This is an automated email from the ASF dual-hosted git repository.
jackietien pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 13afc0348e1 Add IAuthorPlanExecutor
13afc0348e1 is described below
commit 13afc0348e199a6b81c76a1697a3093a1adc3217
Author: shuwenwei <[email protected]>
AuthorDate: Mon Sep 22 19:54:31 2025 +0800
Add IAuthorPlanExecutor
---
.../iotdb/confignode/manager/ConfigManager.java | 6 +-
.../confignode/manager/PermissionManager.java | 4 +-
.../confignode/persistence/auth/AuthorInfo.java | 164 ++++++++++++++++
.../AuthorPlanExecutor.java} | 209 ++++++++-------------
.../persistence/auth/IAuthorPlanExecutor.java | 62 ++++++
.../persistence/executor/ConfigPlanExecutor.java | 2 +-
.../confignode/persistence/AuthorInfoTest.java | 3 +-
.../persistence/CNPhysicalPlanGeneratorTest.java | 3 +-
.../org/apache/iotdb/db/auth/AuthorityChecker.java | 7 +-
9 files changed, 320 insertions(+), 140 deletions(-)
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/ConfigManager.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/ConfigManager.java
index cc5a1198d32..60883d6dd94 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/ConfigManager.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/ConfigManager.java
@@ -123,13 +123,13 @@ import
org.apache.iotdb.confignode.manager.pipe.coordinator.PipeManager;
import org.apache.iotdb.confignode.manager.schema.ClusterSchemaManager;
import org.apache.iotdb.confignode.manager.schema.ClusterSchemaQuotaStatistics;
import org.apache.iotdb.confignode.manager.subscription.SubscriptionManager;
-import org.apache.iotdb.confignode.persistence.AuthorInfo;
import org.apache.iotdb.confignode.persistence.ClusterInfo;
import org.apache.iotdb.confignode.persistence.ModelInfo;
import org.apache.iotdb.confignode.persistence.ProcedureInfo;
import org.apache.iotdb.confignode.persistence.TTLInfo;
import org.apache.iotdb.confignode.persistence.TriggerInfo;
import org.apache.iotdb.confignode.persistence.UDFInfo;
+import org.apache.iotdb.confignode.persistence.auth.AuthorInfo;
import org.apache.iotdb.confignode.persistence.cq.CQInfo;
import org.apache.iotdb.confignode.persistence.executor.ConfigPlanExecutor;
import org.apache.iotdb.confignode.persistence.node.NodeInfo;
@@ -368,7 +368,7 @@ public class ConfigManager implements IManager {
NodeInfo nodeInfo = new NodeInfo();
ClusterSchemaInfo clusterSchemaInfo = new ClusterSchemaInfo();
PartitionInfo partitionInfo = new PartitionInfo();
- AuthorInfo authorInfo = new AuthorInfo(this);
+ AuthorInfo authorInfo = new AuthorInfo();
ProcedureInfo procedureInfo = new ProcedureInfo(this);
UDFInfo udfInfo = new UDFInfo();
TriggerInfo triggerInfo = new TriggerInfo();
@@ -1356,7 +1356,7 @@ public class ConfigManager implements IManager {
TSStatus status = confirmLeader();
if (status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
try {
- return permissionManager.fetchAuthizedPTree(username, permission);
+ return permissionManager.fetchAuthorizedPTree(username, permission);
} catch (AuthException e) {
TAuthizedPatternTreeResp resp = new TAuthizedPatternTreeResp();
status.setCode(e.getCode().getStatusCode()).setMessage(e.getMessage());
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/PermissionManager.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/PermissionManager.java
index 605e5785e9e..1ef0bcf04f0 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/PermissionManager.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/PermissionManager.java
@@ -28,7 +28,7 @@ import
org.apache.iotdb.confignode.consensus.request.write.auth.AuthorPlan;
import
org.apache.iotdb.confignode.consensus.request.write.pipe.payload.PipeEnrichedPlan;
import org.apache.iotdb.confignode.consensus.response.auth.PermissionInfoResp;
import org.apache.iotdb.confignode.manager.consensus.ConsensusManager;
-import org.apache.iotdb.confignode.persistence.AuthorInfo;
+import org.apache.iotdb.confignode.persistence.auth.AuthorInfo;
import org.apache.iotdb.confignode.rpc.thrift.TAuthizedPatternTreeResp;
import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
import org.apache.iotdb.consensus.exception.ConsensusException;
@@ -122,7 +122,7 @@ public class PermissionManager {
return authorInfo.checkUserPrivileges(username, union);
