This is an automated email from the ASF dual-hosted git repository.
tanxinyu pushed a commit to branch dev/1.3
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/dev/1.3 by this push:
new 4466cac1cae [to dev/1.3] Improve authority control of cluster
management (cp 14924) (#14931)
4466cac1cae is described below
commit 4466cac1caef529ca9a98ff7e295640c0f6a7ec3
Author: Li Yu Heng <[email protected]>
AuthorDate: Mon Feb 24 16:55:20 2025 +0800
[to dev/1.3] Improve authority control of cluster management (cp 14924)
(#14931)
* Improve authority control of cluster management (#14924)
* done
* seems done
* done!
* what?
* delete test
(cherry picked from commit ca8482a7bb107034cb791aa8f2c34222dd33e124)
* fix something
* remove test
* spotless
---
.../org/apache/iotdb/db/it/auth/IoTDBAuthIT.java | 83 ++++++++++++++++++++++
.../iotdb/db/it/auth/IoTDBSystemPermissionIT.java | 2 -
.../org/apache/iotdb/db/auth/AuthorityChecker.java | 9 +++
.../metadata/CountTimeSlotListStatement.java | 7 ++
.../statement/metadata/GetRegionIdStatement.java | 7 ++
.../metadata/GetSeriesSlotListStatement.java | 7 ++
.../metadata/GetTimeSlotListStatement.java | 7 ++
.../metadata/RemoveConfigNodeStatement.java | 9 +--
.../metadata/RemoveDataNodeStatement.java | 9 +--
.../statement/metadata/ShowClusterIdStatement.java | 7 ++
.../statement/metadata/ShowClusterStatement.java | 9 +--
.../metadata/ShowConfigNodesStatement.java | 4 +-
.../statement/metadata/ShowDataNodesStatement.java | 4 +-
.../statement/metadata/ShowRegionStatement.java | 4 +-
.../metadata/model/ShowAINodesStatement.java | 7 ++
.../metadata/region/ExtendRegionStatement.java | 9 +--
.../metadata/region/MigrateRegionStatement.java | 9 +--
.../region/ReconstructRegionStatement.java | 9 +--
.../metadata/region/RemoveRegionStatement.java | 9 +--
.../plan/statement/sys/KillQueryStatement.java | 9 +--
.../plan/statement/sys/ShowQueriesStatement.java | 9 +--
.../statement/sys/TestConnectionStatement.java | 3 +-
22 files changed, 148 insertions(+), 84 deletions(-)
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
index 93165a16ff6..18a2586bde3 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
@@ -25,7 +25,10 @@ import org.apache.iotdb.it.env.EnvFactory;
import org.apache.iotdb.it.framework.IoTDBTestRunner;
import org.apache.iotdb.itbase.category.ClusterIT;
import org.apache.iotdb.itbase.category.LocalStandaloneIT;
+import org.apache.iotdb.jdbc.IoTDBSQLException;
+import org.apache.iotdb.rpc.TSStatusCode;
+import com.google.common.collect.ImmutableList;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@@ -45,6 +48,7 @@ import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import java.util.concurrent.Callable;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@@ -1244,4 +1248,83 @@ public class IoTDBAuthIT {
adminStmt.execute("create role tail");
adminStmt.execute("create user tail 'password'");
}
+
+ @Test
+ public void testClusterManagementSqlOfTreeModel() throws Exception {
+ ImmutableList<String> clusterManagementSQLList =
+ ImmutableList.of(
+ // show cluster, nodes, regions,
+ "show ainodes",
+ "show confignodes",
+ "show datanodes",
+ "show cluster",
+ "show clusterid",
+ "show regions",
+ "show data regionid where database=root.**",
+
+ // remove node
+ "remove datanode 0",
+ "remove confignode 0",
+
+ // region operation
+ "migrate region 0 from 1 to 2",
+ "reconstruct region 0 on 1",
+ "extend region 0 to 1",
+ "remove region 0 from 1",
+
+ // others
+ "show timeslotid where database=root.test",
+ "count timeslotid where database=root.test",
+ "show data seriesslotid where database=root.test",
+ "verify connection");
+
+ try (Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement()) {
+ adminStmt.execute("CREATE USER Jack 'temppw'");
+
+ try (Connection JackConnection =
EnvFactory.getEnv().getConnection("Jack", "temppw");
+ Statement Jack = JackConnection.createStatement()) {
+ testClusterManagementSqlImpl(
+ clusterManagementSQLList,
+ () -> adminStmt.execute("GRANT MAINTAIN ON root.** TO USER Jack"),
+ Jack);
+ }
+ }
+ }
+
+ private void testClusterManagementSqlImpl(
+ List<String> clusterManagementSqlList, Callable<Boolean>
giveJackAuthority, Statement Jack)
+ throws Exception {
+ // Jack has no authority to execute these SQLs
+ for (String sql : clusterManagementSqlList) {
+ try {
+ Jack.execute(sql);
+ } catch (IoTDBSQLException e) {
+ if (TSStatusCode.NO_PERMISSION.getStatusCode() != e.getErrorCode()) {
+ fail(
+ String.format(
+ "SQL should fail because of no permission, but the error
code is %d: %s",
+ e.getErrorCode(), sql));
+ }
+ continue;
+ }
+ fail(String.format("SQL should fail because of no permission: %s", sql));
+ }
+
+ // Give Jack authority
+ giveJackAuthority.call();
+
+ // Jack is able to execute these SQLs now
+ for (String sql : clusterManagementSqlList) {
+ try {
+ // No exception is fine
+ Jack.execute(sql);
+ } catch (IoTDBSQLException e) {
+ // If there is an exception, error code must not be NO_PERMISSION
+ if (TSStatusCode.NO_PERMISSION.getStatusCode() == e.getErrorCode()) {
+ fail(String.format("SQL should not fail with no permission: %s",
sql));
+ }
+ }
+ }
+ }
}
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSystemPermissionIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSystemPermissionIT.java
index 4b3cebd68f1..e8dd4e5f650 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSystemPermissionIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSystemPermissionIT.java
@@ -247,7 +247,5 @@ public class IoTDBSystemPermissionIT {
