JackieTien97 commented on code in PR #10939:
URL: https://github.com/apache/iotdb/pull/10939#discussion_r1309802630
##
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java:
##
@@ -292,4 +376,9 @@ public void reset() {
public String getDirPath() {
return userDirPath;
}
+
+ @Override
+ public void cleanUserFolder() {
+SystemFileFactory.INSTANCE.getFile(userDirPath).delete();
Review Comment:
```suggestion
FileUtils.cleanDirectory(SystemFileFactory.INSTANCE.getFile(userDirPath));
```
##
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/Role.java:
##
@@ -36,62 +37,192 @@
public class Role {
private String name;
- private List privilegeList;
+ private List pathPrivilegeList;
+
+ private Set sysPrivilegeSet;
+
+ private Set sysPriGrantOpt;
+
+ private static final int SYS_PRI_SIZE = PrivilegeType.getSysPriCount();
public Role() {
// empty constructor
}
public Role(String name) {
this.name = name;
-this.privilegeList = new ArrayList<>();
+this.pathPrivilegeList = new ArrayList<>();
+this.sysPrivilegeSet = new HashSet<>();
+this.sysPriGrantOpt = new HashSet<>();
}
+ /** - get func -* */
public String getName() {
return name;
}
- public void setName(String name) {
-this.name = name;
+ public List getPathPrivilegeList() {
+return pathPrivilegeList;
}
- public List getPrivilegeList() {
-return privilegeList;
+ public Set getSysPrivilege() {
+return sysPrivilegeSet;
}
- public void setPrivilegeList(List privilegeList) {
-this.privilegeList = privilegeList;
+ public Set getPathPrivileges(PartialPath path) throws AuthException
{
+return AuthUtils.getPrivileges(path, pathPrivilegeList);
}
- public boolean hasPrivilege(PartialPath path, int privilegeId) {
-return AuthUtils.hasPrivilege(path, privilegeId, privilegeList);
+ public Set getSysPriGrantOpt() {
+return sysPriGrantOpt;
}
- public void addPrivilege(PartialPath path, int privilegeId) {
-AuthUtils.addPrivilege(path, privilegeId, privilegeList);
+ public int getAllSysPrivileges() {
+int privs = 0;
+for (Integer sysPri : sysPrivilegeSet) {
+ privs |= (0b1 << sysPriTopos(sysPri));
+}
+for (Integer sysPriGrantOpt : sysPriGrantOpt) {
+ privs |= 0b1 << (sysPriTopos(sysPriGrantOpt) + 16);
Review Comment:
```suggestion
privs |= 1 << (sysPriTopos(sysPriGrantOpt) + 16);
```
##
iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java:
##
@@ -317,20 +302,109 @@ public boolean checkUserPrivileges(String username,
PartialPath path, int privil
throw new AuthException(
TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_EXCEPTION,
username));
}
-// get privileges of the user
-if (user.checkPrivilege(path, privilegeId)) {
- return true;
-}
-// merge the privileges of the roles of the user
-for (String roleName : user.getRoleList()) {
- Role role = roleManager.getRole(roleName);
- if (role.checkPrivilege(path, privilegeId)) {
+if (path != null) {
+ // get privileges of the user
+ if (user.checkPathPrivilege(path, privilegeId)) {
+return true;
+ }
+ // merge the privileges of the roles of the user
+ for (String roleName : user.getRoleList()) {
+Role role = roleManager.getRole(roleName);
+if (role.checkPathPrivilege(path, privilegeId)) {
+ return true;
+}
+ }
+} else {
+ if (user.checkSysPrivilege(privilegeId)) {
return true;
}
+ for (String roleName : user.getRoleList()) {
+Role role = roleManager.getRole(roleName);
+if (role.checkSysPrivilege(privilegeId)) {
+ return true;
+}
+ }
}
+
return false;
}
+ public boolean checkUserPrivilegeGrantOpt(String username, PartialPath path,
int privilegeId)
+ throws AuthException {
+User user = userManager.getUser(username);
+if (user == null) {
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_EXCEPTION,
username));
+}
+if (path == null) {
+ if (user.checkSysPrivilege(privilegeId)) {
+if (user.getSysPriGrantOpt().contains(privilegeId)) {
+ return true;
+}
+ }
+ if (user.getRoleList().isEmpty()) {
+throw new AuthException(
+TSStatusCode.NOT_HAS_PRIVILEGE,
+String.format(
+"Dont have privilege: %s to grant",
+PrivilegeType.values()[privilegeId].toString()));
+ }
+ for (String roleName : user.getRoleList()) {
+Role role = roleManager.getRole(roleName);
+if (role.checkSysPrivilege(privilegeId) &&