}
- public TAuthizedPatternTreeResp fetchAuthizedPTree(String username, int
permission)
+ public TAuthizedPatternTreeResp fetchAuthorizedPTree(String username, int
permission)
throws AuthException {
return authorInfo.generateAuthorizedPTree(username, permission);
}
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorInfo.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorInfo.java
new file mode 100644
index 00000000000..e499887f195
--- /dev/null
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorInfo.java
@@ -0,0 +1,164 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.iotdb.confignode.persistence.auth;
+
+import org.apache.iotdb.common.rpc.thrift.TSStatus;
+import org.apache.iotdb.commons.auth.AuthException;
+import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
+import org.apache.iotdb.commons.auth.authorizer.IAuthorizer;
+import org.apache.iotdb.commons.auth.entity.ModelType;
+import org.apache.iotdb.commons.auth.entity.PrivilegeUnion;
+import org.apache.iotdb.commons.conf.CommonConfig;
+import org.apache.iotdb.commons.conf.CommonDescriptor;
+import org.apache.iotdb.commons.snapshot.SnapshotProcessor;
+import org.apache.iotdb.commons.utils.FileUtils;
+import org.apache.iotdb.commons.utils.TestOnly;
+import org.apache.iotdb.confignode.consensus.request.write.auth.AuthorPlan;
+import
org.apache.iotdb.confignode.consensus.request.write.auth.AuthorRelationalPlan;
+import org.apache.iotdb.confignode.consensus.request.write.auth.AuthorTreePlan;
+import org.apache.iotdb.confignode.consensus.response.auth.PermissionInfoResp;
+import org.apache.iotdb.confignode.rpc.thrift.TAuthizedPatternTreeResp;
+import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
+
+import org.apache.thrift.TException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+
+public class AuthorInfo implements SnapshotProcessor {
+
+ // Works at config node.
+ private static final Logger LOGGER =
LoggerFactory.getLogger(AuthorInfo.class);
+ public static final CommonConfig COMMON_CONFIG =
CommonDescriptor.getInstance().getConfig();
+ public static final String NO_USER_MSG = "No such user : ";
+
+ private IAuthorizer authorizer;
+ private volatile AuthorPlanExecutor authorPlanExecutor;
+
+ public AuthorInfo() {
+ try {
+ authorizer = BasicAuthorizer.getInstance();
+ authorPlanExecutor = new AuthorPlanExecutor(authorizer);
+ } catch (AuthException e) {
+ LOGGER.error("get user or role permissionInfo failed because ", e);
+ }
+ }
+
+ public void setAuthorQueryPlanExecutor(AuthorPlanExecutor
authorPlanExecutor) {
+ this.authorPlanExecutor = authorPlanExecutor;
+ }
+
+ public TPermissionInfoResp login(String username, String password) {
+ return authorPlanExecutor.login(username, password);
+ }
+
+ public String login4Pipe(final String username, final String password) {
+ return authorPlanExecutor.login4Pipe(username, password);
+ }
+
+ public TPermissionInfoResp checkUserPrivileges(String username,
PrivilegeUnion union) {
+ return authorPlanExecutor.checkUserPrivileges(username, union);
+ }
+
+ public TSStatus authorNonQuery(AuthorPlan authorPlan) {
+ if (authorPlan instanceof AuthorTreePlan) {
+ return authorNonQuery((AuthorTreePlan) authorPlan);
+ } else {
+ return authorNonQuery((AuthorRelationalPlan) authorPlan);
+ }
+ }
+
+ public TSStatus authorNonQuery(AuthorTreePlan authorPlan) {
+ return authorPlanExecutor.executeAuthorNonQuery(authorPlan);
+ }
+
+ public TSStatus authorNonQuery(AuthorRelationalPlan authorPlan) {
+ return authorPlanExecutor.executeRelationalAuthorNonQuery(authorPlan);
+ }
+
+ public PermissionInfoResp executeListUsers(final AuthorPlan plan) throws
AuthException {
+ return authorPlanExecutor.executeListUsers(plan);
+ }
+
+ public PermissionInfoResp executeListRoles(final AuthorPlan plan) throws
AuthException {
+ return authorPlanExecutor.executeListRoles(plan);
+ }
+
+ public PermissionInfoResp executeListRolePrivileges(final AuthorPlan plan)
throws AuthException {
+ return authorPlanExecutor.executeListRolePrivileges(plan);
+ }
+
+ public PermissionInfoResp executeListUserPrivileges(final AuthorPlan plan)
throws AuthException {
+ return authorPlanExecutor.executeListUserPrivileges(plan);
+ }
+
+ public TAuthizedPatternTreeResp generateAuthorizedPTree(String username, int
