This is an automated email from the ASF dual-hosted git repository. jackietien pushed a commit to branch authRefactor in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit 3cc1d9505d40e7e2c7a140a76dded76b6a3790b3 Author: JackieTien97 <[email protected]> AuthorDate: Mon Sep 15 10:13:48 2025 +0800 Init --- .../iotdb/db/queryengine/plan/Coordinator.java | 4 +- .../plan/relational/security/AccessControl.java | 8 + .../relational/security/AccessControlImpl.java | 13 +- .../relational/security/AllowAllAccessControl.java | 9 + .../security/TreeAccessCheckContext.java | 29 ++ .../security/TreeAccessCheckVisitor.java | 437 +++++++++++++++++++++ .../statement/AuthorityInformationStatement.java | 5 + .../plan/statement/StatementVisitor.java | 4 + .../plan/relational/analyzer/AuthTest.java | 14 +- 9 files changed, 518 insertions(+), 5 deletions(-) diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java index 2e1132b984f..f307d9d9d75 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java @@ -58,6 +58,7 @@ import org.apache.iotdb.db.queryengine.plan.relational.planner.optimizations.Pla import org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl; import org.apache.iotdb.db.queryengine.plan.relational.security.AccessControlImpl; import org.apache.iotdb.db.queryengine.plan.relational.security.ITableAuthCheckerImpl; +import org.apache.iotdb.db.queryengine.plan.relational.security.TreeAccessCheckVisitor; import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.AddColumn; import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.AlterDB; import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.ClearCache; @@ -204,7 +205,8 @@ public class Coordinator { dispatchThreadNum, dispatchThreadNum, new ThreadPoolExecutor.CallerRunsPolicy()); - this.accessControl = new AccessControlImpl(new ITableAuthCheckerImpl()); + this.accessControl = + new AccessControlImpl(new ITableAuthCheckerImpl(), new TreeAccessCheckVisitor()); this.statementRewrite = new StatementRewriteFactory().getStatementRewrite(); this.logicalPlanOptimizers = new LogicalOptimizeFactory( diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControl.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControl.java index 739680b47fb..03987a98e44 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControl.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControl.java @@ -19,13 +19,17 @@ package org.apache.iotdb.db.queryengine.plan.relational.security; +import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.exception.auth.AccessDeniedException; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.db.queryengine.plan.relational.metadata.QualifiedObjectName; import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.RelationalAuthorStatement; +import org.apache.iotdb.db.queryengine.plan.statement.Statement; public interface AccessControl { + // ====================================== TABLE ============================================= + /** * Check if user is allowed to create the specified database. * @@ -162,4 +166,8 @@ public interface AccessControl { * @throws AccessDeniedException if not allowed */ void checkUserIsAdmin(String userName); + + // ====================================== TREE ============================================= + + TSStatus checkPermissionBeforeProcess(Statement statement, String userName); } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControlImpl.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControlImpl.java index abfb7e48901..fa14e7d1e5c 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControlImpl.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControlImpl.java @@ -29,6 +29,8 @@ import org.apache.iotdb.db.exception.sql.SemanticException; import org.apache.iotdb.db.queryengine.plan.relational.metadata.QualifiedObjectName; import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.RelationalAuthorStatement; import org.apache.iotdb.db.queryengine.plan.relational.type.AuthorRType; +import org.apache.iotdb.db.queryengine.plan.statement.Statement; +import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; import org.apache.iotdb.db.schemaengine.table.InformationSchemaUtils; import org.apache.iotdb.rpc.TSStatusCode; @@ -40,8 +42,12 @@ public class AccessControlImpl implements AccessControl { private final ITableAuthChecker authChecker; - public AccessControlImpl(ITableAuthChecker authChecker) { + private final StatementVisitor<TSStatus, TreeAccessCheckContext> treeAccessCheckVisitor; + + public AccessControlImpl( + ITableAuthChecker authChecker, StatementVisitor<TSStatus, TreeAccessCheckContext> visitor) { this.authChecker = authChecker; + this.treeAccessCheckVisitor = visitor; } @Override @@ -358,4 +364,9 @@ public class AccessControlImpl implements AccessControl { throw new AccessDeniedException(ONLY_ADMIN_ALLOWED); } } + + @Override + public TSStatus checkPermissionBeforeProcess(Statement statement, String userName) { + return treeAccessCheckVisitor.process(statement, new TreeAccessCheckContext(userName)); + } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AllowAllAccessControl.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AllowAllAccessControl.java index c48533c231a..b98ca183472 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AllowAllAccessControl.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AllowAllAccessControl.java @@ -19,9 +19,13 @@ package org.apache.iotdb.db.queryengine.plan.relational.security; +import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.db.queryengine.plan.relational.metadata.QualifiedObjectName; import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.RelationalAuthorStatement; +import org.apache.iotdb.db.queryengine.plan.statement.Statement; + +import static org.apache.iotdb.db.auth.AuthorityChecker.SUCCEED; public class AllowAllAccessControl implements AccessControl { @Override @@ -104,4 +108,9 @@ public class AllowAllAccessControl implements AccessControl { public void checkUserIsAdmin(String userName) { // allow anything } + + @Override + public TSStatus check(Statement statement) { + return SUCCEED; + } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckContext.