This is an automated email from the ASF dual-hosted git repository. jackietien pushed a commit to branch authRefactor in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit 489ae01ca1e6528e633969a5a3054dd59bfa281c Author: JackieTien97 <[email protected]> AuthorDate: Mon Sep 15 11:51:58 2025 +0800 Finish my part --- .../org/apache/iotdb/db/auth/AuthorityChecker.java | 6 +- .../visitor/PipeStatementTSStatusVisitor.java | 3 +- .../security/TreeAccessCheckVisitor.java | 536 +++++++++++++++++++-- .../statement/AuthorityInformationStatement.java | 18 - .../db/queryengine/plan/statement/Statement.java | 2 - .../plan/statement/StatementVisitor.java | 15 +- .../plan/statement/crud/DeleteDataStatement.java | 17 - .../plan/statement/crud/InsertBaseStatement.java | 17 - .../plan/statement/crud/InsertStatement.java | 17 - .../metadata/AlterTimeSeriesStatement.java | 15 - .../statement/metadata/CountDevicesStatement.java | 4 - .../metadata/CountTimeSeriesStatement.java | 4 - .../metadata/CountTimeSlotListStatement.java | 7 - .../metadata/CreateAlignedTimeSeriesStatement.java | 17 - .../metadata/CreateContinuousQueryStatement.java | 14 - .../metadata/CreateFunctionStatement.java | 14 - .../metadata/CreateMultiTimeSeriesStatement.java | 17 - .../metadata/CreateTimeSeriesStatement.java | 15 - .../statement/metadata/CreateTriggerStatement.java | 14 - .../metadata/DatabaseSchemaStatement.java | 14 - .../metadata/DeleteDatabaseStatement.java | 14 - .../metadata/DeleteTimeSeriesStatement.java | 17 - .../metadata/DropContinuousQueryStatement.java | 14 - .../statement/metadata/DropFunctionStatement.java | 14 - .../statement/metadata/DropTriggerStatement.java | 14 - .../statement/metadata/GetRegionIdStatement.java | 7 - .../metadata/GetSeriesSlotListStatement.java | 7 - .../metadata/GetTimeSlotListStatement.java | 7 - .../metadata/model/CreateModelStatement.java | 14 - .../metadata/model/DropModelStatement.java | 14 - .../metadata/pipe/AlterPipeStatement.java | 14 - .../metadata/pipe/CreatePipePluginStatement.java | 14 - .../metadata/pipe/CreatePipeStatement.java | 14 - .../metadata/pipe/DropPipePluginStatement.java | 14 - .../statement/metadata/pipe/DropPipeStatement.java | 14 - .../metadata/region/ExtendRegionStatement.java | 7 - .../subscription/CreateTopicStatement.java | 14 - .../subscription/DropSubscriptionStatement.java | 14 - .../metadata/subscription/DropTopicStatement.java | 14 - .../template/ActivateTemplateStatement.java | 17 - .../template/BatchActivateTemplateStatement.java | 17 - .../template/DeactivateTemplateStatement.java | 17 - .../metadata/view/AlterLogicalViewStatement.java | 39 -- .../metadata/view/CreateLogicalViewStatement.java | 52 +- .../metadata/view/DeleteLogicalViewStatement.java | 17 - .../plan/statement/sys/AuthorStatement.java | 135 ------ .../statement/sys/ExplainAnalyzeStatement.java | 4 - ...vertedInsertTabletStatementTSStatusVisitor.java | 3 +- 48 files changed, 511 insertions(+), 797 deletions(-) diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java index 67342eaf79d..4b041b56a40 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java @@ -68,7 +68,7 @@ import static org.apache.iotdb.commons.schema.column.ColumnHeaderConstant.LIST_U // It checks permission in local. DCL statement will send to configNode. public class AuthorityChecker { - public static final String SUPER_USER = CommonDescriptor.getInstance().getConfig().getAdminName(); + public static String SUPER_USER = CommonDescriptor.getInstance().getConfig().getAdminName(); public static final TSStatus SUCCEED = new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); @@ -102,6 +102,10 @@ public class AuthorityChecker { AuthorityChecker.accessControl = accessControl; } + public static void setSuperUser(String superUser) { + SUPER_USER = superUser; + } + public static IAuthorityFetcher getAuthorityFetcher() { return authorityFetcher.get(); } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/visitor/PipeStatementTSStatusVisitor.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/visitor/PipeStatementTSStatusVisitor.java index 0874857c3f7..8d7a567fce0 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/visitor/PipeStatementTSStatusVisitor.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/visitor/PipeStatementTSStatusVisitor.java @@ -95,7 +95,8 @@ public class PipeStatementTSStatusVisitor extends StatementVisitor<TSStatus, TSS return visitInsertBase(insertMultiTabletsStatement, context); } - private TSStatus visitInsertBase( + @Override + public TSStatus visitInsertBase( final InsertBaseStatement insertBaseStatement, final TSStatus context) { if (context.getCode() == TSStatusCode.SYSTEM_READ_ONLY.getStatusCode() || context.getCode() == TSStatusCode.WRITE_PROCESS_REJECT.getStatusCode()) { diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java index 9f3e0aea186..b389281f7be 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java @@ -22,8 +22,12 @@ package org.apache.iotdb.db.queryengine.plan.relational.security; import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.auth.AuthException; import org.apache.iotdb.commons.auth.entity.PrivilegeType; +import org.apache.iotdb.commons.conf.IoTDBConstant; +import org.apache.iotdb.commons.path.MeasurementPath; +import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.commons.path.PathPatternTreeUtils; import org.apache.iotdb.db.auth.AuthorityChecker; +import org.apache.iotdb.db.queryengine.plan.statement.AuthorType; import org.apache.iotdb.db.queryengine.plan.statement.AuthorityInformationStatement; import org.apache.iotdb.db.queryengine.plan.statement.StatementNode; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; @@ -112,6 +116,11 @@ import org.apache.iotdb.db.queryengine.plan.statement.sys.ShowVersionStatement; import org.apache.iotdb.db.queryengine.plan.statement.sys.TestConnectionStatement; import org.apache.iotdb.rpc.TSStatusCode; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import java.util.stream.Collectors; + public class TreeAccessCheckVisitor extends StatementVisitor<TSStatus, TreeAccessCheckContext> { @Override @@ -123,21 +132,213 @@ public class TreeAccessCheckVisitor extends StatementVisitor<TSStatus, TreeAcces @Override public TSStatus visitActivateTemplate( - ActivateTemplateStatement statement, TreeAccessCheckContext context) {} + ActivateTemplateStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + List<PartialPath> checkedPaths = statement.getPaths(); + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission( + context.userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), + checkedPaths, + PrivilegeType.WRITE_SCHEMA); + } @Override public TSStatus visitAlterLogicalView( - AlterLogicalViewStatement statement, TreeAccessCheckContext context) {} + AlterLogicalViewStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + TSStatus status = new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + List<PartialPath> sourcePathList = statement.getSourcePaths().fullPathList; + if (sourcePathList != null) { + status = + AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission( + context.userName, sourcePathList, PrivilegeType.READ_SCHEMA), + sourcePathList, + PrivilegeType.READ_SCHEMA); + } + QueryStatement queryStatement = statement.getQueryStatement(); + if (queryStatement != null && status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { + sourcePathList = queryStatement.getPaths(); + status = + AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission( + context.userName, sourcePathList, PrivilegeType.READ_SCHEMA), + sourcePathList, + PrivilegeType.READ_SCHEMA); + } + + if (status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission( + context.userName, statement.getTargetPathList(), PrivilegeType.WRITE_SCHEMA), + statement.getTargetPathList(), + PrivilegeType.WRITE_SCHEMA); + } + return status; + } @Override - public TSStatus visitAlterPipe(AlterPipeStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitAlterPipe(AlterPipeStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_PIPE), + PrivilegeType.USE_PIPE); + } @Override public TSStatus visitAlterTimeSeries( - AlterTimeSeriesStatement statement, TreeAccessCheckContext context) {} + AlterTimeSeriesStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternPermission( + context.userName, statement.getPath(), PrivilegeType.WRITE_SCHEMA), + PrivilegeType.WRITE_SCHEMA); + } @Override - public TSStatus visitAuthor(AuthorStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitAuthor(AuthorStatement statement, TreeAccessCheckContext context) { + AuthorType authorType = statement.getAuthorType(); + switch (authorType) { + case CREATE_USER: + if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())) { + return AuthorityChecker.getTSStatus( + false, "Cannot create user has same name with