(iotdb) branch enable-time-other-name updated: part

Thu, 25 Dec 2025 19:27:06 -0800 

This is an automated email from the ASF dual-hosted git repository.

justinchen pushed a commit to branch enable-time-other-name
in repository https://gitbox.apache.org/repos/asf/iotdb.git


The following commit(s) were added to refs/heads/enable-time-other-name by this 
push:
     new f2f92b5d7af part
f2f92b5d7af is described below

commit f2f92b5d7af425f443f1af7f3e4eb5d2fb8ce7f8
Author: Caideyipi <[email protected]>
AuthorDate: Fri Dec 26 11:26:48 2025 +0800

    part
---
 .../PipeConfigTreePrivilegeParseVisitor.java       | 48 ++++++++++++++++++----
 1 file changed, 41 insertions(+), 7 deletions(-)

diff --git 
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/source/PipeConfigTreePrivilegeParseVisitor.java
 
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/source/PipeConfigTreePrivilegeParseVisitor.java
index 4fe00a92ab0..e86981acffb 100644
--- 
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/source/PipeConfigTreePrivilegeParseVisitor.java
+++ 
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/source/PipeConfigTreePrivilegeParseVisitor.java
@@ -184,6 +184,18 @@ public class PipeConfigTreePrivilegeParseVisitor
     return visitRolePlan(revokeRolePlan, userEntity);
   }
 
+  @Override
+  public Optional<ConfigPhysicalPlan> visitGrantRoleToUser(
+      final AuthorTreePlan grantRoleToUserPlan, final IAuditEntity userEntity) 
{
+    return visitUserRolePlan(grantRoleToUserPlan, userEntity);
+  }
+
+  @Override
+  public Optional<ConfigPhysicalPlan> visitRevokeRoleFromUser(
+      final AuthorTreePlan revokeRoleFromUserPlan, final IAuditEntity 
userEntity) {
+    return visitUserRolePlan(revokeRoleFromUserPlan, userEntity);
+  }
+
   public static Optional<ConfigPhysicalPlan> visitUserRolePlan(
       final AuthorPlan plan, final IAuditEntity userEntity) {
     final Optional<ConfigPhysicalPlan> result = visitUserPlan(plan, 
userEntity, false);
@@ -238,24 +250,32 @@ public class PipeConfigTreePrivilegeParseVisitor
   @Override
   public Optional<ConfigPhysicalPlan> visitPipeDeleteTimeSeries(
       final PipeDeleteTimeSeriesPlan pipeDeleteTimeSeriesPlan, final 
IAuditEntity userEntity) {
+    final CNAuditLogger logger = 
ConfigNode.getInstance().getConfigManager().getAuditLogger();
+    final PathPatternTree originalTree =
+        
PathPatternTree.deserialize(pipeDeleteTimeSeriesPlan.getPatternTreeBytes());
+    userEntity.setPrivilegeType(PrivilegeType.READ_SCHEMA);
+    final String auditObject = originalTree.getAllPathPatterns().toString();
     try {
-      final PathPatternTree originalTree =
-          
PathPatternTree.deserialize(pipeDeleteTimeSeriesPlan.getPatternTreeBytes());
       final PathPatternTree intersectedTree =
           