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckContext.java new file mode 100644 index 00000000000..231f49332eb --- /dev/null +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckContext.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.iotdb.db.queryengine.plan.relational.security; + +public class TreeAccessCheckContext { + + final String userName; + + public TreeAccessCheckContext(String userName) { + this.userName = userName; + } +} diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java new file mode 100644 index 00000000000..0f6e6d33b74 --- /dev/null +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java @@ -0,0 +1,437 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.iotdb.db.queryengine.plan.relational.security; + +import org.apache.iotdb.common.rpc.thrift.TSStatus; +import org.apache.iotdb.db.auth.AuthorityChecker; +import org.apache.iotdb.db.queryengine.plan.statement.AuthorityInformationStatement; +import org.apache.iotdb.db.queryengine.plan.statement.StatementNode; +import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; +import org.apache.iotdb.db.queryengine.plan.statement.crud.DeleteDataStatement; +import org.apache.iotdb.db.queryengine.plan.statement.crud.InsertBaseStatement; +import org.apache.iotdb.db.queryengine.plan.statement.crud.InsertStatement; +import org.apache.iotdb.db.queryengine.plan.statement.crud.LoadTsFileStatement; +import org.apache.iotdb.db.queryengine.plan.statement.crud.QueryStatement; +import org.apache.iotdb.db.queryengine.plan.statement.internal.InternalBatchActivateTemplateStatement; +import org.apache.iotdb.db.queryengine.plan.statement.internal.InternalCreateMultiTimeSeriesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.internal.InternalCreateTimeSeriesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.AlterTimeSeriesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.CountDevicesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.CountTimeSeriesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.CountTimeSlotListStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.CreateAlignedTimeSeriesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.CreateContinuousQueryStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.CreateFunctionStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.CreateMultiTimeSeriesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.CreateTimeSeriesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.CreateTriggerStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.DatabaseSchemaStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.DeleteDatabaseStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.DeleteTimeSeriesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.DropContinuousQueryStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.DropFunctionStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.DropTriggerStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.GetRegionIdStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.GetSeriesSlotListStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.GetTimeSlotListStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.RemoveAINodeStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.RemoveConfigNodeStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.RemoveDataNodeStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.SetTTLStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowClusterIdStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowClusterStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowConfigNodesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowContinuousQueriesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowDataNodesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowDevicesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowFunctionsStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowRegionStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowTimeSeriesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowTriggersStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowVariablesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.model.CreateModelStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.model.DropModelStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.model.ShowAINodesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.model.ShowModelsStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe.AlterPipeStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe.CreatePipePluginStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe.CreatePipeStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe.DropPipePluginStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe.DropPipeStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe.ShowPipePluginsStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe.ShowPipesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe.StartPipeStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe.StopPipeStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.region.ExtendRegionStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.region.MigrateRegionStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.region.ReconstructRegionStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.region.RemoveRegionStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.subscription.CreateTopicStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.subscription.DropSubscriptionStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.subscription.DropTopicStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.subscription.ShowSubscriptionsStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.subscription.ShowTopicsStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.template.ActivateTemplateStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.template.BatchActivateTemplateStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.template.DeactivateTemplateStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.template.ShowNodesInSchemaTemplateStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.template.ShowPathSetTemplateStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.template.ShowSchemaTemplateStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.view.AlterLogicalViewStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.view.CreateLogicalViewStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.view.DeleteLogicalViewStatement; +import