You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@iotdb.apache.org by GitBox <gi...@apache.org> on 2022/05/01 07:50:07 UTC
[GitHub] [iotdb] LIU-WEI-git opened a new pull request, #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
LIU-WEI-git opened a new pull request, #5756:
URL: https://github.com/apache/iotdb/pull/5756
Fix [IOTDB-2797](https://issues.apache.org/jira/browse/IOTDB-2797) and add related tests.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] MarcosZyk commented on a diff in pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
MarcosZyk commented on code in PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#discussion_r862912469
##########
server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java:
##########
@@ -188,10 +188,22 @@ public static boolean validatePassword(String originPassword, String encryptPass
*
* @param pathA sub-path
* @param pathB path
- * @return True if pathA == pathB, or pathA is an extension of pathB, e.g. pathA = "root.a.b.c"
- * and pathB = "root.a"
+ * @return True if pathA == pathB, or pathA is an extension of pathB, or pathA is contained in the
+ * semantics of "*" and "**" in pathB, e.g. pathA = "root.a.b.c" and pathB = "root.a",
+ * "root.a.b.*" or "root.a.**"
*/
public static boolean pathBelongsTo(String pathA, String pathB) {
+ if (pathB.endsWith(".*")) {
+ if (pathA.endsWith("`")) {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR + "`"));
Review Comment:
We use single quote '' or double quote "" to help use * in node name, rather than back quote ``.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] LIU-WEI-git commented on pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
LIU-WEI-git commented on PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#issuecomment-1120353098
This PR will be reverted, please see the mail [Refactor the rule of auth check](https://lists.apache.org/thread/y9god4drws6x527qfcyonyyrro9j6qkn).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] LIU-WEI-git commented on a diff in pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
LIU-WEI-git commented on code in PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#discussion_r862467311
##########
server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java:
##########
@@ -188,10 +188,14 @@ public static boolean validatePassword(String originPassword, String encryptPass
*
* @param pathA sub-path
* @param pathB path
- * @return True if pathA == pathB, or pathA is an extension of pathB, e.g. pathA = "root.a.b.c"
- * and pathB = "root.a"
+ * @return True if pathA == pathB, or pathA is an extension of pathB, or pathA is contained in the
+ * semantics of "**" in pathB, e.g. pathA = "root.a.b.c" and pathB = "root.a" or pathB =
+ * "root.a.**"
*/
public static boolean pathBelongsTo(String pathA, String pathB) {
+ if (pathB.endsWith("**")) {
Review Comment:
OK, I'll add this feature.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] MarcosZyk commented on pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
MarcosZyk commented on PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#issuecomment-1115525302
The * and ** in privilege path seems useless, since we just need the prefix before them. What about we forbid user grant privilege on a path pattern? It is more clearly to allow user only grant privilege on a explicit prefix path.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] RYH61 commented on pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
RYH61 commented on PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#issuecomment-1115860941
> The * and ** in privilege path seems useless, since we just need the prefix before them. What about we forbid user grant privilege on a path pattern? It is more clearly to allow user only grant privilege on a explicit prefix path.
