in iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java [275:499]
public TSStatus authorNonQuery(AuthorRelationalPlan authorPlan) {
ConfigPhysicalPlanType authorType = authorPlan.getAuthorType();
String userName = authorPlan.getUserName();
String roleName = authorPlan.getRoleName();
String database = authorPlan.getDatabaseName();
String table = authorPlan.getTableName();
boolean grantOpt = authorPlan.getGrantOpt();
Set<Integer> permissions = authorPlan.getPermissions();
Set<PrivilegeType> privileges = new HashSet<>();
if (authorType.ordinal() >= ConfigPhysicalPlanType.RGrantUserAny.ordinal()
&& authorType.ordinal() <= ConfigPhysicalPlanType.RRevokeRoleSysPri.ordinal()) {
for (int permission : permissions) {
privileges.add(PrivilegeType.values()[permission]);
}
}
try {
switch (authorType) {
case RCreateUser:
authorizer.createUser(userName, authorPlan.getPassword());
break;
case RCreateRole:
authorizer.createRole(roleName);
break;
case RUpdateUser:
authorizer.updateUserPassword(userName, authorPlan.getPassword());
break;
case RDropRole:
authorizer.deleteRole(roleName);
break;
case RDropUser:
authorizer.deleteUser(userName);
break;
case RGrantUserRole:
authorizer.grantRoleToUser(roleName, userName);
break;
case RRevokeUserRole:
authorizer.revokeRoleFromUser(roleName, userName);
break;
case RGrantUserAny:
for (PrivilegeType privilege : privileges) {
authorizer.grantPrivilegeToUser(
userName, new PrivilegeUnion(privilege, grantOpt, true));
}
break;
case RGrantRoleAny:
for (PrivilegeType privilege : privileges) {
authorizer.grantPrivilegeToRole(
roleName, new PrivilegeUnion(privilege, grantOpt, true));
}
break;
case RGrantUserAll:
// database scope and table scope all
if (!database.isEmpty()) {
for (PrivilegeType privilege : privileges) {
if (privilege.isRelationalPrivilege()) {
if (table.isEmpty()) {
authorizer.grantPrivilegeToUser(
userName, new PrivilegeUnion(database, privilege, grantOpt));
} else {
authorizer.grantPrivilegeToUser(
userName, new PrivilegeUnion(database, table, privilege, grantOpt));
}
}
}
break;
}
for (PrivilegeType privilege : PrivilegeType.values()) {
if (privilege.forRelationalSys()) {
authorizer.grantPrivilegeToUser(userName, new PrivilegeUnion(privilege, grantOpt));
}
if (privilege.isRelationalPrivilege()) {
authorizer.grantPrivilegeToUser(
userName, new PrivilegeUnion(privilege, grantOpt, true));
}
}
break;
case RGrantRoleAll:
// database scope and table scope all
if (!database.isEmpty()) {
for (PrivilegeType privilege : privileges) {
if (privilege.isRelationalPrivilege()) {
if (table.isEmpty()) {
authorizer.grantPrivilegeToRole(
roleName, new PrivilegeUnion(database, privilege, grantOpt));
} else {
authorizer.grantPrivilegeToRole(
roleName, new PrivilegeUnion(database, table, privilege, grantOpt));
}
}
}
break;
}
for (PrivilegeType privilege : PrivilegeType.values()) {
if (privilege.forRelationalSys()) {
authorizer.grantPrivilegeToRole(roleName, new PrivilegeUnion(privilege, grantOpt));
}
if (privilege.isRelationalPrivilege()) {
authorizer.grantPrivilegeToRole(
roleName, new PrivilegeUnion(privilege, grantOpt, true));
}
}
break;
case RGrantUserDBPriv:
for (PrivilegeType privilege : privileges) {
authorizer.grantPrivilegeToUser(
userName, new PrivilegeUnion(database, privilege, grantOpt));
}
break;
case RGrantUserTBPriv:
for (PrivilegeType privilege : privileges) {
authorizer.grantPrivilegeToUser(
userName, new PrivilegeUnion(database, table, privilege, grantOpt));
}
break;
case RGrantRoleDBPriv:
for (PrivilegeType privilege : privileges) {
authorizer.grantPrivilegeToRole(
roleName, new PrivilegeUnion(database, privilege, grantOpt));
}
break;
case RGrantRoleTBPriv:
for (PrivilegeType privilege : privileges) {
authorizer.grantPrivilegeToRole(
roleName, new PrivilegeUnion(database, table, privilege, grantOpt));
}
break;
case RRevokeUserAny:
for (PrivilegeType privilege : privileges) {
authorizer.revokePrivilegeFromUser(
userName, new PrivilegeUnion(privilege, grantOpt, true));
}
break;
case RRevokeRoleAny:
for (PrivilegeType privilege : privileges) {
authorizer.revokePrivilegeFromRole(
roleName, new PrivilegeUnion(privilege, grantOpt, true));
}
break;
case RRevokeUserAll:
if (!database.isEmpty()) {
for (PrivilegeType privilege : PrivilegeType.values()) {
if (privilege.isRelationalPrivilege()) {
if (table.isEmpty()) {
authorizer.revokePrivilegeFromUser(
userName, new PrivilegeUnion(database, privilege, grantOpt));
} else {
authorizer.revokePrivilegeFromUser(
userName, new PrivilegeUnion(database, table, privilege, grantOpt));
}
}
}
break;
}
authorizer.revokeAllPrivilegeFromUser(userName);
break;
case RRevokeRoleAll:
if (!database.isEmpty()) {
for (PrivilegeType privilege : PrivilegeType.values()) {
if (privilege.isRelationalPrivilege()) {
if (table.isEmpty()) {
authorizer.revokePrivilegeFromRole(
roleName, new PrivilegeUnion(database, privilege, grantOpt));
} else {
authorizer.revokePrivilegeFromRole(
roleName, new PrivilegeUnion(database, table, privilege, grantOpt));
}
}
}
break;
}
authorizer.revokeAllPrivilegeFromRole(roleName);
break;
case RRevokeUserDBPriv:
for (PrivilegeType privilege : privileges) {
authorizer.revokePrivilegeFromUser(
userName, new PrivilegeUnion(database, privilege, grantOpt));
}
break;
case RRevokeUserTBPriv:
for (PrivilegeType privilege : privileges) {
authorizer.revokePrivilegeFromUser(
userName, new PrivilegeUnion(database, table, privilege, grantOpt));
}
break;
case RRevokeRoleDBPriv:
for (PrivilegeType privilege : privileges) {
authorizer.revokePrivilegeFromRole(
roleName, new PrivilegeUnion(database, privilege, grantOpt));
}
break;
case RRevokeRoleTBPriv:
for (PrivilegeType privilege : privileges) {
authorizer.revokePrivilegeFromRole(
roleName, new PrivilegeUnion(database, table, privilege, grantOpt));
}
break;
case RGrantUserSysPri:
for (PrivilegeType privilege : privileges) {
authorizer.grantPrivilegeToUser(userName, new PrivilegeUnion(privilege, grantOpt));
}
break;
case RGrantRoleSysPri:
for (PrivilegeType privilege : privileges) {
authorizer.grantPrivilegeToRole(roleName, new PrivilegeUnion(privilege, grantOpt));
}
break;
case RRevokeUserSysPri:
for (PrivilegeType privilege : privileges) {
authorizer.revokePrivilegeFromUser(userName, new PrivilegeUnion(privilege, grantOpt));
}
break;
case RRevokeRoleSysPri:
for (PrivilegeType privilege : privileges) {
authorizer.revokePrivilegeFromRole(roleName, new PrivilegeUnion(privilege, grantOpt));
}
break;
default:
throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "not support");
}
} catch (AuthException e) {
return RpcUtils.getStatus(e.getCode(), e.getMessage());
}
return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
}