This is an automated email from the ASF dual-hosted git repository. justinchen pushed a commit to branch cp-206 in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit e4a529b297ab32941f722af167bbd8a9f424ef58 Author: Caideyipi <[email protected]> AuthorDate: Fri Nov 7 15:19:33 2025 +0800 priv-parser --- .../receiver/protocol/IoTDBConfigNodeReceiver.java | 11 -------- .../metadata/AlterEncodingCompressorStatement.java | 32 ++++++++++++++++++++++ 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/receiver/protocol/IoTDBConfigNodeReceiver.java b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/receiver/protocol/IoTDBConfigNodeReceiver.java index d746ceb76a3..8a143aa83e0 100644 --- a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/receiver/protocol/IoTDBConfigNodeReceiver.java +++ b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/receiver/protocol/IoTDBConfigNodeReceiver.java @@ -37,7 +37,6 @@ import org.apache.iotdb.commons.pipe.sink.payload.thrift.request.PipeTransferCom import org.apache.iotdb.commons.pipe.sink.payload.thrift.request.PipeTransferFileSealReqV1; import org.apache.iotdb.commons.pipe.sink.payload.thrift.request.PipeTransferFileSealReqV2; import org.apache.iotdb.commons.schema.column.ColumnHeaderConstant; -import org.apache.iotdb.commons.schema.table.Audit; import org.apache.iotdb.commons.schema.table.TreeViewSchema; import org.apache.iotdb.commons.schema.table.TsTable; import org.apache.iotdb.commons.schema.table.column.TsTableColumnSchema; @@ -345,13 +344,6 @@ public class IoTDBConfigNodeReceiver extends IoTDBFileReceiver { .getStatus(); case PipeAlterEncodingCompressor: // Judge here in the future - if (configManager - .checkUserPrivileges(username, new PrivilegeUnion(PrivilegeType.AUDIT)) - .getStatus() - .getCode() - != TSStatusCode.SUCCESS_STATUS.getStatusCode()) { - ((PipeAlterEncodingCompressorPlan) plan).setMayAlterAudit(false); - } if (skipIfNoPrivileges.get()) { final PathPatternTree pathPatternTree = PathPatternTree.deserialize( @@ -359,9 +351,6 @@ public class IoTDBConfigNodeReceiver extends IoTDBFileReceiver { configManager .fetchAuthizedPatternTree(username, PrivilegeType.WRITE_SCHEMA.ordinal()) .getPathPatternTree())); - if (((PipeAlterEncodingCompressorPlan) plan).isMayAlterAudit()) { - pathPatternTree.appendPathPattern(Audit.TREE_MODEL_AUDIT_DATABASE_PATH_PATTERN, true); - } ((PipeAlterEncodingCompressorPlan) plan) .setPatternTreeBytes( PathPatternTreeUtils.intersectWithFullPathPrefixTree( diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterEncodingCompressorStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterEncodingCompressorStatement.java index a8dd88841a4..7a1bc61e30e 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterEncodingCompressorStatement.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterEncodingCompressorStatement.java @@ -19,13 +19,20 @@ package org.apache.iotdb.db.queryengine.plan.statement.metadata; +import org.apache.iotdb.common.rpc.thrift.TSStatus; +import org.apache.iotdb.commons.auth.AuthException; +import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.commons.path.PathPatternTree; +import org.apache.iotdb.commons.path.PathPatternTreeUtils; +import org.apache.iotdb.commons.utils.StatusUtils; +import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.queryengine.plan.analyze.QueryType; import org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement; import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.StatementType; import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor; +import org.apache.iotdb.rpc.TSStatusCode; import org.apache.tsfile.file.metadata.enums.CompressionType; import org.apache.tsfile.file.metadata.enums.TSEncoding; @@ -33,6 +40,8 @@ import org.apache.tsfile.file.metadata.enums.TSEncoding; import java.util.List; import java.util.Objects; +import static org.apache.iotdb.db.auth.AuthorityChecker.getAuthorizedPathTree; + public class AlterEncodingCompressorStatement extends Statement implements IConfigStatement { private PathPatternTree patternTree; @@ -109,6 +118,29 @@ public class AlterEncodingCompressorStatement extends Statement implements IConf && Objects.equals(this.ifPermitted, that.ifPermitted); } + @Override + public TSStatus checkPermissionBeforeProcess(String userName) { + if (AuthorityChecker.SUPER_USER.equals(userName)) { + return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); + } + if (ifPermitted) { + try { + final PathPatternTree authTree = + getAuthorizedPathTree(userName, PrivilegeType.WRITE_SCHEMA); + setPatternTree( + PathPatternTreeUtils.intersectWithFullPathPrefixTree(getPatternTree(), authTree)); + return StatusUtils.OK; + } catch (final AuthException e) { + return new TSStatus(e.getCode().getStatusCode()); + } + } + return AuthorityChecker.getTSStatus( + AuthorityChecker.checkFullPathOrPatternListPermission( + userName, getPaths(), PrivilegeType.WRITE_SCHEMA), + getPaths(), + PrivilegeType.WRITE_SCHEMA); + } + @Override public int hashCode() { return Objects.hash(patternTree, encoding, compressor, ifExists, ifPermitted);
