diff --git a/src/mnode/src/mnodeDb.c b/src/mnode/src/mnodeDb.c index 9602e16483f3a367117f998cc619dbe408859d93..3be81bad942b75f77fa23fbd65d7993a84e20b92 100644 --- a/src/mnode/src/mnodeDb.c +++ b/src/mnode/src/mnodeDb.c @@ -429,8 +429,10 @@ static int32_t mnodeCreateDb(SAcctObj *pAcct, SCreateDbMsg *pCreate, SMnodeMsg * } } +#ifdef GRANT_CHECK_WRITE code = grantCheck(TSDB_GRANT_DB); if (code != 0) return code; +#endif pDb = calloc(1, sizeof(SDbObj)); tstrncpy(pDb->name, pCreate->db, sizeof(pDb->name)); @@ -927,9 +929,12 @@ static int32_t mnodeProcessCreateDbMsg(SMnodeMsg *pMsg) { pCreate->maxRowsPerFileBlock = htonl(pCreate->maxRowsPerFileBlock); int32_t code; +#ifdef GRANT_CHECK_WRITE if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) { code = TSDB_CODE_GRANT_EXPIRED; - } else if (!pMsg->pUser->writeAuth) { + } else +#endif + if (!pMsg->pUser->writeAuth) { code = TSDB_CODE_MND_NO_RIGHTS; } else { code = mnodeCreateDb(pMsg->pUser->pAcct, pCreate, pMsg); diff --git a/src/mnode/src/mnodeDnode.c b/src/mnode/src/mnodeDnode.c index 7dd199cca4248e5467017e1b6247f3b534c45711..e5ecec6e32a1a9c561f0968489e59aa9993530d7 100644 --- a/src/mnode/src/mnodeDnode.c +++ b/src/mnode/src/mnodeDnode.c @@ -663,11 +663,12 @@ static int32_t mnodeProcessDnodeStatusMsg(SMnodeMsg *pMsg) { } static int32_t mnodeCreateDnode(char *ep, SMnodeMsg *pMsg) { +#ifndef GRANT_CHECK_WRITE int32_t grantCode = grantCheck(TSDB_GRANT_DNODE); if (grantCode != TSDB_CODE_SUCCESS) { return grantCode; } - +#endif char dnodeEp[TSDB_EP_LEN] = {0}; tstrncpy(dnodeEp, ep, TSDB_EP_LEN); strtrim(dnodeEp); diff --git a/src/mnode/src/mnodeFunc.c b/src/mnode/src/mnodeFunc.c index 253958efbe9a0d81d0542217447eaf750e10caf9..7faf98bccca7f3ec6b69bf1634bbb0ce131e854f 100644 --- a/src/mnode/src/mnodeFunc.c +++ b/src/mnode/src/mnodeFunc.c @@ -191,9 +191,11 @@ static int32_t mnodeUpdateFunc(SFuncObj *pFunc, void *pMsg) { } */ int32_t mnodeCreateFunc(SAcctObj *pAcct, char *name, int32_t codeLen, char *codeScript, char *path, uint8_t outputType, int16_t outputLen, int32_t funcType, int32_t bufSize, SMnodeMsg *pMsg) { +#ifdef GRANT_CHECK_WRITE if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) { return TSDB_CODE_GRANT_EXPIRED; } +#endif if (!pMsg->pUser->writeAuth) { return TSDB_CODE_MND_NO_RIGHTS; @@ -203,12 +205,12 @@ int32_t mnodeCreateFunc(SAcctObj *pAcct, char *name, int32_t codeLen, char *code if (code != TSDB_CODE_SUCCESS) { return code; } - +#ifdef GRANT_CHECK_WRITE code = grantCheck(TSDB_GRANT_USER); if (code != TSDB_CODE_SUCCESS) { return code; } - +#endif if (name[0] == 0) { return TSDB_CODE_MND_INVALID_FUNC_NAME; } diff --git a/src/mnode/src/mnodeTable.c b/src/mnode/src/mnodeTable.c index 960dab6a5bd74f5f49afa42cf3b1f3583d37ac84..85f3ee191f0427965c12cd196bb9b7bf8d1bc653 100644 --- a/src/mnode/src/mnodeTable.c +++ b/src/mnode/src/mnodeTable.c @@ -2216,18 +2216,20 @@ static int32_t mnodeProcessCreateChildTableMsg(SMnodeMsg *pMsg) { //SCMCreateTableMsg* p1 = pMsg->rpcMsg.pCont; // there are several tables here. SCreateTableMsg* pCreate = (SCreateTableMsg*)((char *)pMsg->rpcMsg.pCont + sizeof(SCMCreateTableMsg)); +#ifdef GRANT_CHECK_WRITE int32_t code = grantCheck(TSDB_GRANT_TIMESERIES); if (code != TSDB_CODE_SUCCESS) { mError("msg:%p, app:%p table:%s, failed to create, grant timeseries failed", pMsg, pMsg->rpcMsg.ahandle, pCreate->tableName); return code; } +#endif if (pMsg->retry == 0) { if (pMsg->pTable == NULL) { SVgObj *pVgroup = NULL; int32_t tid = 0; - code = mnodeGetAvailableVgroup(pMsg, &pVgroup, &tid); + int32_t code = mnodeGetAvailableVgroup(pMsg, &pVgroup, &tid); if (code != TSDB_CODE_SUCCESS) { mDebug("msg:%p, app:%p table:%s, failed to get available vgroup, reason:%s", pMsg, pMsg->rpcMsg.ahandle, pCreate->tableName, tstrerror(code)); diff --git a/src/mnode/src/mnodeUser.c b/src/mnode/src/mnodeUser.c index c5c54791cf828661e146b121765806a630ea8baa..9e06a4bef3c47c50837f78499d19cbc62ddf078f 100644 --- a/src/mnode/src/mnodeUser.c +++ b/src/mnode/src/mnodeUser.c @@ -249,11 +249,13 @@ int32_t mnodeCreateUser(SAcctObj *pAcct, char *name, char *pass, void *pMsg) { mnodeDecUserRef(pUser); return TSDB_CODE_MND_USER_ALREADY_EXIST; } - + +#ifdef GRANT_CHECK_WRITE code = grantCheck(TSDB_GRANT_USER); if (code != TSDB_CODE_SUCCESS) { return code; } +#endif pUser = calloc(1, sizeof(SUserObj)); tstrncpy(pUser->user, name, TSDB_USER_LEN); diff --git a/src/mnode/src/mnodeWrite.c b/src/mnode/src/mnodeWrite.c index 9a993dfaafab725847a43097497287fbe5642511..a954ecb5c2a746e252f0905eb86d8dd8f1a1fbee 100644 --- a/src/mnode/src/mnodeWrite.c +++ b/src/mnode/src/mnodeWrite.c @@ -65,14 +65,16 @@ int32_t mnodeProcessWrite(SMnodeMsg *pMsg) { return TSDB_CODE_MND_MSG_NOT_PROCESSED; } +#ifdef GRANT_CHECK_WRITE int32_t code = grantCheck(TSDB_GRANT_TIME); if (code != TSDB_CODE_SUCCESS) { mError("msg:%p, app:%p type:%s not processed, reason:%s", pMsg, pMsg->rpcMsg.ahandle, taosMsg[pMsg->rpcMsg.msgType], tstrerror(code)); return code; } +#endif - code = mnodeInitMsg(pMsg); + int32_t code = mnodeInitMsg(pMsg); if (code != TSDB_CODE_SUCCESS) { mError("msg:%p, app:%p type:%s not processed, reason:%s", pMsg, pMsg->rpcMsg.ahandle, taosMsg[pMsg->rpcMsg.msgType], tstrerror(code)); diff --git a/src/vnode/src/vnodeRead.c b/src/vnode/src/vnodeRead.c index 64f87ba5caddbb8b9cf90c2a13fa4029a9821ab0..291c7d7ea409216f9c4b277d7209dc2832058d27 100644 --- a/src/vnode/src/vnodeRead.c +++ b/src/vnode/src/vnodeRead.c @@ -20,6 +20,7 @@ #include "tglobal.h" #include "query.h" #include "vnodeStatus.h" +#include "tgrant.h" int32_t vNumOfExistedQHandle; // current initialized and existed query handle in current dnode @@ -227,6 +228,16 @@ static int32_t vnodeProcessQueryMsg(SVnodeObj *pVnode, SVReadMsg *pRead) { vError("error rpc msg in query, %s", tstrerror(pRead->code)); } + if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) { + SQueryTableRsp *pRsp = (SQueryTableRsp *)rpcMallocCont(sizeof(SQueryTableRsp)); + pRsp->code = TSDB_CODE_GRANT_EXPIRED; + pRsp->qId = 0; + + pRet->len = sizeof(SQueryTableRsp); + pRet->rsp = pRsp; + return pRsp->code; + } + int32_t code = TSDB_CODE_SUCCESS; void ** handle = NULL;