This is an automated email from the ASF dual-hosted git repository.
jackietien pushed a commit to branch AuthEnhance
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/AuthEnhance by this push:
new a076ac19409 Finish device related
a076ac19409 is described below
commit a076ac19409bb54bf9075e1db469c352ef82eed4
Author: JackieTien97 <[email protected]>
AuthorDate: Thu Sep 18 20:47:51 2025 +0800
Finish device related
---
.../iotdb/db/it/auth/IoTDBTemplateAuthIT.java | 8 +++
.../it/db/it/IoTDBAuthenticationTableIT.java | 8 +++
.../queryengine/plan/analyze/AnalyzeVisitor.java | 22 +++++---
.../plan/analyze/ClusterPartitionFetcher.java | 65 +++++++++++++---------
.../plan/analyze/IPartitionFetcher.java | 2 +
.../analyze/schema/ClusterSchemaFetchExecutor.java | 7 ++-
.../plan/analyze/schema/ClusterSchemaFetcher.java | 7 ++-
.../plan/analyze/schema/ISchemaFetcher.java | 5 +-
.../security/TreeAccessCheckVisitor.java | 61 ++++++++++++++++++--
.../statement/AuthorityInformationStatement.java | 9 +++
.../internal/DeviceSchemaFetchStatement.java | 9 ++-
.../plan/statement/metadata/CountStatement.java | 9 ---
.../statement/metadata/ShowDatabaseStatement.java | 9 ---
.../plan/analyze/FakePartitionFetcherImpl.java | 5 ++
.../plan/analyze/FakeSchemaFetcherImpl.java | 5 +-
.../plan/planner/distribution/Util.java | 10 +++-
.../plan/planner/distribution/Util2.java | 10 +++-
.../plan/relational/analyzer/TSBSMetadata.java | 5 ++
.../plan/relational/analyzer/TestMetadata.java | 5 ++
.../iotdb/commons/partition/SchemaPartition.java | 6 ++
20 files changed, 204 insertions(+), 63 deletions(-)
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplateAuthIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplateAuthIT.java
index 5244287ef7a..ef275ec859f 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplateAuthIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplateAuthIT.java
@@ -80,6 +80,14 @@ public class IoTDBTemplateAuthIT {
"tytyty1",
"tytytyty");
+ assertNonQueryTestFail(
+ adminStmt, "create database root.__audit", "803: The database
'__audit' is read-only");
+
+ assertNonQueryTestFail(
+ adminStmt,
+ "set device template t1 to root.__audit",
+ "803: The database '__audit' is read-only");
+
Set<String> retSet = new HashSet<>(Arrays.asList("t1", "t2", "t3"));
try (ResultSet resultSet = adminStmt.executeQuery("show device
templates")) {
diff --git
a/integration-test/src/test/java/org/apache/iotdb/relational/it/db/it/IoTDBAuthenticationTableIT.java
b/integration-test/src/test/java/org/apache/iotdb/relational/it/db/it/IoTDBAuthenticationTableIT.java
index e57c6f32fd3..f5c04f03bb0 100644
---
a/integration-test/src/test/java/org/apache/iotdb/relational/it/db/it/IoTDBAuthenticationTableIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/relational/it/db/it/IoTDBAuthenticationTableIT.java
@@ -91,6 +91,14 @@ public class IoTDBAuthenticationTableIT {
public void testInsert() throws IoTDBConnectionException,
StatementExecutionException {
try (ITableSession sessionRoot =
EnvFactory.getEnv().getTableSessionConnection()) {
+
+ try {
+ sessionRoot.executeNonQueryStatement("CREATE DATABASE IF NOT EXISTS
__audit");
+ fail("Should have thrown an exception");
+ } catch (StatementExecutionException e) {
+ assertEquals("803: Access Denied: The database '__audit' is
read-only.", e.getMessage());
+ }
+
sessionRoot.executeNonQueryStatement("CREATE DATABASE IF NOT EXISTS
\"汉化\"");
sessionRoot.executeNonQueryStatement("USE \"汉化\"");
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/AnalyzeVisitor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/AnalyzeVisitor.java
index 216743e1f67..eba071ca37b 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/AnalyzeVisitor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/AnalyzeVisitor.java
@@ -3209,14 +3209,16 @@ public class AnalyzeVisitor extends
StatementVisitor<Analysis, MPPQueryContext>
PartialPath pattern,
PathPatternTree authorityScope,
Analysis analysis,
- MPPQueryContext context) {