org.apache.iotdb.db.queryengine.plan.statement.metadata.view.RenameLogicalViewStatement; +import org.apache.iotdb.db.queryengine.plan.statement.sys.AuthorStatement; +import org.apache.iotdb.db.queryengine.plan.statement.sys.ExplainAnalyzeStatement; +import org.apache.iotdb.db.queryengine.plan.statement.sys.KillQueryStatement; +import org.apache.iotdb.db.queryengine.plan.statement.sys.SetSqlDialectStatement; +import org.apache.iotdb.db.queryengine.plan.statement.sys.ShowCurrentSqlDialectStatement; +import org.apache.iotdb.db.queryengine.plan.statement.sys.ShowCurrentUserStatement; +import org.apache.iotdb.db.queryengine.plan.statement.sys.ShowQueriesStatement; +import org.apache.iotdb.db.queryengine.plan.statement.sys.ShowVersionStatement; +import org.apache.iotdb.db.queryengine.plan.statement.sys.TestConnectionStatement; + +public class TreeAccessCheckVisitor extends StatementVisitor<TSStatus, TreeAccessCheckContext> { + + @Override + public TSStatus visitNode(StatementNode node, TreeAccessCheckContext context) { + return AuthorityChecker.getTSStatus( + AuthorityChecker.SUPER_USER.equals(context.userName), + "Only the admin user can perform this operation"); + } + + @Override + public TSStatus visitActivateTemplate( + ActivateTemplateStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitAlterLogicalView( + AlterLogicalViewStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitAlterPipe(AlterPipeStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitAlterTimeSeries( + AlterTimeSeriesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitAuthor(AuthorStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitAuthorityInformation( + AuthorityInformationStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitBatchActivateTemplate( + BatchActivateTemplateStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCountDevices( + CountDevicesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCountTimeSeries( + CountTimeSeriesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCountTimeSlotList( + CountTimeSlotListStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCreateAlignedTimeSeries( + CreateAlignedTimeSeriesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCreateContinuousQuery( + CreateContinuousQueryStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCreateFunction( + CreateFunctionStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCreateLogicalView( + CreateLogicalViewStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCreateModel( + CreateModelStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCreateMultiTimeSeries( + CreateMultiTimeSeriesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCreatePipePlugin( + CreatePipePluginStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCreatePipe(CreatePipeStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCreateTimeSeries( + CreateTimeSeriesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCreateTopic( + CreateTopicStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitCreateTrigger( + CreateTriggerStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDatabaseSchema( + DatabaseSchemaStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDeactivateTemplate( + DeactivateTemplateStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDeleteData(DeleteDataStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDeleteDatabase( + DeleteDatabaseStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDeleteLogicalView( + DeleteLogicalViewStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDeleteTimeSeries( + DeleteTimeSeriesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDropContinuousQuery( + DropContinuousQueryStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDropFunction( + DropFunctionStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDropModel(DropModelStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDropPipePlugin( + DropPipePluginStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDropPipe(DropPipeStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDropSubscription( + DropSubscriptionStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDropTopic(DropTopicStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitDropTrigger( + DropTriggerStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitExplainAnalyze( + ExplainAnalyzeStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitExtendRegion( + ExtendRegionStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitGetRegionId( + GetRegionIdStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitGetSeriesSlotList( + GetSeriesSlotListStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitGetTimeSlotList( + GetTimeSlotListStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitInsertBase(InsertBaseStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitInsert(InsertStatement statement, TreeAccessCheckContext context) {} + + // -------- sww ----- + @Override + public TSStatus