JackieTien97 commented on code in PR #10957:
URL: https://github.com/apache/iotdb/pull/10957#discussion_r1306871450
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/cache/partition/PartitionCache.java:
##########
@@ -236,6 +236,8 @@ private void createStorageGroupAndUpdateCache(
// try to create databases one by one until done or one database fail
Set<String> successFullyCreatedStorageGroup = new HashSet<>();
for (String storageGroupName : storageGroupNamesNeedCreated) {
+ // TODO Need to check MANAGE_DATABASE permission, but there are too
many functions needed
Review Comment:
we need that, pass username from AnalyzeVisitor.
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/DeleteDataStatement.java:
##########
@@ -43,6 +46,14 @@ public List<PartialPath> getPaths() {
return getPathList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkPatternPermission(
+ userName, getPaths(), PrivilegeType.WRITE_DATA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_DATA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/InsertBaseStatement.java:
##########
@@ -131,6 +134,14 @@ public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, getPaths(), PrivilegeType.WRITE_DATA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_DATA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/InsertStatement.java:
##########
@@ -57,6 +60,14 @@ public List<PartialPath> getPaths() {
return ret;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, getPaths(), PrivilegeType.WRITE_DATA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_DATA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateMultiTimeSeriesStatement.java:
##########
@@ -53,6 +56,14 @@ public List<PartialPath> getPaths() {
return paths;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, getPaths(), PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/LoadTsFileStatement.java:
##########
@@ -156,6 +158,11 @@ public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
Review Comment:
add some comments to explain why here don't check the permission(it will be
checked in the later phase.)
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreatePipePluginStatement.java:
##########
@@ -65,6 +68,13 @@ public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_PIPE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_PIPE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateTimeSeriesStatement.java:
##########
@@ -61,6 +64,14 @@ public List<PartialPath> getPaths() {
return Collections.singletonList(path);
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathPermission(
+ userName, path, PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DeleteTimeSeriesStatement.java:
##########
@@ -47,6 +50,14 @@ public List<PartialPath> getPaths() {
return pathPatternList;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkPatternPermission(
+ userName, getPaths(), PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropContinuousQueryStatement.java:
##########
@@ -57,4 +60,11 @@ public List<PartialPath> getPaths() {
public <R, C> R accept(StatementVisitor<R, C> visitor, C context) {
return visitor.visitDropContinuousQuery(this, context);
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_CQ.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_CQ});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropFunctionStatement.java:
##########
@@ -57,4 +60,11 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_UDF.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_UDF});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropPipePluginStatement.java:
##########
@@ -57,4 +60,11 @@ public List<PartialPath> getPaths() {
public <R, C> R accept(StatementVisitor<R, C> visitor, C context) {
return visitor.visitDropPipePlugin(this, context);
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_PIPE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_PIPE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowRegionStatement.java:
##########
@@ -71,6 +73,13 @@ public List<Integer> getNodeIds() {
return nodeIds;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.SUPER_USER.equals(userName),
+ "Only the admin user can perform this operation");
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowContinuousQueriesStatement.java:
##########
@@ -49,4 +52,11 @@ public List<PartialPath> getPaths() {
public <R, C> R accept(StatementVisitor<R, C> visitor, C context) {
return visitor.visitShowContinuousQueries(this, context);
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_CQ.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_CQ});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowPipePluginsStatement.java:
##########
@@ -49,4 +52,11 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_PIPE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_PIPE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/CreatePipeStatement.java:
##########
@@ -83,6 +86,13 @@ public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_PIPE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_PIPE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/StartPipeStatement.java:
##########
@@ -55,6 +58,13 @@ public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_PIPE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_PIPE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/ShowPipesStatement.java:
##########
@@ -56,6 +59,13 @@ public QueryType getQueryType() {
return QueryType.READ;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_PIPE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_PIPE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/ActivateTemplateStatement.java:
##########
@@ -47,6 +50,14 @@ public List<PartialPath> getPaths() {
return Collections.singletonList(path);
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkPatternPermission(
