You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by ja...@apache.org on 2023/09/06 14:18:35 UTC

[iotdb] branch auth updated: Fix some bugs when read & write schema

This is an automated email from the ASF dual-hosted git repository.

jackietien pushed a commit to branch auth
in repository https://gitbox.apache.org/repos/asf/iotdb.git


The following commit(s) were added to refs/heads/auth by this push:
     new 98bfde3b1f1 Fix some bugs when read & write schema
98bfde3b1f1 is described below

commit 98bfde3b1f1c3ce44830c8709170c84fd75f3758
Author: Weihao Li <60...@users.noreply.github.com>
AuthorDate: Wed Sep 6 22:18:28 2023 +0800

    Fix some bugs when read & write schema
---
 .../apache/iotdb/confignode/persistence/AuthorInfo.java   |  1 +
 .../org/apache/iotdb/db/auth/ClusterAuthorityFetcher.java |  2 ++
 .../plan/statement/metadata/AlterTimeSeriesStatement.java | 15 +++++++++++++++
 3 files changed, 18 insertions(+)

diff --git a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
index 6904b2ac2a5..2b4d533112e 100644
--- a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
+++ b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
@@ -152,6 +152,7 @@ public class AuthorInfo implements SnapshotProcessor {
       }
     } else {
       result = AuthUtils.generateEmptyPermissionInfoResp();
+      result.setFailPos(failedList);
       result.setStatus(RpcUtils.getStatus(TSStatusCode.NO_PERMISSION));
     }
     return result;
diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/ClusterAuthorityFetcher.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/ClusterAuthorityFetcher.java
index 48acf3d8c92..410347e9c9b 100644
--- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/ClusterAuthorityFetcher.java
+++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/ClusterAuthorityFetcher.java
@@ -92,6 +92,8 @@ public class ClusterAuthorityFetcher implements IAuthorityFetcher {
           if (!user.checkPathPrivilege(path, permission)) {
             if (user.getRoleList().isEmpty()) {
               posList.add(pos);
+              pos++;
+              continue;
             }
             boolean status = false;
             for (String rolename : user.getRoleList()) {
diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterTimeSeriesStatement.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterTimeSeriesStatement.java
index 2375452a13f..1c78b73cdd1 100644
--- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterTimeSeriesStatement.java
+++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/AlterTimeSeriesStatement.java
@@ -19,10 +19,14 @@
 
 package org.apache.iotdb.db.queryengine.plan.statement.metadata;
 
+import org.apache.iotdb.common.rpc.thrift.TSStatus;
+import org.apache.iotdb.commons.auth.entity.PrivilegeType;
 import org.apache.iotdb.commons.path.PartialPath;
+import org.apache.iotdb.db.auth.AuthorityChecker;
 import org.apache.iotdb.db.queryengine.plan.statement.Statement;
 import org.apache.iotdb.db.queryengine.plan.statement.StatementType;
 import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
+import org.apache.iotdb.rpc.TSStatusCode;
 
 import java.util.Collections;
 import java.util.List;
@@ -128,6 +132,17 @@ public class AlterTimeSeriesStatement extends Statement {
     return isAlterView;
   }
 
+  @Override
+  public TSStatus checkPermissionBeforeProcess(String userName) {
+    if (AuthorityChecker.SUPER_USER.equals(userName)) {
+      return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+    }
+    return AuthorityChecker.getTSStatus(
+        AuthorityChecker.checkFullPathPermission(
+            userName, path, PrivilegeType.WRITE_SCHEMA.ordinal()),
+        PrivilegeType.WRITE_SCHEMA);
+  }
+
   @Override
   public <R, C> R accept(StatementVisitor<R, C> visitor, C context) {
     return visitor.visitAlterTimeseries(this, context);