You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by ha...@apache.org on 2022/08/01 13:56:05 UTC
[iotdb] branch rel/0.13 updated: [To rel/0.13][IOTDB-2736] DELETE_STORAGE_GROUP can not be granted to user (#6856)
This is an automated email from the ASF dual-hosted git repository.
haonan pushed a commit to branch rel/0.13
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/rel/0.13 by this push:
new 422baf2c9a [To rel/0.13][IOTDB-2736] DELETE_STORAGE_GROUP can not be granted to user (#6856)
422baf2c9a is described below
commit 422baf2c9ab16496eb75291c75e1557884cdb801
Author: Haonan <hh...@outlook.com>
AuthorDate: Mon Aug 1 21:55:58 2022 +0800
[To rel/0.13][IOTDB-2736] DELETE_STORAGE_GROUP can not be granted to user (#6856)
Co-authored-by: Steve Yurong Su <ro...@apache.org>
---
.../antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4 | 7 +++-
.../Administration-Management/Administration.md | 1 +
.../Administration-Management/Administration.md | 1 +
.../iotdb/db/integration/IoTDBAuthorizationIT.java | 49 ++++++++++++++++++++++
.../org/apache/iotdb/db/auth/AuthorityChecker.java | 2 +
.../apache/iotdb/db/auth/entity/PrivilegeType.java | 39 ++++++++++-------
.../java/org/apache/iotdb/db/utils/AuthUtils.java | 2 +
testcontainer/pom.xml | 2 +-
8 files changed, 87 insertions(+), 16 deletions(-)
diff --git a/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4 b/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
index 23f8990e72..dff4887a61 100644
--- a/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
+++ b/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
@@ -695,7 +695,8 @@ UNCOMPRESSED
// Privileges Keywords
PRIVILEGE_VALUE
- : SET_STORAGE_GROUP | CREATE_TIMESERIES | INSERT_TIMESERIES | READ_TIMESERIES | DELETE_TIMESERIES
+ : SET_STORAGE_GROUP | DELETE_STORAGE_GROUP
+ | CREATE_TIMESERIES | INSERT_TIMESERIES | READ_TIMESERIES | DELETE_TIMESERIES
| CREATE_USER | DELETE_USER | MODIFY_PASSWORD | LIST_USER
| GRANT_USER_PRIVILEGE | REVOKE_USER_PRIVILEGE | GRANT_USER_ROLE | REVOKE_USER_ROLE
| CREATE_ROLE | DELETE_ROLE | LIST_ROLE | GRANT_ROLE_PRIVILEGE | REVOKE_ROLE_PRIVILEGE
@@ -708,6 +709,10 @@ SET_STORAGE_GROUP
: S E T '_' S T O R A G E '_' G R O U P
;
+DELETE_STORAGE_GROUP
+ : D E L E T E '_' S T O R A G E '_' G R O U P
+ ;
+
CREATE_TIMESERIES
: C R E A T E '_' T I M E S E R I E S
;
diff --git a/docs/UserGuide/Administration-Management/Administration.md b/docs/UserGuide/Administration-Management/Administration.md
index 323a46b69f..b2d25737bf 100644
--- a/docs/UserGuide/Administration-Management/Administration.md
+++ b/docs/UserGuide/Administration-Management/Administration.md
@@ -286,6 +286,7 @@ At the same time, changes to roles are immediately reflected on all users who ow
|privilege Name|Interpretation|
|:---|:---|
|SET\_STORAGE\_GROUP|set storage groups; path dependent|
+|DELETE\_STORAGE\_GROUP|delete storage groups; path dependent|
|CREATE\_TIMESERIES|create timeseries; path dependent|
|INSERT\_TIMESERIES|insert data; path dependent|
|READ\_TIMESERIES|query data; path dependent|
diff --git a/docs/zh/UserGuide/Administration-Management/Administration.md b/docs/zh/UserGuide/Administration-Management/Administration.md
index c50fabcfa7..412452bd67 100644
--- a/docs/zh/UserGuide/Administration-Management/Administration.md
+++ b/docs/zh/UserGuide/Administration-Management/Administration.md
@@ -291,6 +291,7 @@ Eg: IoTDB > ALTER USER tempuser SET PASSWORD 'newpwd';
|权限名称|说明|
|:---|:---|
|SET\_STORAGE\_GROUP|创建存储组。包含设置存储组的权限。路径相关|
+|DELETE\_STORAGE\_GROUP|删除存储组。路径相关|
|CREATE\_TIMESERIES|创建时间序列。路径相关|
|INSERT\_TIMESERIES|插入数据。路径相关|
|READ\_TIMESERIES|查询数据。路径相关|
diff --git a/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java b/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
index 1008198449..1d82f335e9 100644
--- a/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
+++ b/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
@@ -169,6 +169,55 @@ public class IoTDBAuthorizationIT {
}
}
+ @Test
+ public void testSetDeleteSG() throws ClassNotFoundException, SQLException {
+ Class.forName(Config.JDBC_DRIVER_NAME);
+ try (Connection adminCon =
+ DriverManager.getConnection(
+ Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "root", "root");
+ Statement adminStmt = adminCon.createStatement()) {
+ adminStmt.execute("CREATE USER sgtest 'sgtest'");
+
+ boolean caught = false;
+ try (Connection userCon =
+ DriverManager.getConnection(
+ Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "sgtest", "sgtest");