Ok, for root.* and root.** are the same permissions as root, so no need to add * and **,Using the prefix path shown is sufficient
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] LIU-WEI-git commented on a diff in pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
LIU-WEI-git commented on code in PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#discussion_r862953690
##########
server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java:
##########
@@ -188,10 +188,22 @@ public static boolean validatePassword(String originPassword, String encryptPass
*
* @param pathA sub-path
* @param pathB path
- * @return True if pathA == pathB, or pathA is an extension of pathB, e.g. pathA = "root.a.b.c"
- * and pathB = "root.a"
+ * @return True if pathA == pathB, or pathA is an extension of pathB, or pathA is contained in the
+ * semantics of "*" and "**" in pathB, e.g. pathA = "root.a.b.c" and pathB = "root.a",
+ * "root.a.b.*" or "root.a.**"
*/
public static boolean pathBelongsTo(String pathA, String pathB) {
+ if (pathB.endsWith(".*")) {
+ if (pathA.endsWith("`")) {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR + "`"));
+ } else {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR));
+ }
Review Comment:
The PR #5696 make it only support back quote as the wrapper of the node name in path, so we don't need to consider single quote and double quote.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] LIU-WEI-git commented on a diff in pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
LIU-WEI-git commented on code in PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#discussion_r862953690
##########
server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java:
##########
@@ -188,10 +188,22 @@ public static boolean validatePassword(String originPassword, String encryptPass
*
* @param pathA sub-path
* @param pathB path
- * @return True if pathA == pathB, or pathA is an extension of pathB, e.g. pathA = "root.a.b.c"
- * and pathB = "root.a"
+ * @return True if pathA == pathB, or pathA is an extension of pathB, or pathA is contained in the
+ * semantics of "*" and "**" in pathB, e.g. pathA = "root.a.b.c" and pathB = "root.a",
+ * "root.a.b.*" or "root.a.**"
*/
public static boolean pathBelongsTo(String pathA, String pathB) {
+ if (pathB.endsWith(".*")) {
+ if (pathA.endsWith("`")) {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR + "`"));
+ } else {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR));
+ }
Review Comment:
The PR #5696 make it only support back quote as the wrapper of the layer name in path, so we don't need consider single quote and double quote.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] SteveYurongSu merged pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
SteveYurongSu merged PR #5756:
URL: https://github.com/apache/iotdb/pull/5756
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] MarcosZyk commented on a diff in pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
MarcosZyk commented on code in PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#discussion_r862876038
##########
server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java:
##########
@@ -188,10 +188,22 @@ public static boolean validatePassword(String originPassword, String encryptPass
*
* @param pathA sub-path
* @param pathB path
- * @return True if pathA == pathB, or pathA is an extension of pathB, e.g. pathA = "root.a.b.c"
- * and pathB = "root.a"
+ * @return True if pathA == pathB, or pathA is an extension of pathB, or pathA is contained in the
+ * semantics of "*" and "**" in pathB, e.g. pathA = "root.a.b.c" and pathB = "root.a",
+ * "root.a.b.*" or "root.a.**"
*/
public static boolean pathBelongsTo(String pathA, String pathB) {
+ if (pathB.endsWith(".*")) {
+ if (pathA.endsWith("`")) {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR + "`"));
Review Comment:
Why should we process back quote ``? It seems back quote will be removed after sql parse.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] MarcosZyk commented on a diff in pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
MarcosZyk commented on code in PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#discussion_r862912469
##########
server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java:
##########
@@ -188,10 +188,22 @@ public static boolean validatePassword(String originPassword, String encryptPass
*
* @param pathA sub-path
* @param pathB path
- * @return True if pathA == pathB, or pathA is an extension of pathB, e.g. pathA = "root.a.b.c"
- * and pathB = "root.a"
+ * @return True if pathA == pathB, or pathA is an extension of pathB, or pathA is contained in the
+ * semantics of "*" and "**" in pathB, e.g. pathA = "root.a.b.c" and pathB = "root.a",
+ * "root.a.b.*" or "root.a.**"
*/
public static boolean pathBelongsTo(String pathA, String pathB) {
+ if (pathB.endsWith(".*")) {
+ if (pathA.endsWith("`")) {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR + "`"));
Review Comment:
