This is an automated email from the ASF dual-hosted git repository. spricoder pushed a commit to branch refactor/new_auth in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit e6022a670a2dfcde625995b46cc5e1a6aa6c9b3f Author: spricoder <[email protected]> AuthorDate: Sat Jun 24 21:48:52 2023 +0800 Merge CREATE_DATABASE and DELETE_DATABASE --- .../iotdb/commons/auth/entity/PrivilegeType.java | 1 - .../org/apache/iotdb/commons/utils/AuthUtils.java | 28 +++++++++++++++++----- .../org/apache/iotdb/db/auth/AuthorityChecker.java | 3 +-- .../iotdb/db/mpp/plan/parser/ASTVisitor.java | 6 ++--- 4 files changed, 25 insertions(+), 13 deletions(-) diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java index 41b7252f510..c03c9d03fbe 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java @@ -50,7 +50,6 @@ public enum PrivilegeType { CREATE_CONTINUOUS_QUERY, DROP_CONTINUOUS_QUERY, ALL, - DELETE_DATABASE(true), ALTER_TIMESERIES(true), UPDATE_TEMPLATE, READ_TEMPLATE, diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java b/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java index a1a3507e38e..b12ba85be19 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java @@ -53,6 +53,9 @@ public class AuthUtils { private static final int MIN_PASSWORD_LENGTH = 4; private static final int MIN_USERNAME_LENGTH = 4; private static final int MIN_ROLENAME_LENGTH = 4; + private static final int MIN_LENGTH = 4; + private static final int MAX_LENGTH = 32; + private static final String REX_PATTERN = "^[a-zA-Z][_0-9a-zA-Z]*$"; static { try { @@ -134,6 +137,23 @@ public class AuthUtils { } } + public static void validateNameOrPassword(String str) throws AuthException { + int length = str.length(); + if (length < MIN_LENGTH) { + throw new AuthException( + TSStatusCode.ILLEGAL_PARAMETER, + "The length of name or password must be greater than or equal to " + MIN_LENGTH); + } else if (length > MAX_LENGTH) { + throw new AuthException( + TSStatusCode.ILLEGAL_PARAMETER, + "The length of name or password must be less than or equal to " + MAX_LENGTH); + } else if (str.matches(REX_PATTERN)) { + throw new AuthException( + TSStatusCode.ILLEGAL_PARAMETER, + "The name or password must start with a letter and can only contain letters, numbers, and underscores"); + } + } + /** * Validate privilege * @@ -178,7 +198,6 @@ public class AuthUtils { switch (type) { case READ_TIMESERIES: case CREATE_DATABASE: - case DELETE_DATABASE: case CREATE_TIMESERIES: case DELETE_TIMESERIES: case INSERT_TIMESERIES: @@ -202,7 +221,6 @@ public class AuthUtils { switch (type) { case READ_TIMESERIES: case CREATE_DATABASE: - case DELETE_DATABASE: case CREATE_TIMESERIES: case DELETE_TIMESERIES: case INSERT_TIMESERIES: @@ -399,12 +417,10 @@ public class AuthUtils { PrivilegeType[] types = PrivilegeType.values(); for (String authorization : authorizationList) { boolean legal = false; - if ("SET_STORAGE_GROUP".equalsIgnoreCase(authorization)) { + if ("SET_STORAGE_GROUP".equalsIgnoreCase(authorization) + || "DELETE_STORAGE_GROUP".equalsIgnoreCase(authorization)) { authorization = PrivilegeType.CREATE_DATABASE.name(); } - if ("DELETE_STORAGE_GROUP".equalsIgnoreCase(authorization)) { - authorization = PrivilegeType.DELETE_DATABASE.name(); - } for (PrivilegeType privilegeType : types) { if (authorization.equalsIgnoreCase(privilegeType.name())) { result.add(privilegeType.ordinal()); diff --git a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java index c4d42580a19..6a230af6b1a 100644 --- a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java +++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java @@ -170,9 +170,8 @@ public class AuthorityChecker { return PrivilegeType.REVOKE_USER_ROLE.ordinal(); case STORAGE_GROUP_SCHEMA: case TTL: - return PrivilegeType.CREATE_DATABASE.ordinal(); case DELETE_STORAGE_GROUP: - return PrivilegeType.DELETE_DATABASE.ordinal(); + return PrivilegeType.CREATE_DATABASE.ordinal(); case CREATE_TIMESERIES: case CREATE_ALIGNED_TIMESERIES: case CREATE_MULTI_TIMESERIES: diff --git a/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java b/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java index ed6df252389..cff2606bac5 100644 --- a/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java +++ b/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java @@ -2254,12 +2254,10 @@ public class ASTVisitor extends IoTDBSqlParserBaseVisitor<Statement> { boolean pathRelevant = true; String errorPrivilegeName = ""; for (String privilege : privileges) { - if ("SET_STORAGE_GROUP".equalsIgnoreCase(privilege)) { + if ("SET_STORAGE_GROUP".equalsIgnoreCase(privilege) + || "DELETE_STORAGE_GROUP".equalsIgnoreCase(privilege)) { privilege = PrivilegeType.CREATE_DATABASE.name(); } - if ("DELETE_STORAGE_GROUP".equalsIgnoreCase(privilege)) { - privilege = PrivilegeType.DELETE_DATABASE.name(); - } if (!PrivilegeType.valueOf(privilege.toUpperCase()).isPathRelevant()) { pathRelevant = false; errorPrivilegeName = privilege.toUpperCase();