admin user"); + } + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.MANAGE_USER), + PrivilegeType.MANAGE_USER); + + case UPDATE_USER: + // users can change passwords of themselves + if (AuthorityChecker.SUPER_USER.equals(context.userName) + || statement.getUserName().equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.MANAGE_USER), + PrivilegeType.MANAGE_USER); + + case DROP_USER: + if (AuthorityChecker.SUPER_USER.equals(statement.getUserName()) + || statement.getUserName().equals(context.userName)) { + return AuthorityChecker.getTSStatus(false, "Cannot drop admin user or yourself"); + } + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.MANAGE_USER), + PrivilegeType.MANAGE_USER); + + case LIST_USER: + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.MANAGE_USER), + PrivilegeType.MANAGE_USER); + + case LIST_USER_PRIVILEGE: + if (AuthorityChecker.SUPER_USER.equals(context.userName) + || context.userName.equals(statement.getUserName())) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.MANAGE_USER), + PrivilegeType.MANAGE_USER); + + case LIST_ROLE_PRIVILEGE: + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + if (!AuthorityChecker.checkRole(context.userName, statement.getRoleName())) { + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.MANAGE_ROLE), + PrivilegeType.MANAGE_ROLE); + } else { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + + case LIST_ROLE: + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + if (statement.getUserName() != null && context.userName.equals(statement.getUserName())) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } else { + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.MANAGE_ROLE), + PrivilegeType.MANAGE_ROLE); + } + + case CREATE_ROLE: + if (AuthorityChecker.SUPER_USER.equals(statement.getRoleName())) { + return AuthorityChecker.getTSStatus( + false, "Cannot create role has same name with admin user"); + } + case DROP_ROLE: + case GRANT_USER_ROLE: + case REVOKE_USER_ROLE: + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.MANAGE_ROLE), + PrivilegeType.MANAGE_ROLE); + + case REVOKE_USER: + case GRANT_USER: + case GRANT_ROLE: + case REVOKE_ROLE: + if (AuthorityChecker.SUPER_USER.equals(statement.getUserName())) { + return AuthorityChecker.getTSStatus( + false, "Cannot grant/revoke privileges of admin user"); + } + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + + for (String s : statement.getPrivilegeList()) { + PrivilegeType privilegeType = PrivilegeType.valueOf(s.toUpperCase()); + if (privilegeType.isSystemPrivilege()) { + if (!AuthorityChecker.checkSystemPermissionGrantOption( + context.userName, privilegeType)) { + return AuthorityChecker.getTSStatus( + false, + "Has no permission to execute " + + authorType + + ", please ensure you have these privileges and the grant option is TRUE when granted)"); + } + } else if (privilegeType.isPathPrivilege()) { + if (!AuthorityChecker.checkPathPermissionGrantOption( + context.userName, privilegeType, statement.getNodeNameList())) { + return AuthorityChecker.getTSStatus( + false, + "Has no permission to execute " + + authorType + + ", please ensure you have these privileges and the grant option is TRUE when granted)"); + } + } else { + return AuthorityChecker.getTSStatus( + false, "Not support Relation statement in tree sql_dialect"); + } + } + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + default: + throw new IllegalArgumentException("Unknown authorType: " + authorType); + } + } @Override public TSStatus visitAuthorityInformation( @@ -155,7 +356,17 @@ public class TreeAccessCheckVisitor extends StatementVisitor<TSStatus, TreeAcces @Override public TSStatus visitBatchActivateTemplate( - BatchActivateTemplateStatement statement, TreeAccessCheckContext context) {} + BatchActivateTemplateStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + List<PartialPath> checkedPaths = statement.getPaths(); + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission( + context.userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), + checkedPaths, + PrivilegeType.WRITE_SCHEMA); + } @Override public TSStatus visitCountDevices( @@ -203,132 +414,361 @@ public class TreeAccessCheckVisitor extends StatementVisitor<TSStatus, TreeAcces @Override public TSStatus visitCountTimeSlotList( - CountTimeSlotListStatement statement, TreeAccessCheckContext context) {} + CountTimeSlotListStatement statement, TreeAccessCheckContext context) { + return AuthorityChecker.checkSuperUserOrMaintain(context.userName); + } @Override - public TSStatus visitCreateAlignedTimeSeries( - CreateAlignedTimeSeriesStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitCreateAlignedTimeseries( + CreateAlignedTimeSeriesStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + List<PartialPath> checkedPaths = statement.getPaths(); + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission( + context.userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), + checkedPaths, + PrivilegeType.WRITE_SCHEMA); + } @Override public TSStatus visitCreateContinuousQuery( - CreateContinuousQueryStatement statement, TreeAccessCheckContext context) {} + CreateContinuousQueryStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_CQ), + PrivilegeType.USE_CQ); + } @Override public TSStatus visitCreateFunction( - CreateFunctionStatement statement, TreeAccessCheckContext context) {} + CreateFunctionStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_UDF), + PrivilegeType.USE_UDF); + } @Override public TSStatus visitCreateLogicalView( - CreateLogicalViewStatement statement, TreeAccessCheckContext context) {} + CreateLogicalViewStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + TSStatus status = new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + List<PartialPath> sourcePathList = statement.getSourcePaths().fullPathList; + if (sourcePathList != null) { + status = + AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission( + context.userName, sourcePathList, PrivilegeType.READ_SCHEMA), + sourcePathList, + PrivilegeType.READ_SCHEMA); + } + QueryStatement queryStatement = statement.getQueryStatement(); + if (queryStatement != null && status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { + sourcePathList = queryStatement.getPaths(); + status = + AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission( + context.userName, sourcePathList, PrivilegeType.READ_SCHEMA), + sourcePathList, + PrivilegeType.READ_SCHEMA); + } + + final List<PartialPath> paths = + Objects.nonNull(statement.getTargetPathList()) + ? statement.getTargetPathList() + : Collections.singletonList( + statement + .getBatchGenerationItem() + .getIntoDevice() + .concatNode(IoTDBConstant.ONE_LEVEL_PATH_WILDCARD)); + if (status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission( + context.userName, paths, PrivilegeType.WRITE_SCHEMA), + paths, + PrivilegeType.WRITE_SCHEMA); + } + return status; + } @Override - public TSStatus visitCreateModel( - CreateModelStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitCreateModel(CreateModelStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_MODEL), + PrivilegeType.USE_MODEL); + } @Override public TSStatus visitCreateMultiTimeSeries( - CreateMultiTimeSeriesStatement statement, TreeAccessCheckContext context) {} + CreateMultiTimeSeriesStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + List<MeasurementPath> checkedPaths = statement.getPaths(); + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission( + context.userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), + checkedPaths, + PrivilegeType.WRITE_SCHEMA); + } @Override public TSStatus visitCreatePipePlugin( - CreatePipePluginStatement statement, TreeAccessCheckContext context) {} + CreatePipePluginStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_PIPE), + PrivilegeType.USE_PIPE); + } @Override - public TSStatus visitCreatePipe(CreatePipeStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitCreatePipe(CreatePipeStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_PIPE), + PrivilegeType.USE_PIPE); + } @Override - public TSStatus visitCreateTimeSeries( - CreateTimeSeriesStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitCreateTimeseries( + CreateTimeSeriesStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternPermission( + context.userName, statement.getPath(), PrivilegeType.WRITE_SCHEMA), + PrivilegeType.WRITE_SCHEMA); + } @Override - public TSStatus visitCreateTopic( - CreateTopicStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitCreateTopic(CreateTopicStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_PIPE), + PrivilegeType.USE_PIPE); + } @Override public TSStatus visitCreateTrigger( - CreateTriggerStatement statement, TreeAccessCheckContext context) {} + CreateTriggerStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_TRIGGER), + PrivilegeType.USE_TRIGGER); + } @Override - public TSStatus visitDatabaseSchema( - DatabaseSchemaStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitSetDatabase( + DatabaseSchemaStatement statement, TreeAccessCheckContext context) { + return checkCreateOrAlterDatabasePermission(context.userName); + } + + @Override + public TSStatus visitAlterDatabase( + DatabaseSchemaStatement databaseSchemaStatement, TreeAccessCheckContext context) { + return checkCreateOrAlterDatabasePermission(context.userName); + } + + private TSStatus checkCreateOrAlterDatabasePermission(String userName) { + if (AuthorityChecker.SUPER_USER.equals(userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(userName, PrivilegeType.MANAGE_DATABASE), + PrivilegeType.MANAGE_DATABASE); + } @Override public TSStatus visitDeactivateTemplate( - DeactivateTemplateStatement statement, TreeAccessCheckContext context) {} + DeactivateTemplateStatement statement, TreeAccessCheckContext context) { + return checkTimeSeriesPermission( + context.userName, statement.getPaths(), PrivilegeType.WRITE_SCHEMA); + } @Override - public TSStatus visitDeleteData(DeleteDataStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitDeleteData(DeleteDataStatement statement, TreeAccessCheckContext context) { + return checkTimeSeriesPermission( + context.userName, statement.getPaths(), PrivilegeType.WRITE_DATA); + } @Override - public TSStatus visitDeleteDatabase( - DeleteDatabaseStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitDeleteStorageGroup( + DeleteDatabaseStatement statement, TreeAccessCheckContext context) { + return checkCreateOrAlterDatabasePermission(context.userName); + } @Override public TSStatus visitDeleteLogicalView( - DeleteLogicalViewStatement statement, TreeAccessCheckContext context) {} + DeleteLogicalViewStatement statement, TreeAccessCheckContext context) { + return checkTimeSeriesPermission( + context.userName, statement.getPaths(), PrivilegeType.WRITE_SCHEMA); + } + + private TSStatus checkTimeSeriesPermission( + String userName, List<? extends PartialPath> checkedPaths, PrivilegeType permission) { + if (AuthorityChecker.SUPER_USER.equals(userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission(userName, checkedPaths, permission), + checkedPaths, + permission); + } @Override public TSStatus visitDeleteTimeSeries( - DeleteTimeSeriesStatement statement, TreeAccessCheckContext context) {} + DeleteTimeSeriesStatement statement, TreeAccessCheckContext context) { + return checkTimeSeriesPermission( + context.userName, statement.getPaths(), PrivilegeType.WRITE_SCHEMA); + } @Override public TSStatus visitDropContinuousQuery( - DropContinuousQueryStatement statement, TreeAccessCheckContext context) {} + DropContinuousQueryStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_CQ), + PrivilegeType.USE_CQ); + } @Override public TSStatus visitDropFunction( - DropFunctionStatement statement, TreeAccessCheckContext context) {} + DropFunctionStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_UDF), + PrivilegeType.USE_UDF); + } @Override - public TSStatus visitDropModel(DropModelStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitDropModel(DropModelStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_MODEL), + PrivilegeType.USE_MODEL); + } @Override public TSStatus visitDropPipePlugin( - DropPipePluginStatement statement, TreeAccessCheckContext context) {} + DropPipePluginStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_PIPE), + PrivilegeType.USE_PIPE); + } @Override - public TSStatus visitDropPipe(DropPipeStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitDropPipe(DropPipeStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_PIPE), + PrivilegeType.USE_PIPE); + } @Override public TSStatus visitDropSubscription( - DropSubscriptionStatement statement, TreeAccessCheckContext context) {} + DropSubscriptionStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_PIPE), + PrivilegeType.USE_PIPE); + } @Override - public TSStatus visitDropTopic(DropTopicStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitDropTopic(DropTopicStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_PIPE), + PrivilegeType.USE_PIPE); + } @Override - public TSStatus visitDropTrigger( - DropTriggerStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitDropTrigger(DropTriggerStatement statement, TreeAccessCheckContext context) { + if (AuthorityChecker.SUPER_USER.equals(context.userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkSystemPermission(context.userName, PrivilegeType.USE_TRIGGER), + PrivilegeType.USE_TRIGGER); + } @Override public TSStatus visitExplainAnalyze( ExplainAnalyzeStatement statement, TreeAccessCheckContext context) { - statement.getQueryStatement().accept(this, context); + return statement.getQueryStatement().accept(this, context); } @Override public TSStatus visitExtendRegion( - ExtendRegionStatement statement, TreeAccessCheckContext context) {} + ExtendRegionStatement statement, TreeAccessCheckContext context) { + return AuthorityChecker.checkSuperUserOrMaintain(context.userName); + } @Override - public TSStatus visitGetRegionId( - GetRegionIdStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitGetRegionId(GetRegionIdStatement statement, TreeAccessCheckContext context) { + return AuthorityChecker.checkSuperUserOrMaintain(context.userName); + } @Override public TSStatus visitGetSeriesSlotList( - GetSeriesSlotListStatement statement, TreeAccessCheckContext context) {} + GetSeriesSlotListStatement statement, TreeAccessCheckContext context) { + return AuthorityChecker.checkSuperUserOrMaintain(context.userName); + } @Override public TSStatus visitGetTimeSlotList( - GetTimeSlotListStatement statement, TreeAccessCheckContext context) {} + GetTimeSlotListStatement statement, TreeAccessCheckContext context) { + return AuthorityChecker.checkSuperUserOrMaintain(context.userName); + } @Override - public TSStatus visitInsertBase(InsertBaseStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitInsertBase(InsertBaseStatement statement, TreeAccessCheckContext context) { + return checkTimeSeriesPermission( + context.userName, + statement.getPaths().stream().distinct().collect(Collectors.toList()), + PrivilegeType.WRITE_DATA); + } @Override - public TSStatus visitInsert(InsertStatement statement, TreeAccessCheckContext context) {} + public TSStatus visitInsert(InsertStatement statement, TreeAccessCheckContext context) { + return checkTimeSeriesPermission( + context.userName, statement.getPaths(), PrivilegeType.WRITE_DATA); + } - // -------- sww ----- @Override public TSStatus visitInternalBatchActivateTemplate( InternalBatchActivateTemplateStatement statement, TreeAccessCheckContext context) {} diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java index d5793d5d657..df33dc16cf7 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java @@ -18,13 +18,8 @@ */ package org.apache.iotdb.db.queryengine.plan.statement; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PathPatternTree; import org.apache.iotdb.commons.schema.SchemaConstant; -import org.apache.iotdb.db.auth.AuthorityChecker; -import org.apache.iotdb.rpc.TSStatusCode; public abstract class AuthorityInformationStatement extends Statement { protected PathPatternTree authorityScope = SchemaConstant.ALL_MATCH_SCOPE; @@ -33,19 +28,6 @@ public abstract class AuthorityInformationStatement extends Statement { return authorityScope; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - try { - if (!AuthorityChecker.SUPER_USER.equals(userName)) { - this.authorityScope = - AuthorityChecker.getAuthorizedPathTree(userName, PrivilegeType.READ_SCHEMA); - } - } catch (AuthException e) { - return new TSStatus(e.getCode().getStatusCode()); - } - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitAuthorityInformation(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/Statement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/Statement.java index 8dc08d88b73..62d73c56c4c 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/Statement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/Statement.java @@ -19,9 +19,7 @@ package org.apache.iotdb.db.queryengine.plan.statement; -import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.common.MPPQueryContext; import org.apache.iotdb.db.queryengine.plan.parser.ASTVisitor; diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/StatementVisitor.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/StatementVisitor.java index 8558150dbe3..3bafdf8bfe0 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/StatementVisitor.