originalTree.intersectWithFullPathPrefixTree(getAuthorizedPTree(userEntity));
       if (!skip && !originalTree.equals(intersectedTree)) {
+        logger.recordAuditLog(userEntity.setResult(false), () -> auditObject);
         throw new AccessDeniedException(
             "Not has privilege to transfer plan: " + pipeDeleteTimeSeriesPlan);
       }
-      return !intersectedTree.isEmpty()
+      final boolean result = !intersectedTree.isEmpty();
+      logger.recordAuditLog(userEntity.setResult(result), () -> auditObject);
+      return result
           ? Optional.of(new 
PipeDeleteTimeSeriesPlan(intersectedTree.serialize()))
           : Optional.empty();
     } catch (final IOException e) {
       LOGGER.warn(
           "Serialization failed for the delete time series plan in pipe 
transmission, skip transfer",
           e);
+      logger.recordAuditLog(userEntity.setResult(false), () -> auditObject);
       return Optional.empty();
     } catch (final AuthException e) {
+      logger.recordAuditLog(userEntity.setResult(false), () -> auditObject);
       if (skip) {
         return Optional.empty();
       } else {
@@ -268,24 +288,32 @@ public class PipeConfigTreePrivilegeParseVisitor
   @Override
   public Optional<ConfigPhysicalPlan> visitPipeDeleteLogicalView(
       final PipeDeleteLogicalViewPlan pipeDeleteLogicalViewPlan, final 
IAuditEntity userEntity) {
+    final CNAuditLogger logger = 
ConfigNode.getInstance().getConfigManager().getAuditLogger();
+    final PathPatternTree originalTree =
+        
PathPatternTree.deserialize(pipeDeleteLogicalViewPlan.getPatternTreeBytes());
+    userEntity.setPrivilegeType(PrivilegeType.READ_SCHEMA);
+    final String auditObject = originalTree.getAllPathPatterns().toString();
     try {
-      final PathPatternTree originalTree =
-          
PathPatternTree.deserialize(pipeDeleteLogicalViewPlan.getPatternTreeBytes());
       final PathPatternTree intersectedTree =
           
originalTree.intersectWithFullPathPrefixTree(getAuthorizedPTree(userEntity));
       if (!skip && !originalTree.equals(intersectedTree)) {
+        logger.recordAuditLog(userEntity.setResult(false), () -> auditObject);
         throw new AccessDeniedException(
             "Not has privilege to transfer plan: " + 
pipeDeleteLogicalViewPlan);
       }
-      return !intersectedTree.isEmpty()
+      final boolean result = !intersectedTree.isEmpty();
+      logger.recordAuditLog(userEntity.setResult(result), () -> auditObject);
+      return result
           ? Optional.of(new 
PipeDeleteLogicalViewPlan(intersectedTree.serialize()))
           : Optional.empty();
     } catch (final IOException e) {
       LOGGER.warn(
           "Serialization failed for the delete time series plan in pipe 
transmission, skip transfer",
           e);
+      logger.recordAuditLog(userEntity.setResult(false), () -> auditObject);
       return Optional.empty();
     } catch (final AuthException e) {
+      logger.recordAuditLog(userEntity.setResult(false), () -> auditObject);
       if (skip) {
         return Optional.empty();
       } else {
@@ -298,6 +326,9 @@ public class PipeConfigTreePrivilegeParseVisitor
   @Override
   public Optional<ConfigPhysicalPlan> visitPipeDeactivateTemplate(
       final PipeDeactivateTemplatePlan pipeDeactivateTemplatePlan, final 
IAuditEntity userEntity) {
+    final CNAuditLogger logger = 
ConfigNode.getInstance().getConfigManager().getAuditLogger();
+    userEntity.setPrivilegeType(PrivilegeType.READ_SCHEMA);
+    final String auditObject = 
pipeDeactivateTemplatePlan.getTemplateSetInfo().toString();
     try {
       final Map<PartialPath, List<Template>> newTemplateSetInfo = new 
HashMap<>();
       for (final Map.Entry<PartialPath, List<Template>> templateEntry :
@@ -312,10 +343,13 @@ public class PipeConfigTreePrivilegeParseVisitor
           }
         }
       }
+      final boolean result = !newTemplateSetInfo.isEmpty();
+      logger.recordAuditLog(userEntity.setResult(result), () -> auditObject);
       return !newTemplateSetInfo.isEmpty()
           ? Optional.of(new PipeDeactivateTemplatePlan(newTemplateSetInfo))
           : Optional.empty();
     } catch (final AuthException e) {
+      logger.recordAuditLog(userEntity.setResult(false), () -> auditObject);
       if (skip) {
         return Optional.empty();
       } else {
@@ -364,7 +398,7 @@ public class PipeConfigTreePrivilegeParseVisitor
     return ConfigNode.getInstance()
         .getConfigManager()
         .getPermissionManager()
-        .fetchRawAuthorizedPTree(userEntity, PrivilegeType.READ_SCHEMA);
+        .fetchRawAuthorizedPTree(userEntity.getUsername(), 
PrivilegeType.READ_SCHEMA);
   }
 
   public static boolean hasGlobalPrivilege(

Reply via email to