+ userName, getPaths(), PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/BatchActivateTemplateStatement.java:
##########
@@ -36,6 +39,14 @@ public BatchActivateTemplateStatement(List<PartialPath>
devicePathList) {
statementType = StatementType.BATCH_ACTIVATE_TEMPLATE;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkPatternPermission(
+ userName, getPaths(), PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/DeactivateTemplateStatement.java:
##########
@@ -52,6 +55,14 @@ public List<PartialPath> getPaths() {
return getPathPatternList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkPatternPermission(
+ userName, getPaths(), PrivilegeType.READ_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.READ_SCHEMA});
Review Comment:
```suggestion
new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
```
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/internal/InternalCreateTimeSeriesStatement.java:
##########
@@ -88,6 +91,14 @@ public List<PartialPath> getPaths() {
return
measurements.stream().map(devicePath::concatNode).collect(Collectors.toList());
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, getPaths(), PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/DeactivateTemplateStatement.java:
##########
@@ -52,6 +55,14 @@ public List<PartialPath> getPaths() {
return getPathPatternList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkPatternPermission(
+ userName, getPaths(), PrivilegeType.READ_SCHEMA.ordinal()),
Review Comment:
```suggestion
userName, getPaths(), PrivilegeType. WRITE_SCHEMA.ordinal()),
```
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateTriggerStatement.java:
##########
@@ -117,4 +120,11 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return Collections.singletonList(pathPattern);
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_TRIGGER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_TRIGGER});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateFunctionStatement.java:
##########
@@ -86,4 +89,11 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_UDF.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_UDF});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/internal/InternalCreateMultiTimeSeriesStatement.java:
##########
@@ -50,6 +53,14 @@ public List<PartialPath> getPaths() {
return new ArrayList<>(deviceMap.keySet());
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, getPaths(), PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CreateContinuousQueryStatement.java:
##########
@@ -167,6 +170,13 @@ public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_CQ.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_CQ});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/crud/PipeEnrichedLoadTsFileStatement.java:
##########
@@ -120,6 +117,11 @@ public List<PartialPath> getPaths() {
return loadTsFileStatement.getPaths();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
Review Comment:
add some comments to explain why here don't check the permission(it will be
checked in the later phase.)
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/AlterLogicalViewStatement.java:
##########
@@ -55,6 +59,22 @@ public List<PartialPath> getPaths() {
return this.getTargetPathList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, getSourcePaths().fullPathList,
PrivilegeType.READ_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.READ_SCHEMA});
+ if (status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, getTargetPathList(),
PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/ShowPathSetTemplateStatement.java:
##########
@@ -30,22 +28,13 @@
public class ShowPathSetTemplateStatement extends ShowStatement implements
IConfigStatement {
Review Comment:
Only root can do this.
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/SetTTLStatement.java:
##########
@@ -66,6 +69,16 @@ public QueryType getQueryType() {
@Override
public List<PartialPath> getPaths() {
- return databasePath != null ? Collections.singletonList(databasePath) :
Collections.emptyList();
+ return databasePath != null
+ ? Collections.singletonList(databasePath)
+ : Collections.singletonList(new PartialPath(new String[] {"root",
"**"}));
+ }
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkPatternPermission(
+ userName, getPaths(), PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/DeleteLogicalViewStatement.java:
##########
@@ -46,6 +49,14 @@ public List<PartialPath> getPaths() {
return pathPatternList;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkPatternPermission(
+ userName, getPaths(), PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DeleteDatabaseStatement.java:
##########
@@ -57,6 +60,13 @@ public List<PartialPath> getPaths() {
return paths;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_DATABASE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_DATABASE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DatabaseSchemaStatement.java:
##########
@@ -137,6 +140,13 @@ public List<PartialPath> getPaths() {
return databasePath != null ? Collections.singletonList(databasePath) :
Collections.emptyList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_DATABASE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_DATABASE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDataNodesStatement.java:
##########
@@ -42,6 +44,13 @@ public void setRegionType(TConsensusGroupType regionType) {
this.regionType = regionType;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.SUPER_USER.equals(userName),
+ "Only the admin user can perform this operation");
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/RenameLogicalViewStatement.java:
##########
@@ -61,6 +65,22 @@ public List<PartialPath> getPaths() {
return Arrays.asList(oldName, newName);
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathPermission(
