This is an automated email from the ASF dual-hosted git repository. jackietien pushed a commit to branch authRefactor in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit 72e239cea18e59c4964947989205d2190d426fa1 Merge: 489ae01ca1e 1d16f5c1509 Author: JackieTien97 <[email protected]> AuthorDate: Mon Sep 15 11:54:03 2025 +0800 resolve conflicts .../security/TreeAccessCheckVisitor.java | 287 +++++++++++++++++---- .../plan/statement/crud/LoadTsFileStatement.java | 8 - .../plan/statement/crud/QueryStatement.java | 18 -- .../InternalBatchActivateTemplateStatement.java | 17 -- .../InternalCreateMultiTimeSeriesStatement.java | 17 -- .../InternalCreateTimeSeriesStatement.java | 17 -- .../statement/metadata/RemoveAINodeStatement.java | 7 - .../metadata/RemoveConfigNodeStatement.java | 7 - .../metadata/RemoveDataNodeStatement.java | 7 - .../plan/statement/metadata/SetTTLStatement.java | 17 -- .../statement/metadata/ShowClusterIdStatement.java | 7 - .../statement/metadata/ShowClusterStatement.java | 7 - .../metadata/ShowConfigNodesStatement.java | 7 - .../metadata/ShowContinuousQueriesStatement.java | 14 - .../statement/metadata/ShowDataNodesStatement.java | 7 - .../statement/metadata/ShowFunctionsStatement.java | 14 - .../statement/metadata/ShowRegionStatement.java | 7 - .../statement/metadata/ShowTriggersStatement.java | 14 - .../statement/metadata/ShowVariablesStatement.java | 7 - .../metadata/model/ShowAINodesStatement.java | 7 - .../metadata/model/ShowModelsStatement.java | 14 - .../metadata/pipe/ShowPipePluginsStatement.java | 14 - .../metadata/pipe/ShowPipesStatement.java | 14 - .../metadata/pipe/StartPipeStatement.java | 14 - .../statement/metadata/pipe/StopPipeStatement.java | 14 - .../metadata/region/MigrateRegionStatement.java | 7 - .../region/ReconstructRegionStatement.java | 7 - .../metadata/region/RemoveRegionStatement.java | 7 - .../subscription/ShowSubscriptionsStatement.java | 14 - .../metadata/subscription/ShowTopicsStatement.java | 14 - .../ShowNodesInSchemaTemplateStatement.java | 9 - .../template/ShowPathSetTemplateStatement.java | 9 - .../template/ShowSchemaTemplateStatement.java | 9 - .../metadata/view/RenameLogicalViewStatement.java | 19 -- .../plan/statement/sys/KillQueryStatement.java | 7 - .../plan/statement/sys/SetSqlDialectStatement.java | 8 - .../sys/ShowCurrentSqlDialectStatement.java | 8 - .../statement/sys/ShowCurrentUserStatement.java | 8 - .../plan/statement/sys/ShowQueriesStatement.java | 7 - .../plan/statement/sys/ShowVersionStatement.java | 8 - .../statement/sys/TestConnectionStatement.java | 7 - 41 files changed, 233 insertions(+), 478 deletions(-) diff --cc iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java index b389281f7be,ebb13c698b6..01f64927628 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java @@@ -116,11 -113,12 +116,15 @@@ import org.apache.iotdb.db.queryengine. import org.apache.iotdb.db.queryengine.plan.statement.sys.TestConnectionStatement; import org.apache.iotdb.rpc.TSStatusCode; + import com.google.common.collect.ImmutableList; + +import java.util.Collections; import java.util.List; +import java.util.Objects; +import java.util.stream.Collectors; + import static org.apache.iotdb.db.auth.AuthorityChecker.SUCCEED; + public class TreeAccessCheckVisitor extends StatementVisitor<TSStatus, TreeAccessCheckContext> { @Override @@@ -132,17 -130,7 +136,10 @@@ @Override public TSStatus visitActivateTemplate( - ActivateTemplateStatement statement, TreeAccessCheckContext context) {} + ActivateTemplateStatement statement, TreeAccessCheckContext context) { - if (AuthorityChecker.SUPER_USER.equals(context.userName)) { - return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - } - List<PartialPath> checkedPaths = statement.getPaths(); - return AuthorityChecker.getTSStatus( - AuthorityChecker.checkFullPathOrPatternListPermission( - context.userName, checkedPaths, PrivilegeType.WRITE_SCHEMA), - checkedPaths, - PrivilegeType.WRITE_SCHEMA); ++ return checkTimeSeriesPermission( ++ context.userName, statement.getPaths(), PrivilegeType.WRITE_SCHEMA); + } @Override public TSStatus visitAlterLogicalView(
