[TS-463]<feature> grant check for query while not for write

26934679 · Cary Xu · 8bfcf8eb · 26934679 · 26934679 · 26934679
7 changed file
--- a/src/mnode/src/mnodeDb.c
+++ b/src/mnode/src/mnodeDb.c
@@ -429,8 +429,10 @@ static int32_t mnodeCreateDb(SAcctObj *pAcct, SCreateDbMsg *pCreate, SMnodeMsg *
    }
  }
+#ifdef GRANT_CHECK_WRITE
  code = grantCheck(TSDB_GRANT_DB);
  if (code != 0) return code;
+#endif
  pDb = calloc(1, sizeof(SDbObj));
  tstrncpy(pDb->name, pCreate->db, sizeof(pDb->name));
@@ -927,9 +929,12 @@ static int32_t mnodeProcessCreateDbMsg(SMnodeMsg *pMsg) {
  pCreate->maxRowsPerFileBlock = htonl(pCreate->maxRowsPerFileBlock);
  int32_t code;
+#ifdef GRANT_CHECK_WRITE
  if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) {
    code = TSDB_CODE_GRANT_EXPIRED;
-  } else if (!pMsg->pUser->writeAuth) {
+  } else
+#endif
+      if (!pMsg->pUser->writeAuth) {
    code = TSDB_CODE_MND_NO_RIGHTS;
  } else {
    code = mnodeCreateDb(pMsg->pUser->pAcct, pCreate, pMsg);

--- a/src/mnode/src/mnodeDnode.c
+++ b/src/mnode/src/mnodeDnode.c
@@ -663,11 +663,12 @@ static int32_t mnodeProcessDnodeStatusMsg(SMnodeMsg *pMsg) {
 }
 static int32_t mnodeCreateDnode(char *ep, SMnodeMsg *pMsg) {
+#ifndef GRANT_CHECK_WRITE
  int32_t grantCode = grantCheck(TSDB_GRANT_DNODE);
  if (grantCode != TSDB_CODE_SUCCESS) {
    return grantCode;
  }
+#endif
  char dnodeEp[TSDB_EP_LEN] = {0};
  tstrncpy(dnodeEp, ep, TSDB_EP_LEN);
  strtrim(dnodeEp);

--- a/src/mnode/src/mnodeFunc.c
+++ b/src/mnode/src/mnodeFunc.c
@@ -191,9 +191,11 @@ static int32_t mnodeUpdateFunc(SFuncObj *pFunc, void *pMsg) {
 }
 */
 int32_t mnodeCreateFunc(SAcctObj *pAcct, char *name, int32_t codeLen, char *codeScript, char *path, uint8_t outputType, int16_t outputLen, int32_t funcType, int32_t bufSize, SMnodeMsg *pMsg) {
+#ifdef GRANT_CHECK_WRITE
  if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) {
    return TSDB_CODE_GRANT_EXPIRED;
  }
+#endif
  if (!pMsg->pUser->writeAuth) {
    return TSDB_CODE_MND_NO_RIGHTS;
@@ -203,12 +205,12 @@ int32_t mnodeCreateFunc(SAcctObj *pAcct, char *name, int32_t codeLen, char *code
  if (code != TSDB_CODE_SUCCESS) {
    return code;
  }
+#ifdef GRANT_CHECK_WRITE
  code = grantCheck(TSDB_GRANT_USER);
  if (code != TSDB_CODE_SUCCESS) {
    return code;
  }
+#endif
  if (name[0] == 0) {
    return TSDB_CODE_MND_INVALID_FUNC_NAME;
  }

