You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@iotdb.apache.org by ro...@apache.org on 2021/11/04 08:20:31 UTC

[iotdb] branch issue-4308-0.12 created (now f4ca865)

This is an automated email from the ASF dual-hosted git repository.

rong pushed a change to branch issue-4308-0.12
in repository https://gitbox.apache.org/repos/asf/iotdb.git.


      at f4ca865  fix issue-4308

This branch includes the following new commits:

     new 93f6bce  add a test for ISSUE-4308
     new f4ca865  fix issue-4308

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[iotdb] 01/02: add a test for ISSUE-4308

Posted by ro...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

rong pushed a commit to branch issue-4308-0.12
in repository https://gitbox.apache.org/repos/asf/iotdb.git

commit 93f6bce15e9a38692793ceaad3b4ca69ca248349
Author: Steve Yurong Su <ro...@apache.org>
AuthorDate: Thu Nov 4 15:43:06 2021 +0800

    add a test for ISSUE-4308
---
 .../db/integration/auth/IoTDBAuthorizationIT.java  | 36 +++++++++++++++++++---
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/server/src/test/java/org/apache/iotdb/db/integration/auth/IoTDBAuthorizationIT.java b/server/src/test/java/org/apache/iotdb/db/integration/auth/IoTDBAuthorizationIT.java
index 980545f..fc4b3b0 100644
--- a/server/src/test/java/org/apache/iotdb/db/integration/auth/IoTDBAuthorizationIT.java
+++ b/server/src/test/java/org/apache/iotdb/db/integration/auth/IoTDBAuthorizationIT.java
@@ -21,11 +21,6 @@ package org.apache.iotdb.db.integration.auth;
 import org.apache.iotdb.db.utils.EnvironmentUtils;
 import org.apache.iotdb.jdbc.Config;
 
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Ignore;
-import org.junit.Test;
-
 import java.sql.BatchUpdateException;
 import java.sql.Connection;
 import java.sql.DriverManager;
@@ -37,6 +32,11 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
@@ -1079,4 +1079,30 @@ public class IoTDBAuthorizationIT {
       assertTrue(expectedList.containsAll(result));
     }
   }
+
+  /** ISSUE-4308 */
+  @Test
+  public void testSelectUDTF() throws ClassNotFoundException, SQLException {
+    Class.forName(Config.JDBC_DRIVER_NAME);
+    try (Connection adminConnection =
+            DriverManager.getConnection(
+                Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "root", "root");
+        Statement adminStatement = adminConnection.createStatement()) {
+      adminStatement.execute("CREATE USER a_application 'a_application'");
+      adminStatement.execute("CREATE ROLE application_role");
+      adminStatement.execute(
+          "GRANT ROLE application_role PRIVILEGES 'READ_TIMESERIES' ON root.test");
+      adminStatement.execute("GRANT application_role TO a_application");
+
+      adminStatement.execute("INSERT INTO root.test(time, s1) VALUES(1, 1)");
+    }
+
+    try (Connection userConnection =
+            DriverManager.getConnection(
+                Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "a_application", "a_application");
+        Statement userStatement = userConnection.createStatement();
+        ResultSet resultSet = userStatement.executeQuery("SELECT s1, sin(s1) FROM root.test")) {
+      assertTrue(resultSet.next());
+    }
+  }
 }

[iotdb] 02/02: fix issue-4308

Posted by ro...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

rong pushed a commit to branch issue-4308-0.12
in repository https://gitbox.apache.org/repos/asf/iotdb.git

commit f4ca8654b3a764dbd3d7a634147dc50d9c3ab409
Author: Steve Yurong Su <ro...@apache.org>
AuthorDate: Thu Nov 4 16:18:34 2021 +0800

    fix issue-4308
---
 .../apache/iotdb/db/qp/physical/PhysicalPlan.java    |  7 +++++++
 .../apache/iotdb/db/qp/physical/crud/UDTFPlan.java   | 20 ++++++++++++++++++++
 .../org/apache/iotdb/db/service/TSServiceImpl.java   |  2 +-
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/server/src/main/java/org/apache/iotdb/db/qp/physical/PhysicalPlan.java b/server/src/main/java/org/apache/iotdb/db/qp/physical/PhysicalPlan.java
index 2ce5b7b..f87cc05 100644
--- a/server/src/main/java/org/apache/iotdb/db/qp/physical/PhysicalPlan.java
+++ b/server/src/main/java/org/apache/iotdb/db/qp/physical/PhysicalPlan.java
@@ -217,6 +217,13 @@ public abstract class PhysicalPlan {
     this.loginUserName = loginUserName;
   }
 
+  /**
+   * Used to check whether a user has operation permissions to execute the plan under these paths.
+   */
+  public List<PartialPath> getAuthPaths() {
+    return getPaths();
+  }
+
   public static class Factory {
 
     private Factory() {
diff --git a/server/src/main/java/org/apache/iotdb/db/qp/physical/crud/UDTFPlan.java b/server/src/main/java/org/apache/iotdb/db/qp/physical/crud/UDTFPlan.java
index 5192bbc..b50c4a7 100644
--- a/server/src/main/java/org/apache/iotdb/db/qp/physical/crud/UDTFPlan.java
+++ b/server/src/main/java/org/apache/iotdb/db/qp/physical/crud/UDTFPlan.java
@@ -20,6 +20,7 @@
 package org.apache.iotdb.db.qp.physical.crud;
 
 import org.apache.iotdb.db.exception.query.QueryProcessException;
+import org.apache.iotdb.db.metadata.PartialPath;
 import org.apache.iotdb.db.qp.logical.Operator;
 import org.apache.iotdb.db.query.udf.core.context.UDFContext;
 import org.apache.iotdb.db.query.udf.core.executor.UDTFExecutor;
@@ -30,8 +31,10 @@ import java.time.ZoneId;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 public class UDTFPlan extends RawDataQueryPlan implements UDFPlan {
 
@@ -138,4 +141,21 @@ public class UDTFPlan extends RawDataQueryPlan implements UDFPlan {
     }
     return columnForReader;
   }
+
+  @Override
+  public List<PartialPath> getAuthPaths() {
+    Set<PartialPath> authPathsSet = new HashSet<>();
+
+    for (PartialPath rawQueryPath : getPaths()) {
+      if (rawQueryPath != null) {
+        authPathsSet.add(rawQueryPath);
+      }
+    }
+
+    for (UDTFExecutor executor : columnName2Executor.values()) {
+      authPathsSet.addAll(executor.getContext().getPaths());
+    }
+
+    return new ArrayList<>(authPathsSet);
+  }
 }
diff --git a/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java b/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java
index 1b370de..b36a5ee 100644
--- a/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java
+++ b/server/src/main/java/org/apache/iotdb/db/service/TSServiceImpl.java
@@ -830,7 +830,7 @@ public class TSServiceImpl implements TSIService.Iface {
     List<String> columnsTypes = new ArrayList<>();
 
     // check permissions
-    if (!checkAuthorization(physicalPlan.getPaths(), physicalPlan, username)) {
+    if (!checkAuthorization(physicalPlan.getAuthPaths(), physicalPlan, username)) {
       return RpcUtils.getTSExecuteStatementResp(
           RpcUtils.getStatus(
               TSStatusCode.NO_PERMISSION_ERROR,