visitInternalBatchActivateTemplate( + InternalBatchActivateTemplateStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitInternalCreateMultiTimeSeries( + InternalCreateMultiTimeSeriesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitInternalCreateTimeSeries( + InternalCreateTimeSeriesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitKillQuery(KillQueryStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitLoadTsFile(LoadTsFileStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitMigrateRegion( + MigrateRegionStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitQuery(QueryStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitReconstructRegion( + ReconstructRegionStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitRemoveAINode( + RemoveAINodeStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitRemoveConfigNode( + RemoveConfigNodeStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitRemoveDataNode( + RemoveDataNodeStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitRemoveRegion( + RemoveRegionStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitRenameLogicalView( + RenameLogicalViewStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitSetSqlDialect( + SetSqlDialectStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitSetTTL(SetTTLStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowAINodes( + ShowAINodesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowClusterId( + ShowClusterIdStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowCluster( + ShowClusterStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowConfigNodes( + ShowConfigNodesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowContinuousQueries( + ShowContinuousQueriesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowCurrentSqlDialect( + ShowCurrentSqlDialectStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowCurrentUser( + ShowCurrentUserStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowDataNodes( + ShowDataNodesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowDevices( + ShowDevicesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowFunctions( + ShowFunctionsStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowModels(ShowModelsStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowNodesInSchemaTemplate( + ShowNodesInSchemaTemplateStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowPathSetTemplate( + ShowPathSetTemplateStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowPipePlugins( + ShowPipePluginsStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowPipes(ShowPipesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowQueries( + ShowQueriesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowRegion(ShowRegionStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowSchemaTemplate( + ShowSchemaTemplateStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowSubscriptions( + ShowSubscriptionsStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowTimeSeries( + ShowTimeSeriesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowTopics(ShowTopicsStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowTriggers( + ShowTriggersStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowVariables( + ShowVariablesStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitShowVersion( + ShowVersionStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitStartPipe(StartPipeStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitStopPipe(StopPipeStatement statement, TreeAccessCheckContext context) {} + + @Override + public TSStatus visitTestConnection( + TestConnectionStatement statement, TreeAccessCheckContext context) {} +} diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java index 30552ee7269..0db49e6600c 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java @@ -45,4 +45,9 @@ public abstract class AuthorityInformationStatement extends Statement { } return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); } + + @Override + public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { + return visitor.visitAuthorityInformation(this, context); + } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/StatementVisitor.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/StatementVisitor.java index 79ec9879683..8558150dbe3 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/StatementVisitor.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/StatementVisitor.java @@ -721,4 +721,8 @@ public abstract class StatementVisitor<R, C> { public R visitCreateTraining(CreateTrainingStatement createTrainingStatement, C context) { return visitStatement(createTrainingStatement, context); } + + public R visitAuthorityInformation(AuthorityInformationStatement statement, C context) { + return visitStatement(statement, context); + } } diff --git a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/AuthTest.java b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/AuthTest.java index 831388de575..eaf8019ea33 100644 --- a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/AuthTest.java +++ b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/AuthTest.java @@ -28,6 +28,7 @@ import org.apache.iotdb.db.queryengine.plan.relational.metadata.QualifiedObjectN import org.apache.iotdb.db.queryengine.plan.relational.security.AccessControlImpl; import org.apache.iotdb.db.queryengine.plan.relational.security.ITableAuthChecker; import org.apache.iotdb.db.queryengine.plan.relational.security.TableModelPrivilege; +import org.apache.iotdb.db.queryengine.plan.relational.security.TreeAccessCheckVisitor; import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.Statement; import org.apache.iotdb.db.queryengine.plan.relational.sql.parser.SqlParser; import org.apache.iotdb.db.queryengine.plan.relational.sql.rewrite.StatementRewrite; @@ -216,7 +217,10 @@ public class AuthTest { new SessionInfo( 0, userName, zoneId, databaseNameInSessionInfo, IClientSession.SqlDialect.TABLE); StatementAnalyzerFactory statementAnalyzerFactory = - new StatementAnalyzerFactory(TEST_MATADATA, sqlParser, new AccessControlImpl(authChecker)); + new StatementAnalyzerFactory( + TEST_MATADATA, + sqlParser, + new AccessControlImpl(authChecker, new TreeAccessCheckVisitor())); MPPQueryContext context = new MPPQueryContext(sql, QUERY_ID, 0, session, null, null); Analyzer analyzer = new Analyzer( @@ -241,7 +245,9 @@ public class AuthTest { statement.accept( new TableConfigTaskVisitor( - Mockito.mock(IClientSession.class), TEST_MATADATA, new AccessControlImpl(authChecker)), + Mockito.mock(IClientSession.class), + TEST_MATADATA, + new AccessControlImpl(authChecker, new TreeAccessCheckVisitor())), context); } @@ -254,7 +260,9 @@ public class AuthTest { statement.accept( new TableConfigTaskVisitor( - clientSession, TEST_MATADATA, new AccessControlImpl(authChecker)), + clientSession, + TEST_MATADATA, + new AccessControlImpl(authChecker, new TreeAccessCheckVisitor())), context); } }
