This is an automated email from the ASF dual-hosted git repository.
shuwenwei pushed a commit to branch AuthEnhance
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/AuthEnhance by this push:
new 9c77c8e3bcb fix
9c77c8e3bcb is described below
commit 9c77c8e3bcb1cff9439bb7aeb796087f28354bb4
Author: shuwenwei <[email protected]>
AuthorDate: Wed Sep 17 19:12:19 2025 +0800
fix
---
.../iotdb/confignode/persistence/AuthorInfo.java | 6 ++++++
.../plan/execution/config/TableConfigTaskVisitor.java | 14 +++++++-------
.../iotdb/db/queryengine/plan/parser/ASTVisitor.java | 18 +++++++++---------
3 files changed, 22 insertions(+), 16 deletions(-)
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
index 7550d888e55..a2d2cd8e0de 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
@@ -342,6 +342,9 @@ public class AuthorInfo implements SnapshotProcessor {
break;
}
for (PrivilegeType privilege : PrivilegeType.values()) {
+ if (privilege.isDeprecated()) {
+ continue;
+ }
if (privilege.forRelationalSys()) {
authorizer.grantPrivilegeToUser(userName, new
PrivilegeUnion(privilege, grantOpt));
}
@@ -368,6 +371,9 @@ public class AuthorInfo implements SnapshotProcessor {
break;
}
for (PrivilegeType privilege : PrivilegeType.values()) {
+ if (privilege.isDeprecated()) {
+ continue;
+ }
if (privilege.forRelationalSys()) {
authorizer.grantPrivilegeToRole(roleName, new
PrivilegeUnion(privilege, grantOpt));
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
index cbfa9edbf49..986b9ee0be0 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
@@ -406,7 +406,7 @@ public class TableConfigTaskVisitor extends
AstVisitor<IConfigTask, MPPQueryCont
protected IConfigTask visitShowCluster(
final ShowCluster showCluster, final MPPQueryContext context) {
context.setQueryType(QueryType.READ);
- accessControl.checkUserIsAdmin(context.getSession().getUserName());
+
accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName());
// As the implementation is identical, we'll simply translate to the
// corresponding tree-model variant and execute that.
ShowClusterStatement treeStatement = new ShowClusterStatement();
@@ -435,7 +435,7 @@ public class TableConfigTaskVisitor extends
AstVisitor<IConfigTask, MPPQueryCont
protected IConfigTask visitRemoveDataNode(
final RemoveDataNode removeDataNode, final MPPQueryContext context) {
context.setQueryType(QueryType.WRITE);
- accessControl.checkUserIsAdmin(context.getSession().getUserName());
+
accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName());
// As the implementation is identical, we'll simply translate to the
// corresponding tree-model variant and execute that.
final RemoveDataNodeStatement treeStatement =
@@ -447,7 +447,7 @@ public class TableConfigTaskVisitor extends
AstVisitor<IConfigTask, MPPQueryCont
protected IConfigTask visitRemoveConfigNode(
final RemoveConfigNode removeConfigNode, final MPPQueryContext context) {
context.setQueryType(QueryType.WRITE);
- accessControl.checkUserIsAdmin(context.getSession().getUserName());
+
accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName());
// As the implementation is identical, we'll simply translate to the
// corresponding tree-model variant and execute that.
final RemoveConfigNodeStatement treeStatement =
@@ -459,7 +459,7 @@ public class TableConfigTaskVisitor extends
AstVisitor<IConfigTask, MPPQueryCont
protected IConfigTask visitRemoveAINode(
final RemoveAINode removeAINode, final MPPQueryContext context) {
context.setQueryType(QueryType.WRITE);
- accessControl.checkUserIsAdmin(context.getSession().getUserName());
+
accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName());
// As the implementation is identical, we'll simply translate to the
// corresponding tree-model variant and execute that.
return new RemoveAINodeTask(new RemoveAINodeStatement());
@@ -1397,7 +1397,7 @@ public class TableConfigTaskVisitor extends
AstVisitor<IConfigTask, MPPQueryCont
protected IConfigTask visitReconstructRegion(
ReconstructRegion reconstructRegion, MPPQueryContext context) {
context.setQueryType(QueryType.WRITE);
- accessControl.checkUserIsAdmin(context.getSession().getUserName());
+
accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName());
// As the implementation is identical, we'll simply translate to the
// corresponding tree-model variant and execute that.
return new ReconstructRegionTask(reconstructRegion);
@@ -1406,7 +1406,7 @@ public class TableConfigTaskVisitor extends
AstVisitor<IConfigTask, MPPQueryCont
@Override
protected IConfigTask visitExtendRegion(ExtendRegion extendRegion,
MPPQueryContext context) {
context.setQueryType(QueryType.WRITE);
- accessControl.checkUserIsAdmin(context.getSession().getUserName());
+
accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName());
// As the implementation is identical, we'll simply translate to the
// corresponding tree-model variant and execute that.
return new ExtendRegionTask(extendRegion);
@@ -1415,7 +1415,7 @@ public class TableConfigTaskVisitor extends
AstVisitor<IConfigTask, MPPQueryCont
@Override
protected IConfigTask visitRemoveRegion(RemoveRegion removeRegion,
MPPQueryContext context) {
context.setQueryType(QueryType.WRITE);
- accessControl.checkUserIsAdmin(context.getSession().getUserName());
+
accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName());
// As the implementation is identical, we'll simply translate to the
// corresponding tree-model variant and execute that.
return new RemoveRegionTask(removeRegion);
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
index 104a8b1b431..bfeedfee7ad 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
@@ -2633,15 +2633,6 @@ public class ASTVisitor extends
IoTDBSqlParserBaseVisitor<Statement> {
|| (!"READ".equalsIgnoreCase(privilege)
&& !"WRITE".equalsIgnoreCase(privilege)
&&
!PrivilegeType.valueOf(privilege.toUpperCase()).isPathPrivilege())) {
- PrivilegeType privilegeType =
PrivilegeType.valueOf(privilege.toUpperCase());
- if (privilegeType.isDeprecated()) {
- throw new SemanticException(
- "Privilege type "
- + privilege.toUpperCase()
- + " is deprecated, use "
- + privilegeType.getReplacedPrivilegeType()
- + " to instead it");
- }
hasSystemPri = true;
errorPrivilegeName = privilege.toUpperCase();
break;
@@ -2675,6 +2666,15 @@ public class ASTVisitor extends
IoTDBSqlParserBaseVisitor<Statement> {
}
continue;
}
+ PrivilegeType privilegeType = PrivilegeType.valueOf(priv.toUpperCase());
+ if (privilegeType.isDeprecated()) {
+ throw new SemanticException(
+ "Privilege type "
+ + priv.toUpperCase()
+ + " is deprecated, use "
+ + privilegeType.getReplacedPrivilegeType()
+ + " to instead it");
+ }
privSet.add(priv);
}
return privSet.toArray(new String[0]);