"803: Only the admin user can perform this operation",
"test",
"test123");
- assertTestFail(
- "show regions", "803: Only the admin user can perform this operation",
"test", "test123");
}
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 395f1f42d8a..aeb48149694 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -209,6 +209,15 @@ public class AuthorityChecker {
return authorityFetcher.get().checkRole(username, rolename);
}
+ public static TSStatus checkSuperUserOrMaintain(String userName) {
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
+ PrivilegeType.MAINTAIN);
+ }
+
public static void buildTSBlock(
TAuthorizerResp authResp, SettableFuture<ConfigTaskResult> future) {
List<TSDataType> types = new ArrayList<>();
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSlotListStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSlotListStatement.java
index f2f1c0f584c..07546ec3e2b 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSlotListStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSlotListStatement.java
@@ -19,8 +19,10 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata;
+import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.exception.IllegalPathException;
import org.apache.iotdb.commons.path.PartialPath;
+import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
@@ -113,4 +115,9 @@ public class CountTimeSlotListStatement extends Statement
implements IConfigStat
return new ArrayList<>();
}
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
+ }
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetRegionIdStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetRegionIdStatement.java
index c3a565bbbe0..595ae6f568c 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetRegionIdStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetRegionIdStatement.java
@@ -20,8 +20,10 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata;
import org.apache.iotdb.common.rpc.thrift.TConsensusGroupType;
+import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.exception.IllegalPathException;
import org.apache.iotdb.commons.path.PartialPath;
+import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
@@ -118,4 +120,9 @@ public class GetRegionIdStatement extends Statement
implements IConfigStatement
return new ArrayList<>();
}
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
+ }
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetSeriesSlotListStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetSeriesSlotListStatement.java
index 0cd67e6418a..1c402f470e0 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetSeriesSlotListStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetSeriesSlotListStatement.java
@@ -20,8 +20,10 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata;
import org.apache.iotdb.common.rpc.thrift.TConsensusGroupType;
+import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.exception.IllegalPathException;
import org.apache.iotdb.commons.path.PartialPath;
+import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
@@ -75,4 +77,9 @@ public class GetSeriesSlotListStatement extends Statement
implements IConfigStat
return new ArrayList<>();
}
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
+ }
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetTimeSlotListStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetTimeSlotListStatement.java
index 4f67ba9b83b..6ec8c58f7c3 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetTimeSlotListStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetTimeSlotListStatement.java
@@ -19,8 +19,10 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata;
+import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.exception.IllegalPathException;
import org.apache.iotdb.commons.path.PartialPath;
+import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
@@ -122,4 +124,9 @@ public class GetTimeSlotListStatement extends Statement
implements IConfigStatem
return new ArrayList<>();
}
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
+ }
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/RemoveConfigNodeStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/RemoveConfigNodeStatement.java
index 8897a298433..3aac14ed831 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/RemoveConfigNodeStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/RemoveConfigNodeStatement.java
@@ -20,14 +20,12 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
-import org.apache.iotdb.rpc.TSStatusCode;
import java.util.Collections;
import java.util.List;
@@ -46,12 +44,7 @@ public class RemoveConfigNodeStatement extends Statement
implements IConfigState
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- if (AuthorityChecker.SUPER_USER.equals(userName)) {
- return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
- }
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
- PrivilegeType.MAINTAIN);
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/RemoveDataNodeStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/RemoveDataNodeStatement.java
index 45fa9482228..3fab79a7dd6 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/RemoveDataNodeStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/RemoveDataNodeStatement.java
@@ -20,14 +20,12 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
-import org.apache.iotdb.rpc.TSStatusCode;
import java.util.Collections;
import java.util.HashSet;
@@ -49,12 +47,7 @@ public class RemoveDataNodeStatement extends Statement
implements IConfigStateme
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- if (AuthorityChecker.SUPER_USER.equals(userName)) {
