confignode/src/main/java/org/apache/iotdb/confignode/manager/PermissionManager.java - iotdb - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.iotdb.confignode.manager;

 import org.apache.iotdb.common.rpc.thrift.TDataNodeConfiguration;
 import org.apache.iotdb.common.rpc.thrift.TSStatus;
 import org.apache.iotdb.confignode.client.DataNodeRequestType;
 import org.apache.iotdb.confignode.client.sync.SyncDataNodeClientPool;
 import org.apache.iotdb.confignode.consensus.request.ConfigPhysicalPlanType;
 import org.apache.iotdb.confignode.consensus.request.auth.AuthorPlan;
 import org.apache.iotdb.confignode.consensus.response.PermissionInfoResp;
 import org.apache.iotdb.confignode.persistence.AuthorInfo;
 import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
 import org.apache.iotdb.mpp.rpc.thrift.TInvalidatePermissionCacheReq;
 import org.apache.iotdb.rpc.RpcUtils;
 import org.apache.iotdb.rpc.TSStatusCode;

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import java.util.List;

 /** manager permission query and operation */
 public class PermissionManager {

   private static final Logger logger = LoggerFactory.getLogger(PermissionManager.class);

   private final ConfigManager configManager;
   private final AuthorInfo authorInfo;

   public PermissionManager(ConfigManager configManager, AuthorInfo authorInfo) {
     this.configManager = configManager;
     this.authorInfo = authorInfo;
   }

   /**
    * write permission
    *
    * @param authorPlan AuthorReq
    * @return TSStatus
    */
   public TSStatus operatePermission(AuthorPlan authorPlan) {
     TSStatus tsStatus;
     // If the permissions change, clear the cache content affected by the operation
     if (authorPlan.getAuthorType() == ConfigPhysicalPlanType.CreateUser
         || authorPlan.getAuthorType() == ConfigPhysicalPlanType.CreateRole) {
       tsStatus = getConsensusManager().write(authorPlan).getStatus();
     } else {
       tsStatus = invalidateCache(authorPlan.getUserName(), authorPlan.getRoleName());
       if (tsStatus.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
         tsStatus = getConsensusManager().write(authorPlan).getStatus();
       }
     }
     return tsStatus;
   }

   /**
    * Query for permissions
    *
    * @param authorPlan AuthorReq
    * @return PermissionInfoResp
    */
   public PermissionInfoResp queryPermission(AuthorPlan authorPlan) {
     return (PermissionInfoResp) getConsensusManager().read(authorPlan).getDataset();
   }

   private ConsensusManager getConsensusManager() {
     return configManager.getConsensusManager();
   }

   public TPermissionInfoResp login(String username, String password) {
     return authorInfo.login(username, password);
   }

   public TPermissionInfoResp checkUserPrivileges(
       String username, List<String> paths, int permission) {
     return authorInfo.checkUserPrivileges(username, paths, permission);
   }

   /**
    * When the permission information of a user or role is changed will clear all datanode
    * permissions related to the user or role
    */
   public TSStatus invalidateCache(String username, String roleName) {
     List<TDataNodeConfiguration> allDataNodes =
         configManager.getNodeManager().getRegisteredDataNodes();
     TInvalidatePermissionCacheReq req = new TInvalidatePermissionCacheReq();
     TSStatus status;
     req.setUsername(username);
     req.setRoleName(roleName);
     for (TDataNodeConfiguration dataNodeInfo : allDataNodes) {
       status =
           SyncDataNodeClientPool.getInstance()
               .sendSyncRequestToDataNodeWithRetry(
                   dataNodeInfo.getLocation().getInternalEndPoint(),
                   req,
                   DataNodeRequestType.INVALIDATE_PERMISSION_CACHE);
       if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
         return status;
       }
     }
     return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.iotdb.confignode.manager;

	import org.apache.iotdb.common.rpc.thrift.TDataNodeConfiguration;
	import org.apache.iotdb.common.rpc.thrift.TSStatus;
	import org.apache.iotdb.confignode.client.DataNodeRequestType;
	import org.apache.iotdb.confignode.client.sync.SyncDataNodeClientPool;
	import org.apache.iotdb.confignode.consensus.request.ConfigPhysicalPlanType;
	import org.apache.iotdb.confignode.consensus.request.auth.AuthorPlan;
	import org.apache.iotdb.confignode.consensus.response.PermissionInfoResp;
	import org.apache.iotdb.confignode.persistence.AuthorInfo;
	import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
	import org.apache.iotdb.mpp.rpc.thrift.TInvalidatePermissionCacheReq;
	import org.apache.iotdb.rpc.RpcUtils;
	import org.apache.iotdb.rpc.TSStatusCode;

	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import java.util.List;

	/** manager permission query and operation */
	public class PermissionManager {

	private static final Logger logger = LoggerFactory.getLogger(PermissionManager.class);

	private final ConfigManager configManager;
	private final AuthorInfo authorInfo;

	public PermissionManager(ConfigManager configManager, AuthorInfo authorInfo) {
	this.configManager = configManager;
	this.authorInfo = authorInfo;
	}

	/**
	* write permission
	*
	* @param authorPlan AuthorReq
	* @return TSStatus
	*/
	public TSStatus operatePermission(AuthorPlan authorPlan) {
	TSStatus tsStatus;
	// If the permissions change, clear the cache content affected by the operation
	if (authorPlan.getAuthorType() == ConfigPhysicalPlanType.CreateUser
	\|\| authorPlan.getAuthorType() == ConfigPhysicalPlanType.CreateRole) {
	tsStatus = getConsensusManager().write(authorPlan).getStatus();
	} else {
	tsStatus = invalidateCache(authorPlan.getUserName(), authorPlan.getRoleName());
	if (tsStatus.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
	tsStatus = getConsensusManager().write(authorPlan).getStatus();
	}
	}
	return tsStatus;
	}

	/**
	* Query for permissions
	*
	* @param authorPlan AuthorReq
	* @return PermissionInfoResp
	*/
	public PermissionInfoResp queryPermission(AuthorPlan authorPlan) {
	return (PermissionInfoResp) getConsensusManager().read(authorPlan).getDataset();
	}

	private ConsensusManager getConsensusManager() {
	return configManager.getConsensusManager();
	}

	public TPermissionInfoResp login(String username, String password) {
	return authorInfo.login(username, password);
	}

	public TPermissionInfoResp checkUserPrivileges(
	String username, List<String> paths, int permission) {
	return authorInfo.checkUserPrivileges(username, paths, permission);
	}

	/**
	* When the permission information of a user or role is changed will clear all datanode
	* permissions related to the user or role
	*/
	public TSStatus invalidateCache(String username, String roleName) {
	List<TDataNodeConfiguration> allDataNodes =
	configManager.getNodeManager().getRegisteredDataNodes();
	TInvalidatePermissionCacheReq req = new TInvalidatePermissionCacheReq();
	TSStatus status;
	req.setUsername(username);
	req.setRoleName(roleName);
	for (TDataNodeConfiguration dataNodeInfo : allDataNodes) {
	status =
	SyncDataNodeClientPool.getInstance()
	.sendSyncRequestToDataNodeWithRetry(
	dataNodeInfo.getLocation().getInternalEndPoint(),
	req,
	DataNodeRequestType.INVALIDATE_PERMISSION_CACHE);
	if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
	return status;
	}
	}
	return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
	}
	}