Caideyipi commented on code in PR #13158:
URL: https://github.com/apache/iotdb/pull/13158#discussion_r1901695507
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/Role.java:
##########
@@ -193,33 +535,43 @@ public boolean equals(Object o) {
return Objects.equals(name, role.name)
&& Objects.equals(pathPrivilegeList, role.pathPrivilegeList)
&& Objects.equals(sysPrivilegeSet, role.sysPrivilegeSet)
- && Objects.equals(sysPriGrantOpt, role.sysPriGrantOpt);
+ && Objects.equals(sysPriGrantOpt, role.sysPriGrantOpt)
+ && Objects.equals(objectPrivilegeMap, role.objectPrivilegeMap);
}
@Override
public int hashCode() {
return Objects.hash(name, pathPrivilegeList, sysPrivilegeSet);
}
+ private void serializePrivilegeSet(DataOutputStream outputStream,
Set<PrivilegeType> set)
Review Comment:
May be identical to SerializeUtils.serializePrivilegeTypeSet...
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/IEntryManager.java:
##########
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.iotdb.commons.auth.role;
+
+import org.apache.iotdb.commons.auth.AuthException;
+import org.apache.iotdb.commons.auth.entity.PrivilegeUnion;
+import org.apache.iotdb.commons.auth.entity.Role;
+import org.apache.iotdb.commons.snapshot.SnapshotProcessor;
+
+import java.util.List;
+
+/** We can call user or role as entry of access control, they all can obtain
privileges */
+public interface IEntryManager extends SnapshotProcessor {
+
+ /**
+ * Get an entry object.
+ *
+ * @param entryName The name of the role.
+ * @return A role object whose name is entryName or null if such role does
not exist.
+ * @throws AuthException if exception is raised while getting the role.
+ */
+ Role getEntry(String entryName) throws AuthException;
+
+ /**
+ * Create a role/user with given entryName. New roles/users will only be
granted no privileges.
+ *
+ * @param entryName is not null or empty
+ * @return True if the role is successfully created, false when the role
already exists.
+ */
+ boolean createEntry(String entryName);
+
+ /**
+ * Delete an entry.
+ *
+ * @param entryName the name of the user/role.
+ * @return boolean, true means we have the role in entryManager.
+ */
+ boolean deleteEntry(String entryName);
+
+ /**
+ * Grant a privilege on a seriesPath to an entry.
+ *
+ * @param entryName The name of the entry to which the privilege should be
added.
+ * @param privilegeUnion The privilege will be granted to entry.
+ * @throws AuthException If the role does not exist or the privilege or the
seriesPath is illegal.
+ */
+ void grantPrivilegeToEntry(String entryName, PrivilegeUnion privilegeUnion)
throws AuthException;
+
+ /**
+ * Revoke a privilege on seriesPath from a entry.
+ *
+ * @param entryName The name of the entry from which the privilege should be
removed.
+ * @param privilegeUnion The privilege will be granted to entry.
+ * @return True if the permission is successfully revoked, false if the
permission does not exist.
+ * @throws AuthException If the role does not exist or the privilege or the
seriesPath is illegal.
+ */
+ boolean revokePrivilegeFromEntry(String entryName, PrivilegeUnion
privilegeUnion)
+ throws AuthException;
+
+ /** Re-initialize this object. */
+ void reset() throws AuthException;
+
+ /**
+ * List all roles in the database.
+ *
+ * @return A list that contains names of all roles.
Review Comment:
users/roles
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/utils/SerializeUtils.java:
##########
@@ -587,4 +589,23 @@ public static long[] deserializeLongs(ByteBuffer buffer) {
}
return ret;
}
+
+ public static void serializePrivilegeTypeSet(
+ Set<PrivilegeType> types, DataOutputStream dataOutputStream) {
+ try {
+ dataOutputStream.writeInt(types.size());
+ for (PrivilegeType type : types) {
+ dataOutputStream.writeInt(type.ordinal());
+ }
+ } catch (IOException e) {
Review Comment:
Do we need to catch it?
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/TablePrivilege.java:
##########
@@ -0,0 +1,166 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.iotdb.commons.auth.entity;
+
+import org.apache.iotdb.commons.utils.AuthUtils;
+import org.apache.iotdb.commons.utils.SerializeUtils;
+
+import org.apache.tsfile.utils.ReadWriteIOUtils;
+
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+
+// This class contain table's privileges.
+public class TablePrivilege {
+ private String tableName;
+ private Set<PrivilegeType> privileges;
+ private Set<PrivilegeType> grantOption;
+
+ public TablePrivilege(String tableName) {
+ this.tableName = tableName;
+ this.privileges = new HashSet<>();
+ this.grantOption = new HashSet<>();
+ }
+
+ public TablePrivilege() {
+ //
Review Comment:
Leaving "//" may not be a good idea...