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/StatementVisitor.java @@ -20,6 +20,7 @@ package org.apache.iotdb.db.queryengine.plan.statement; import org.apache.iotdb.db.queryengine.plan.statement.crud.DeleteDataStatement; +import org.apache.iotdb.db.queryengine.plan.statement.crud.InsertBaseStatement; import org.apache.iotdb.db.queryengine.plan.statement.crud.InsertMultiTabletsStatement; import org.apache.iotdb.db.queryengine.plan.statement.crud.InsertRowStatement; import org.apache.iotdb.db.queryengine.plan.statement.crud.InsertRowsOfOneDeviceStatement; @@ -344,8 +345,12 @@ public abstract class StatementVisitor<R, C> { return visitStatement(insertStatement, context); } + public R visitInsertBase(InsertBaseStatement insertStatement, C context) { + return visitStatement(insertStatement, context); + } + public R visitInsertTablet(InsertTabletStatement insertTabletStatement, C context) { - return visitStatement(insertTabletStatement, context); + return visitInsertBase(insertTabletStatement, context); } public R visitLoadFile(LoadTsFileStatement loadTsFileStatement, C context) { @@ -353,21 +358,21 @@ public abstract class StatementVisitor<R, C> { } public R visitInsertRow(InsertRowStatement insertRowStatement, C context) { - return visitStatement(insertRowStatement, context); + return visitInsertBase(insertRowStatement, context); } public R visitInsertRows(InsertRowsStatement insertRowsStatement, C context) { - return visitStatement(insertRowsStatement, context); + return visitInsertBase(insertRowsStatement, context); } public R visitInsertMultiTablets( InsertMultiTabletsStatement insertMultiTabletsStatement, C context) { - return visitStatement(insertMultiTabletsStatement, context); + return visitInsertBase(insertMultiTabletsStatement, context); } public R visitInsertRowsOfOneDevice( InsertRowsOfOneDeviceStatement insertRowsOfOneDeviceStatement, C context) { - return visitStatement(insertRowsOfOneDeviceStatement, context); + return visitInsertBase(insertRowsOfOneDeviceStatement, context); } public R visitPipeEnrichedStatement(PipeEnrichedStatement pipeEnrichedStatement, C context) { diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/DeleteDataStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/DeleteDataStatement.java index c2bc3416a3c..f57a5d7b623 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/DeleteDataStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/DeleteDataStatement.java @@ -19,14 +19,10 @@ package org.apache.iotdb.db.queryengine.plan.statement.crud; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.MeasurementPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import org.apache.tsfile.read.common.TimeRange; @@ -48,19 +44,6 @@ public class DeleteDataStatement extends Statement { return getPathList(); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<MeasurementPath> checkedPaths = getPaths(); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, checkedPaths, PrivilegeType.WRITE_DATA), - checkedPaths, - PrivilegeType.WRITE_DATA); - } - public List<MeasurementPath> getPathList() { return pathList; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/InsertBaseStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/InsertBaseStatement.java index 950195c5248..2dc2118cd88 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/InsertBaseStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/InsertBaseStatement.java @@ -19,12 +19,9 @@ package org.apache.iotdb.db.queryengine.plan.statement.crud; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.commons.schema.table.column.TsTableColumnCategory; import org.apache.iotdb.commons.schema.view.LogicalViewSchema; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.conf.IoTDBDescriptor; import org.apache.iotdb.db.exception.metadata.DataTypeMismatchException; import org.apache.iotdb.db.exception.metadata.DuplicateInsertException; @@ -40,7 +37,6 @@ import org.apache.iotdb.db.queryengine.plan.relational.type.InternalTypeManager; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.schemaengine.schemaregion.attribute.update.UpdateDetailContainer; import org.apache.iotdb.db.utils.CommonUtils; -import org.apache.iotdb.rpc.TSStatusCode; import org.apache.tsfile.annotations.TableModel; import org.apache.tsfile.enums.TSDataType; @@ -193,19 +189,6 @@ public abstract class InsertBaseStatement extends Statement implements Accountab return Collections.emptyList(); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<PartialPath> checkedPaths = getPaths().stream().distinct().collect(Collectors.toList()); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, checkedPaths, PrivilegeType.WRITE_DATA), - checkedPaths, - PrivilegeType.WRITE_DATA); - } - public abstract ISchemaValidation getSchemaValidation(); public abstract List<ISchemaValidation> getSchemaValidationList(); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/InsertStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/InsertStatement.java index 1019b65dfd8..e4460666af4 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/InsertStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/InsertStatement.java @@ -19,14 +19,10 @@ package org.apache.iotdb.db.queryengine.plan.statement.crud; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.ArrayList; import java.util.List; @@ -57,19 +53,6 @@ public class InsertStatement extends Statement { return ret; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<PartialPath> checkedPaths = getPaths(); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, checkedPaths, PrivilegeType.WRITE_DATA), - checkedPaths, - PrivilegeType.WRITE_DATA); - } - public PartialPath getDevice() { return device; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterTimeSeriesStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterTimeSeriesStatement.java index f3e96cc09ce..5913fb9c2fd 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterTimeSeriesStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterTimeSeriesStatement.java @@ -19,15 +19,11 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.MeasurementPath; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -134,17 +130,6 @@ public class AlterTimeSeriesStatement extends Statement { return isAlterView; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternPermission( - userName, path, PrivilegeType.WRITE_SCHEMA), - PrivilegeType.WRITE_SCHEMA); - } - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitAlterTimeSeries(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountDevicesStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountDevicesStatement.java index c8652926b74..06d32f7c9b5 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountDevicesStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountDevicesStatement.java @@ -19,7 +19,6 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; import org.apache.iotdb.db.queryengine.plan.statement.component.WhereCondition; @@ -44,9 +43,6 @@ public class CountDevicesStatement extends CountStatement { return timeCondition != null; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) {} - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitCountDevices(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSeriesStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSeriesStatement.java index a7a7afe3b13..c7c259030a9 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSeriesStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSeriesStatement.java @@ -19,7 +19,6 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.commons.schema.filter.SchemaFilter; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; @@ -55,9 +54,6 @@ public class CountTimeSeriesStatement extends CountStatement { return timeCondition; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) {} - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitCountTimeSeries(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSlotListStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSlotListStatement.java index 40110bdf2a5..1d93c663d7a 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSlotListStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSlotListStatement.java @@ -19,10 +19,8 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; @@ -116,9 +114,4 @@ public class CountTimeSlotListStatement extends Statement implements IConfigStat return new ArrayList<>(); } } - - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - return AuthorityChecker.checkSuperUserOrMaintain(userName); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateAlignedTimeSeriesStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateAlignedTimeSeriesStatement.java index 600b87c19fe..576b198401a 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateAlignedTimeSeriesStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateAlignedTimeSeriesStatement.java @@ -19,14 +19,10 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import org.apache.tsfile.enums.TSDataType; import org.apache.tsfile.file.metadata.enums.CompressionType; @@ -70,19 +66,6 @@ public class CreateAlignedTimeSeriesStatement extends Statement { return paths; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<PartialPath> checkedPaths = getPaths(); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), - checkedPaths, - PrivilegeType.WRITE_SCHEMA); - } - public PartialPath getDevicePath() { return devicePath; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateContinuousQueryStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateContinuousQueryStatement.java index fb8ba32b7b5..92cd2e05722 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateContinuousQueryStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateContinuousQueryStatement.java @@ -19,11 +19,8 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.cq.TimeoutPolicy; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.conf.IoTDBDescriptor; import org.apache.iotdb.db.exception.sql.SemanticException; import org.apache.iotdb.db.queryengine.plan.analyze.PredicateUtils; @@ -34,7 +31,6 @@ import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; import org.apache.iotdb.db.queryengine.plan.statement.component.GroupByTimeComponent; import org.apache.iotdb.db.queryengine.plan.statement.crud.QueryStatement; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -167,16 +163,6 @@ public class CreateContinuousQueryStatement extends Statement implements IConfig return Collections.emptyList(); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_CQ), - PrivilegeType.USE_CQ); - } - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitCreateContinuousQuery(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateFunctionStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateFunctionStatement.java index 4859a6c596e..baa7a4a295b 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateFunctionStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateFunctionStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -74,14 +70,4 @@ public class CreateFunctionStatement extends Statement implements IConfigStateme public List<PartialPath> getPaths() { return Collections.emptyList(); } - - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_UDF), - PrivilegeType.USE_UDF); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateMultiTimeSeriesStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateMultiTimeSeriesStatement.java index 3a4e4c7b7b8..c380e7956a6 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateMultiTimeSeriesStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateMultiTimeSeriesStatement.java @@ -19,14 +19,10 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.MeasurementPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import org.apache.tsfile.enums.TSDataType; import org.apache.tsfile.file.metadata.enums.CompressionType; @@ -58,19 +54,6 @@ public class CreateMultiTimeSeriesStatement extends Statement { return paths; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<MeasurementPath> checkedPaths = getPaths(); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), - checkedPaths, - PrivilegeType.WRITE_SCHEMA); - } - public void setPaths(List<MeasurementPath> paths) { this.paths = paths; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateTimeSeriesStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateTimeSeriesStatement.java index bd9b602fd97..b053bd97c02 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateTimeSeriesStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateTimeSeriesStatement.java @@ -19,15 +19,11 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.MeasurementPath; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import org.apache.tsfile.enums.TSDataType; import org.apache.tsfile.file.metadata.enums.CompressionType; @@ -67,17 +63,6 @@ public class CreateTimeSeriesStatement extends Statement { return Collections.singletonList(path); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternPermission( - userName, path, PrivilegeType.WRITE_SCHEMA), - PrivilegeType.WRITE_SCHEMA); - } - public MeasurementPath getPath() { return path; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateTriggerStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateTriggerStatement.java index cf35785af48..2a1affe577e 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateTriggerStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateTriggerStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import org.apache.iotdb.trigger.api.enums.TriggerEvent; import org.apache.iotdb.trigger.api.enums.TriggerType; @@ -121,14 +117,4 @@ public class CreateTriggerStatement extends Statement implements IConfigStatemen public List<PartialPath> getPaths() { return Collections.singletonList(pathPattern); } - - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_TRIGGER), - PrivilegeType.USE_TRIGGER); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DatabaseSchemaStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DatabaseSchemaStatement.java index 3efd42e5758..53ff33e2437 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DatabaseSchemaStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DatabaseSchemaStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -143,16 +139,6 @@ public class DatabaseSchemaStatement extends Statement implements IConfigStateme return databasePath != null ? Collections.singletonList(databasePath) : Collections.emptyList(); } - @Override - public TSStatus checkPermissionBeforeProcess(final String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.MANAGE_DATABASE), - PrivilegeType.MANAGE_DATABASE); - } - @Override public String toString() { return "SetStorageGroupStatement{" diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DeleteDatabaseStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DeleteDatabaseStatement.java index 33786815e16..9861331974b 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DeleteDatabaseStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DeleteDatabaseStatement.java @@ -19,17 +19,13 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -61,16 +57,6 @@ public class DeleteDatabaseStatement extends Statement implements IConfigStateme return paths; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.MANAGE_DATABASE), - PrivilegeType.MANAGE_DATABASE); - } - public List<String> getPrefixPath() { return prefixPathList; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DeleteTimeSeriesStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DeleteTimeSeriesStatement.java index 1c5e38be438..f8428d4e026 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DeleteTimeSeriesStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DeleteTimeSeriesStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.List; @@ -51,19 +47,6 @@ public class DeleteTimeSeriesStatement extends Statement implements IConfigState return pathPatternList; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<PartialPath> checkedPaths = getPaths(); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), - checkedPaths, - PrivilegeType.WRITE_SCHEMA); - } - public List<PartialPath> getPathPatternList() { return pathPatternList; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropContinuousQueryStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropContinuousQueryStatement.java index 695e489ddc9..12932d8a8d0 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropContinuousQueryStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropContinuousQueryStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -61,14 +57,4 @@ public class DropContinuousQueryStatement extends Statement implements IConfigSt public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitDropContinuousQuery(this, context); } - - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_CQ), - PrivilegeType.USE_CQ); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropFunctionStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropFunctionStatement.java index ec777e44d49..14a7d8b6868 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropFunctionStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropFunctionStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -61,14 +57,4 @@ public class DropFunctionStatement extends Statement implements IConfigStatement public List<PartialPath> getPaths() { return Collections.emptyList(); } - - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_UDF), - PrivilegeType.USE_UDF); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropTriggerStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropTriggerStatement.java index 3b3cb648391..96a07a11635 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropTriggerStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropTriggerStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -60,14 +56,4 @@ public class DropTriggerStatement extends