You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by lt...@apache.org on 2019/04/04 01:58:12 UTC
[incubator-iotdb] branch add_create_ts_operator updated: add grant
and revoke of create timeseries
This is an automated email from the ASF dual-hosted git repository.
lta pushed a commit to branch add_create_ts_operator
in repository https://gitbox.apache.org/repos/asf/incubator-iotdb.git
The following commit(s) were added to refs/heads/add_create_ts_operator by this push:
new 738a1df add grant and revoke of create timeseries
738a1df is described below
commit 738a1df88ff8c1d7536f099dd787898ee0c099e1
Author: lta <li...@163.com>
AuthorDate: Thu Apr 4 09:51:08 2019 +0800
add grant and revoke of create timeseries
---
.../org/apache/iotdb/db/auth/AuthorityChecker.java | 2 ++
.../apache/iotdb/db/auth/entity/PrivilegeType.java | 2 +-
.../java/org/apache/iotdb/db/utils/AuthUtils.java | 2 ++
.../iotdb/db/integration/IoTDBAuthorizationIT.java | 32 +++++++++++++++++++++-
4 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java b/iotdb/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 79baccb..a9d4aa4 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -114,6 +114,8 @@ public class AuthorityChecker {
return PrivilegeType.REVOKE_USER_ROLE.ordinal();
case SET_STORAGE_GROUP:
return PrivilegeType.SET_STORAGE_GROUP.ordinal();
+ case CREATE_TIMESERIES:
+ return PrivilegeType.CREATE_TIMESERIES.ordinal();
case DELETE_TIMESERIES:
return PrivilegeType.DELETE_TIMESERIES.ordinal();
case QUERY:
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/PrivilegeType.java b/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/PrivilegeType.java
index e657a9b..d8b44d6 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/PrivilegeType.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/PrivilegeType.java
@@ -22,7 +22,7 @@ package org.apache.iotdb.db.auth.entity;
* This enum class contains all available privileges in IoTDB.
*/
public enum PrivilegeType {
- SET_STORAGE_GROUP, INSERT_TIMESERIES, UPDATE_TIMESERIES, READ_TIMESERIES, DELETE_TIMESERIES,
+ SET_STORAGE_GROUP, INSERT_TIMESERIES, UPDATE_TIMESERIES, READ_TIMESERIES, CREATE_TIMESERIES, DELETE_TIMESERIES,
CREATE_USER, DELETE_USER, MODIFY_PASSWORD, LIST_USER, GRANT_USER_PRIVILEGE, REVOKE_USER_PRIVILEGE,
GRANT_USER_ROLE, REVOKE_USER_ROLE, CREATE_ROLE, DELETE_ROLE, LIST_ROLE, GRANT_ROLE_PRIVILEGE,
REVOKE_ROLE_PRIVILEGE, ALL;
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java b/iotdb/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java
index 6d7710e..5e253a4 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java
@@ -126,6 +126,7 @@ public class AuthUtils {
switch (type) {
case READ_TIMESERIES:
case SET_STORAGE_GROUP:
+ case CREATE_TIMESERIES:
case DELETE_TIMESERIES:
case INSERT_TIMESERIES:
case UPDATE_TIMESERIES:
@@ -138,6 +139,7 @@ public class AuthUtils {
switch (type) {
case READ_TIMESERIES:
case SET_STORAGE_GROUP:
+ case CREATE_TIMESERIES:
case DELETE_TIMESERIES:
case INSERT_TIMESERIES:
case UPDATE_TIMESERIES:
diff --git a/iotdb/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java b/iotdb/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
index ecb3cbb..b1f7624 100644
--- a/iotdb/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
+++ b/iotdb/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
@@ -125,6 +125,7 @@ public class IoTDBAuthorizationIT {
userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (100, 100)");
userStmt.execute("SELECT * from root.a");
userStmt.execute("GRANT USER tempuser PRIVILEGES 'SET_STORAGE_GROUP' ON root.a");
+ userStmt.execute("GRANT USER tempuser PRIVILEGES 'CREATE_TIMESERIES' ON root.b.b");
adminStmt.execute("REVOKE USER tempuser PRIVILEGES 'ALL' ON root");
@@ -371,6 +372,7 @@ public class IoTDBAuthorizationIT {
adminStmt.execute("GRANT USER tempuser PRIVILEGES 'SET_STORAGE_GROUP' ON root.a");
userStmt.execute("SET STORAGE GROUP TO root.a");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES 'CREATE_TIMESERIES' ON root.a.b");
userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
caught = false;
@@ -401,6 +403,34 @@ public class IoTDBAuthorizationIT {
}
assertTrue(caught);
+ caught = false;
+ try {
+ // no privilege to create timeseries
+ userStmt.execute("CREATE TIMESERIES root.b.a WITH DATATYPE=INT32,ENCODING=PLAIN");
+ } catch (SQLException e) {
+ caught = true;
+ }
+ assertTrue(caught);
+
+ caught = false;
+ try {
+ // privilege already exists
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES 'CREATE_TIMESERIES' ON root.a.b");
+ } catch (SQLException e) {
+ caught = true;
+ }
+ assertTrue(caught);
+
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES 'CREATE_TIMESERIES' ON root.a.b");
+ caught = false;
+ try {
+ // no privilege to create this one any more
+ userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
+ } catch (SQLException e) {
+ caught = true;
+ }
+ assertTrue(caught);
+
// the user cannot delete the timeseries now
caught = false;
try {
@@ -523,7 +553,7 @@ public class IoTDBAuthorizationIT {
assertTrue(caught);
adminStmt.execute("CREATE ROLE admin");
adminStmt.execute(
- "GRANT ROLE admin PRIVILEGES 'SET_STORAGE_GROUP','DELETE_TIMESERIES','READ_TIMESERIES','INSERT_TIMESERIES' on root");
+ "GRANT ROLE admin PRIVILEGES 'SET_STORAGE_GROUP','CREATE_TIMESERIES','DELETE_TIMESERIES','READ_TIMESERIES','INSERT_TIMESERIES' on root");
adminStmt.execute("GRANT admin TO tempuser");
userStmt.execute("SET STORAGE GROUP TO root.a");