permission)
+ throws AuthException {
+ return authorPlanExecutor.generateAuthorizedPTree(username, permission);
+ }
+
+ public TPermissionInfoResp checkRoleOfUser(String username, String roleName)
+ throws AuthException {
+ return authorPlanExecutor.checkRoleOfUser(username, roleName);
+ }
+
+ public TPermissionInfoResp getUser(String username) throws AuthException {
+ return authorPlanExecutor.getUser(username);
+ }
+
+ public String getUserName(long userId) throws AuthException {
+ return authorPlanExecutor.getUserName(userId);
+ }
+
+ @Override
+ public boolean processTakeSnapshot(File snapshotDir) throws TException,
IOException {
+ return authorizer.processTakeSnapshot(snapshotDir);
+ }
+
+ @Override
+ public void processLoadSnapshot(File snapshotDir) throws TException,
IOException {
+ authorizer.processLoadSnapshot(snapshotDir);
+ }
+
+ /**
+ * Save the user's permission information,Bring back the DataNode for caching
+ *
+ * @param username The username of the user that needs to be cached
+ */
+ public TPermissionInfoResp getUserPermissionInfo(String username, ModelType
type)
+ throws AuthException {
+ return authorPlanExecutor.getUserPermissionInfo(username, type);
+ }
+
+ @TestOnly
+ public void clear() throws AuthException {
+ File userFolder = new File(COMMON_CONFIG.getUserFolder());
+ if (userFolder.exists()) {
+ FileUtils.deleteFileOrDirectory(userFolder);
+ }
+ File roleFolder = new File(COMMON_CONFIG.getRoleFolder());
+ if (roleFolder.exists()) {
+ FileUtils.deleteFileOrDirectory(roleFolder);
+ }
+ authorizer.reset();
+ }
+}
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorPlanExecutor.java
similarity index 92%
rename from
iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
rename to
iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorPlanExecutor.java
index efcbd894360..5f1024f881d 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorPlanExecutor.java
@@ -17,11 +17,10 @@
* under the License.
*/
-package org.apache.iotdb.confignode.persistence;
+package org.apache.iotdb.confignode.persistence.auth;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
import org.apache.iotdb.commons.auth.authorizer.IAuthorizer;
import org.apache.iotdb.commons.auth.authorizer.OpenIdAuthorizer;
import org.apache.iotdb.commons.auth.entity.ModelType;
@@ -30,21 +29,15 @@ import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.auth.entity.PrivilegeUnion;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.auth.entity.User;
-import org.apache.iotdb.commons.conf.CommonConfig;
-import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.path.PathPatternTree;
import org.apache.iotdb.commons.schema.column.ColumnHeaderConstant;
-import org.apache.iotdb.commons.snapshot.SnapshotProcessor;
import org.apache.iotdb.commons.utils.AuthUtils;
-import org.apache.iotdb.commons.utils.FileUtils;
-import org.apache.iotdb.commons.utils.TestOnly;
import org.apache.iotdb.confignode.consensus.request.ConfigPhysicalPlanType;
import org.apache.iotdb.confignode.consensus.request.write.auth.AuthorPlan;
import
org.apache.iotdb.confignode.consensus.request.write.auth.AuthorRelationalPlan;
import org.apache.iotdb.confignode.consensus.request.write.auth.AuthorTreePlan;
import org.apache.iotdb.confignode.consensus.response.auth.PermissionInfoResp;
-import org.apache.iotdb.confignode.manager.ConfigManager;
import org.apache.iotdb.confignode.rpc.thrift.TAuthizedPatternTreeResp;
import org.apache.iotdb.confignode.rpc.thrift.TListUserInfo;
import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
@@ -53,13 +46,11 @@ import org.apache.iotdb.confignode.rpc.thrift.TUserResp;
import org.apache.iotdb.rpc.RpcUtils;
import org.apache.iotdb.rpc.TSStatusCode;
-import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
-import java.io.File;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
@@ -72,24 +63,15 @@ import java.util.Map;
import java.util.Set;
import static
org.apache.iotdb.commons.auth.utils.AuthUtils.constructAuthorityScope;
+import static
org.apache.iotdb.confignode.persistence.auth.AuthorInfo.NO_USER_MSG;
-public class AuthorInfo implements SnapshotProcessor {
+public class AuthorPlanExecutor implements IAuthorPlanExecutor {
- // Works at config node.