Statement implements IConfigStatement public List<PartialPath> getPaths() { return Collections.emptyList(); } - - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_TRIGGER), - PrivilegeType.USE_TRIGGER); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetRegionIdStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetRegionIdStatement.java index 280e658d54a..c7ba3784194 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetRegionIdStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetRegionIdStatement.java @@ -20,10 +20,8 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; import org.apache.iotdb.common.rpc.thrift.TConsensusGroupType; -import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; @@ -121,9 +119,4 @@ public class GetRegionIdStatement extends Statement implements IConfigStatement return new ArrayList<>(); } } - - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - return AuthorityChecker.checkSuperUserOrMaintain(userName); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetSeriesSlotListStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetSeriesSlotListStatement.java index 1c402f470e0..0cd67e6418a 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetSeriesSlotListStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetSeriesSlotListStatement.java @@ -20,10 +20,8 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; import org.apache.iotdb.common.rpc.thrift.TConsensusGroupType; -import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; @@ -77,9 +75,4 @@ public class GetSeriesSlotListStatement extends Statement implements IConfigStat return new ArrayList<>(); } } - - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - return AuthorityChecker.checkSuperUserOrMaintain(userName); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetTimeSlotListStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetTimeSlotListStatement.java index 48da0c633a5..39d279c0ee6 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetTimeSlotListStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/GetTimeSlotListStatement.java @@ -19,10 +19,8 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; -import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; @@ -125,9 +123,4 @@ public class GetTimeSlotListStatement extends Statement implements IConfigStatem return new ArrayList<>(); } } - - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - return AuthorityChecker.checkSuperUserOrMaintain(userName); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/CreateModelStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/CreateModelStatement.java index c99462bc3d1..2300af074a4 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/CreateModelStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/CreateModelStatement.java @@ -19,15 +19,11 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.model; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -68,16 +64,6 @@ public class CreateModelStatement extends Statement implements IConfigStatement return QueryType.WRITE; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_MODEL), - PrivilegeType.USE_MODEL); - } - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitCreateModel(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/DropModelStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/DropModelStatement.java index 1273cde4fac..34ba98207e4 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/DropModelStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/model/DropModelStatement.java @@ -19,15 +19,11 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.model; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -54,16 +50,6 @@ public class DropModelStatement extends Statement implements IConfigStatement { return QueryType.WRITE; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_MODEL), - PrivilegeType.USE_MODEL); - } - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitDropModel(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/AlterPipeStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/AlterPipeStatement.java index 603303b49ae..122139f3d4e 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/AlterPipeStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/AlterPipeStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -141,16 +137,6 @@ public class AlterPipeStatement extends Statement implements IConfigStatement { return Collections.emptyList(); } - @Override - public TSStatus checkPermissionBeforeProcess(final String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_PIPE), - PrivilegeType.USE_PIPE); - } - @Override public <R, C> R accept(final StatementVisitor<R, C> visitor, final C context) { return visitor.visitAlterPipe(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/CreatePipePluginStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/CreatePipePluginStatement.java index 2787808f3cd..e1b22ea9de7 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/CreatePipePluginStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/CreatePipePluginStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -86,16 +82,6 @@ public class CreatePipePluginStatement extends Statement implements IConfigState return Collections.emptyList(); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_PIPE), - PrivilegeType.USE_PIPE); - } - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitCreatePipePlugin(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/CreatePipeStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/CreatePipeStatement.java index 3430128247f..66c7a85de79 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/CreatePipeStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/CreatePipeStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -96,16 +92,6 @@ public class CreatePipeStatement extends Statement implements IConfigStatement { return Collections.emptyList(); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_PIPE), - PrivilegeType.USE_PIPE); - } - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitCreatePipe(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/DropPipePluginStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/DropPipePluginStatement.java index e40ae63d01d..24b44f85cf6 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/DropPipePluginStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/DropPipePluginStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -82,14 +78,4 @@ public class DropPipePluginStatement extends Statement implements IConfigStateme public <R, C> R accept(final StatementVisitor<R, C> visitor, final C context) { return visitor.visitDropPipePlugin(this, context); } - - @Override - public TSStatus checkPermissionBeforeProcess(final String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_PIPE), - PrivilegeType.USE_PIPE); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/DropPipeStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/DropPipeStatement.java index 82d2f777be6..3099a8d5dd5 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/DropPipeStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/DropPipeStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.pipe; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -77,16 +73,6 @@ public class DropPipeStatement extends Statement implements IConfigStatement { return Collections.emptyList(); } - @Override - public TSStatus checkPermissionBeforeProcess(final String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_PIPE), - PrivilegeType.USE_PIPE); - } - @Override public <R, C> R accept(final StatementVisitor<R, C> visitor, final C context) { return visitor.visitDropPipe(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ExtendRegionStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ExtendRegionStatement.java index 591c62c4b6b..353cb119553 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ExtendRegionStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/region/ExtendRegionStatement.java @@ -19,9 +19,7 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.region; -import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; @@ -49,11 +47,6 @@ public class ExtendRegionStatement extends Statement implements IConfigStatement return dataNodeId; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - return AuthorityChecker.checkSuperUserOrMaintain(userName); - } - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitExtendRegion(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/CreateTopicStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/CreateTopicStatement.java index 8f3f237918f..7d1d59c44f4 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/CreateTopicStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/CreateTopicStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.subscription; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -79,16 +75,6 @@ public class CreateTopicStatement extends Statement implements IConfigStatement return Collections.emptyList(); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_PIPE), - PrivilegeType.USE_PIPE); - } - @Override public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitCreateTopic(this, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/DropSubscriptionStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/DropSubscriptionStatement.java index 53ecb6164fa..fb64cfdeb8e 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/DropSubscriptionStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/DropSubscriptionStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.subscription; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -82,14 +78,4 @@ public class DropSubscriptionStatement extends Statement implements IConfigState public <R, C> R accept(StatementVisitor<R, C> visitor, C context) { return visitor.visitDropSubscription(this, context); } - - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_PIPE), - PrivilegeType.USE_PIPE); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/DropTopicStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/DropTopicStatement.java index 3bc5d866bc4..5c7d7d115f6 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/DropTopicStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/subscription/DropTopicStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.subscription; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -82,14 +78,4 @@ public class DropTopicStatement extends Statement implements IConfigStatement { public <R, C> R accept(final StatementVisitor<R, C> visitor, final C context) { return visitor.visitDropTopic(this, context); } - - @Override - public TSStatus checkPermissionBeforeProcess(final String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.USE_PIPE), - PrivilegeType.USE_PIPE); - } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/ActivateTemplateStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/ActivateTemplateStatement.java index 0bf2edfb5ba..e5abc9be3b3 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/ActivateTemplateStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/ActivateTemplateStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.template; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; import org.apache.iotdb.db.schemaengine.template.ClusterTemplateManager; import org.apache.iotdb.db.schemaengine.template.Template; -import org.apache.iotdb.rpc.TSStatusCode; import org.apache.tsfile.utils.Pair; @@ -63,19 +59,6 @@ public class ActivateTemplateStatement extends Statement { .collect(Collectors.toList()); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<PartialPath> checkedPaths = getPaths(); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), - checkedPaths, - PrivilegeType.WRITE_SCHEMA); - } - public PartialPath getPath() { return path; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/BatchActivateTemplateStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/BatchActivateTemplateStatement.java index 85e77c2697f..e518eee0d1e 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/BatchActivateTemplateStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/BatchActivateTemplateStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.template; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; import org.apache.iotdb.db.schemaengine.template.ClusterTemplateManager; import org.apache.iotdb.db.schemaengine.template.Template; -import org.apache.iotdb.rpc.TSStatusCode; import org.apache.tsfile.utils.Pair; @@ -46,19 +42,6 @@ public class BatchActivateTemplateStatement extends Statement { statementType = StatementType.BATCH_ACTIVATE_TEMPLATE; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<PartialPath> checkedPaths = getPaths(); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), - checkedPaths, - PrivilegeType.WRITE_SCHEMA); - } - @Override public List<PartialPath> getPaths() { ClusterTemplateManager clusterTemplateManager = ClusterTemplateManager.getInstance(); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/DeactivateTemplateStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/DeactivateTemplateStatement.java index bdb6375e83c..d6d30db798e 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/DeactivateTemplateStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/DeactivateTemplateStatement.java @@ -19,11 +19,8 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.template; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.exception.IoTDBException; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; @@ -31,7 +28,6 @@ import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; import org.apache.iotdb.db.schemaengine.template.ClusterTemplateManager; import org.apache.iotdb.db.schemaengine.template.Template; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -77,19 +73,6 @@ public class DeactivateTemplateStatement extends Statement implements IConfigSta .collect(Collectors.toList()); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<PartialPath> checkedPaths = getPaths(); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), - checkedPaths, - PrivilegeType.WRITE_SCHEMA); - } - public String getTemplateName() { return templateName == null ? ONE_LEVEL_PATH_WILDCARD : templateName; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/AlterLogicalViewStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/AlterLogicalViewStatement.java index 7d5fbd11b68..73992479c3b 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/AlterLogicalViewStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/AlterLogicalViewStatement.java @@ -19,10 +19,7 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.view; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.expression.Expression; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; @@ -32,7 +29,6 @@ import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; import org.apache.iotdb.db.queryengine.plan.statement.crud.QueryStatement; import org.apache.iotdb.db.schemaengine.schemaregion.view.ViewPathType; import org.apache.iotdb.db.schemaengine.schemaregion.view.ViewPaths; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.List; @@ -60,41 +56,6 @@ public class AlterLogicalViewStatement extends Statement implements IConfigState return this.getTargetPathList(); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - TSStatus status = new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - List<PartialPath> sourcePathList = sourcePaths.fullPathList; - if (sourcePathList != null) { - status = - AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, sourcePathList, PrivilegeType.READ_SCHEMA), - sourcePathList, - PrivilegeType.READ_SCHEMA); - } - if (queryStatement != null && status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { - sourcePathList = queryStatement.getPaths(); - status = - AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, sourcePathList, PrivilegeType.READ_SCHEMA), - sourcePathList, - PrivilegeType.READ_SCHEMA); - } - - if (status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, getTargetPathList(), PrivilegeType.WRITE_SCHEMA), - getTargetPathList(), - PrivilegeType.WRITE_SCHEMA); - } - return status; - } - public ViewPaths getTargetPaths() { return targetPaths; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/CreateLogicalViewStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/CreateLogicalViewStatement.java index 70d5ade4c24..a69f763e1eb 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/CreateLogicalViewStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/CreateLogicalViewStatement.java @@ -19,12 +19,8 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.view; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; -import org.apache.iotdb.commons.conf.IoTDBConstant; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.commons.schema.view.viewExpression.ViewExpression; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.exception.metadata.view.UnsupportedViewException; import org.apache.iotdb.db.exception.sql.SemanticException; import org.apache.iotdb.db.queryengine.plan.analyze.SelectIntoUtils; @@ -38,14 +34,12 @@ import org.apache.iotdb.db.queryengine.plan.statement.component.IntoItem; import org.apache.iotdb.db.queryengine.plan.statement.crud.QueryStatement; import org.apache.iotdb.db.schemaengine.schemaregion.view.ViewPathType; import org.apache.iotdb.db.schemaengine.schemaregion.view.ViewPaths; -import org.apache.iotdb.rpc.TSStatusCode; import org.apache.tsfile.utils.Pair; import java.util.ArrayList; import java.util.Collections; import java.util.List; -import java.util.Objects; /** CREATE LOGICAL VIEW statement. */ public class CreateLogicalViewStatement