[iotdb] 10/14: [IOTDB-1308] Users with READ_TIMESERIES permission cannot execute group by fill queries (#3014)

Sat, 17 Apr 2021 09:07:55 -0700 

This is an automated email from the ASF dual-hosted git repository.

hxd pushed a commit to branch testcontainer
in repository https://gitbox.apache.org/repos/asf/iotdb.git

commit 8909643bd00b2123c840c018b5066b795851b9b3
Author: Steve Yurong Su <[email protected]>
AuthorDate: Thu Apr 15 20:15:42 2021 +0800

    [IOTDB-1308] Users with READ_TIMESERIES permission cannot execute group by 
fill queries (#3014)
---
 .../cluster/partition/SlotPartitionTableTest.java  |  2 +-
 .../org/apache/iotdb/db/auth/AuthorityChecker.java | 26 +++++-----------------
 .../org/apache/iotdb/db/qp/logical/Operator.java   | 10 ---------
 .../apache/iotdb/db/auth/AuthorityCheckerTest.java | 21 +++++++++++------
 4 files changed, 21 insertions(+), 38 deletions(-)

diff --git 
a/cluster/src/test/java/org/apache/iotdb/cluster/partition/SlotPartitionTableTest.java
 
b/cluster/src/test/java/org/apache/iotdb/cluster/partition/SlotPartitionTableTest.java
index 79e5eab..6614517 100644
--- 
a/cluster/src/test/java/org/apache/iotdb/cluster/partition/SlotPartitionTableTest.java
+++ 
b/cluster/src/test/java/org/apache/iotdb/cluster/partition/SlotPartitionTableTest.java
@@ -350,7 +350,7 @@ public class SlotPartitionTableTest {
     assertTrue(PartitionUtils.isGlobalMetaPlan(globalLoadConfigPlan));
     PhysicalPlan localLoadConfigPlan = new 
LoadConfigurationPlan(LoadConfigurationPlanType.LOCAL);
     assertFalse(PartitionUtils.isGlobalMetaPlan(localLoadConfigPlan));
-    PhysicalPlan operateFilePlan = new OperateFilePlan(new File(""), 
OperatorType.TABLESCAN);
+    PhysicalPlan operateFilePlan = new OperateFilePlan(new File(""), 
OperatorType.LOAD_FILES);
     assertTrue(PartitionUtils.isLocalNonQueryPlan(operateFilePlan));
 
     PhysicalPlan setStorageGroupPlan = new SetStorageGroupPlan();
diff --git 
a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java 
b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index fc5c680..34766d1 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -53,15 +53,16 @@ public class AuthorityChecker {
     if (SUPER_USER.equals(username)) {
       return true;
     }
+
     int permission = translateToPermissionId(type);
     if (permission == -1) {
-      logger.error("OperateType not found. {}", type);
       return false;
     } else if (permission == PrivilegeType.MODIFY_PASSWORD.ordinal()
         && username.equals(targetUser)) {
       // a user can modify his own password
       return true;
     }
+
     if (!paths.isEmpty()) {
       for (PartialPath path : paths) {
         if (!checkOnePath(username, path, permission)) {
@@ -71,6 +72,7 @@ public class AuthorityChecker {
     } else {
       return checkOnePath(username, null, permission);
     }
+
     return true;
   }
 
@@ -124,14 +126,13 @@ public class AuthorityChecker {
       case SELECT:
       case FILTER:
       case GROUPBYTIME:
-      case SEQTABLESCAN:
-      case TABLESCAN:
       case QUERY_INDEX:
-      case MERGEQUERY:
       case AGGREGATION:
       case UDAF:
       case UDTF:
       case LAST:
+      case FILL:
+      case GROUP_BY_FILL:
         return PrivilegeType.READ_TIMESERIES.ordinal();
       case INSERT:
       case LOADDATA:
@@ -157,23 +158,8 @@ public class AuthorityChecker {
         return PrivilegeType.START_TRIGGER.ordinal();
       case STOP_TRIGGER:
         return PrivilegeType.STOP_TRIGGER.ordinal();
-      case AUTHOR:
-      case METADATA:
-      case BASIC_FUNC:
-      case FILEREAD:
-      case FROM:
-      case FUNC:
-      case HASHTABLESCAN:
-      case JOIN:
-      case LIMIT:
-      case MERGEJOIN:
-      case NULL:
-      case ORDERBY:
-      case SFW:
-      case UNION:
-        logger.error("Illegal operator type authorization : {}", type);
-        return -1;
       default:
+        logger.error("Unrecognizable operator type ({}) for 
AuthorityChecker.", type);
         return -1;
     }
   }
diff --git a/server/src/main/java/org/apache/iotdb/db/qp/logical/Operator.java 
b/server/src/main/java/org/apache/iotdb/db/qp/logical/Operator.java
index f2a8633..cfa981e 100644
--- a/server/src/main/java/org/apache/iotdb/db/qp/logical/Operator.java
+++ b/server/src/main/java/org/apache/iotdb/db/qp/logical/Operator.java
@@ -74,26 +74,16 @@ public abstract class Operator {
   /** If you want to add new OperatorType, you must add it in the last. */
   public enum OperatorType {
     SFW,
-    JOIN,
-    UNION,
     FILTER,
     GROUPBYTIME,
-    ORDERBY,
-    LIMIT,
     SELECT,
-    SEQTABLESCAN,
-    HASHTABLESCAN,
-    MERGEJOIN,
-    FILEREAD,
     NULL,
-    TABLESCAN,
     INSERT,
     BATCHINSERT,
     DELETE,
     BASIC_FUNC,
     IN,
     QUERY,
-    MERGEQUERY,
     AGGREGATION,
     AUTHOR,
     FROM,
diff --git 
a/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java 
b/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
index f775380..cfadb58 100644
--- a/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
+++ b/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
@@ -118,13 +118,6 @@ public class AuthorityCheckerTest {
             OperatorType.DROP_INDEX,
             user.getName()));
 
-    Assert.assertFalse(
-        AuthorityChecker.check(
-            user.getName(),
-            Collections.singletonList(new PartialPath(nodeName)),
-            OperatorType.UNION,
-            user.getName()));
-
     // check empty list
     Assert.assertFalse(
         AuthorityChecker.check(
@@ -227,5 +220,19 @@ public class AuthorityCheckerTest {
             Collections.singletonList(new PartialPath(nodeName)),
             OperatorType.DELETE_TIMESERIES,
             user.getName()));
+
+    Assert.assertTrue(
+        AuthorityChecker.check(
+            user.getName(),
+            Collections.singletonList(new PartialPath(nodeName)),
+            OperatorType.FILL,
+            user.getName()));
+
+    Assert.assertTrue(
+        AuthorityChecker.check(
+            user.getName(),
+            Collections.singletonList(new PartialPath(nodeName)),
+            OperatorType.GROUP_BY_FILL,
+            user.getName()));
   }
 }

Reply via email to