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/IEntryManager.java:
##########
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.iotdb.commons.auth.role;
+
+import org.apache.iotdb.commons.auth.AuthException;
+import org.apache.iotdb.commons.auth.entity.PrivilegeUnion;
+import org.apache.iotdb.commons.auth.entity.Role;
+import org.apache.iotdb.commons.snapshot.SnapshotProcessor;
+
+import java.util.List;
+
+/** We can call user or role as entry of access control, they all can obtain
privileges */
+public interface IEntryManager extends SnapshotProcessor {
+
+ /**
+ * Get an entry object.
+ *
+ * @param entryName The name of the role.
+ * @return A role object whose name is entryName or null if such role does
not exist.
+ * @throws AuthException if exception is raised while getting the role.
+ */
+ Role getEntry(String entryName) throws AuthException;
+
+ /**
+ * Create a role/user with given entryName. New roles/users will only be
granted no privileges.
+ *
+ * @param entryName is not null or empty
+ * @return True if the role is successfully created, false when the role
already exists.
+ */
+ boolean createEntry(String entryName);
+
+ /**
+ * Delete an entry.
+ *
+ * @param entryName the name of the user/role.
+ * @return boolean, true means we have the role in entryManager.
+ */
+ boolean deleteEntry(String entryName);
+
+ /**
+ * Grant a privilege on a seriesPath to an entry.
+ *
+ * @param entryName The name of the entry to which the privilege should be
added.
+ * @param privilegeUnion The privilege will be granted to entry.
+ * @throws AuthException If the role does not exist or the privilege or the
seriesPath is illegal.
+ */
+ void grantPrivilegeToEntry(String entryName, PrivilegeUnion privilegeUnion)
throws AuthException;
+
+ /**
+ * Revoke a privilege on seriesPath from a entry.
+ *
+ * @param entryName The name of the entry from which the privilege should be
removed.
+ * @param privilegeUnion The privilege will be granted to entry.
+ * @return True if the permission is successfully revoked, false if the
permission does not exist.
+ * @throws AuthException If the role does not exist or the privilege or the
seriesPath is illegal.
+ */
+ boolean revokePrivilegeFromEntry(String entryName, PrivilegeUnion
privilegeUnion)
+ throws AuthException;
+
+ /** Re-initialize this object. */
+ void reset() throws AuthException;
+
+ /**
+ * List all roles in the database.
Review Comment:
users/roles
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/Role.java:
##########
@@ -246,6 +598,14 @@ public void deserialize(ByteBuffer buffer) {
pathPrivilege.deserialize(buffer);
pathPrivilegeList.add(pathPrivilege);
}
+
Review Comment:
anyScopePrivilegeSet?
##########
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/IEntryManager.java:
##########
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.iotdb.commons.auth.role;
+
+import org.apache.iotdb.commons.auth.AuthException;
+import org.apache.iotdb.commons.auth.entity.PrivilegeUnion;
+import org.apache.iotdb.commons.auth.entity.Role;
+import org.apache.iotdb.commons.snapshot.SnapshotProcessor;
+
+import java.util.List;
+
+/** We can call user or role as entry of access control, they all can obtain
privileges */
+public interface IEntryManager extends SnapshotProcessor {
+
+ /**
+ * Get an entry object.
+ *
+ * @param entryName The name of the role.
+ * @return A role object whose name is entryName or null if such role does
not exist.
+ * @throws AuthException if exception is raised while getting the role.
+ */
+ Role getEntry(String entryName) throws AuthException;
+
+ /**
+ * Create a role/user with given entryName. New roles/users will only be
granted no privileges.
+ *
+ * @param entryName is not null or empty
+ * @return True if the role is successfully created, false when the role
already exists.
+ */
+ boolean createEntry(String entryName);
+
+ /**
+ * Delete an entry.
+ *
+ * @param entryName the name of the user/role.
+ * @return boolean, true means we have the role in entryManager.
+ */
+ boolean deleteEntry(String entryName);
+
+ /**
+ * Grant a privilege on a seriesPath to an entry.
+ *
+ * @param entryName The name of the entry to which the privilege should be
added.
+ * @param privilegeUnion The privilege will be granted to entry.
+ * @throws AuthException If the role does not exist or the privilege or the
seriesPath is illegal.
+ */
+ void grantPrivilegeToEntry(String entryName, PrivilegeUnion privilegeUnion)
throws AuthException;
+
+ /**
+ * Revoke a privilege on seriesPath from a entry.
Review Comment:
on series path?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