- return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
- }
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
- PrivilegeType.MAINTAIN);
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowClusterIdStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowClusterIdStatement.java
index 3b0dbf12083..bf3d84a7aca 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowClusterIdStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowClusterIdStatement.java
@@ -19,6 +19,8 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata;
+import org.apache.iotdb.common.rpc.thrift.TSStatus;
+import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
@@ -33,4 +35,9 @@ public class ShowClusterIdStatement extends ShowStatement
implements IConfigStat
public <R, C> R accept(StatementVisitor<R, C> visitor, C context) {
return visitor.visitShowClusterId(this, context);
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
+ }
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowClusterStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowClusterStatement.java
index dfda53b4cf0..a835d0779e3 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowClusterStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowClusterStatement.java
@@ -20,12 +20,10 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
-import org.apache.iotdb.rpc.TSStatusCode;
public class ShowClusterStatement extends ShowStatement implements
IConfigStatement {
@@ -38,12 +36,7 @@ public class ShowClusterStatement extends ShowStatement
implements IConfigStatem
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- if (AuthorityChecker.SUPER_USER.equals(userName)) {
- return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
- }
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
- PrivilegeType.MAINTAIN);
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowConfigNodesStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowConfigNodesStatement.java
index eb399b8ce39..81f31aeb6cb 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowConfigNodesStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowConfigNodesStatement.java
@@ -34,9 +34,7 @@ public class ShowConfigNodesStatement extends ShowStatement
implements IConfigSt
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.SUPER_USER.equals(userName),
- "Only the admin user can perform this operation");
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDataNodesStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDataNodesStatement.java
index 4a7464c5c3f..b1fc67c7b4c 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDataNodesStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDataNodesStatement.java
@@ -46,9 +46,7 @@ public class ShowDataNodesStatement extends ShowStatement
implements IConfigStat
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.SUPER_USER.equals(userName),
- "Only the admin user can perform this operation");
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowRegionStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowRegionStatement.java
index 8101a65f1d9..78438d8fcfd 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowRegionStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowRegionStatement.java
@@ -75,9 +75,7 @@ public class ShowRegionStatement extends ShowStatement
implements IConfigStateme
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.SUPER_USER.equals(userName),
- "Only the admin user can perform this operation");
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/ShowAINodesStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/ShowAINodesStatement.java
index 602d0e01465..d99e158f0cd 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/ShowAINodesStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/ShowAINodesStatement.java
@@ -19,6 +19,8 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata.model;
+import org.apache.iotdb.common.rpc.thrift.TSStatus;
+import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
@@ -37,4 +39,9 @@ public class ShowAINodesStatement extends ShowStatement
implements IConfigStatem
public <R, C> R accept(StatementVisitor<R, C> visitor, C context) {
return visitor.visitShowAINodes(this, context);
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
+ }
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ExtendRegionStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ExtendRegionStatement.java
index 560adee4e9e..0048a789f95 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ExtendRegionStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ExtendRegionStatement.java
@@ -20,14 +20,12 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata.region;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
-import org.apache.iotdb.rpc.TSStatusCode;
import java.util.Collections;
import java.util.List;
@@ -53,12 +51,7 @@ public class ExtendRegionStatement extends Statement
implements IConfigStatement
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- if (AuthorityChecker.SUPER_USER.equals(userName)) {
- return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
- }
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
- PrivilegeType.MAINTAIN);
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/MigrateRegionStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/MigrateRegionStatement.java
index 5b290a53309..ef272c81d2c 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/MigrateRegionStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/MigrateRegionStatement.java