- private static final Logger LOGGER =
LoggerFactory.getLogger(AuthorInfo.class);
- private static final CommonConfig COMMON_CONFIG =
CommonDescriptor.getInstance().getConfig();
- private static final String NO_USER_MSG = "No such user : ";
+ private static final Logger LOGGER =
LoggerFactory.getLogger(AuthorPlanExecutor.class);
+ private final IAuthorizer authorizer;
- private IAuthorizer authorizer;
- private ConfigManager configManager;
-
- public AuthorInfo(ConfigManager configManager) {
- try {
- authorizer = BasicAuthorizer.getInstance();
- this.configManager = configManager;
- } catch (AuthException e) {
- LOGGER.error("get user or role permissionInfo failed because ", e);
- }
+ public AuthorPlanExecutor(IAuthorizer authorizer) {
+ this.authorizer = authorizer;
}
public TPermissionInfoResp login(String username, String password) {
@@ -130,58 +112,7 @@ public class AuthorInfo implements SnapshotProcessor {
return authorizer.login4Pipe(username, password);
}
- public TPermissionInfoResp checkUserPrivileges(String username,
PrivilegeUnion union) {
- boolean status;
- TPermissionInfoResp result = new TPermissionInfoResp();
- List<Integer> failedList = new ArrayList<>();
- try {
- if (union.getModelType() == PrivilegeModelType.TREE) {
- List<? extends PartialPath> list = union.getPaths();
- int pos = 0;
- for (PartialPath path : list) {
- if (!authorizer.checkUserPrivileges(
- username,
- new PrivilegeUnion(path, union.getPrivilegeType(),
union.isGrantOption()))) {
- failedList.add(pos);
- }
- pos++;
- }
- if (union.isGrantOption()) {
- // all path should have grant option.
- status = failedList.isEmpty();
- } else {
- status = failedList.size() != list.size();
- }
- } else {
- status = authorizer.checkUserPrivileges(username, union);
- }
- } catch (AuthException e) {
- status = false;
- }
-
- try {
- result = getUserPermissionInfo(username, ModelType.ALL);
- result.setFailPos(failedList);
- if (status) {
- result.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
- } else {
- result.setStatus(RpcUtils.getStatus(TSStatusCode.NO_PERMISSION));
- }
- } catch (AuthException e) {
- result.setStatus(RpcUtils.getStatus(e.getCode(), e.getMessage()));
- }
- return result;
- }
-
- public TSStatus authorNonQuery(AuthorPlan authorPlan) {
- if (authorPlan instanceof AuthorTreePlan) {
- return authorNonQuery((AuthorTreePlan) authorPlan);
- } else {
- return authorNonQuery((AuthorRelationalPlan) authorPlan);
- }
- }
-
- public TSStatus authorNonQuery(AuthorTreePlan authorPlan) {
+ public TSStatus executeAuthorNonQuery(AuthorTreePlan authorPlan) {
ConfigPhysicalPlanType authorType = authorPlan.getAuthorType();
String userName = authorPlan.getUserName();
String roleName = authorPlan.getRoleName();
@@ -277,7 +208,7 @@ public class AuthorInfo implements SnapshotProcessor {
return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
}
- public TSStatus authorNonQuery(AuthorRelationalPlan authorPlan) {
+ public TSStatus executeRelationalAuthorNonQuery(AuthorRelationalPlan
authorPlan) {
ConfigPhysicalPlanType authorType = authorPlan.getAuthorType();
String userName = authorPlan.getUserName();
String roleName = authorPlan.getRoleName();
@@ -623,6 +554,77 @@ public class AuthorInfo implements SnapshotProcessor {
return result;
}
+ /**
+ * Save the user's permission information,Bring back the DataNode for caching
+ *
+ * @param username The username of the user that needs to be cached
+ */
+ public TPermissionInfoResp getUserPermissionInfo(String username, ModelType
type)
+ throws AuthException {
+ TPermissionInfoResp result = new TPermissionInfoResp();
+ User user = authorizer.getUser(username);
+ if (user == null) {
+ return AuthUtils.generateEmptyPermissionInfoResp();
+ }
+ TUserResp tUserResp = user.getUserInfo(type);