+ MPPQueryContext context,
+ boolean canSeeAuditDB) {
// If there is time condition in SHOW DEVICES, we need to scan the raw data
analyzeGlobalTimeConditionInShowMetaData(timeCondition, analysis);
context.generateGlobalTimeFilter(analysis);
PathPatternTree patternTree = new PathPatternTree();
patternTree.appendPathPattern(pattern);
ISchemaTree schemaTree =
- schemaFetcher.fetchRawSchemaInDeviceLevel(patternTree, authorityScope,
context);
+ schemaFetcher.fetchRawSchemaInDeviceLevel(
+ patternTree, authorityScope, context, canSeeAuditDB);
if (schemaTree.isEmpty()) {
analysis.setFinishQueryAfterAnalyze(true);
return;
@@ -3250,12 +3252,14 @@ public class AnalyzeVisitor extends
StatementVisitor<Analysis, MPPQueryContext>
showDevicesStatement.getPathPattern(),
showDevicesStatement.getAuthorityScope(),
analysis,
- context);
+ context,
+ showDevicesStatement.isCanSeeAuditDB());
} else {
PathPatternTree patternTree = new PathPatternTree();
patternTree.appendPathPattern(
showDevicesStatement.getPathPattern().concatNode(IoTDBConstant.ONE_LEVEL_PATH_WILDCARD));
- SchemaPartition schemaPartitionInfo =
partitionFetcher.getSchemaPartition(patternTree);
+ SchemaPartition schemaPartitionInfo =
+ partitionFetcher.getSchemaPartition(patternTree,
showDevicesStatement.isCanSeeAuditDB());
analysis.setSchemaPartitionInfo(schemaPartitionInfo);
}
analysis.setRespDatasetHeader(
@@ -3316,7 +3320,9 @@ public class AnalyzeVisitor extends
StatementVisitor<Analysis, MPPQueryContext>
patternTree.appendPathPattern(path.concatNode(IoTDBConstant.ONE_LEVEL_PATH_WILDCARD));
}
patternTree.constructTree();
- SchemaPartition schemaPartition =
partitionFetcher.getSchemaPartition(patternTree);
+ SchemaPartition schemaPartition =
+ partitionFetcher.getSchemaPartition(
+ patternTree, deviceSchemaFetchStatement.isCanSeeAuditDB());
analysis.setSchemaPartitionInfo(schemaPartition);
if (schemaPartition.isEmpty()) {
@@ -3338,12 +3344,14 @@ public class AnalyzeVisitor extends
StatementVisitor<Analysis, MPPQueryContext>
countDevicesStatement.getPathPattern(),
countDevicesStatement.getAuthorityScope(),
analysis,
- context);
+ context,
+ countDevicesStatement.isCanSeeAuditDB());
} else {
PathPatternTree patternTree = new PathPatternTree();
patternTree.appendPathPattern(
countDevicesStatement.getPathPattern().concatNode(IoTDBConstant.ONE_LEVEL_PATH_WILDCARD));
- SchemaPartition schemaPartitionInfo =
partitionFetcher.getSchemaPartition(patternTree);
+ SchemaPartition schemaPartitionInfo =
+ partitionFetcher.getSchemaPartition(patternTree,
countDevicesStatement.isCanSeeAuditDB());
analysis.setSchemaPartitionInfo(schemaPartitionInfo);
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/ClusterPartitionFetcher.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/ClusterPartitionFetcher.java
index 216c0088131..a0bd1fc279a 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/ClusterPartitionFetcher.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/ClusterPartitionFetcher.java
@@ -67,6 +67,8 @@ import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
+import static
org.apache.iotdb.commons.schema.table.Audit.TREE_MODEL_AUDIT_DATABASE;
+
public class ClusterPartitionFetcher implements IPartitionFetcher {
private static final IoTDBConfig config =
IoTDBDescriptor.getInstance().getConfig();
@@ -98,14 +100,19 @@ public class ClusterPartitionFetcher implements
IPartitionFetcher {
@Override
public SchemaPartition getSchemaPartition(final PathPatternTree patternTree,
String userName) {
- try (final ConfigNodeClient client =
- configNodeClientManager.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID))
{
- patternTree.constructTree();
- final List<IDeviceID> deviceIDs = patternTree.getAllDevicePatterns();
- final Map<String, List<IDeviceID>> storageGroupToDeviceMap =
- partitionCache.getDatabaseToDevice(deviceIDs, true, false, userName);
- SchemaPartition schemaPartition =
partitionCache.getSchemaPartition(storageGroupToDeviceMap);
- if (null == schemaPartition) {