extends Statement { @@ -76,48 +70,6 @@ public class CreateLogicalViewStatement extends Statement { return this.getTargetPathList(); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - TSStatus status = new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - List<PartialPath> sourcePathList = sourcePaths.fullPathList; - if (sourcePathList != null) { - status = - AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, sourcePathList, PrivilegeType.READ_SCHEMA), - sourcePathList, - PrivilegeType.READ_SCHEMA); - } - if (queryStatement != null && status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { - sourcePathList = queryStatement.getPaths(); - status = - AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, sourcePathList, PrivilegeType.READ_SCHEMA), - sourcePathList, - PrivilegeType.READ_SCHEMA); - } - - final List<PartialPath> paths = - Objects.nonNull(getTargetPathList()) - ? getTargetPathList() - : Collections.singletonList( - batchGenerationItem - .getIntoDevice() - .concatNode(IoTDBConstant.ONE_LEVEL_PATH_WILDCARD)); - if (status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, paths, PrivilegeType.WRITE_SCHEMA), - paths, - PrivilegeType.WRITE_SCHEMA); - } - return status; - } - public ViewPaths getTargetPaths() { return targetPaths; } @@ -239,6 +191,10 @@ public class CreateLogicalViewStatement extends Statement { } } + public IntoItem getBatchGenerationItem() { + return batchGenerationItem; + } + // endregion // region Interfaces for checking diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/DeleteLogicalViewStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/DeleteLogicalViewStatement.java index 38e67b6e868..f09ab0829f2 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/DeleteLogicalViewStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/DeleteLogicalViewStatement.java @@ -19,16 +19,12 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata.view; -import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.List; @@ -50,19 +46,6 @@ public class DeleteLogicalViewStatement extends Statement implements IConfigStat return pathPatternList; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<PartialPath> checkedPaths = getPaths(); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), - checkedPaths, - PrivilegeType.WRITE_SCHEMA); - } - public List<PartialPath> getPathPatternList() { return pathPatternList; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java index 1cc2b3d499c..ae775d8ebeb 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java @@ -20,10 +20,8 @@ package org.apache.iotdb.db.queryengine.plan.statement.sys; import org.apache.iotdb.common.rpc.thrift.TSStatus; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.commons.utils.CommonDateTimeUtils; -import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.AuthorType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; @@ -33,7 +31,6 @@ import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; import org.apache.iotdb.db.utils.DataNodeAuthUtils; import org.apache.iotdb.rpc.RpcUtils; import org.apache.iotdb.rpc.StatementExecutionException; -import org.apache.iotdb.rpc.TSStatusCode; import java.util.Collections; import java.util.List; @@ -218,138 +215,6 @@ public class AuthorStatement extends Statement implements IConfigStatement { return nodeNameList != null ? nodeNameList : Collections.emptyList(); } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) { - switch (authorType) { - case CREATE_USER: - if (AuthorityChecker.SUPER_USER.equals(this.userName)) { - return AuthorityChecker.getTSStatus( - false, "Cannot create user has same name with admin user"); - } - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.MANAGE_USER), - PrivilegeType.MANAGE_USER); - - case UPDATE_USER: - // users can change passwords of themselves - if (AuthorityChecker.SUPER_USER.equals(userName) || this.userName.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.MANAGE_USER), - PrivilegeType.MANAGE_USER); - - case DROP_USER: - if (AuthorityChecker.SUPER_USER.equals(this.userName) || this.userName.equals(userName)) { - return AuthorityChecker.getTSStatus(false, "Cannot drop admin user or yourself"); - } - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.MANAGE_USER), - PrivilegeType.MANAGE_USER); - - case LIST_USER: - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.MANAGE_USER), - PrivilegeType.MANAGE_USER); - - case LIST_USER_PRIVILEGE: - if (AuthorityChecker.SUPER_USER.equals(userName) || userName.equals(this.userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.MANAGE_USER), - PrivilegeType.MANAGE_USER); - - case LIST_ROLE_PRIVILEGE: - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - if (!AuthorityChecker.checkRole(userName, roleName)) { - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.MANAGE_ROLE), - PrivilegeType.MANAGE_ROLE); - } else { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - - case LIST_ROLE: - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - if (this.userName != null && userName.equals(this.userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } else { - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.MANAGE_ROLE), - PrivilegeType.MANAGE_ROLE); - } - - case CREATE_ROLE: - if (AuthorityChecker.SUPER_USER.equals(this.roleName)) { - return AuthorityChecker.getTSStatus( - false, "Cannot create role has same name with admin user"); - } - case DROP_ROLE: - case GRANT_USER_ROLE: - case REVOKE_USER_ROLE: - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkSystemPermission(userName, PrivilegeType.MANAGE_ROLE), - PrivilegeType.MANAGE_ROLE); - - case REVOKE_USER: - case GRANT_USER: - case GRANT_ROLE: - case REVOKE_ROLE: - if (AuthorityChecker.SUPER_USER.equals(this.userName)) { - return AuthorityChecker.getTSStatus( - false, "Cannot grant/revoke privileges of admin user"); - } - if (AuthorityChecker.SUPER_USER.equals(userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - - for (String s : privilegeList) { - PrivilegeType privilegeType = PrivilegeType.valueOf(s.toUpperCase()); - if (privilegeType.isSystemPrivilege()) { - if (!AuthorityChecker.checkSystemPermissionGrantOption(userName, privilegeType)) { - return AuthorityChecker.getTSStatus( - false, - "Has no permission to execute " - + authorType - + ", please ensure you have these privileges and the grant option is TRUE when granted)"); - } - } else if (privilegeType.isPathPrivilege()) { - if (!AuthorityChecker.checkPathPermissionGrantOption( - userName, privilegeType, nodeNameList)) { - return AuthorityChecker.getTSStatus( - false, - "Has no permission to execute " - + authorType - + ", please ensure you have these privileges and the grant option is TRUE when granted)"); - } - } else { - return AuthorityChecker.getTSStatus( - false, "Not support Relation statement in tree sql_dialect"); - } - } - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - default: - throw new IllegalArgumentException("Unknown authorType: " + authorType); - } - } - /** * Post-process when the statement is successfully executed. * diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ExplainAnalyzeStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ExplainAnalyzeStatement.java index e7874c4e3e2..352ec1c4041 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ExplainAnalyzeStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ExplainAnalyzeStatement.java @@ -19,7 +19,6 @@ package org.apache.iotdb.db.queryengine.plan.statement.sys; -import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; @@ -39,9 +38,6 @@ public class ExplainAnalyzeStatement extends Statement { this.queryStatement = queryStatement; } - @Override - public TSStatus checkPermissionBeforeProcess(String userName) {} - public QueryStatement getQueryStatement() { return queryStatement; } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/storageengine/load/converter/LoadConvertedInsertTabletStatementTSStatusVisitor.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/storageengine/load/converter/LoadConvertedInsertTabletStatementTSStatusVisitor.java index a4b1c0385ed..a94c050e7ac 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/storageengine/load/converter/LoadConvertedInsertTabletStatementTSStatusVisitor.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/storageengine/load/converter/LoadConvertedInsertTabletStatementTSStatusVisitor.java @@ -52,7 +52,8 @@ public class LoadConvertedInsertTabletStatementTSStatusVisitor return visitInsertBase(insertMultiTabletsStatement, context); } - private TSStatus visitInsertBase( + @Override + public TSStatus visitInsertBase( final InsertBaseStatement insertBaseStatement, final TSStatus context) { if (context.getCode() == TSStatusCode.SYSTEM_READ_ONLY.getStatusCode() || context.getCode() == TSStatusCode.WRITE_PROCESS_REJECT.getStatusCode()) {