+ // Permission information for roles owned by users
+ if (!user.getRoleSet().isEmpty()) {
+ for (String roleName : user.getRoleSet()) {
+ Role role = authorizer.getRole(roleName);
+ TRoleResp roleResp = role.getRoleInfo(type);
+ result.putToRoleInfo(roleName, roleResp);
+ }
+ } else {
+ result.setRoleInfo(new HashMap<>());
+ }
+ result.setUserInfo(tUserResp);
+ result.setStatus(new
TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()));
+ return result;
+ }
+
+ public TPermissionInfoResp checkUserPrivileges(String username,
PrivilegeUnion union) {
+ boolean status;
+ TPermissionInfoResp result = new TPermissionInfoResp();
+ List<Integer> failedList = new ArrayList<>();
+ try {
+ if (union.getModelType() == PrivilegeModelType.TREE) {
+ List<? extends PartialPath> list = union.getPaths();
+ int pos = 0;
+ for (PartialPath path : list) {
+ if (!authorizer.checkUserPrivileges(
+ username,
+ new PrivilegeUnion(path, union.getPrivilegeType(),
union.isGrantOption()))) {
+ failedList.add(pos);
+ }
+ pos++;
+ }
+ if (union.isGrantOption()) {
+ // all path should have grant option.
+ status = failedList.isEmpty();
+ } else {
+ status = failedList.size() != list.size();
+ }
+ } else {
+ status = authorizer.checkUserPrivileges(username, union);
+ }
+ } catch (AuthException e) {
+ status = false;
+ }
+
+ try {
+ result = getUserPermissionInfo(username, ModelType.ALL);
+ result.setFailPos(failedList);
+ if (status) {
+ result.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
+ } else {
+ result.setStatus(RpcUtils.getStatus(TSStatusCode.NO_PERMISSION));
+ }
+ } catch (AuthException e) {
+ result.setStatus(RpcUtils.getStatus(e.getCode(), e.getMessage()));
+ }
+ return result;
+ }
+
public TAuthizedPatternTreeResp generateAuthorizedPTree(String username, int
permission)
throws AuthException {
TAuthizedPatternTreeResp resp = new TAuthizedPatternTreeResp();
@@ -695,55 +697,4 @@ public class AuthorInfo implements SnapshotProcessor {
public String getUserName(long userId) throws AuthException {
return authorizer.getUser(userId).getName();
}
-
- @Override
- public boolean processTakeSnapshot(File snapshotDir) throws TException,
IOException {
- return authorizer.processTakeSnapshot(snapshotDir);
- }
-
- @Override
- public void processLoadSnapshot(File snapshotDir) throws TException,
IOException {
- authorizer.processLoadSnapshot(snapshotDir);
- }
-
- @TestOnly
- public void clear() throws AuthException {
- File userFolder = new File(COMMON_CONFIG.getUserFolder());
- if (userFolder.exists()) {
- FileUtils.deleteFileOrDirectory(userFolder);
- }
- File roleFolder = new File(COMMON_CONFIG.getRoleFolder());
- if (roleFolder.exists()) {
- FileUtils.deleteFileOrDirectory(roleFolder);
- }
- authorizer.reset();
- }
-
- /**
- * Save the user's permission information,Bring back the DataNode for caching
- *
- * @param username The username of the user that needs to be cached
- */
- public TPermissionInfoResp getUserPermissionInfo(String username, ModelType
type)
- throws AuthException {
- TPermissionInfoResp result = new TPermissionInfoResp();
- User user = authorizer.getUser(username);
- if (user == null) {
- return AuthUtils.generateEmptyPermissionInfoResp();
- }
- TUserResp tUserResp = user.getUserInfo(type);
- // Permission information for roles owned by users
- if (!user.getRoleSet().isEmpty()) {
- for (String roleName : user.getRoleSet()) {
- Role role = authorizer.getRole(roleName);
- TRoleResp roleResp = role.getRoleInfo(type);
- result.putToRoleInfo(roleName, roleResp);
- }
- } else {
- result.setRoleInfo(new HashMap<>());
- }
- result.setUserInfo(tUserResp);
- result.setStatus(new
TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()));
- return result;
- }
}