+ return getSchemaPartition(patternTree, userName, true);
+ }
+
+ private SchemaPartition getSchemaPartition(
+ final PathPatternTree patternTree, String userName, boolean needAuditDB)
{
+ patternTree.constructTree();
+ final List<IDeviceID> deviceIDs = patternTree.getAllDevicePatterns();
+ final Map<String, List<IDeviceID>> storageGroupToDeviceMap =
+ partitionCache.getDatabaseToDevice(deviceIDs, true, false, userName);
+ SchemaPartition schemaPartition =
partitionCache.getSchemaPartition(storageGroupToDeviceMap);
+ if (null == schemaPartition) {
+ try (final ConfigNodeClient client =
+
configNodeClientManager.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID)) {
final TSchemaPartitionTableResp schemaPartitionTableResp =
client.getSchemaPartitionTable(constructSchemaPartitionReq(patternTree));
if (schemaPartitionTableResp.getStatus().getCode()
@@ -118,30 +125,38 @@ public class ClusterPartitionFetcher implements
IPartitionFetcher {
schemaPartitionTableResp.getStatus().getMessage(),
schemaPartitionTableResp.getStatus().getCode());
}
+ } catch (final ClientManagerException | TException e) {
+ throw new StatementAnalyzeException(
+ "An error occurred when executing getSchemaPartition():" +
e.getMessage());
}
- return schemaPartition;
- } catch (final ClientManagerException | TException e) {
- throw new StatementAnalyzeException(
- "An error occurred when executing getSchemaPartition():" +
e.getMessage());
}
+ if (!needAuditDB) {
+ schemaPartition.removeDB(TREE_MODEL_AUDIT_DATABASE);
+ }
+ return schemaPartition;
}
@Override
public SchemaPartition getSchemaPartition(final PathPatternTree patternTree)
{
- return getSchemaPartition(patternTree, null);
+ return getSchemaPartition(patternTree, true);
+ }
+
+ @Override
+ public SchemaPartition getSchemaPartition(PathPatternTree patternTree,
boolean needAuditDB) {
+ return getSchemaPartition(patternTree, null, needAuditDB);
}
@Override
public SchemaPartition getOrCreateSchemaPartition(
final PathPatternTree patternTree, final String userName) {
- try (final ConfigNodeClient client =
- configNodeClientManager.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID))
{
- patternTree.constructTree();
- final List<IDeviceID> deviceIDs = patternTree.getAllDevicePatterns();
- final Map<String, List<IDeviceID>> storageGroupToDeviceMap =
- partitionCache.getDatabaseToDevice(deviceIDs, true, true, userName);
- SchemaPartition schemaPartition =
partitionCache.getSchemaPartition(storageGroupToDeviceMap);
- if (null == schemaPartition) {
+ patternTree.constructTree();
+ final List<IDeviceID> deviceIDs = patternTree.getAllDevicePatterns();
+ final Map<String, List<IDeviceID>> storageGroupToDeviceMap =
+ partitionCache.getDatabaseToDevice(deviceIDs, true, true, userName);
+ SchemaPartition schemaPartition =
partitionCache.getSchemaPartition(storageGroupToDeviceMap);
+ if (null == schemaPartition) {
+ try (final ConfigNodeClient client =
+
configNodeClientManager.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID)) {
final TSchemaPartitionTableResp schemaPartitionTableResp =
client.getOrCreateSchemaPartitionTable(constructSchemaPartitionReq(patternTree));
if (schemaPartitionTableResp.getStatus().getCode()
@@ -154,12 +169,12 @@ public class ClusterPartitionFetcher implements
IPartitionFetcher {
schemaPartitionTableResp.getStatus().getMessage(),
schemaPartitionTableResp.getStatus().getCode());
}
+ } catch (final ClientManagerException | TException e) {
+ throw new StatementAnalyzeException(
+ "An error occurred when executing getOrCreateSchemaPartition():" +
e.getMessage());
}
- return schemaPartition;
- } catch (final ClientManagerException | TException e) {
- throw new StatementAnalyzeException(
- "An error occurred when executing getOrCreateSchemaPartition():" +
e.getMessage());
}
+ return schemaPartition;
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/IPartitionFetcher.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/IPartitionFetcher.java
