auth for stb
This commit is contained in:
Shengliang Guan
parent
cfa76f8329
commit
9a927afbd9
|
|
@ -36,6 +36,9 @@ int32_t mndCheckCreateDbAuth(SUserObj *pOperUser);
|
||||||
int32_t mndCheckAlterDropCompactSyncDbAuth(SUserObj *pOperUser, SDbObj *pDb);
|
int32_t mndCheckAlterDropCompactSyncDbAuth(SUserObj *pOperUser, SDbObj *pDb);
|
||||||
int32_t mndCheckUseDbAuth(SUserObj *pOperUser, SDbObj *pDb);
|
int32_t mndCheckUseDbAuth(SUserObj *pOperUser, SDbObj *pDb);
|
||||||
|
|
||||||
|
int32_t mndCheckWriteAuth(SUserObj *pOperUser, SDbObj *pDb);
|
||||||
|
int32_t mndCheckReadAuth(SUserObj *pOperUser, SDbObj *pDb);
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
|
|
@ -141,3 +141,29 @@ int32_t mndCheckAlterDropCompactSyncDbAuth(SUserObj *pOperUser, SDbObj *pDb) {
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t mndCheckUseDbAuth(SUserObj *pOperUser, SDbObj *pDb) { return 0; }
|
int32_t mndCheckUseDbAuth(SUserObj *pOperUser, SDbObj *pDb) { return 0; }
|
||||||
|
|
||||||
|
int32_t mndCheckWriteAuth(SUserObj *pOperUser, SDbObj *pDb) {
|
||||||
|
if (pOperUser->superUser || strcmp(pOperUser->user, pDb->createUser) == 0) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (taosHashGet(pOperUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int32_t mndCheckReadAuth(SUserObj *pOperUser, SDbObj *pDb) {
|
||||||
|
if (pOperUser->superUser || strcmp(pOperUser->user, pDb->createUser) == 0) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (taosHashGet(pOperUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
@ -15,6 +15,7 @@
|
||||||
|
|
||||||
#define _DEFAULT_SOURCE
|
#define _DEFAULT_SOURCE
|
||||||
#include "mndStb.h"
|
#include "mndStb.h"
|
||||||
|
#include "mndAuth.h"
|
||||||
#include "mndDb.h"
|
#include "mndDb.h"
|
||||||
#include "mndDnode.h"
|
#include "mndDnode.h"
|
||||||
#include "mndMnode.h"
|
#include "mndMnode.h"
|
||||||
|
|
@ -343,7 +344,7 @@ static int32_t mndCheckCreateStbReq(SMCreateStbReq *pCreate) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
SField *pField = taosArrayGet(pCreate->pColumns, 0) ;
|
SField *pField = taosArrayGet(pCreate->pColumns, 0);
|
||||||
if (pField->type != TSDB_DATA_TYPE_TIMESTAMP) {
|
if (pField->type != TSDB_DATA_TYPE_TIMESTAMP) {
|
||||||
terrno = TSDB_CODE_MND_INVALID_STB_OPTION;
|
terrno = TSDB_CODE_MND_INVALID_STB_OPTION;
|
||||||
return -1;
|
return -1;
|
||||||
|
|
@ -549,12 +550,16 @@ static int32_t mndProcessMCreateStbReq(SMnodeMsg *pReq) {
|
||||||
SStbObj *pTopicStb = NULL;
|
SStbObj *pTopicStb = NULL;
|
||||||
SStbObj *pStb = NULL;
|
SStbObj *pStb = NULL;
|
||||||
SDbObj *pDb = NULL;
|
SDbObj *pDb = NULL;
|
||||||
|
SUserObj *pUser = NULL;
|
||||||
SMCreateStbReq createReq = {0};
|
SMCreateStbReq createReq = {0};
|
||||||
|
|
||||||
if (tDeserializeSMCreateStbReq(pReq->rpcMsg.pCont, &createReq) == NULL) goto CREATE_STB_OVER;
|
if (tDeserializeSMCreateStbReq(pReq->rpcMsg.pCont, &createReq) == NULL) goto CREATE_STB_OVER;
|
||||||
|
|
||||||
mDebug("stb:%s, start to create", createReq.name);
|
mDebug("stb:%s, start to create", createReq.name);
|
||||||
if (mndCheckCreateStbReq(&createReq) != 0) goto CREATE_STB_OVER;
|
if (mndCheckCreateStbReq(&createReq) != 0) {
|
||||||
|
terrno = TSDB_CODE_INVALID_MSG;
|
||||||
|
goto CREATE_STB_OVER;
|
||||||
|
}
|
||||||
|
|
||||||
pStb = mndAcquireStb(pMnode, createReq.name);
|
pStb = mndAcquireStb(pMnode, createReq.name);
|
||||||
if (pStb != NULL) {
|
if (pStb != NULL) {
|
||||||
|
|
@ -582,6 +587,15 @@ static int32_t mndProcessMCreateStbReq(SMnodeMsg *pReq) {
