoTDBAuthorizationIT.java | 25 ++++++++++++++++++----
jdbc/README.md | 2 +-
.../apache/iotdb/commons/utils/StatusUtils.java | 2 +-
.../org/apache/iotdb/db/auth/AuthorityChecker.java | 6 ++++--
.../iotdb/db/query/control/SessionManager.java | 5 ++++-
.../db/service/thrift/impl/TSServiceImpl.java | 5 ++++-
11 files changed, 46 insertions(+), 21 deletions(-)
diff --git a/docs/UserGuide/API/Status-Codes.md
b/docs/UserGuide/API/Status-Codes.md
index 16ef2a3089..f3bdeb6ff8 100644
--- a/docs/UserGuide/API/Status-Codes.md
+++ b/docs/UserGuide/API/Status-Codes.md
@@ -91,7 +91,7 @@ Here is a list of Status Code and related message:
|506|MULTIPLE_ERROR|Meet error when executing multiple statements|
|600|WRONG_LOGIN_PASSWORD_ERROR|Username or password is wrong|
|601|NOT_LOGIN_ERROR|Has not logged in|
-|602|NO_PERMISSION_ERROR|No permissions for this operation|
+|602|NO_PERMISSION_ERROR|No permissions for this operation, please add
privilege|
|603|UNINITIALIZED_AUTH_ERROR|Uninitialized authorizer|
|700|PARTITION_NOT_READY|Partition table not ready|
|701|TIME_OUT|Operation timeout|
diff --git a/docs/UserGuide/Administration-Management/Administration.md
b/docs/UserGuide/Administration-Management/Administration.md
index a44227b2b4..e4aeebb24c 100644
--- a/docs/UserGuide/Administration-Management/Administration.md
+++ b/docs/UserGuide/Administration-Management/Administration.md
@@ -91,7 +91,7 @@ The SQL statement will not be executed and the corresponding
error prompt is giv
```
IoTDB> INSERT INTO root.ln.wf01.wt01(timestamp,status)
values(1509465600000,true)
-Msg: 602: No permissions for this operation INSERT
+Msg: 602: No permissions for this operation, please add privilege
INSERT_TIMESERIES.
```
Now, we use root user to grant the two users write privileges to the
corresponding storage groups.
@@ -144,7 +144,7 @@ Msg: The statement is executed successfully.
After revoking, ln_write_user has no permission to writing data to root.ln.**
```
INSERT INTO root.ln.wf01.wt01(timestamp, status) values(1509465600000, true)
-Msg: 602: No permissions for this operation INSERT
+Msg: 602: No permissions for this operation, please add privilege
INSERT_TIMESERIES.
```
### SQL Statements
diff --git a/docs/UserGuide/Query-Data/Fill-Null-Value.md
b/docs/UserGuide/Query-Data/Fill-Null-Value.md
index 291f3e5326..088501ee73 100644
--- a/docs/UserGuide/Query-Data/Fill-Null-Value.md
+++ b/docs/UserGuide/Query-Data/Fill-Null-Value.md
@@ -55,7 +55,7 @@ fill(previous)
Here we give an example of filling null values using the previous method. The
SQL statement is as follows:
```sql
-select temperature, status from root.sgcc.wf03.wt01 where time =>
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000
+select temperature, status from root.sgcc.wf03.wt01 where time >=
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000
```
if we don't use any fill methods, the original result will be like:
@@ -76,7 +76,7 @@ Total line number = 4
if we use previous fill, sql will be like:
```sql
-select temperature from root.sgcc.wf03.wt01 where time =>
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000 fill(previous)
+select temperature from root.sgcc.wf03.wt01 where time >=
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000 fill(previous)
```
previous filled result will be like:
@@ -109,7 +109,7 @@ fill(linear)
Here we give an example of filling null values using the linear method. The
SQL statement is as follows:
```sql
-select temperature from root.sgcc.wf03.wt01 where time =>
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000 fill(linear)
+select temperature from root.sgcc.wf03.wt01 where time >=
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000 fill(linear)
```
linear filled result will be like:
diff --git a/docs/zh/UserGuide/Administration-Management/Administration.md
b/docs/zh/UserGuide/Administration-Management/Administration.md
index 43c6cdcd45..a788a8bec9 100644
--- a/docs/zh/UserGuide/Administration-Management/Administration.md
+++ b/docs/zh/UserGuide/Administration-Management/Administration.md
@@ -90,7 +90,7 @@ INSERT INTO root.ln.wf01.wt01(timestamp,status)
values(1509465600000,true)
```
IoTDB> INSERT INTO root.ln.wf01.wt01(timestamp,status)
values(1509465600000,true)
-Msg: 602: No permissions for this operation INSERT
+Msg: 602: No permissions for this operation, please add privilege
INSERT_TIMESERIES.
