From 51378aae40f6400d9651fa28a99bcced01b7362a Mon Sep 17 00:00:00 2001 From: Shengliang Guan Date: Thu, 1 Dec 2022 12:22:43 +0800 Subject: [PATCH] enh: add topic privilege --- source/dnode/mnode/impl/inc/mndDef.h | 2 ++ source/dnode/mnode/impl/inc/mndPrivilege.h | 3 ++- source/dnode/mnode/impl/inc/mndTopic.h | 2 +- source/dnode/mnode/impl/src/mndPrivilege.c | 3 ++- source/dnode/mnode/impl/src/mndTopic.c | 9 +++++++-- 5 files changed, 14 insertions(+), 5 deletions(-) diff --git a/source/dnode/mnode/impl/inc/mndDef.h b/source/dnode/mnode/impl/inc/mndDef.h index 7dc50318b4..f9ec167319 100644 --- a/source/dnode/mnode/impl/inc/mndDef.h +++ b/source/dnode/mnode/impl/inc/mndDef.h @@ -72,6 +72,8 @@ typedef enum { MND_OPER_READ_OR_WRITE_DB, MND_OPER_SHOW_VARIBALES, MND_OPER_SUBSCRIBE, + MND_OPER_CREATE_TOPIC, + MND_OPER_DROP_TOPIC, } EOperType; typedef enum { diff --git a/source/dnode/mnode/impl/inc/mndPrivilege.h b/source/dnode/mnode/impl/inc/mndPrivilege.h index 3e505eb5dc..dfde2f671e 100644 --- a/source/dnode/mnode/impl/inc/mndPrivilege.h +++ b/source/dnode/mnode/impl/inc/mndPrivilege.h @@ -28,7 +28,8 @@ void mndCleanupPrivilege(SMnode *pMnode); int32_t mndCheckOperPrivilege(SMnode *pMnode, const char *user, EOperType operType); int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType, SDbObj *pDb); int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname); -int32_t mndCheckTopicPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname); +int32_t mndCheckTopicPrivilege(SMnode *pMnode, const char *user, EOperType operType, SMqTopicObj *pTopic); +int32_t mndCheckTopicPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *topicName); int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, EShowType showType, const char *dbname); int32_t mndCheckAlterUserPrivilege(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter); int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp); diff --git a/source/dnode/mnode/impl/inc/mndTopic.h b/source/dnode/mnode/impl/inc/mndTopic.h index 9f516904ce..8cd669c769 100644 --- a/source/dnode/mnode/impl/inc/mndTopic.h +++ b/source/dnode/mnode/impl/inc/mndTopic.h @@ -25,7 +25,7 @@ extern "C" { int32_t mndInitTopic(SMnode *pMnode); void mndCleanupTopic(SMnode *pMnode); -SMqTopicObj *mndAcquireTopic(SMnode *pMnode, char *topicName); +SMqTopicObj *mndAcquireTopic(SMnode *pMnode, const char *topicName); void mndReleaseTopic(SMnode *pMnode, SMqTopicObj *pTopic); SSdbRaw *mndTopicActionEncode(SMqTopicObj *pTopic); diff --git a/source/dnode/mnode/impl/src/mndPrivilege.c b/source/dnode/mnode/impl/src/mndPrivilege.c index edd7bb2a65..ccb4140b83 100644 --- a/source/dnode/mnode/impl/src/mndPrivilege.c +++ b/source/dnode/mnode/impl/src/mndPrivilege.c @@ -28,7 +28,8 @@ int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname) { return 0; } -int32_t mndCheckTopicPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname) { +int32_t mndCheckTopicPrivilege(SMnode *pMnode, const char *user, EOperType operType, SMqTopicObj *pTopic) { return 0; } +int32_t mndCheckTopicPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *topicName) { return 0; } int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp) { diff --git a/source/dnode/mnode/impl/src/mndTopic.c b/source/dnode/mnode/impl/src/mndTopic.c index 6412761f0b..aabb2e5087 100644 --- a/source/dnode/mnode/impl/src/mndTopic.c +++ b/source/dnode/mnode/impl/src/mndTopic.c @@ -288,7 +288,7 @@ static int32_t mndTopicActionUpdate(SSdb *pSdb, SMqTopicObj *pOldTopic, SMqTopic return 0; } -SMqTopicObj *mndAcquireTopic(SMnode *pMnode, char *topicName) { +SMqTopicObj *mndAcquireTopic(SMnode *pMnode, const char *topicName) { SSdb *pSdb = pMnode->pSdb; SMqTopicObj *pTopic = sdbAcquire(pSdb, SDB_TOPIC, topicName); if (pTopic == NULL && terrno == TSDB_CODE_SDB_OBJ_NOT_THERE) { @@ -573,7 +573,7 @@ static int32_t mndProcessCreateTopicReq(SRpcMsg *pReq) { goto _OVER; } - if (mndCheckDbPrivilege(pMnode, pReq->info.conn.user, MND_OPER_READ_DB, pDb) != 0) { + if (mndCheckOperPrivilege(pMnode, pReq->info.conn.user, MND_OPER_CREATE_TOPIC) != 0) { goto _OVER; } @@ -633,6 +633,11 @@ static int32_t mndProcessDropTopicReq(SRpcMsg *pReq) { } } + if (mndCheckOperPrivilege(pMnode, pReq->info.conn.user, MND_OPER_DROP_TOPIC) != 0) { + mndReleaseTopic(pMnode, pTopic); + return -1; + } + void *pIter = NULL; SMqConsumerObj *pConsumer; while (1) {