--- a/src/mnode/src/mnodeTable.c
+++ b/src/mnode/src/mnodeTable.c
@@ -2216,18 +2216,20 @@ static int32_t mnodeProcessCreateChildTableMsg(SMnodeMsg *pMsg) {
  //SCMCreateTableMsg* p1 = pMsg->rpcMsg.pCont; // there are several tables here.
  SCreateTableMsg* pCreate = (SCreateTableMsg*)((char *)pMsg->rpcMsg.pCont + sizeof(SCMCreateTableMsg));
+#ifdef GRANT_CHECK_WRITE
  int32_t code = grantCheck(TSDB_GRANT_TIMESERIES);
  if (code != TSDB_CODE_SUCCESS) {
    mError("msg:%p, app:%p table:%s, failed to create, grant timeseries failed", pMsg, pMsg->rpcMsg.ahandle,
           pCreate->tableName);
    return code;
  }
+#endif
  if (pMsg->retry == 0) {
    if (pMsg->pTable == NULL) {
      SVgObj *pVgroup = NULL;
      int32_t tid = 0;
-      code = mnodeGetAvailableVgroup(pMsg, &pVgroup, &tid);
+      int32_t code = mnodeGetAvailableVgroup(pMsg, &pVgroup, &tid);
      if (code != TSDB_CODE_SUCCESS) {
        mDebug("msg:%p, app:%p table:%s, failed to get available vgroup, reason:%s", pMsg, pMsg->rpcMsg.ahandle,
               pCreate->tableName, tstrerror(code));

--- a/src/mnode/src/mnodeUser.c
+++ b/src/mnode/src/mnodeUser.c
@@ -249,11 +249,13 @@ int32_t mnodeCreateUser(SAcctObj *pAcct, char *name, char *pass, void *pMsg) {
    mnodeDecUserRef(pUser);
    return TSDB_CODE_MND_USER_ALREADY_EXIST;
  }
+#ifdef GRANT_CHECK_WRITE
  code = grantCheck(TSDB_GRANT_USER);
  if (code != TSDB_CODE_SUCCESS) {
    return code;
  }
+#endif
  pUser = calloc(1, sizeof(SUserObj));
  tstrncpy(pUser->user, name, TSDB_USER_LEN);

--- a/src/mnode/src/mnodeWrite.c
+++ b/src/mnode/src/mnodeWrite.c
@@ -65,14 +65,16 @@ int32_t mnodeProcessWrite(SMnodeMsg *pMsg) {
    return TSDB_CODE_MND_MSG_NOT_PROCESSED;
  }
+#ifdef GRANT_CHECK_WRITE
  int32_t code = grantCheck(TSDB_GRANT_TIME);
  if (code != TSDB_CODE_SUCCESS) {
    mError("msg:%p, app:%p type:%s not processed, reason:%s", pMsg, pMsg->rpcMsg.ahandle, taosMsg[pMsg->rpcMsg.msgType],
           tstrerror(code));
    return code;
  }
+#endif
-  code = mnodeInitMsg(pMsg);
+  int32_t code = mnodeInitMsg(pMsg);
  if (code != TSDB_CODE_SUCCESS) {
    mError("msg:%p, app:%p type:%s not processed, reason:%s", pMsg, pMsg->rpcMsg.ahandle, taosMsg[pMsg->rpcMsg.msgType],
           tstrerror(code));

--- a/src/vnode/src/vnodeRead.c
+++ b/src/vnode/src/vnodeRead.c
@@ -20,6 +20,7 @@
 #include "tglobal.h"
 #include "query.h"
 #include "vnodeStatus.h"
+#include "tgrant.h"
 int32_t vNumOfExistedQHandle;   // current initialized and existed query handle in current dnode
@@ -227,6 +228,16 @@ static int32_t vnodeProcessQueryMsg(SVnodeObj *pVnode, SVReadMsg *pRead) {
    vError("error rpc msg in query, %s", tstrerror(pRead->code));
  }
+  if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) {
+    SQueryTableRsp *pRsp = (SQueryTableRsp *)rpcMallocCont(sizeof(SQueryTableRsp));
+    pRsp->code = TSDB_CODE_GRANT_EXPIRED;
+    pRsp->qId = 0;
+    pRet->len = sizeof(SQueryTableRsp);
+    pRet->rsp = pRsp;
+    return pRsp->code;
+  }
  int32_t code = TSDB_CODE_SUCCESS;
  void ** handle = NULL;