This is an automated email from the ASF dual-hosted git repository.
justinchen pushed a commit to branch last-permission
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/last-permission by this push:
new a56f2d5e721 fix
a56f2d5e721 is described below
commit a56f2d5e721035a3855656b028d9b4dade23db77
Author: Caideyipi <[email protected]>
AuthorDate: Mon Apr 13 16:30:48 2026 +0800
fix
---
.../rest/protocol/v2/impl/RestApiServiceImpl.java | 19 ++++++----
.../protocol/thrift/impl/ClientRPCServiceImpl.java | 43 ++++++++++++++--------
2 files changed, 39 insertions(+), 23 deletions(-)
diff --git
a/external-service-impl/rest/src/main/java/org/apache/iotdb/rest/protocol/v2/impl/RestApiServiceImpl.java
b/external-service-impl/rest/src/main/java/org/apache/iotdb/rest/protocol/v2/impl/RestApiServiceImpl.java
index f6c42533a62..08338c8dde4 100644
---
a/external-service-impl/rest/src/main/java/org/apache/iotdb/rest/protocol/v2/impl/RestApiServiceImpl.java
+++
b/external-service-impl/rest/src/main/java/org/apache/iotdb/rest/protocol/v2/impl/RestApiServiceImpl.java
@@ -133,20 +133,23 @@ public class RestApiServiceImpl extends RestApiService {
}
sensorNum += region.fillLastQueryMap(prefixPath, resultMap);
}
+
+ final IClientSession clientSession = SESSION_MANAGER.getCurrSession();
+ final TSLastDataQueryReq tsLastDataQueryReq =
+ FastLastHandler.createTSLastDataQueryReq(clientSession,
prefixPathList);
+ statement = StatementGenerator.createStatement(tsLastDataQueryReq);
+
+ final Response response =
authorizationHandler.checkAuthority(securityContext, statement);
+ if (response != null) {
+ return response;
+ }
+
// Check cache first
if (!TableDeviceSchemaCache.getInstance().getLastCache(resultMap)) {
- IClientSession clientSession = SESSION_MANAGER.getCurrSession();
- TSLastDataQueryReq tsLastDataQueryReq =
- FastLastHandler.createTSLastDataQueryReq(clientSession,
prefixPathList);
- statement = StatementGenerator.createStatement(tsLastDataQueryReq);
-
if (ExecuteStatementHandler.validateStatement(statement)) {
return
FastLastHandler.buildErrorResponse(TSStatusCode.EXECUTE_STATEMENT_ERROR);
}
-
Optional.ofNullable(authorizationHandler.checkAuthority(securityContext,
statement))
- .ifPresent(Response.class::cast);
-
queryId = SESSION_MANAGER.requestQueryId();
SessionInfo sessionInfo =
SESSION_MANAGER.getSessionInfo(clientSession);
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/ClientRPCServiceImpl.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/ClientRPCServiceImpl.java
index ed754c418c6..875709d6f45 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/ClientRPCServiceImpl.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/ClientRPCServiceImpl.java
@@ -1199,7 +1199,20 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
return executeLastDataQueryInternal(convert(req), SELECT_RESULT);
}
- // 2.2 all sensors hit cache, return response ~= 20ms
+ // 2.2 Check permission, the cost is rather low because the req only
contains one prefix path
+ final Statement s = StatementGenerator.createStatement(convert(req));
+ final TSStatus status =
+ AuthorityChecker.checkAuthority(
+ s,
+ new TreeAccessCheckContext(
+ clientSession.getUserId(),
+ clientSession.getUsername(),
+ clientSession.getClientAddress()));
+ if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return RpcUtils.getTSExecuteStatementResp(status);
+ }
+
+ // 2.3 all sensors hit cache, return response ~= 20ms
final TsBlockBuilder builder =
LastQueryUtil.createTsBlockBuilder(sensorNum);
for (final Map.Entry<TableId, Map<IDeviceID, Map<String,
Pair<TSDataType, TimeValuePair>>>>
@@ -1332,6 +1345,20 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
.get(0)
.mPPDataExchangeEndPoint;
+ // Place the permission check at first
+ final Statement s = StatementGenerator.createStatement(convert(req));
+ // permission check
+ final TSStatus status =
+ AuthorityChecker.checkAuthority(
+ s,
+ new TreeAccessCheckContext(
+ clientSession.getUserId(),
+ clientSession.getUsername(),
+ clientSession.getClientAddress()));
+ if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ return RpcUtils.getTSExecuteStatementResp(status);
+ }
+
// the device's dataRegion's leader of the latest time partition is on
current node, may can
// read directly from cache
if (isSameNode(lastRegionLeader)) {
@@ -1390,20 +1417,6 @@ public class ClientRPCServiceImpl implements
IClientRPCServiceWithHandler {
}
}
- // cache miss
- Statement s = StatementGenerator.createStatement(convert(req));
- // permission check
- TSStatus status =
- AuthorityChecker.checkAuthority(
- s,
- new TreeAccessCheckContext(
- clientSession.getUserId(),
- clientSession.getUsername(),
- clientSession.getClientAddress()));
- if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
- return RpcUtils.getTSExecuteStatementResp(status);
- }
-
quota =
DataNodeThrottleQuotaManager.getInstance()
.checkQuota(SESSION_MANAGER.getCurrSession().getUsername(), s);