+ Statement userStmt = userCon.createStatement()) {
+
+ try {
+ userStmt.execute("SET STORAGE GROUP TO root.sgtest");
+ } catch (SQLException e) {
+ caught = true;
+ }
+ assertTrue(caught);
+
+ adminStmt.execute("GRANT USER sgtest PRIVILEGES SET_STORAGE_GROUP ON root.sgtest");
+
+ try {
+ userStmt.execute("SET STORAGE GROUP TO root.sgtest");
+ } catch (SQLException e) {
+ fail(e.getMessage());
+ }
+
+ caught = false;
+ try {
+ userStmt.execute("DELETE STORAGE GROUP root.sgtest");
+ } catch (SQLException e) {
+ caught = true;
+ }
+ assertTrue(caught);
+
+ adminStmt.execute("GRANT USER sgtest PRIVILEGES DELETE_STORAGE_GROUP ON root.sgtest");
+
+ try {
+ userStmt.execute("DELETE STORAGE GROUP root.sgtest");
+ } catch (SQLException e) {
+ fail(e.getMessage());
+ }
+ }
+ }
+ }
+
@Test
public void testTriggerPrivileges() throws ClassNotFoundException, SQLException {
Class.forName(Config.JDBC_DRIVER_NAME);
diff --git a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 6abf4e7088..154e523d9b 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -119,6 +119,8 @@ public class AuthorityChecker {
return PrivilegeType.REVOKE_USER_ROLE.ordinal();
case SET_STORAGE_GROUP:
return PrivilegeType.SET_STORAGE_GROUP.ordinal();
+ case DELETE_STORAGE_GROUP:
+ return PrivilegeType.DELETE_STORAGE_GROUP.ordinal();
case CREATE_TIMESERIES:
case CREATE_ALIGNED_TIMESERIES:
return PrivilegeType.CREATE_TIMESERIES.ordinal();
diff --git a/server/src/main/java/org/apache/iotdb/db/auth/entity/PrivilegeType.java b/server/src/main/java/org/apache/iotdb/db/auth/entity/PrivilegeType.java
index ce233da788..bd6b13e2df 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/entity/PrivilegeType.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/entity/PrivilegeType.java
@@ -20,13 +20,13 @@ package org.apache.iotdb.db.auth.entity;
/** This enum class contains all available privileges in IoTDB. */
public enum PrivilegeType {
- SET_STORAGE_GROUP,
- INSERT_TIMESERIES,
+ SET_STORAGE_GROUP(true),
+ INSERT_TIMESERIES(true),
@Deprecated
- UPDATE_TIMESERIES,
- READ_TIMESERIES,
- CREATE_TIMESERIES,
- DELETE_TIMESERIES,
+ UPDATE_TIMESERIES(true),
+ READ_TIMESERIES(true),
+ CREATE_TIMESERIES(true),
+ DELETE_TIMESERIES(true),
CREATE_USER,
DELETE_USER,
MODIFY_PASSWORD,
@@ -42,15 +42,28 @@ public enum PrivilegeType {
REVOKE_ROLE_PRIVILEGE,
CREATE_FUNCTION,
DROP_FUNCTION,
- CREATE_TRIGGER,
- DROP_TRIGGER,
- START_TRIGGER,
- STOP_TRIGGER,
+ CREATE_TRIGGER(true),
+ DROP_TRIGGER(true),
+ START_TRIGGER(true),
+ STOP_TRIGGER(true),
CREATE_CONTINUOUS_QUERY,
DROP_CONTINUOUS_QUERY,
ALL,
+ DELETE_STORAGE_GROUP(true),
UPDATE_TEMPLATE,
- APPLY_TEMPLATE;
+ APPLY_TEMPLATE(true);
+
+ private static final int PRIVILEGE_COUNT = values().length;
+
+ private final boolean isPathRelevant;
+
+ PrivilegeType() {
+ this.isPathRelevant = false;
+ }
+
+ PrivilegeType(boolean isPathRelevant) {
+ this.isPathRelevant = isPathRelevant;
+ }
/**
* Some privileges need a seriesPath as parameter, while others do not. This method returns which
@@ -60,8 +73,6 @@ public enum PrivilegeType {
* @return Whether this privilege need a seriesPath or not.
*/
public static boolean isPathRelevant(int type) {
- return type <= DELETE_TIMESERIES.ordinal()
- || (CREATE_TRIGGER.ordinal() <= type && type <= STOP_TRIGGER.ordinal())
- || type == APPLY_TEMPLATE.ordinal();
+ return 0 <= type && type < PRIVILEGE_COUNT && values()[type].isPathRelevant;
}
}
diff --git a/server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java b/server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java
index 16e851bad3..6724ad845a 100644
--- a/server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java
+++ b/server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java
@@ -134,6 +134,7 @@ public class AuthUtils {
switch (type) {
case READ_TIMESERIES:
case SET_STORAGE_GROUP:
+ case DELETE_STORAGE_GROUP:
case CREATE_TIMESERIES:
case DELETE_TIMESERIES:
case INSERT_TIMESERIES:
@@ -151,6 +152,7 @@ public class AuthUtils {
switch (type) {
case READ_TIMESERIES:
case SET_STORAGE_GROUP:
+ case DELETE_STORAGE_GROUP:
case CREATE_TIMESERIES:
case DELETE_TIMESERIES:
case INSERT_TIMESERIES:
diff --git a/testcontainer/pom.xml b/testcontainer/pom.xml
index 1e22d9dc47..22b03eed64 100644
--- a/testcontainer/pom.xml
+++ b/testcontainer/pom.xml
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.iotdb</groupId>
<artifactId>iotdb-parent</artifactId>
- <version>0.13.1-SNAPSHOT</version>
+ <version>0.13.2-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>