Caideyipi commented on code in PR #13158:
URL: https://github.com/apache/iotdb/pull/13158#discussion_r1926460320
##########
iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java:
##########
@@ -186,122 +181,83 @@ public TSStatus authorNonQuery(AuthorPlan authorPlan) {
Set<Integer> permissions = authorPlan.getPermissions();
boolean grantOpt = authorPlan.getGrantOpt();
List<PartialPath> nodeNameList = authorPlan.getNodeNameList();
- // We will process the new version permissions after handling all the old
version permissions.
- // We assume that:
- // 1. the permission logs generated by new version will always come after
the old permissions.
- // 2. two types of permission logs will not be mixed.
- // When we begin to handle the new version's permissions, we need to check
whether the old
- // permissions have
- // been processed before. The encoding and meaning of these old
permissions have changed
- // significantly.
- if (authorType.ordinal() >= ConfigPhysicalPlanType.CreateUserDep.ordinal()
- && authorType.ordinal() <=
ConfigPhysicalPlanType.UpdateUserDep.ordinal()) {
- // if meet old version's permissions, we will set pre version tag.
- authorizer.setUserForPreVersion(true);
- authorizer.setRoleForPreVersion(true);
- } else {
- if (hasPrePriv) {
- // when we refresh our preversion's information?
- // 1. before raftlog redoing finish.(ALL author plans in raftlog are
pre version)
- // 2. refresh during raftlog. (pre version mixed with new version)
- authorizer.checkUserPathPrivilege();
- hasPrePriv = false;
- }
- }
try {
switch (authorType) {
- case UpdateUserDep:
case UpdateUser:
authorizer.updateUserPassword(userName, newPassword);
break;
- case CreateUserDep:
- AuthUtils.validatePasswordPre(password);
- AuthUtils.validateUsernamePre(userName);
- authorizer.createUserWithoutCheck(userName, password);
- break;
case CreateUser:
authorizer.createUser(userName, password);
break;
case CreateUserWithRawPassword:
authorizer.createUserWithRawPassword(userName, password);
break;
- case CreateRoleDep:
- AuthUtils.validateRolenamePre(roleName);
- authorizer.createRole(roleName);
- break;
case CreateRole:
- AuthUtils.validateRolename(roleName);
authorizer.createRole(roleName);
break;
- case DropUserDep:
case DropUser:
authorizer.deleteUser(userName);
break;
- case DropRoleDep:
case DropRole:
authorizer.deleteRole(roleName);
break;
- case GrantRoleDep:
- grantPrivilegeForPreVersion(false, roleName, permissions,
nodeNameList);
- break;
case GrantRole:
for (int permission : permissions) {
- if (!isPathRelevant(permission)) {
- authorizer.grantPrivilegeToRole(roleName, null, permission,
grantOpt);
+ PrivilegeType priv = PrivilegeType.values()[permission];
+ if (priv.isSystemPrivilege()) {
+ authorizer.grantPrivilegeToRole(roleName, new
PrivilegeUnion(priv, grantOpt));
continue;
}
for (PartialPath path : nodeNameList) {
- authorizer.grantPrivilegeToRole(roleName, path, permission,
grantOpt);
+ authorizer.grantPrivilegeToRole(roleName, new
PrivilegeUnion(path, priv, grantOpt));
}
}
break;
- case GrantUserDep:
- grantPrivilegeForPreVersion(true, userName, permissions,
nodeNameList);
- break;
case GrantUser:
for (int permission : permissions) {
- if (!isPathRelevant(permission)) {
- authorizer.grantPrivilegeToUser(userName, null, permission,
grantOpt);
+ PrivilegeType priv = PrivilegeType.values()[permission];
+ if (priv.isSystemPrivilege()) {
+ authorizer.grantPrivilegeToUser(userName, new
PrivilegeUnion(priv, grantOpt));
+ continue;
+ }
+ if (priv.isRelationalPrivilege()) {
Review Comment:
Can delete this
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
