Caideyipi commented on code in PR #13158:
URL: https://github.com/apache/iotdb/pull/13158#discussion_r1926430325
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/IAuthorizer.java:
##########
@@ -56,39 +58,31 @@ public interface IAuthorizer extends SnapshotProcessor {
*
* @param username the username of the user.
* @throws AuthException When attempting to delete the default administrator
or the user does not
- * exists.
+ * exist.
*/
void deleteUser(String username) throws AuthException;
/**
- * Grant a privilege on a seriesPath to a user.
+ * Grant a privilege to a user.
*
- * @param username The username of the user to which the privilege should be
added.
- * @param path The seriesPath on which the privilege takes effect. If the
privilege is a
- * seriesPath-free privilege, this should be "root".
- * @param privilegeId An integer that represents a privilege.
- * @param grantOpt Whether the privilege is grant option.
- * @throws AuthException If the user does not exist or the privilege or the
seriesPath is illegal
- * or the permission already exists.
+ * @param userName The username of the user to which the privilege should be
added.
+ * @param union A combination of user permissions, scope, and tags
+ * @throws AuthException If the user does not exist or the privilege or the
seriesPath is illegal.
*/
- void grantPrivilegeToUser(String username, PartialPath path, int
privilegeId, boolean grantOpt)
- throws AuthException;
+ void grantPrivilegeToUser(String userName, PrivilegeUnion union) throws
AuthException;
/**
- * Revoke a privilege on seriesPath from a user.
+ * Revoke a privilege from a user.
*
- * @param username The username of the user from which the privilege should
be removed.
- * @param path The seriesPath on which the privilege takes effect. If the
privilege is a
- * seriesPath-free privilege, this should be "root".
- * @param privilegeId An integer that represents a privilege.
+ * @param userName The username of the user from which the privilege should
be removed.
Review Comment:
user name
##########
iotdb-core/datanode/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleAccessorTest.java:
##########
@@ -69,81 +67,56 @@ public void test() throws IOException, IllegalPathException
{
roles[i] = new Role("role" + i);
for (int j = 0; j <= i; j++) {
PathPrivilege pathPrivilege = new PathPrivilege(new
PartialPath("root.a.b.c" + j));
- pathPrivilege.getPrivileges().add(j);
+ pathPrivilege.grantPrivilege(PrivilegeType.values()[j], true);
roles[i].getPathPrivilegeList().add(pathPrivilege);
- roles[i].getSysPrivilege().add(i + 4);
+ roles[i].grantSysPrivilege(PrivilegeType.values()[i + 4], false);
+ roles[i].grantDBPrivilege("testdb", PrivilegeType.CREATE, false);
+ roles[i].grantTBPrivilege("testdb", "table", PrivilegeType.ALTER,
true);
+ roles[i].grantAnyScopePrivilege(PrivilegeType.INSERT, true);
if (i % 2 != 0) {
- roles[i].getSysPriGrantOpt().add(i + 4);
+ roles[i].grantSysPrivilegeGrantOption(PrivilegeType.values()[i + 4]);
Review Comment:
Better put this outside the loop because it's not about j.
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/IEntityAccessor.java:
##########
@@ -16,60 +16,52 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.iotdb.commons.auth.user;
+package org.apache.iotdb.commons.auth.entity;
-import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.snapshot.SnapshotProcessor;
import java.io.IOException;
import java.util.List;
-/** This interface manages the serialization/deserialization of the user
objects. */
-public interface IUserAccessor extends SnapshotProcessor {
+/** This interface manages the serialization/deserialization of the entity
objects. */
+public interface IEntityAccessor extends SnapshotProcessor {
/**
- * Deserialize a user from lower storage.
+ * Deserialize an entity from lower storage.
*
- * @param username The name of the user to be deserialized.
- * @return The user object or null if no such user.
+ * @param entityName The name of the user/role to be deserialized.
+ * @return The user object or null if no such entity.
* @throws IOException if an exception is raised when interacting with the
lower storage.
*/
- User loadUser(String username) throws IOException;
+ Role loadEntity(String entityName) throws IOException;
/**
- * Serialize the user object to lower storage.
+ * Serialize the entity object to lower storage.
*
- * @param user The user object that is to be saved.
+ * @param entity The user/role object that is to be saved.
* @throws IOException if an exception is raised when interacting with the
lower storage.
*/
- void saveUser(User user) throws IOException;
+ void saveEntity(Role entity) throws IOException;
/**
* Delete a user's from lower storage.
Review Comment:
entity
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/IEntityAccessor.java:
##########
@@ -16,60 +16,52 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.iotdb.commons.auth.user;
+package org.apache.iotdb.commons.auth.entity;
-import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.snapshot.SnapshotProcessor;
import java.io.IOException;
import java.util.List;
-/** This interface manages the serialization/deserialization of the user
objects. */
-public interface IUserAccessor extends SnapshotProcessor {
+/** This interface manages the serialization/deserialization of the entity
objects. */
+public interface IEntityAccessor extends SnapshotProcessor {
/**
- * Deserialize a user from lower storage.
+ * Deserialize an entity from lower storage.
*
- * @param username The name of the user to be deserialized.
- * @return The user object or null if no such user.
+ * @param entityName The name of the user/role to be deserialized.
+ * @return The user object or null if no such entity.
* @throws IOException if an exception is raised when interacting with the
lower storage.
*/
- User loadUser(String username) throws IOException;
+ Role loadEntity(String entityName) throws IOException;
/**
- * Serialize the user object to lower storage.
+ * Serialize the entity object to lower storage.
*
- * @param user The user object that is to be saved.
+ * @param entity The user/role object that is to be saved.
* @throws IOException if an exception is raised when interacting with the
lower storage.
*/
- void saveUser(User user) throws IOException;
+ void saveEntity(Role entity) throws IOException;
/**
* Delete a user's from lower storage.
*
- * @param username The name of the user to be deleted.
- * @return True if the user is successfully deleted, false if the user does
not exists.
+ * @param entityName The name of the user/role to be deleted.
+ * @return True if the user/role is successfully deleted, false if the user
does not exist.
* @throws IOException if an exception is raised when interacting with the
lower storage.
*/
- boolean deleteUser(String username) throws IOException;
+ boolean deleteEntity(String entityName) throws IOException;
/**
* List all users existing in the database.
Review Comment:
all entities
##########
iotdb-core/datanode/src/test/java/org/apache/iotdb/db/auth/role/LocalFileRoleAccessorTest.java:
##########
@@ -69,81 +67,56 @@ public void test() throws IOException, IllegalPathException
{
roles[i] = new Role("role" + i);
for (int j = 0; j <= i; j++) {
PathPrivilege pathPrivilege = new PathPrivilege(new
PartialPath("root.a.b.c" + j));
- pathPrivilege.getPrivileges().add(j);
+ pathPrivilege.grantPrivilege(PrivilegeType.values()[j], true);
roles[i].getPathPrivilegeList().add(pathPrivilege);
- roles[i].getSysPrivilege().add(i + 4);
+ roles[i].grantSysPrivilege(PrivilegeType.values()[i + 4], false);
Review Comment:
Better put this outside the loop because it's not about j.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