|
||||||
goto CREATE_STB_OVER;
|
goto CREATE_STB_OVER;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pUser = mndAcquireUser(pMnode, pReq->user);
|
||||||
|
if (pUser == NULL) {
|
||||||
|
goto CREATE_STB_OVER;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mndCheckWriteAuth(pUser, pDb) != 0) {
|
||||||
|
goto CREATE_STB_OVER;
|
||||||
|
}
|
||||||
|
|
||||||
code = mndCreateStb(pMnode, pReq, &createReq, pDb);
|
code = mndCreateStb(pMnode, pReq, &createReq, pDb);
|
||||||
if (code == 0) code = TSDB_CODE_MND_ACTION_IN_PROGRESS;
|
if (code == 0) code = TSDB_CODE_MND_ACTION_IN_PROGRESS;
|
||||||
|
|
||||||
|
|
@ -593,8 +607,8 @@ CREATE_STB_OVER:
|
||||||
mndReleaseStb(pMnode, pStb);
|
mndReleaseStb(pMnode, pStb);
|
||||||
mndReleaseStb(pMnode, pTopicStb);
|
mndReleaseStb(pMnode, pTopicStb);
|
||||||
mndReleaseDb(pMnode, pDb);
|
mndReleaseDb(pMnode, pDb);
|
||||||
taosArrayDestroy(createReq.pColumns);
|
mndReleaseUser(pMnode, pUser);
|
||||||
taosArrayDestroy(createReq.pTags);
|
tFreeSMCreateStbReq(&createReq);
|
||||||
|
|
||||||
return code;
|
return code;
|
||||||
}
|
}
|
||||||
|
|
@ -965,7 +979,7 @@ static int32_t mndAlterStb(SMnode *pMnode, SMnodeMsg *pReq, const SMAltertbReq *
|
||||||
int32_t code = -1;
|
int32_t code = -1;
|
||||||
STrans *pTrans = NULL;
|
STrans *pTrans = NULL;
|
||||||
SField *pField0 = taosArrayGet(pAlter->pFields, 0);
|
SField *pField0 = taosArrayGet(pAlter->pFields, 0);
|
||||||
|
|
||||||
switch (pAlter->alterType) {
|
switch (pAlter->alterType) {
|
||||||
case TSDB_ALTER_TABLE_ADD_TAG:
|
case TSDB_ALTER_TABLE_ADD_TAG:
|
||||||
code = mndAddSuperTableTag(pOld, &stbObj, pAlter->pFields, pAlter->numOfFields);
|
code = mndAddSuperTableTag(pOld, &stbObj, pAlter->pFields, pAlter->numOfFields);
|
||||||
|
|
@ -1020,9 +1034,13 @@ static int32_t mndProcessMAlterStbReq(SMnodeMsg *pReq) {
|
||||||
int32_t code = -1;
|
int32_t code = -1;
|
||||||
SDbObj *pDb = NULL;
|
SDbObj *pDb = NULL;
|
||||||
SStbObj *pStb = NULL;
|
SStbObj *pStb = NULL;
|
||||||
|
SUserObj *pUser = NULL;
|
||||||
SMAltertbReq alterReq = {0};
|
SMAltertbReq alterReq = {0};
|
||||||
|
|
||||||
if (tDeserializeSMAlterStbReq(pReq->rpcMsg.pCont, &alterReq) == NULL) goto ALTER_STB_OVER;
|
if (tDeserializeSMAlterStbReq(pReq->rpcMsg.pCont, &alterReq) == NULL) {
|
||||||
|
terrno = TSDB_CODE_INVALID_MSG;
|
||||||
|
goto ALTER_STB_OVER;
|
||||||
|
}
|
||||||
|
|
||||||
mDebug("stb:%s, start to alter", alterReq.name);
|
mDebug("stb:%s, start to alter", alterReq.name);
|
||||||
if (mndCheckAlterStbReq(&alterReq) != 0) goto ALTER_STB_OVER;
|
if (mndCheckAlterStbReq(&alterReq) != 0) goto ALTER_STB_OVER;
|
||||||
|
|
@ -1039,6 +1057,15 @@ static int32_t mndProcessMAlterStbReq(SMnodeMsg *pReq) {
|
||||||
goto ALTER_STB_OVER;
|
goto ALTER_STB_OVER;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pUser = mndAcquireUser(pMnode, pReq->user);
|
||||||
|
if (pUser == NULL) {
|
||||||
|
goto ALTER_STB_OVER;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mndCheckWriteAuth(pUser, pDb) != 0) {
|
||||||
|
goto ALTER_STB_OVER;
|
||||||
|
}
|
||||||
|
|
||||||
code = mndAlterStb(pMnode, pReq, &alterReq, pDb, pStb);
|
code = mndAlterStb(pMnode, pReq, &alterReq, pDb, pStb);
|
||||||
if (code == 0) code = TSDB_CODE_MND_ACTION_IN_PROGRESS;
|
if (code == 0) code = TSDB_CODE_MND_ACTION_IN_PROGRESS;
|
||||||
|
|
||||||
|
|
@ -1049,6 +1076,7 @@ ALTER_STB_OVER:
|
||||||
|
|
||||||
mndReleaseStb(pMnode, pStb);
|
mndReleaseStb(pMnode, pStb);
