From e5547eccbf5825665f6b5fb49544d2acd373fbc9 Mon Sep 17 00:00:00 2001
From: dmchen <cademfly@hotmail.com>
Date: Thu, 9 May 2024 02:44:38 +0000
Subject: [PATCH] encrypt grant

---
 include/util/taoserror.h            | 1 +
 source/dnode/mnode/impl/src/mndDb.c | 7 +++++++
 source/util/src/terror.c            | 1 +
 3 files changed, 9 insertions(+)

diff --git a/include/util/taoserror.h b/include/util/taoserror.h
index 03a024bb8c..dafdac9649 100644
--- a/include/util/taoserror.h
+++ b/include/util/taoserror.h
@@ -327,6 +327,7 @@ int32_t* taosGetErrno();
 #define TSDB_CODE_MND_DB_IN_CREATING            TAOS_DEF_ERROR_CODE(0, 0x0396) //
 #define TSDB_CODE_MND_INVALID_SYS_TABLENAME     TAOS_DEF_ERROR_CODE(0, 0x039A)
 #define TSDB_CODE_MND_ENCRYPT_NOT_ALLOW_CHANGE  TAOS_DEF_ERROR_CODE(0, 0x039B)
+#define TSDB_CODE_MND_DB_ENCRYPT_GRANT_EXPIRED  TAOS_DEF_ERROR_CODE(0, 0x039C)
 
 // mnode-node
 #define TSDB_CODE_MND_MNODE_ALREADY_EXIST       TAOS_DEF_ERROR_CODE(0, 0x03A0)
diff --git a/source/dnode/mnode/impl/src/mndDb.c b/source/dnode/mnode/impl/src/mndDb.c
index 6d638dab3b..48569c0600 100644
--- a/source/dnode/mnode/impl/src/mndDb.c
+++ b/source/dnode/mnode/impl/src/mndDb.c
@@ -843,6 +843,13 @@ static int32_t mndCheckDbEncryptKey(SMnode *pMnode, SCreateDbReq *pReq) {
     }
     sdbRelease(pSdb, pDnode);
   }
+
+  if(grantCheck(TSDB_GRANT_DB_ENCRYPTION) != 0){
+    code = TSDB_CODE_MND_DB_ENCRYPT_GRANT_EXPIRED;
+    errno = code;
+    mError("db:%s, failed to create db since %s", pReq->db, terrstr());
+    goto _exit;
+  }
 #else
   if (pReq->encryptAlgorithm != TSDB_ENCRYPT_ALGO_NONE) {
     code = TSDB_CODE_MND_INVALID_DB_OPTION;
diff --git a/source/util/src/terror.c b/source/util/src/terror.c
index 3ef656b2b4..a0b4a74ca7 100644
--- a/source/util/src/terror.c
+++ b/source/util/src/terror.c
@@ -259,6 +259,7 @@ TAOS_DEFINE_ERROR(TSDB_CODE_MND_DB_IN_CREATING,           "Database in creating
 TAOS_DEFINE_ERROR(TSDB_CODE_MND_ENCRYPT_NOT_ALLOW_CHANGE, "Encryption is not allowed to be changed after database is created")
 TAOS_DEFINE_ERROR(TSDB_CODE_MND_INCONSIST_ENCRYPT_KEY,    "Inconsistent encryption key")
 TAOS_DEFINE_ERROR(TSDB_CODE_MND_INVALID_ENCRYPT_KEY,      "The cluster has not been set properly for database encryption")
+TAOS_DEFINE_ERROR(TSDB_CODE_MND_DB_ENCRYPT_GRANT_EXPIRED, "The database encryption funtion grant expired")
 
 // mnode-node
 TAOS_DEFINE_ERROR(TSDB_CODE_MND_MNODE_ALREADY_EXIST,      "Mnode already exists")