index 29187cf8da8..c794531028d 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/IPartitionFetcher.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/IPartitionFetcher.java
@@ -38,6 +38,8 @@ public interface IPartitionFetcher {
/** Get schema partition without automatically create, used in write and
query scenarios. */
SchemaPartition getSchemaPartition(PathPatternTree patternTree);
+ SchemaPartition getSchemaPartition(PathPatternTree patternTree, boolean
needAuditDB);
+
/** Get schema partition without automatically create, used in write and
query scenarios. */
default SchemaPartition getSchemaPartition(PathPatternTree patternTree,
String username) {
return getSchemaPartition(patternTree);
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ClusterSchemaFetchExecutor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ClusterSchemaFetchExecutor.java
index 637516ef83a..d23e9c58a9b 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ClusterSchemaFetchExecutor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ClusterSchemaFetchExecutor.java
@@ -151,9 +151,12 @@ class ClusterSchemaFetchExecutor {
}
ClusterSchemaTree fetchDeviceLevelRawSchema(
- PathPatternTree patternTree, PathPatternTree authorityScope,
MPPQueryContext context) {
+ PathPatternTree patternTree,
+ PathPatternTree authorityScope,
+ MPPQueryContext context,
+ boolean canSeeAuditDB) {
return executeSchemaFetchQuery(
- new DeviceSchemaFetchStatement(patternTree, authorityScope), context);
+ new DeviceSchemaFetchStatement(patternTree, authorityScope,
canSeeAuditDB), context);
}
ClusterSchemaTree fetchMeasurementLevelRawSchema(
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ClusterSchemaFetcher.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ClusterSchemaFetcher.java
index 3dd788e3528..ef9cc5d6ae6 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ClusterSchemaFetcher.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ClusterSchemaFetcher.java
@@ -165,10 +165,13 @@ public class ClusterSchemaFetcher implements
ISchemaFetcher {
@Override
public ISchemaTree fetchRawSchemaInDeviceLevel(
- PathPatternTree patternTree, PathPatternTree authorityScope,
MPPQueryContext context) {
+ PathPatternTree patternTree,
+ PathPatternTree authorityScope,
+ MPPQueryContext context,
+ boolean canSeeAuditDB) {
authorityScope.constructTree();
return clusterSchemaFetchExecutor.fetchDeviceLevelRawSchema(
- patternTree, authorityScope, context);
+ patternTree, authorityScope, context, canSeeAuditDB);
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ISchemaFetcher.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ISchemaFetcher.java
index 56a7670ad9d..585f9e7b18c 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ISchemaFetcher.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/ISchemaFetcher.java
@@ -56,7 +56,10 @@ public interface ISchemaFetcher {
* @return schemaTree without measurement nodes
*/
ISchemaTree fetchRawSchemaInDeviceLevel(
- PathPatternTree patternTree, PathPatternTree authorityScope,
MPPQueryContext context);
+ PathPatternTree patternTree,
+ PathPatternTree authorityScope,
+ MPPQueryContext context,
+ boolean canSeeAuditDB);
/**
* Fetch all the schema by the given patternTree in device level
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
index 3bb045bb53f..1bffd5915b4 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
@@ -162,6 +162,9 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
@Override
public TSStatus visitAuthorityInformation(
AuthorityInformationStatement statement, TreeAccessCheckContext context)
{
+ if (AuthorityChecker.SUPER_USER.equals(context.userName)) {
+ return SUCCEED;
+ }
try {
statement.setAuthorityScope(
AuthorityChecker.getAuthorizedPathTree(context.userName,
PrivilegeType.READ_SCHEMA));
@@ -213,6 +216,10 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
private TSStatus checkTemplateShowRelated(
ShowSchemaTemplateStatement statement, TreeAccessCheckContext context) {
+ if (AuthorityChecker.SUPER_USER.equals(context.userName)) {