+ userName, oldName, PrivilegeType.WRITE_SCHEMA.ordinal()),
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/DropTriggerStatement.java:
##########
@@ -57,23 +56,14 @@ public QueryType getQueryType() {
}
@Override
- public boolean isAuthenticationRequired() {
- if (authPath == null) {
- TriggerInformation information =
-
TriggerManagementService.getInstance().getTriggerInformation(triggerName);
- if (information == null) {
- return false;
- } else {
- authPath = information.getPathPattern();
- }
- }
- return true;
+ public List<PartialPath> getPaths() {
+ return Collections.emptyList();
}
@Override
- public List<PartialPath> getPaths() {
- return isAuthenticationRequired()
- ? Collections.singletonList(authPath)
- : Collections.emptyList();
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_TRIGGER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_TRIGGER});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java:
##########
@@ -199,4 +204,61 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return nodeNameList != null ? nodeNameList : Collections.emptyList();
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ switch (authorType) {
+ case CREATE_USER:
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.SUPER_USER.equals(this.userName),
+ "Cannot create user has same name with admin user");
+ if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return status;
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+ case UPDATE_USER:
+ if (this.userName.equals(userName)) {
+ return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+ case LIST_USER:
+ case DROP_USER:
+ case GRANT_USER:
+ case REVOKE_USER:
+ case LIST_USER_PRIVILEGE:
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+
+ case CREATE_ROLE:
+ case DROP_ROLE:
+ case GRANT_ROLE:
+ case REVOKE_ROLE:
+ case LIST_ROLE:
+ case LIST_ROLE_PRIVILEGE:
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_ROLE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_ROLE});
+ case GRANT_USER_ROLE:
+ case REVOKE_USER_ROLE:
+ TSStatus status1 =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(
+ userName, PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+ if (status1.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_ROLE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_ROLE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowFunctionsStatement.java:
##########
@@ -43,4 +46,11 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_UDF.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_UDF});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java:
##########
@@ -199,4 +204,61 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return nodeNameList != null ? nodeNameList : Collections.emptyList();
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ switch (authorType) {
+ case CREATE_USER:
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.SUPER_USER.equals(this.userName),
+ "Cannot create user has same name with admin user");
+ if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return status;
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+ case UPDATE_USER:
+ if (this.userName.equals(userName)) {
+ return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+ case LIST_USER:
+ case DROP_USER:
+ case GRANT_USER:
+ case REVOKE_USER:
+ case LIST_USER_PRIVILEGE:
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java:
##########
@@ -199,4 +204,61 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return nodeNameList != null ? nodeNameList : Collections.emptyList();
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ switch (authorType) {
+ case CREATE_USER:
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.SUPER_USER.equals(this.userName),
+ "Cannot create user has same name with admin user");
+ if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return status;
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+ case UPDATE_USER:
+ if (this.userName.equals(userName)) {
+ return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+ case LIST_USER:
+ case DROP_USER:
+ case GRANT_USER:
+ case REVOKE_USER:
+ case LIST_USER_PRIVILEGE:
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+
+ case CREATE_ROLE:
+ case DROP_ROLE:
+ case GRANT_ROLE:
+ case REVOKE_ROLE:
+ case LIST_ROLE:
+ case LIST_ROLE_PRIVILEGE:
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_ROLE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_ROLE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/RenameLogicalViewStatement.java:
##########
@@ -61,6 +65,22 @@ public List<PartialPath> getPaths() {
return Arrays.asList(oldName, newName);
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathPermission(
+ userName, oldName, PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
+ if (status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathPermission(
+ userName, newName, PrivilegeType.WRITE_SCHEMA.ordinal()),
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java:
##########
@@ -199,4 +204,61 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return nodeNameList != null ? nodeNameList : Collections.emptyList();
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ switch (authorType) {
+ case CREATE_USER:
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.SUPER_USER.equals(this.userName),
+ "Cannot create user has same name with admin user");
+ if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return status;
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+ case UPDATE_USER:
+ if (this.userName.equals(userName)) {
+ return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+ case LIST_USER:
+ case DROP_USER:
+ case GRANT_USER:
+ case REVOKE_USER:
+ case LIST_USER_PRIVILEGE:
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+
+ case CREATE_ROLE:
+ case DROP_ROLE:
+ case GRANT_ROLE:
+ case REVOKE_ROLE:
+ case LIST_ROLE:
+ case LIST_ROLE_PRIVILEGE:
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_ROLE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_ROLE});
+ case GRANT_USER_ROLE:
+ case REVOKE_USER_ROLE:
+ TSStatus status1 =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(
+ userName, PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowTriggersStatement.java:
##########
@@ -43,4 +46,11 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_TRIGGER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_TRIGGER});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowVariablesStatement.java:
##########
@@ -30,6 +33,13 @@ public QueryType getQueryType() {
return QueryType.READ;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MAINTAIN});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/DropPipeStatement.java:
##########
@@ -55,6 +58,13 @@ public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_PIPE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_PIPE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/pipe/StopPipeStatement.java:
##########
@@ -55,6 +58,13 @@ public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_PIPE.ordinal()),
+ new PrivilegeType[] {PrivilegeType.USE_PIPE});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/ShowSchemaTemplateStatement.java:
##########
@@ -32,6 +34,13 @@ public ShowSchemaTemplateStatement() {
statementType = StatementType.SHOW_SCHEMA_TEMPLATE;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.SUPER_USER.equals(userName),
+ "Only the admin user can perform this operation");
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/AlterLogicalViewStatement.java:
##########
@@ -55,6 +59,22 @@ public List<PartialPath> getPaths() {
return this.getTargetPathList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, getSourcePaths().fullPathList,
PrivilegeType.READ_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.READ_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/template/ShowNodesInSchemaTemplateStatement.java:
##########
@@ -35,6 +37,13 @@ public ShowNodesInSchemaTemplateStatement(String
templateName) {
this.templateName = templateName;
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.SUPER_USER.equals(userName),
+ "Only the admin user can perform this operation");
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java:
##########
@@ -199,4 +204,61 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return nodeNameList != null ? nodeNameList : Collections.emptyList();
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ switch (authorType) {
+ case CREATE_USER:
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.SUPER_USER.equals(this.userName),
+ "Cannot create user has same name with admin user");
+ if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return status;
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/CreateLogicalViewStatement.java:
##########
@@ -69,6 +73,22 @@ public List<PartialPath> getPaths() {
return this.getTargetPathList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, getSourcePaths().fullPathList,
PrivilegeType.READ_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.READ_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/view/CreateLogicalViewStatement.java:
##########
@@ -69,6 +73,22 @@ public List<PartialPath> getPaths() {
return this.getTargetPathList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, getSourcePaths().fullPathList,
PrivilegeType.READ_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.READ_SCHEMA});
+ if (status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, getTargetPathList(),
PrivilegeType.WRITE_SCHEMA.ordinal()),
+ new PrivilegeType[] {PrivilegeType.WRITE_SCHEMA});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java:
##########
@@ -199,4 +204,61 @@ public QueryType getQueryType() {
public List<PartialPath> getPaths() {
return nodeNameList != null ? nodeNameList : Collections.emptyList();
}
+
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ switch (authorType) {
+ case CREATE_USER:
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.SUPER_USER.equals(this.userName),
+ "Cannot create user has same name with admin user");
+ if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return status;
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
+ case UPDATE_USER:
+ if (this.userName.equals(userName)) {
+ return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+ }
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_USER.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MANAGE_USER});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java:
##########
@@ -36,9 +36,11 @@ public enum PrivilegeType {
MANAGE_ROLE,
GRANT_PRIVILEGE,
ALTER_PASSWORD,
+ USE_UDF,
Review Comment:
put it at last.
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ShowQueriesStatement.java:
##########
@@ -56,6 +59,13 @@ public <R, C> R accept(StatementVisitor<R, C> visitor, C
context) {
return visitor.visitShowQueries(this, context);
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MAINTAIN});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java:
##########
@@ -36,9 +36,11 @@ public enum PrivilegeType {
MANAGE_ROLE,
GRANT_PRIVILEGE,
ALTER_PASSWORD,
+ USE_UDF,
USE_TRIGGER(true),
USE_CQ,
USE_PIPE,
+ EXTEND_TEMPLATE,
Review Comment:
put it at last.
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/KillQueryStatement.java:
##########
@@ -52,6 +55,13 @@ public List<PartialPath> getPaths() {
return Collections.emptyList();
}
+ @Override
+ public TSStatus checkPermissionBeforeProcess(String userName) {
+ return AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MAINTAIN.ordinal()),
+ new PrivilegeType[] {PrivilegeType.MAINTAIN});
Review Comment:
no need to new it each time, you can make it as a CONSTANT
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