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/IAuthorPlanExecutor.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/IAuthorPlanExecutor.java
new file mode 100644
index 00000000000..9f93dba165b
--- /dev/null
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/IAuthorPlanExecutor.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.iotdb.confignode.persistence.auth;
+
+import org.apache.iotdb.common.rpc.thrift.TSStatus;
+import org.apache.iotdb.commons.auth.AuthException;
+import org.apache.iotdb.commons.auth.entity.ModelType;
+import org.apache.iotdb.commons.auth.entity.PrivilegeUnion;
+import org.apache.iotdb.confignode.consensus.request.write.auth.AuthorPlan;
+import
org.apache.iotdb.confignode.consensus.request.write.auth.AuthorRelationalPlan;
+import org.apache.iotdb.confignode.consensus.request.write.auth.AuthorTreePlan;
+import org.apache.iotdb.confignode.consensus.response.auth.PermissionInfoResp;
+import org.apache.iotdb.confignode.rpc.thrift.TAuthizedPatternTreeResp;
+import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
+
+public interface IAuthorPlanExecutor {
+ TPermissionInfoResp login(String username, String password);
+
+ String login4Pipe(final String username, final String password);
+
+ TSStatus executeAuthorNonQuery(AuthorTreePlan authorPlan);
+
+ TSStatus executeRelationalAuthorNonQuery(AuthorRelationalPlan authorPlan);
+
+ PermissionInfoResp executeListUsers(final AuthorPlan plan) throws
AuthException;
+
+ PermissionInfoResp executeListRoles(final AuthorPlan plan) throws
AuthException;
+
+ PermissionInfoResp executeListRolePrivileges(final AuthorPlan plan) throws
AuthException;
+
+ PermissionInfoResp executeListUserPrivileges(final AuthorPlan plan) throws
AuthException;
+
+ TPermissionInfoResp getUserPermissionInfo(String username, ModelType type)
throws AuthException;
+
+ TPermissionInfoResp checkUserPrivileges(String username, PrivilegeUnion
union);
+
+ TAuthizedPatternTreeResp generateAuthorizedPTree(String username, int
permission)
+ throws AuthException;
+
+ TPermissionInfoResp checkRoleOfUser(String username, String roleName) throws
AuthException;
+
+ TPermissionInfoResp getUser(String username) throws AuthException;
+
+ String getUserName(long userId) throws AuthException;
+}
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/executor/ConfigPlanExecutor.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/executor/ConfigPlanExecutor.java
index 93d65386f54..fb8005bedcc 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/executor/ConfigPlanExecutor.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/executor/ConfigPlanExecutor.java
@@ -149,13 +149,13 @@ import
org.apache.iotdb.confignode.consensus.request.write.trigger.UpdateTrigger
import
org.apache.iotdb.confignode.consensus.response.partition.SchemaNodeManagementResp;
import
org.apache.iotdb.confignode.exception.physical.UnknownPhysicalPlanTypeException;
import org.apache.iotdb.confignode.manager.pipe.agent.PipeConfigNodeAgent;
-import org.apache.iotdb.confignode.persistence.AuthorInfo;
import org.apache.iotdb.confignode.persistence.ClusterInfo;
import org.apache.iotdb.confignode.persistence.ModelInfo;
import org.apache.iotdb.confignode.persistence.ProcedureInfo;
import org.apache.iotdb.confignode.persistence.TTLInfo;
import org.apache.iotdb.confignode.persistence.TriggerInfo;
import org.apache.iotdb.confignode.persistence.UDFInfo;
+import org.apache.iotdb.confignode.persistence.auth.AuthorInfo;
import org.apache.iotdb.confignode.persistence.cq.CQInfo;
import org.apache.iotdb.confignode.persistence.node.NodeInfo;
import org.apache.iotdb.confignode.persistence.partition.PartitionInfo;
diff --git
a/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
b/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