We use single quote '' or double quote "" to help use . in node name, rather than back quote ``.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] LIU-WEI-git commented on a diff in pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
LIU-WEI-git commented on code in PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#discussion_r862953690
##########
server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java:
##########
@@ -188,10 +188,22 @@ public static boolean validatePassword(String originPassword, String encryptPass
*
* @param pathA sub-path
* @param pathB path
- * @return True if pathA == pathB, or pathA is an extension of pathB, e.g. pathA = "root.a.b.c"
- * and pathB = "root.a"
+ * @return True if pathA == pathB, or pathA is an extension of pathB, or pathA is contained in the
+ * semantics of "*" and "**" in pathB, e.g. pathA = "root.a.b.c" and pathB = "root.a",
+ * "root.a.b.*" or "root.a.**"
*/
public static boolean pathBelongsTo(String pathA, String pathB) {
+ if (pathB.endsWith(".*")) {
+ if (pathA.endsWith("`")) {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR + "`"));
+ } else {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR));
+ }
Review Comment:
The PR #5696 make it only support back quote as the wrapper of the layer name in path, so we don't need to consider single quote and double quote.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] SteveYurongSu commented on a diff in pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
SteveYurongSu commented on code in PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#discussion_r862465468
##########
server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java:
##########
@@ -188,10 +188,14 @@ public static boolean validatePassword(String originPassword, String encryptPass
*
* @param pathA sub-path
* @param pathB path
- * @return True if pathA == pathB, or pathA is an extension of pathB, e.g. pathA = "root.a.b.c"
- * and pathB = "root.a"
+ * @return True if pathA == pathB, or pathA is an extension of pathB, or pathA is contained in the
+ * semantics of "**" in pathB, e.g. pathA = "root.a.b.c" and pathB = "root.a" or pathB =
+ * "root.a.**"
*/
public static boolean pathBelongsTo(String pathA, String pathB) {
+ if (pathB.endsWith("**")) {
Review Comment:
Can it handle the paths like `root.sg.d.*`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] MarcosZyk commented on a diff in pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
MarcosZyk commented on code in PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#discussion_r862922342
##########
server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java:
##########
@@ -188,10 +188,22 @@ public static boolean validatePassword(String originPassword, String encryptPass
*
* @param pathA sub-path
* @param pathB path
- * @return True if pathA == pathB, or pathA is an extension of pathB, e.g. pathA = "root.a.b.c"
- * and pathB = "root.a"
+ * @return True if pathA == pathB, or pathA is an extension of pathB, or pathA is contained in the
+ * semantics of "*" and "**" in pathB, e.g. pathA = "root.a.b.c" and pathB = "root.a",
+ * "root.a.b.*" or "root.a.**"
*/
public static boolean pathBelongsTo(String pathA, String pathB) {
+ if (pathB.endsWith(".*")) {
+ if (pathA.endsWith("`")) {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR + "`"));
+ } else {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR));
+ }
Review Comment:
OK, I got it. It seems you should process single quote '' and double quote "" as well.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] LIU-WEI-git commented on a diff in pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
LIU-WEI-git commented on code in PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#discussion_r862901669
##########
server/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java:
##########
@@ -188,10 +188,22 @@ public static boolean validatePassword(String originPassword, String encryptPass
*
* @param pathA sub-path
* @param pathB path
- * @return True if pathA == pathB, or pathA is an extension of pathB, e.g. pathA = "root.a.b.c"
- * and pathB = "root.a"
+ * @return True if pathA == pathB, or pathA is an extension of pathB, or pathA is contained in the
+ * semantics of "*" and "**" in pathB, e.g. pathA = "root.a.b.c" and pathB = "root.a",
+ * "root.a.b.*" or "root.a.**"
*/
public static boolean pathBelongsTo(String pathA, String pathB) {
+ if (pathB.endsWith(".*")) {
+ if (pathA.endsWith("`")) {
+ pathA = pathA.substring(0, pathA.lastIndexOf(IoTDBConstant.PATH_SEPARATOR + "`"));
Review Comment:
If the path node contains `.`, the lastIndexOf will get a value we don't want such as root.b.\`c.d\`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] MarcosZyk commented on pull request #5756: [IOTDB-2797] Fix [privilege] root.** doesn't work
Posted by GitBox <gi...@apache.org>.
MarcosZyk commented on PR #5756:
URL: https://github.com/apache/iotdb/pull/5756#issuecomment-1115061090
@RYH61 PTAL
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org