This is an automated email from the ASF dual-hosted git repository.
qiaojialin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 25d442ad83 [IOTDB-3159] Granting the user privileges to create_user
does not require adding a path (#6485)
25d442ad83 is described below
commit 25d442ad8372274701e2f30e884b84d20a58532a
Author: ly <[email protected]>
AuthorDate: Wed Jun 29 11:07:19 2022 +0800
[IOTDB-3159] Granting the user privileges to create_user does not require
adding a path (#6485)
---
.../java/org/apache/iotdb/db/it/IoTDBAuthIT.java | 112 +++++++++++++++++++++
.../iotdb/db/mpp/plan/parser/ASTVisitor.java | 28 +++++-
2 files changed, 138 insertions(+), 2 deletions(-)
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBAuthIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBAuthIT.java
new file mode 100644
index 0000000000..e3e12189fa
--- /dev/null
+++ b/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBAuthIT.java
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.iotdb.db.it;
+
+import org.apache.iotdb.it.env.EnvFactory;
+import org.apache.iotdb.it.env.IoTDBTestRunner;
+import org.apache.iotdb.itbase.category.ClusterIT;
+import org.apache.iotdb.itbase.category.LocalStandaloneIT;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+/** This is an example for integration test. */
+@RunWith(IoTDBTestRunner.class)
+@Category({LocalStandaloneIT.class, ClusterIT.class})
+public class IoTDBAuthIT {
+ private static Statement statement;
+ private static Connection connection;
+
+ @BeforeClass
+ public static void setUp() throws Exception {
+ EnvFactory.getEnv().initBeforeClass();
+ connection = EnvFactory.getEnv().getConnection();
+ statement = connection.createStatement();
+ }
+
+ @AfterClass
+ public static void tearDown() throws Exception {
+ statement.close();
+ connection.close();
+ EnvFactory.getEnv().cleanAfterClass();
+ }
+
+ @Test
+ public void testGrantRevokeUser() {
+
+ try {
+ statement.execute("CREATE USER tempuser 'temppw'");
+ } catch (SQLException e) {
+ fail();
+ }
+
+ // grant create user
+ try {
+ statement.execute("GRANT USER tempuser PRIVILEGES CREATE_USER");
+ } catch (SQLException ignored) {
+ fail();
+ }
+
+ // revoke create user
+ try {
+ statement.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER");
+ } catch (SQLException ignored) {
+ fail();
+ }
+
+ // duplicate grant create user
+ try {
+ statement.execute("GRANT USER tempuser PRIVILEGES CREATE_USER");
+ } catch (SQLException e1) {
+ fail();
+ }
+ boolean caught = false;
+ try {
+ statement.execute("GRANT USER tempuser PRIVILEGES CREATE_USER");
+ } catch (SQLException e) {
+ caught = true;
+ }
+ assertTrue(caught);
+
+ // duplicate revoke create user
+ try {
+ statement.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER");
+ } catch (SQLException e1) {
+ fail();
+ }
+ caught = false;
+ try {
+ statement.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER");
+ } catch (SQLException e) {
+ caught = true;
+ }
+ assertTrue(caught);
+ }
+}
diff --git
a/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java
b/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java
index 2dda2f3e2e..4418d11349 100644
--- a/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java
+++ b/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java
@@ -1539,7 +1539,19 @@ public class ASTVisitor extends
IoTDBSqlParserBaseVisitor<Statement> {
AuthorStatement authorStatement = new
AuthorStatement(AuthorOperator.AuthorType.GRANT_USER);
authorStatement.setUserName(parseIdentifier(ctx.userName.getText()));
authorStatement.setPrivilegeList(parsePrivilege(ctx.privileges()));
- authorStatement.setNodeNameList(parsePrefixPath(ctx.prefixPath()));
+
+ String privilege = parsePrivilege(ctx.privileges())[0];
+ PartialPath prefixPath;
+ if (privilege.equalsIgnoreCase("CREATE_USER")) {
+ String[] path = {"root"};
+ prefixPath = new PartialPath(path);
+ } else {
+ if (ctx.prefixPath() == null) {
+ throw new SQLParserException("Invalid prefix path");
+ }
+ prefixPath = parsePrefixPath(ctx.prefixPath());
+ }
+ authorStatement.setNodeNameList(prefixPath);
return authorStatement;
}
@@ -1572,7 +1584,19 @@ public class ASTVisitor extends
IoTDBSqlParserBaseVisitor<Statement> {
AuthorStatement authorStatement = new
AuthorStatement(AuthorOperator.AuthorType.REVOKE_USER);
authorStatement.setUserName(parseIdentifier(ctx.userName.getText()));
authorStatement.setPrivilegeList(parsePrivilege(ctx.privileges()));
- authorStatement.setNodeNameList(parsePrefixPath(ctx.prefixPath()));
+ String privilege = parsePrivilege(ctx.privileges())[0];
+
+ PartialPath prefixPath;
+ if (privilege.equalsIgnoreCase("CREATE_USER")) {
+ String[] path = {"root"};
+ prefixPath = new PartialPath(path);
+ } else {
+ if (ctx.prefixPath() == null) {
+ throw new SQLParserException("Invalid prefix path");
+ }
+ prefixPath = parsePrefixPath(ctx.prefixPath());
+ }
+ authorStatement.setNodeNameList(prefixPath);
return authorStatement;
}