+ statement.setCamSeeAll(true);
+ return SUCCEED;
+ }
// own SYSTEM can see all, otherwise can only see PATHS that user has
READ_SCHEMA auth
if (!AuthorityChecker.checkSystemPermission(context.userName,
PrivilegeType.SYSTEM)) {
statement.setCamSeeAll(false);
@@ -271,6 +278,9 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
@Override
public TSStatus visitAlterSchemaTemplate(
AlterSchemaTemplateStatement alterSchemaTemplateStatement,
TreeAccessCheckContext context) {
+ if (AuthorityChecker.SUPER_USER.equals(context.userName)) {
+ return SUCCEED;
+ }
return AuthorityChecker.getTSStatus(
AuthorityChecker.checkSystemPermission(context.userName,
PrivilegeType.SYSTEM)
|| AuthorityChecker.checkSystemPermission(
@@ -464,6 +474,9 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
}
private TSStatus checkCQManagement(String userName) {
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return SUCCEED;
+ }
return AuthorityChecker.getTSStatus(
AuthorityChecker.checkSystemPermission(userName, PrivilegeType.SYSTEM)
|| AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_CQ),
@@ -491,6 +504,9 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
}
private TSStatus checkUDFManagement(String userName) {
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return SUCCEED;
+ }
return AuthorityChecker.getTSStatus(
AuthorityChecker.checkSystemPermission(userName, PrivilegeType.SYSTEM)
|| AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_UDF),
@@ -514,6 +530,9 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
}
private TSStatus checkModelManagement(String userName) {
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return SUCCEED;
+ }
return AuthorityChecker.getTSStatus(
AuthorityChecker.checkSystemPermission(userName, PrivilegeType.SYSTEM)
|| AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_MODEL),
@@ -572,6 +591,9 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
}
private TSStatus checkPipeManagement(String userName) {
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return SUCCEED;
+ }
return AuthorityChecker.getTSStatus(
AuthorityChecker.checkSystemPermission(userName, PrivilegeType.SYSTEM)
|| AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_PIPE),
@@ -626,6 +648,9 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
}
private TSStatus checkTriggerManagement(String userName) {
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return SUCCEED;
+ }
return AuthorityChecker.getTSStatus(
AuthorityChecker.checkSystemPermission(userName, PrivilegeType.SYSTEM)
|| AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.USE_TRIGGER),
@@ -649,18 +674,20 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
@Override
public TSStatus visitShowStorageGroup(
ShowDatabaseStatement showDatabaseStatement, TreeAccessCheckContext
context) {
- if (!AuthorityChecker.checkSystemPermission(context.userName,
PrivilegeType.AUDIT)) {
- showDatabaseStatement.setCanSeeAuditDB(false);
+ if (AuthorityChecker.SUPER_USER.equals(context.userName)) {
+ return SUCCEED;
}
+ setCanSeeAuditDB(showDatabaseStatement, context.userName);
return checkShowOrCountDatabasePermission(showDatabaseStatement, context);
}
@Override
public TSStatus visitCountStorageGroup(
CountDatabaseStatement countDatabaseStatement, TreeAccessCheckContext
context) {
- if (!AuthorityChecker.checkSystemPermission(context.userName,
PrivilegeType.AUDIT)) {
- countDatabaseStatement.setCanSeeAuditDB(false);
+ if (AuthorityChecker.SUPER_USER.equals(context.userName)) {
+ return SUCCEED;
}
+ setCanSeeAuditDB(countDatabaseStatement, context.userName);
return checkShowOrCountDatabasePermission(countDatabaseStatement, context);
}
@@ -674,6 +701,9 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
.setMessage(String.format(READ_ONLY_DB_ERROR_MSG,
TABLE_MODEL_AUDIT_DATABASE));
}
}
+ if (AuthorityChecker.SUPER_USER.equals(context.userName)) {
+ return SUCCEED;
+ }
return AuthorityChecker.getTSStatus(
AuthorityChecker.checkSystemPermission(context.userName,
