This is an automated email from the ASF dual-hosted git repository. jackietien pushed a commit to branch TemplateAuth in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit 53086ce4b383ad58b4be771985ced791c6bc1973 Author: JackieTien97 <[email protected]> AuthorDate: Tue Dec 5 19:57:58 2023 +0800 Fix bug while inserting an non-exist sensor of one actived device using template --- .../org/apache/iotdb/db/it/auth/IoTDBAuthIT.java | 16 +++++++++++-- .../plan/analyze/schema/TemplateSchemaFetcher.java | 27 ++++++++++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java index 95e3e6dcf1f..5bb7c33b1e7 100644 --- a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java +++ b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java @@ -1183,16 +1183,28 @@ public class IoTDBAuthIT { adminStmt.execute("GRANT EXTEND_TEMPLATE ON root.** TO USER tempuser"); adminStmt.execute("GRANT WRITE_DATA ON root.a.** TO USER tempuser"); adminStmt.execute("set schema template t1 to root.a"); + adminStmt.execute("create timeseries of schema template on root.a.d2"); // grant privilege to insert Assert.assertThrows( SQLException.class, () -> userStmt.execute( - "INSERT INTO root.a.d1(timestamp, s_name, s_value) VALUES (1,'IoTDB', 2)")); + "INSERT INTO root.a.d1(timestamp, s_name, s_value_1) VALUES (1,'IoTDB', 2)")); + + Assert.assertThrows( + SQLException.class, + () -> + userStmt.execute( + "INSERT INTO root.a.d2(timestamp, s_name, s_value_2) VALUES (1,'IoTDB', 2)")); adminStmt.execute("GRANT WRITE_SCHEMA ON root.a.d1.** TO USER tempuser"); - userStmt.execute("INSERT INTO root.a.d1(timestamp, s_name, s_value) VALUES (1,'IoTDB', 2)"); + userStmt.execute( + "INSERT INTO root.a.d1(timestamp, s_name, s_value_1) VALUES (1,'IoTDB', 2)"); + adminStmt.execute("GRANT WRITE_SCHEMA ON root.a.d2.** TO USER tempuser"); + userStmt.execute( + "INSERT INTO root.a.d2(timestamp, s_name, s_value_2) VALUES (1,'IoTDB', 2)"); + adminStmt.execute("REVOKE EXTEND_TEMPLATE ON root.** FROM USER tempuser"); Assert.assertThrows( diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/TemplateSchemaFetcher.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/TemplateSchemaFetcher.java index 73350dc2c70..f44471a108d 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/TemplateSchemaFetcher.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/TemplateSchemaFetcher.java @@ -19,7 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.analyze.schema; +import org.apache.iotdb.common.rpc.thrift.TSStatus; +import org.apache.iotdb.commons.auth.entity.PrivilegeType; +import org.apache.iotdb.commons.exception.IoTDBException; import org.apache.iotdb.commons.path.PartialPath; +import org.apache.iotdb.commons.service.metric.PerformanceOverviewMetrics; +import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.conf.IoTDBConfig; import org.apache.iotdb.db.conf.IoTDBDescriptor; import org.apache.iotdb.db.queryengine.common.MPPQueryContext; @@ -27,6 +32,7 @@ import org.apache.iotdb.db.queryengine.common.schematree.ClusterSchemaTree; import org.apache.iotdb.db.queryengine.plan.analyze.cache.schema.DataNodeSchemaCache; import org.apache.iotdb.db.schemaengine.template.Template; import org.apache.iotdb.db.schemaengine.template.alter.TemplateExtendInfo; +import org.apache.iotdb.rpc.TSStatusCode; import org.apache.iotdb.tsfile.common.conf.TSFileDescriptor; import org.apache.iotdb.tsfile.file.metadata.enums.TSDataType; import org.apache.iotdb.tsfile.utils.Pair; @@ -65,13 +71,34 @@ class TemplateSchemaFetcher { Template template = templateSetInfo.getLeft(); List<String> extensionMeasurementList = new ArrayList<>(); List<TSDataType> extensionDataTypeList = new ArrayList<>(); + List<PartialPath> checkedPaths = new ArrayList<>(); for (int i = 0; i < measurements.length; i++) { if (!template.hasSchema(measurements[i])) { extensionMeasurementList.add(measurements[i]); + checkedPaths.add(devicePath.concatNode(measurements[i])); extensionDataTypeList.add(schemaComputationWithAutoCreation.getDataType(i)); } } + // check the write_schema of missing measurements + long startTime = System.nanoTime(); + try { + String userName = context.getSession().getUserName(); + if (!AuthorityChecker.SUPER_USER.equals(userName)) { + TSStatus status = + AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathListPermission( + userName, checkedPaths, PrivilegeType.WRITE_SCHEMA.ordinal()), + checkedPaths, + PrivilegeType.WRITE_SCHEMA); + if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) { + throw new RuntimeException(new IoTDBException(status.getMessage(), status.getCode())); + } + } + } finally { + PerformanceOverviewMetrics.getInstance().recordAuthCost(System.nanoTime() - startTime); + } + if (!extensionMeasurementList.isEmpty() && config.isAutoCreateSchemaEnabled()) { autoCreateSchemaExecutor.autoExtendTemplate( template.getName(), extensionMeasurementList, extensionDataTypeList, context);