index 63480bf7dff..fcb25d2f45f 100644
---
a/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
+++
b/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
@@ -33,6 +33,7 @@ import
org.apache.iotdb.confignode.consensus.request.write.auth.AuthorPlan;
import
org.apache.iotdb.confignode.consensus.request.write.auth.AuthorRelationalPlan;
import org.apache.iotdb.confignode.consensus.request.write.auth.AuthorTreePlan;
import org.apache.iotdb.confignode.consensus.response.auth.PermissionInfoResp;
+import org.apache.iotdb.confignode.persistence.auth.AuthorInfo;
import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
import org.apache.iotdb.rpc.TSStatusCode;
@@ -67,7 +68,7 @@ public class AuthorInfoTest {
@BeforeClass
public static void setup() {
- authorInfo = new AuthorInfo(null);
+ authorInfo = new AuthorInfo();
if (!snapshotDir.exists()) {
snapshotDir.mkdirs();
}
diff --git
a/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/CNPhysicalPlanGeneratorTest.java
b/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/CNPhysicalPlanGeneratorTest.java
index 19622c80906..f65bf6441e5 100644
---
a/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/CNPhysicalPlanGeneratorTest.java
+++
b/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/CNPhysicalPlanGeneratorTest.java
@@ -34,6 +34,7 @@ import
org.apache.iotdb.confignode.consensus.request.write.database.SetTTLPlan;
import
org.apache.iotdb.confignode.consensus.request.write.template.CommitSetSchemaTemplatePlan;
import
org.apache.iotdb.confignode.consensus.request.write.template.CreateSchemaTemplatePlan;
import
org.apache.iotdb.confignode.consensus.request.write.template.PreSetSchemaTemplatePlan;
+import org.apache.iotdb.confignode.persistence.auth.AuthorInfo;
import org.apache.iotdb.confignode.persistence.schema.CNPhysicalPlanGenerator;
import org.apache.iotdb.confignode.persistence.schema.CNSnapshotFileType;
import org.apache.iotdb.confignode.persistence.schema.ClusterSchemaInfo;
@@ -76,7 +77,7 @@ public class CNPhysicalPlanGeneratorTest {
private static final String TEMPLATE_INFO_FILE_NAME = "template_info.bin";
private static void setupAuthorInfo() {
- authorInfo = new AuthorInfo(null);
+ authorInfo = new AuthorInfo();
if (!snapshotDir.exists()) {
snapshotDir.mkdir();
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 8a4a5ab43d8..df9fd988933 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -40,6 +40,7 @@ import
org.apache.iotdb.db.pipe.source.dataregion.realtime.listener.PipeInsertio
import org.apache.iotdb.db.protocol.session.IClientSession;
import org.apache.iotdb.db.queryengine.common.header.DatasetHeader;
import org.apache.iotdb.db.queryengine.plan.execution.config.ConfigTaskResult;
+import org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl;
import
org.apache.iotdb.db.queryengine.plan.relational.security.AccessControlImpl;
import
org.apache.iotdb.db.queryengine.plan.relational.security.ITableAuthCheckerImpl;
import
org.apache.iotdb.db.queryengine.plan.relational.security.TreeAccessCheckVisitor;
@@ -97,18 +98,18 @@ public class AuthorityChecker {
private static final PerformanceOverviewMetrics PERFORMANCE_OVERVIEW_METRICS
=
PerformanceOverviewMetrics.getInstance();
- private static AccessControlImpl accessControl =
+ private static AccessControl accessControl =
new AccessControlImpl(new ITableAuthCheckerImpl(), new
TreeAccessCheckVisitor());
private AuthorityChecker() {
// empty constructor
}
- public static AccessControlImpl getAccessControl() {
+ public static AccessControl getAccessControl() {
return accessControl;
}
- public static void setAccessControl(AccessControlImpl accessControl) {
+ public static void setAccessControl(AccessControl accessControl) {
AuthorityChecker.accessControl = accessControl;
}