PrivilegeType.SYSTEM)
|| AuthorityChecker.checkSystemPermission(
@@ -687,6 +717,11 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
return new TSStatus(TSStatusCode.NO_PERMISSION.getStatusCode())
.setMessage(String.format(READ_ONLY_DB_ERROR_MSG,
TABLE_MODEL_AUDIT_DATABASE));
}
+
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return SUCCEED;
+ }
+
return AuthorityChecker.getTSStatus(
AuthorityChecker.checkSystemPermission(userName, PrivilegeType.SYSTEM)
|| AuthorityChecker.checkSystemPermission(userName,
PrivilegeType.MANAGE_DATABASE),
@@ -753,6 +788,9 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
// ============================= timeseries related
=================================
private TSStatus checkTimeSeriesPermission(
String userName, List<? extends PartialPath> checkedPaths, PrivilegeType
permission) {
+ if (AuthorityChecker.SUPER_USER.equals(userName)) {
+ return SUCCEED;
+ }
return AuthorityChecker.getTSStatus(
AuthorityChecker.checkFullPathOrPatternListPermission(userName,
checkedPaths, permission),
checkedPaths,
@@ -1106,6 +1144,11 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
// ================================= device related
=============================
@Override
public TSStatus visitShowDevices(ShowDevicesStatement statement,
TreeAccessCheckContext context) {
+ if (AuthorityChecker.SUPER_USER.equals(context.userName)) {
+ statement.setCanSeeAuditDB(true);
+ return SUCCEED;
+ }
+ setCanSeeAuditDB(statement, context.userName);
if (statement.hasTimeCondition()) {
try {
statement.setAuthorityScope(
@@ -1124,6 +1167,10 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
@Override
public TSStatus visitCountDevices(
CountDevicesStatement statement, TreeAccessCheckContext context) {
+ if (AuthorityChecker.SUPER_USER.equals(context.userName)) {
+ return SUCCEED;
+ }
+ setCanSeeAuditDB(statement, context.userName);
if (statement.hasTimeCondition()) {
try {
statement.setAuthorityScope(
@@ -1165,4 +1212,10 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
}
return SUCCEED;
}
+
+ protected void setCanSeeAuditDB(AuthorityInformationStatement statement,
String userName) {
+ if (!checkHasGlobalAuth(userName, PrivilegeType.AUDIT)) {
+ statement.setCanSeeAuditDB(false);
+ }
+ }
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java
index df33dc16cf7..c1d9b38eec5 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java
@@ -23,6 +23,7 @@ import org.apache.iotdb.commons.schema.SchemaConstant;
public abstract class AuthorityInformationStatement extends Statement {
protected PathPatternTree authorityScope = SchemaConstant.ALL_MATCH_SCOPE;
+ private boolean canSeeAuditDB = true;
public PathPatternTree getAuthorityScope() {
return authorityScope;
@@ -36,4 +37,12 @@ public abstract class AuthorityInformationStatement extends
Statement {
public void setAuthorityScope(PathPatternTree authorityScope) {
this.authorityScope = authorityScope;
}
+
+ public boolean isCanSeeAuditDB() {
+ return canSeeAuditDB;
+ }
+
+ public void setCanSeeAuditDB(boolean canSeeAuditDB) {
+ this.canSeeAuditDB = canSeeAuditDB;
+ }
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/internal/DeviceSchemaFetchStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/internal/DeviceSchemaFetchStatement.java
index af2ce0df838..0dca8f1433d 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/internal/DeviceSchemaFetchStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/internal/DeviceSchemaFetchStatement.java
@@ -30,11 +30,14 @@ import java.util.List;
public class DeviceSchemaFetchStatement extends Statement {
private final PathPatternTree patternTree;
private final PathPatternTree authorityScope;
+ private final boolean canSeeAuditDB;
- public DeviceSchemaFetchStatement(PathPatternTree patternTree,
PathPatternTree authorityScope) {
+ public DeviceSchemaFetchStatement(
+ PathPatternTree patternTree, PathPatternTree authorityScope, boolean
canSeeAuditDB) {
super();
this.patternTree = patternTree;
