This is an automated email from the ASF dual-hosted git repository. jackietien pushed a commit to branch ChangeBackAlterTemplate in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit d4ece1edcb5c823f51db526cf62837feb521fad0 Author: JackieTien97 <[email protected]> AuthorDate: Tue Nov 28 20:31:54 2023 +0800 Only root can alter template --- .../db/it/auth/IoTDBTemplatePermissionIT.java | 5 ++ .../analyze/schema/AutoCreateSchemaExecutor.java | 61 ++++++++++++++++------ .../InternalBatchActivateTemplateStatement.java | 17 ------ .../template/AlterSchemaTemplateStatement.java | 19 ------- 4 files changed, 50 insertions(+), 52 deletions(-) diff --git a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplatePermissionIT.java b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplatePermissionIT.java index db3d335efcd..7ac8a1e96a5 100644 --- a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplatePermissionIT.java +++ b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplatePermissionIT.java @@ -72,6 +72,11 @@ public class IoTDBTemplatePermissionIT { "803: Only the admin user can perform this operation", "test", "test123"); + assertNonQueryTestFail( + "alter device template t1 add (speed FLOAT encoding=RLE, FLOAT TEXT encoding=PLAIN compression=SNAPPY)", + "803: Only the admin user can perform this operation", + "test", + "test123"); assertNonQueryTestFail( "show device templates", "803: Only the admin user can perform this operation", diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/AutoCreateSchemaExecutor.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/AutoCreateSchemaExecutor.java index 5340cd9c378..4fca45790ea 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/AutoCreateSchemaExecutor.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/AutoCreateSchemaExecutor.java @@ -20,10 +20,12 @@ package org.apache.iotdb.db.queryengine.plan.analyze.schema; import org.apache.iotdb.common.rpc.thrift.TSStatus; +import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.exception.IoTDBException; import org.apache.iotdb.commons.exception.MetadataException; import org.apache.iotdb.commons.path.MeasurementPath; import org.apache.iotdb.commons.path.PartialPath; +import org.apache.iotdb.commons.service.metric.PerformanceOverviewMetrics; import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.conf.IoTDBConfig; import org.apache.iotdb.db.conf.IoTDBDescriptor; @@ -194,12 +196,44 @@ class AutoCreateSchemaExecutor { List<String> measurementList, List<TSDataType> dataTypeList, MPPQueryContext context) { + long startTime = System.nanoTime(); + try { + String userName = context.getSession().getUserName(); + if (!AuthorityChecker.SUPER_USER.equals(userName)) { + TSStatus status = + AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission( + userName, PrivilegeType.EXTEND_TEMPLATE.ordinal()), + PrivilegeType.EXTEND_TEMPLATE); + if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) { + throw new RuntimeException(new IoTDBException(status.getMessage(), status.getCode())); + } + } + } finally { + PerformanceOverviewMetrics.getInstance().recordAuthCost(System.nanoTime() - startTime); + } internalExtendTemplate(templateName, measurementList, dataTypeList, null, null, context); } // Used for insert records or tablets void autoExtendTemplate( Map<String, TemplateExtendInfo> templateExtendInfoMap, MPPQueryContext context) { + long startTime = System.nanoTime(); + try { + String userName = context.getSession().getUserName(); + if (!AuthorityChecker.SUPER_USER.equals(userName)) { + TSStatus status = + AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission( + userName, PrivilegeType.EXTEND_TEMPLATE.ordinal()), + PrivilegeType.EXTEND_TEMPLATE); + if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) { + throw new RuntimeException(new IoTDBException(status.getMessage(), status.getCode())); + } + } + } finally { + PerformanceOverviewMetrics.getInstance().recordAuthCost(System.nanoTime() - startTime); + } TemplateExtendInfo templateExtendInfo; for (Map.Entry<String, TemplateExtendInfo> entry : templateExtendInfoMap.entrySet()) { templateExtendInfo = entry.getValue().deduplicate(); @@ -598,22 +632,17 @@ class AutoCreateSchemaExecutor { List<CompressionType> compressionTypeList, MPPQueryContext context) { - AlterSchemaTemplateStatement statement = - new AlterSchemaTemplateStatement( - templateName, - measurementList, - dataTypeList, - encodingList, - compressionTypeList, - TemplateAlterOperationType.EXTEND_TEMPLATE); - TSStatus status = - AuthorityChecker.checkAuthority(statement, context.getSession().getUserName()); - if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) { - throw new RuntimeException(new IoTDBException(status.getMessage(), status.getCode())); - } - - ExecutionResult executionResult = executeStatement(statement, context); - status = executionResult.status; + ExecutionResult executionResult = + executeStatement( + new AlterSchemaTemplateStatement( + templateName, + measurementList, + dataTypeList, + encodingList, + compressionTypeList, + TemplateAlterOperationType.EXTEND_TEMPLATE), + context); + TSStatus status = executionResult.status; if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode() && status.getCode() != TSStatusCode.MEASUREMENT_ALREADY_EXISTS_IN_TEMPLATE.getStatusCode()) { diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/internal/InternalBatchActivateTemplateStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/internal/InternalBatchActivateTemplateStatement.java index 06775c3ef5c..1e2a3e3b833 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/internal/InternalBatchActivateTemplateStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/internal/InternalBatchActivateTemplateStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.internal; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; import org.apache.iotdb.db.schemaengine.template.ClusterTemplateManager; import org.apache.iotdb.db.schemaengine.template.Template; -import org.apache.iotdb.rpc.TSStatusCode; import org.apache.iotdb.tsfile.utils.Pair; import java.util.ArrayList; @@ -70,19 +66,6 @@ public class InternalBatchActivateTemplateStatement extends Statement { .collect(Collectors.toList()); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<PartialPath> checkedPaths = getPaths(); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkPatternPermission( - userName, checkedPaths, PrivilegeType.WRITE_SCHEMA.ordinal()), - checkedPaths, - PrivilegeType.WRITE_SCHEMA); - } - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitInternalBatchActivateTemplate(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/AlterSchemaTemplateStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/AlterSchemaTemplateStatement.java index 0863d7f5aae..91b4ebce012 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/AlterSchemaTemplateStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/AlterSchemaTemplateStatement.java @@ -19,10 +19,7 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.template; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; @@ -31,7 +28,6 @@ import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; import org.apache.iotdb.db.schemaengine.template.TemplateAlterOperationType; import org.apache.iotdb.db.schemaengine.template.alter.TemplateAlterInfo; import org.apache.iotdb.db.schemaengine.template.alter.TemplateExtendInfo; -import org.apache.iotdb.rpc.TSStatusCode; import org.apache.iotdb.tsfile.file.metadata.enums.CompressionType; import org.apache.iotdb.tsfile.file.metadata.enums.TSDataType; import org.apache.iotdb.tsfile.file.metadata.enums.TSEncoding; @@ -85,21 +81,6 @@ public class AlterSchemaTemplateStatement extends Statement implements IConfigSt return Collections.emptyList(); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - if (operationType == EXTEND_TEMPLATE) { - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.EXTEND_TEMPLATE.ordinal()), - PrivilegeType.EXTEND_TEMPLATE); - } else { - return new TSStatus(TSStatusCode.NO_PERMISSION.getStatusCode()) - .setMessage("Only the admin user can perform this operation"); - } - } - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitAlterSchemaTemplate(this, context);