@@ -20,14 +20,12 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata.region;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
-import org.apache.iotdb.rpc.TSStatusCode;
import java.util.Collections;
import java.util.List;
@@ -69,12 +67,7 @@ public class MigrateRegionStatement extends Statement
implements IConfigStatemen
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- if (AuthorityChecker.SUPER_USER.equals(userName)) {
- return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
- }
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
- PrivilegeType.MAINTAIN);
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ReconstructRegionStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ReconstructRegionStatement.java
index 7307381bf4e..25f3d65d837 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ReconstructRegionStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ReconstructRegionStatement.java
@@ -20,14 +20,12 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata.region;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
-import org.apache.iotdb.rpc.TSStatusCode;
import java.util.Collections;
import java.util.List;
@@ -51,12 +49,7 @@ public class ReconstructRegionStatement extends Statement
implements IConfigStat
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- if (AuthorityChecker.SUPER_USER.equals(userName)) {
- return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
- }
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
- PrivilegeType.MAINTAIN);
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/RemoveRegionStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/RemoveRegionStatement.java
index 186656c820d..aa185ad627e 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/RemoveRegionStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/RemoveRegionStatement.java
@@ -20,14 +20,12 @@
package org.apache.iotdb.db.queryengine.plan.statement.metadata.region;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
-import org.apache.iotdb.rpc.TSStatusCode;
import java.util.Collections;
import java.util.List;
@@ -53,12 +51,7 @@ public class RemoveRegionStatement extends Statement
implements IConfigStatement
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- if (AuthorityChecker.SUPER_USER.equals(userName)) {
- return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
- }
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
- PrivilegeType.MAINTAIN);
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/KillQueryStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/KillQueryStatement.java
index 85e32ab48b1..fe2781331ec 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/KillQueryStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/KillQueryStatement.java
@@ -20,14 +20,12 @@
package org.apache.iotdb.db.queryengine.plan.statement.sys;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
-import org.apache.iotdb.rpc.TSStatusCode;
import java.util.Collections;
import java.util.List;
@@ -58,12 +56,7 @@ public class KillQueryStatement extends Statement implements
IConfigStatement {
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- if (AuthorityChecker.SUPER_USER.equals(userName)) {
- return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
- }
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
- PrivilegeType.MAINTAIN);
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ShowQueriesStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ShowQueriesStatement.java
index f582ccec6c8..e23f2d647b1 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ShowQueriesStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ShowQueriesStatement.java
@@ -20,7 +20,6 @@
package org.apache.iotdb.db.queryengine.plan.statement.sys;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.statement.StatementType;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
@@ -30,7 +29,6 @@ import
org.apache.iotdb.db.queryengine.plan.statement.component.Ordering;
import org.apache.iotdb.db.queryengine.plan.statement.component.SortItem;
import org.apache.iotdb.db.queryengine.plan.statement.component.WhereCondition;
import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowStatement;
-import org.apache.iotdb.rpc.TSStatusCode;
import java.util.Collections;
import java.util.List;
@@ -60,12 +58,7 @@ public class ShowQueriesStatement extends ShowStatement {
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- if (AuthorityChecker.SUPER_USER.equals(userName)) {
- return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
- }
- return AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
- PrivilegeType.MAINTAIN);
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
public void setWhereCondition(WhereCondition whereCondition) {
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/TestConnectionStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/TestConnectionStatement.java
index 2e01ea151dc..ebcfe8be859 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/TestConnectionStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/TestConnectionStatement.java
@@ -21,6 +21,7 @@ package org.apache.iotdb.db.queryengine.plan.statement.sys;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.path.PartialPath;
+import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
@@ -57,6 +58,6 @@ public class TestConnectionStatement extends Statement
implements IConfigStateme
@Override
public TSStatus checkPermissionBeforeProcess(String userName) {
- return super.checkPermissionBeforeProcess(userName);
+ return AuthorityChecker.checkSuperUserOrMaintain(userName);
}
}