this.authorityScope = authorityScope;
+ this.canSeeAuditDB = canSeeAuditDB;
setType(StatementType.FETCH_SCHEMA);
}
@@ -46,6 +49,10 @@ public class DeviceSchemaFetchStatement extends Statement {
return authorityScope;
}
+ public boolean isCanSeeAuditDB() {
+ return canSeeAuditDB;
+ }
+
@Override
public List<PartialPath> getPaths() {
patternTree.constructTree();
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountStatement.java
index a10f05aa659..529a8660dfb 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountStatement.java
@@ -34,7 +34,6 @@ import java.util.List;
*/
public class CountStatement extends ShowStatement {
protected PartialPath pathPattern;
- private boolean canSeeAuditDB = true;
public CountStatement(PartialPath pathPattern) {
this.pathPattern = pathPattern;
@@ -53,12 +52,4 @@ public class CountStatement extends ShowStatement {
public List<PartialPath> getPaths() {
return Collections.singletonList(pathPattern);
}
-
- public boolean isCanSeeAuditDB() {
- return canSeeAuditDB;
- }
-
- public void setCanSeeAuditDB(boolean canSeeAuditDB) {
- this.canSeeAuditDB = canSeeAuditDB;
- }
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDatabaseStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDatabaseStatement.java
index a84758264d8..d91e1f65f0d 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDatabaseStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDatabaseStatement.java
@@ -53,7 +53,6 @@ public class ShowDatabaseStatement extends ShowStatement
implements IConfigState
private final PartialPath pathPattern;
private boolean isDetailed;
- private boolean canSeeAuditDB = true;
public ShowDatabaseStatement(final PartialPath pathPattern) {
super();
@@ -129,12 +128,4 @@ public class ShowDatabaseStatement extends ShowStatement
implements IConfigState
public List<PartialPath> getPaths() {
return Collections.singletonList(pathPattern);
}
-
- public boolean isCanSeeAuditDB() {
- return canSeeAuditDB;
- }
-
- public void setCanSeeAuditDB(boolean canSeeAuditDB) {
- this.canSeeAuditDB = canSeeAuditDB;
- }
}
diff --git
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/analyze/FakePartitionFetcherImpl.java
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/analyze/FakePartitionFetcherImpl.java
index 338a05b4575..0daa3a1d865 100644
---
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/analyze/FakePartitionFetcherImpl.java
+++
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/analyze/FakePartitionFetcherImpl.java
@@ -111,6 +111,11 @@ public class FakePartitionFetcherImpl implements
IPartitionFetcher {
return schemaPartition;
}
+ @Override
+ public SchemaPartition getSchemaPartition(PathPatternTree patternTree,
boolean needAuditDB) {
+ return getSchemaPartition(patternTree);
+ }
+
@Override
public SchemaPartition getOrCreateSchemaPartition(PathPatternTree
patternTree, String userName) {
return null;
diff --git
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/analyze/FakeSchemaFetcherImpl.java
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/analyze/FakeSchemaFetcherImpl.java
index 1e6042e05df..e0cb87ae333 100644
---
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/analyze/FakeSchemaFetcherImpl.java
+++
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/analyze/FakeSchemaFetcherImpl.java
@@ -55,7 +55,10 @@ public class FakeSchemaFetcherImpl implements ISchemaFetcher
{
@Override
public ISchemaTree fetchRawSchemaInDeviceLevel(
- PathPatternTree patternTree, PathPatternTree authorityScope,
MPPQueryContext context) {
+ PathPatternTree patternTree,
+ PathPatternTree authorityScope,
+ MPPQueryContext context,
+ boolean canSeeAuditDB) {
schemaTree.setDatabases(Collections.singleton("root.sg"));
return schemaTree;
}
diff --git
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/planner/distribution/Util.java
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/planner/distribution/Util.java
index 8fcc6ae7972..6629c2edae4 100644
---
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/planner/distribution/Util.java