```
现在,我们用root用户分别赋予他们向对应存储组数据的写入权限.
@@ -143,7 +143,7 @@ Msg: The statement is executed successfully.
撤销权限后,ln_write_user就没有向root.ln.**写入数据的权限了。
```
INSERT INTO root.ln.wf01.wt01(timestamp, status) values(1509465600000, true)
-Msg: 602: No permissions for this operation INSERT
+Msg: 602: No permissions for this operation, please add privilege
INSERT_TIMESERIES.
```
### SQL 语句
diff --git a/docs/zh/UserGuide/Query-Data/Fill-Null-Value.md
b/docs/zh/UserGuide/Query-Data/Fill-Null-Value.md
index e561c4e961..6ee476972d 100644
--- a/docs/zh/UserGuide/Query-Data/Fill-Null-Value.md
+++ b/docs/zh/UserGuide/Query-Data/Fill-Null-Value.md
@@ -55,7 +55,7 @@ fill(previous)
在这里,我们举一个使用 Previous 方法填充空值的示例。 SQL 语句如下:
```sql
-select temperature, status from root.sgcc.wf03.wt01 where time =>
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000
+select temperature, status from root.sgcc.wf03.wt01 where time >=
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000
```
如果我们不使用任何填充方式,原始的查询结果如下:
@@ -76,7 +76,7 @@ Total line number = 4
如果我们使用previous填充, SQL 语句如下:
```sql
-select temperature from root.sgcc.wf03.wt01 where time =>
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000 fill(previous)
+select temperature from root.sgcc.wf03.wt01 where time >=
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000 fill(previous)
```
previous填充后的结果如下:
@@ -110,7 +110,7 @@ fill(linear)
在这里,我们举一个使用线性方法填充空值的示例。 SQL 语句如下:
```sql
-select temperature from root.sgcc.wf03.wt01 where time =>
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000 fill(linear)
+select temperature from root.sgcc.wf03.wt01 where time >=
2017-11-01T16:37:00.000 and time <= 2017-11-01T16:40:00.000 fill(linear)
```
线性填充后的结果如下:
diff --git
a/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
b/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
index 3165aaa437..022668e095 100644
---
a/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
+++
b/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
@@ -18,6 +18,9 @@
*/
package org.apache.iotdb.db.integration;
+import org.apache.iotdb.commons.auth.entity.PrivilegeType;
+import org.apache.iotdb.db.auth.AuthorityChecker;
+import org.apache.iotdb.db.qp.logical.Operator;
import org.apache.iotdb.db.utils.EnvironmentUtils;
import org.apache.iotdb.itbase.category.LocalStandaloneTest;
import org.apache.iotdb.jdbc.Config;
@@ -1023,9 +1026,17 @@ public class IoTDBAuthorizationIT {
} catch (BatchUpdateException e) {
assertEquals(
System.lineSeparator()
- + "No permissions for this operation CREATE_TIMESERIES for
SQL: \"CREATE TIMESERIES root.sg1.d1.s1 WITH DATATYPE=INT64\""
+ + "No permissions for this operation, please add privilege "
+ + PrivilegeType.values()[
+ AuthorityChecker.translateToPermissionId(
+ Operator.OperatorType.CREATE_TIMESERIES)]
+ + " for SQL: \"CREATE TIMESERIES root.sg1.d1.s1 WITH
DATATYPE=INT64\""
+ System.lineSeparator()
- + "No permissions for this operation CREATE_TIMESERIES for
SQL: \"CREATE TIMESERIES root.sg2.d1.s1 WITH DATATYPE=INT64\""
+ + "No permissions for this operation, please add privilege "
+ + PrivilegeType.values()[
+ AuthorityChecker.translateToPermissionId(
+ Operator.OperatorType.CREATE_TIMESERIES)]
+ + " for SQL: \"CREATE TIMESERIES root.sg2.d1.s1 WITH
DATATYPE=INT64\""
+ System.lineSeparator(),
e.getMessage());
}
@@ -1057,9 +1068,15 @@ public class IoTDBAuthorizationIT {
System.out.println(e.getMessage());
assertEquals(
System.lineSeparator()
- + "No permissions for this operation INSERT for SQL:
\"insert into root.sg2.d1(timestamp,s1) values (2,1)\""
+ + "No permissions for this operation, please add privilege "
+ + PrivilegeType.values()[
+
AuthorityChecker.translateToPermissionId(Operator.OperatorType.INSERT)]
+ + " for SQL: \"insert into root.sg2.d1(timestamp,s1) values
(2,1)\""
+ System.lineSeparator()
- + "No permissions for this operation INSERT for SQL:
\"insert into root.sg2.d1(timestamp,s1) values (4,1)\""
+ + "No permissions for this operation, please add privilege "
+ + PrivilegeType.values()[
+
AuthorityChecker.translateToPermissionId(Operator.OperatorType.INSERT)]
+ + " for SQL: \"insert into root.sg2.d1(timestamp,s1) values
(4,1)\""
+ System.lineSeparator(),
e.getMessage());
}
diff --git a/jdbc/README.md b/jdbc/README.md
index cc7d8147a7..b7d1cda796 100644
--- a/jdbc/README.md
+++ b/jdbc/README.md
@@ -245,7 +245,7 @@ Here is a list of Status Code and related message:
|500|INTERNAL_SERVER_ERROR|Internal server error|
|600|WRONG_LOGIN_PASSWORD_ERROR|Username or password is wrong|
|601|NOT_LOGIN_ERROR|Has not logged in|
-|602|NO_PERMISSION_ERROR|No permissions for this operation|
+|602|NO_PERMISSION_ERROR|No permissions for this operation, please add
privilege|
|603|UNINITIALIZED_AUTH_ERROR|Uninitialized authorizer|
##How to try IoTDB JDBC using Karaf
diff --git
a/node-commons/src/main/java/org/apache/iotdb/commons/utils/StatusUtils.java
b/node-commons/src/main/java/org/apache/iotdb/commons/utils/StatusUtils.java
index 1f202f359a..61c35a90b4 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/utils/StatusUtils.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/utils/StatusUtils.java
@@ -200,7 +200,7 @@ public class StatusUtils {
status.setMessage("Has not logged in. ");
break;
case NO_PERMISSION_ERROR:
- status.setMessage("No permissions for this operation. ");
+ status.setMessage("No permissions for this operation, please add
privilege. ");
break;
case UNINITIALIZED_AUTH_ERROR:
status.setMessage("Uninitialized authorizer. ");
diff --git
a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index c2ab844409..f524f6fd76 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -154,7 +154,9 @@ public class AuthorityChecker {
if (!checkAuthorization(statement,
sessionManager.getUsername(sessionId))) {
return RpcUtils.getStatus(
TSStatusCode.NO_PERMISSION_ERROR,
- "No permissions for this operation " + statement.getType());
+ "No permissions for this operation, please add privilege "
+ + PrivilegeType.values()[
+
AuthorityChecker.translateToPermissionId(statement.getType())]);
}
} catch (AuthException e) {
logger.warn("meet error while checking authorization.", e);
@@ -180,7 +182,7 @@ public class AuthorityChecker {
username, statement.getPaths(), statement.getType(), targetUser);
}
- private static int translateToPermissionId(Operator.OperatorType type) {
+ public static int translateToPermissionId(Operator.OperatorType type) {
switch (type) {
case GRANT_ROLE_PRIVILEGE:
return PrivilegeType.GRANT_ROLE_PRIVILEGE.ordinal();
diff --git
a/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
b/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
index 0a0584616d..f1a1b2592e 100644
--- a/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
+++ b/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
@@ -20,6 +20,7 @@ package org.apache.iotdb.db.query.control;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
+import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.auth.AuthorizerManager;
@@ -342,7 +343,9 @@ public class SessionManager {
if (!checkAuthorization(plan, sessionIdToUsername.get(sessionId))) {
return RpcUtils.getStatus(
TSStatusCode.NO_PERMISSION_ERROR,
- "No permissions for this operation " + plan.getOperatorType());
+ "No permissions for this operation, please add privilege "
+ + PrivilegeType.values()[
+
AuthorityChecker.translateToPermissionId(plan.getOperatorType())]);
}
} catch (AuthException e) {
LOGGER.warn("meet error while checking authorization.", e);
diff --git
a/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java
b/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java
index 0fefed3604..8771e43ebc 100644
---
a/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java
+++
b/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java
@@ -28,6 +28,7 @@ import org.apache.iotdb.commons.exception.IoTDBException;
import org.apache.iotdb.commons.exception.MetadataException;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.utils.PathUtils;
+import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.auth.AuthorizerManager;
import org.apache.iotdb.db.conf.IoTDBConfig;
import org.apache.iotdb.db.conf.IoTDBDescriptor;
@@ -810,7 +811,9 @@ public class TSServiceImpl implements
IClientRPCServiceWithHandler {
return RpcUtils.getTSExecuteStatementResp(
RpcUtils.getStatus(
TSStatusCode.NO_PERMISSION_ERROR,
- "No permissions for this operation " + plan.getOperatorType()));
+ "No permissions for this operation, please add privilege "
+ + OperatorType.values()[
+
AuthorityChecker.translateToPermissionId(plan.getOperatorType())]));
}
long queryId = context.getQueryId();
