[TS-463]<feature> grant check for query while not for write

src/mnode/src/mnodeDb.c

@@ -429,8 +429,10 @@ static int32_t mnodeCreateDb(SAcctObj *pAcct, SCreateDbMsg *pCreate, SMnodeMsg *
     }
   }
 
+#ifdef GRANT_CHECK_WRITE
   code = grantCheck(TSDB_GRANT_DB);
   if (code != 0) return code;
+#endif
 
   pDb = calloc(1, sizeof(SDbObj));
   tstrncpy(pDb->name, pCreate->db, sizeof(pDb->name));
@@ -927,9 +929,12 @@ static int32_t mnodeProcessCreateDbMsg(SMnodeMsg *pMsg) {
   pCreate->maxRowsPerFileBlock = htonl(pCreate->maxRowsPerFileBlock);
   
   int32_t code;
+#ifdef GRANT_CHECK_WRITE
   if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) {
     code = TSDB_CODE_GRANT_EXPIRED;
-  } else if (!pMsg->pUser->writeAuth) {
+  } else
+#endif
+      if (!pMsg->pUser->writeAuth) {
     code = TSDB_CODE_MND_NO_RIGHTS;
   } else {
     code = mnodeCreateDb(pMsg->pUser->pAcct, pCreate, pMsg);

src/mnode/src/mnodeDnode.c

@@ -663,11 +663,12 @@ static int32_t mnodeProcessDnodeStatusMsg(SMnodeMsg *pMsg) {
 }
 
 static int32_t mnodeCreateDnode(char *ep, SMnodeMsg *pMsg) {
+#ifndef GRANT_CHECK_WRITE
   int32_t grantCode = grantCheck(TSDB_GRANT_DNODE);
   if (grantCode != TSDB_CODE_SUCCESS) {
     return grantCode;
   }
-
+#endif
   char dnodeEp[TSDB_EP_LEN] = {0};
   tstrncpy(dnodeEp, ep, TSDB_EP_LEN);
   strtrim(dnodeEp);

src/mnode/src/mnodeFunc.c

@@ -191,9 +191,11 @@ static int32_t mnodeUpdateFunc(SFuncObj *pFunc, void *pMsg) {
 }
 */
 int32_t mnodeCreateFunc(SAcctObj *pAcct, char *name, int32_t codeLen, char *codeScript, char *path, uint8_t outputType, int16_t outputLen, int32_t funcType, int32_t bufSize, SMnodeMsg *pMsg) {
+#ifdef GRANT_CHECK_WRITE
   if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) {
     return TSDB_CODE_GRANT_EXPIRED;
   }
+#endif
 
   if (!pMsg->pUser->writeAuth) {
     return TSDB_CODE_MND_NO_RIGHTS;
@@ -203,12 +205,12 @@ int32_t mnodeCreateFunc(SAcctObj *pAcct, char *name, int32_t codeLen, char *code
   if (code != TSDB_CODE_SUCCESS) {
     return code;
   }
-
+#ifdef GRANT_CHECK_WRITE
   code = grantCheck(TSDB_GRANT_USER);
   if (code != TSDB_CODE_SUCCESS) {
     return code;
   }
-
+#endif
   if (name[0] == 0) {
     return TSDB_CODE_MND_INVALID_FUNC_NAME;
   }

src/mnode/src/mnodeTable.c

@@ -2216,18 +2216,20 @@ static int32_t mnodeProcessCreateChildTableMsg(SMnodeMsg *pMsg) {
   //SCMCreateTableMsg* p1 = pMsg->rpcMsg.pCont; // there are several tables here.
   SCreateTableMsg* pCreate = (SCreateTableMsg*)((char *)pMsg->rpcMsg.pCont + sizeof(SCMCreateTableMsg));
 
+#ifdef GRANT_CHECK_WRITE
   int32_t code = grantCheck(TSDB_GRANT_TIMESERIES);
   if (code != TSDB_CODE_SUCCESS) {
     mError("msg:%p, app:%p table:%s, failed to create, grant timeseries failed", pMsg, pMsg->rpcMsg.ahandle,
            pCreate->tableName);
     return code;
   }
+#endif
 
   if (pMsg->retry == 0) {
     if (pMsg->pTable == NULL) {
       SVgObj *pVgroup = NULL;
       int32_t tid = 0;
-      code = mnodeGetAvailableVgroup(pMsg, &pVgroup, &tid);
+      int32_t code = mnodeGetAvailableVgroup(pMsg, &pVgroup, &tid);
       if (code != TSDB_CODE_SUCCESS) {
         mDebug("msg:%p, app:%p table:%s, failed to get available vgroup, reason:%s", pMsg, pMsg->rpcMsg.ahandle,
                pCreate->tableName, tstrerror(code));

src/mnode/src/mnodeUser.c

@@ -250,10 +250,12 @@ int32_t mnodeCreateUser(SAcctObj *pAcct, char *name, char *pass, void *pMsg) {
     return TSDB_CODE_MND_USER_ALREADY_EXIST;
   }
   
+#ifdef GRANT_CHECK_WRITE
   code = grantCheck(TSDB_GRANT_USER);
   if (code != TSDB_CODE_SUCCESS) {
     return code;
   }
+#endif
 
   pUser = calloc(1, sizeof(SUserObj));
   tstrncpy(pUser->user, name, TSDB_USER_LEN);

src/mnode/src/mnodeWrite.c

@@ -65,14 +65,16 @@ int32_t mnodeProcessWrite(SMnodeMsg *pMsg) {
     return TSDB_CODE_MND_MSG_NOT_PROCESSED;
   }
 
+#ifdef GRANT_CHECK_WRITE
   int32_t code = grantCheck(TSDB_GRANT_TIME);
   if (code != TSDB_CODE_SUCCESS) {
     mError("msg:%p, app:%p type:%s not processed, reason:%s", pMsg, pMsg->rpcMsg.ahandle, taosMsg[pMsg->rpcMsg.msgType],
            tstrerror(code));
     return code;
   }
+#endif
 
-  code = mnodeInitMsg(pMsg);
+  int32_t code = mnodeInitMsg(pMsg);
   if (code != TSDB_CODE_SUCCESS) {
     mError("msg:%p, app:%p type:%s not processed, reason:%s", pMsg, pMsg->rpcMsg.ahandle, taosMsg[pMsg->rpcMsg.msgType],
            tstrerror(code));

src/vnode/src/vnodeRead.c

@@ -20,6 +20,7 @@
 #include "tglobal.h"
 #include "query.h"
 #include "vnodeStatus.h"
+#include "tgrant.h"
 
 int32_t vNumOfExistedQHandle;   // current initialized and existed query handle in current dnode
 
@@ -227,6 +228,16 @@ static int32_t vnodeProcessQueryMsg(SVnodeObj *pVnode, SVReadMsg *pRead) {
     vError("error rpc msg in query, %s", tstrerror(pRead->code));
   }
 
+  if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) {
+    SQueryTableRsp *pRsp = (SQueryTableRsp *)rpcMallocCont(sizeof(SQueryTableRsp));
+    pRsp->code = TSDB_CODE_GRANT_EXPIRED;
+    pRsp->qId = 0;
+
+    pRet->len = sizeof(SQueryTableRsp);
+    pRet->rsp = pRsp;
+    return pRsp->code;
+  }
+
   int32_t code = TSDB_CODE_SUCCESS;
   void ** handle = NULL;