+++
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/planner/distribution/Util.java
@@ -309,7 +309,10 @@ public class Util {
@Override
public ISchemaTree fetchRawSchemaInDeviceLevel(
- PathPatternTree patternTree, PathPatternTree authorityScope,
MPPQueryContext context) {
+ PathPatternTree patternTree,
+ PathPatternTree authorityScope,
+ MPPQueryContext context,
+ boolean canSeeAuditDB) {
return ANALYSIS.getSchemaTree();
}
@@ -377,6 +380,11 @@ public class Util {
return ANALYSIS.getSchemaPartitionInfo();
}
+ @Override
+ public SchemaPartition getSchemaPartition(PathPatternTree patternTree,
boolean needAuditDB) {
+ return ANALYSIS.getSchemaPartitionInfo();
+ }
+
@Override
public SchemaPartition getOrCreateSchemaPartition(
PathPatternTree patternTree, String userName) {
diff --git
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/planner/distribution/Util2.java
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/planner/distribution/Util2.java
index 42e8dc1f2c2..62a739c19f7 100644
---
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/planner/distribution/Util2.java
+++
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/planner/distribution/Util2.java
@@ -202,7 +202,10 @@ public class Util2 {
@Override
public ISchemaTree fetchRawSchemaInDeviceLevel(
- PathPatternTree patternTree, PathPatternTree authorityScope,
MPPQueryContext context) {
+ PathPatternTree patternTree,
+ PathPatternTree authorityScope,
+ MPPQueryContext context,
+ boolean canSeeAuditDB) {
return ANALYSIS.getSchemaTree();
}
@@ -270,6 +273,11 @@ public class Util2 {
return ANALYSIS.getSchemaPartitionInfo();
}
+ @Override
+ public SchemaPartition getSchemaPartition(PathPatternTree patternTree,
boolean needAuditDB) {
+ return ANALYSIS.getSchemaPartitionInfo();
+ }
+
@Override
public SchemaPartition getOrCreateSchemaPartition(
PathPatternTree patternTree, String userName) {
diff --git
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/TSBSMetadata.java
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/TSBSMetadata.java
index 159ab2486a9..1513f93ac10 100644
---
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/TSBSMetadata.java
+++
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/TSBSMetadata.java
@@ -409,6 +409,11 @@ public class TSBSMetadata implements Metadata {
return SCHEMA_PARTITION;
}
+ @Override
+ public SchemaPartition getSchemaPartition(PathPatternTree patternTree,
boolean needAuditDB) {
+ return SCHEMA_PARTITION;
+ }
+
@Override
public SchemaPartition getOrCreateSchemaPartition(
PathPatternTree patternTree, String userName) {
diff --git
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/TestMetadata.java
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/TestMetadata.java
index 108975c0adf..652f208a052 100644
---
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/TestMetadata.java
+++
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/TestMetadata.java
@@ -573,6 +573,11 @@ public class TestMetadata implements Metadata {
return TABLE_SCHEMA_PARTITION;
}
+ @Override
+ public SchemaPartition getSchemaPartition(PathPatternTree patternTree,
boolean needAuditDB) {
+ return TABLE_SCHEMA_PARTITION;
+ }
+
@Override
public SchemaPartition getOrCreateSchemaPartition(
PathPatternTree patternTree, String userName) {
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/partition/SchemaPartition.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/partition/SchemaPartition.java
index 3fc99857396..96abc749865 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/partition/SchemaPartition.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/partition/SchemaPartition.java
@@ -122,4 +122,10 @@ public class SchemaPartition extends Partition {
public String toString() {
return "SchemaPartition{" + "schemaPartitionMap=" + schemaPartitionMap +
'}';
}
+
+ public void removeDB(String databaseName) {
+ if (schemaPartitionMap != null) {
+ schemaPartitionMap.remove(databaseName);
+ }
+ }
}