|
||||||
mndReleaseDb(pMnode, pDb);
|
mndReleaseDb(pMnode, pDb);
|
||||||
|
mndReleaseUser(pMnode, pUser);
|
||||||
taosArrayDestroy(alterReq.pFields);
|
taosArrayDestroy(alterReq.pFields);
|
||||||
|
|
||||||
return code;
|
return code;
|
||||||
|
|
@ -1135,43 +1163,60 @@ DROP_STB_OVER:
|
||||||
}
|
}
|
||||||
|
|
||||||
static int32_t mndProcessMDropStbReq(SMnodeMsg *pReq) {
|
static int32_t mndProcessMDropStbReq(SMnodeMsg *pReq) {
|
||||||
SMnode *pMnode = pReq->pMnode;
|
SMnode *pMnode = pReq->pMnode;
|
||||||
|
int32_t code = -1;
|
||||||
|
SUserObj *pUser = NULL;
|
||||||
|
SDbObj *pDb = NULL;
|
||||||
|
SStbObj *pStb = NULL;
|
||||||
SMDropStbReq dropReq = {0};
|
SMDropStbReq dropReq = {0};
|
||||||
tDeserializeSMDropStbReq(pReq->rpcMsg.pCont, &dropReq);
|
|
||||||
|
if (tDeserializeSMDropStbReq(pReq->rpcMsg.pCont, &dropReq) != 0) {
|
||||||
|
terrno = TSDB_CODE_INVALID_MSG;
|
||||||
|
goto DROP_STB_OVER;
|
||||||
|
}
|
||||||
|
|
||||||
mDebug("stb:%s, start to drop", dropReq.name);
|
mDebug("stb:%s, start to drop", dropReq.name);
|
||||||
|
|
||||||
SStbObj *pStb = mndAcquireStb(pMnode, dropReq.name);
|
pStb = mndAcquireStb(pMnode, dropReq.name);
|
||||||
if (pStb == NULL) {
|
if (pStb == NULL) {
|
||||||
if (dropReq.igNotExists) {
|
if (dropReq.igNotExists) {
|
||||||
mDebug("stb:%s, not exist, ignore not exist is set", dropReq.name);
|
mDebug("stb:%s, not exist, ignore not exist is set", dropReq.name);
|
||||||
return 0;
|
code = 0;
|
||||||
|
goto DROP_STB_OVER;
|
||||||
} else {
|
} else {
|
||||||
terrno = TSDB_CODE_MND_STB_NOT_EXIST;
|
terrno = TSDB_CODE_MND_STB_NOT_EXIST;
|
||||||
mError("stb:%s, failed to drop since %s", dropReq.name, terrstr());
|
goto DROP_STB_OVER;
|
||||||
return -1;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
SDbObj *pDb = mndAcquireDbByStb(pMnode, dropReq.name);
|
pDb = mndAcquireDbByStb(pMnode, dropReq.name);
|
||||||
if (pDb == NULL) {
|
if (pDb == NULL) {
|
||||||
mndReleaseStb(pMnode, pStb);
|
|
||||||
terrno = TSDB_CODE_MND_DB_NOT_SELECTED;
|
terrno = TSDB_CODE_MND_DB_NOT_SELECTED;
|
||||||
mError("stb:%s, failed to drop since %s", dropReq.name, terrstr());
|
goto DROP_STB_OVER;
|
||||||
return -1;
|
}
|
||||||
|
|
||||||
|
pUser = mndAcquireUser(pMnode, pReq->user);
|
||||||
|
if (pUser == NULL) {
|
||||||
|
goto DROP_STB_OVER;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mndCheckWriteAuth(pUser, pDb) != 0) {
|
||||||
|
goto DROP_STB_OVER;
|
||||||
|
}
|
||||||
|
|
||||||
|
code = mndDropStb(pMnode, pReq, pDb, pStb);
|
||||||
|
if (code == 0) code = TSDB_CODE_MND_ACTION_IN_PROGRESS;
|
||||||
|
|
||||||
|
DROP_STB_OVER:
|
||||||
|
if (code != 0 && code != TSDB_CODE_MND_ACTION_IN_PROGRESS) {
|
||||||
|
mError("stb:%s, failed to drop since %s", dropReq.name, terrstr());
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t code = mndDropStb(pMnode, pReq, pDb, pStb);
|
|
||||||
mndReleaseDb(pMnode, pDb);
|
mndReleaseDb(pMnode, pDb);
|
||||||
mndReleaseStb(pMnode, pStb);
|
mndReleaseStb(pMnode, pStb);
|
||||||
|
mndReleaseUser(pMnode, pUser);
|
||||||
|
|
||||||
if (code != 0) {
|
return code;
|
||||||
mError("stb:%s, failed to drop since %s", dropReq.name, terrstr());
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return TSDB_CODE_MND_ACTION_IN_PROGRESS;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int32_t mndProcessVDropStbRsp(SMnodeMsg *pRsp) {
|
static int32_t mndProcessVDropStbRsp(SMnodeMsg *pRsp) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue