test: case for sysinfo and enable user

source/dnode/mnode/impl/src/mndAuth.c

@@ -102,7 +102,13 @@ _OVER:
 }
 
 int32_t mndCheckAlterUserAuth(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter) {
+  if (pUser->superUser && pAlter->alterType != TSDB_ALTER_USER_PASSWD) {
+    terrno = TSDB_CODE_MND_NO_RIGHTS;
+    return -1;
+  }
+
   if (pOperUser->superUser) return 0;
+
   if (!pOperUser->enable) {
     terrno = TSDB_CODE_MND_USER_DISABLED;
     return -1;

tests/script/jenkins/basic.txt

@@ -2,12 +2,11 @@
 #======================b1-start===============
 
 # ---- user
-./test.sh -f tsim/user/basic1.sim
-./test.sh -f tsim/user/pass_alter.sim
-./test.sh -f tsim/user/pass_len.sim
-./test.sh -f tsim/user/user_len.sim
-./test.sh -f tsim/user/privilege1.sim
-./test.sh -f tsim/user/privilege2.sim
+./test.sh -f tsim/user/basic.sim
+./test.sh -f tsim/user/password.sim
+./test.sh -f tsim/user/privilege_db.sim
+#./test.sh -f tsim/user/privilege_enable.sim
+#./test.sh -f tsim/user/privilege_sysinfo.sim
 
 ## ---- db
 ./test.sh -f tsim/db/create_all_options.sim

tests/script/tsim/user/basic.sim

+system sh/stop_dnodes.sh
+system sh/deploy.sh -n dnode1 -i 1
+system sh/exec.sh -n dnode1 -s start
+sql connect
+
+print =============== step0
+sql show users
+if $data(root)[1] != 1 then
+  return -1
+endi
+if $data(root)[2] != 1 then
+  return -1
+endi
+if $data(root)[3] != 1 then
+  return -1
+endi
+
+sql alter user root pass 'taosdata'
+
+sql_error ALTER USER root SYSINFO 0
+sql_error ALTER USER root SYSINFO 1
+sql_error ALTER USER root enable 0
+sql_error ALTER USER root enable 1
+
+sql_error create database db vgroups 1;
+sql_error GRANT read ON db.* to root;
+sql_error GRANT read ON *.* to root;
+sql_error REVOKE read ON db.* from root;
+sql_error REVOKE read ON *.* from root;
+sql_error GRANT write ON db.* to root;
+sql_error GRANT write ON *.* to root;
+sql_error REVOKE write ON db.* from root;
+sql_error REVOKE write ON *.* from root;
+sql_error REVOKE write ON *.* from root;
+
+sql_error GRANT all ON *.* to root;
+sql_error REVOKE all ON *.* from root;
+sql_error GRANT read,write ON *.* to root;
+sql_error REVOKE read,write ON *.* from root;
+
+print =============== step1: sysinfo create
+sql CREATE USER u1 PASS 'taosdata' SYSINFO 0;
+sql show users
+if $rows != 2 then 
+  return -1
+endi
+if $data(u1)[1] != 0 then
+  return -1
+endi
+if $data(u1)[2] != 1 then
+  return -1
+endi
+if $data(u1)[3] != 0 then
+  return -1
+endi
+
+sql CREATE USER u2 PASS 'taosdata' SYSINFO 1;
+sql show users
+if $rows != 3 then 
+  return -1
+endi
+if $data(u2)[1] != 0 then
+  return -1
+endi
+if $data(u2)[2] != 1 then
+  return -1
+endi
+if $data(u2)[3] != 1 then
+  return -1
+endi
+
+print =============== step2: sysinfo alter
+sql ALTER USER u1 SYSINFO 1
+sql show users
+if $data(u1)[1] != 0 then
+  return -1
+endi
+if $data(u1)[2] != 1 then
+  return -1
+endi
+if $data(u1)[3] != 1 then
+  return -1
+endi
+
+sql ALTER USER u1 SYSINFO 0
+sql show users
+if $data(u1)[1] != 0 then
+  return -1
+endi
+if $data(u1)[2] != 1 then
+  return -1
+endi
+if $data(u1)[3] != 0 then
+  return -1
+endi
+
+sql ALTER USER u1 SYSINFO 0
+sql ALTER USER u1 SYSINFO 0
+
+sql drop user u1
+sql show users
+if $rows != 2 then 
+  return -1
+endi
+
+print =============== step3: enable alter
+sql ALTER USER u2 enable 0
+sql show users
+if $rows != 2 then 
+  return -1
+endi
+if $data(u2)[1] != 0 then
+  return -1
+endi
+if $data(u2)[2] != 0 then
+  return -1
+endi
+if $data(u2)[3] != 1 then
+  return -1
+endi
+
+sql ALTER USER u2 enable 1
+sql show users
+if $data(u2)[1] != 0 then
+  return -1
+endi
+if $data(u2)[2] != 1 then
+  return -1
+endi
+if $data(u2)[3] != 1 then
+  return -1
+endi
+
+sql ALTER USER u2 enable 1
+sql ALTER USER u2 enable 1
+
+print =============== restart taosd
+system sh/exec.sh -n dnode1 -s stop
+system sh/exec.sh -n dnode1 -s start
+
+print =============== step4: enable privilege
+sql show users
+if $rows != 2 then 
+  return -1
+endi
+if $data(u2)[1] != 0 then
+  return -1
+endi
+if $data(u2)[2] != 1 then
+  return -1
+endi
+if $data(u2)[3] != 1 then
+  return -1
+endi
+
+
+system sh/exec.sh -n dnode1 -s stop -x SIGINT
\ No newline at end of file

tests/script/tsim/user/basic1.sim

-system sh/stop_dnodes.sh
-system sh/deploy.sh -n dnode1 -i 1
-system sh/exec.sh -n dnode1 -s start
-sql connect
-
-print =============== show users
-sql show users
-if $rows != 1 then 
-  return -1
-endi
-
-print $data[0][0] $data[0][1] $data[0][2]
-print $data[1][0] $data[1][1] $data[1][2]
-print $data[2][0] $data[1][2] $data[2][2]
-
-sql_error show accounts;
-sql_error create account a pass "a"
-sql_error drop account a
-sql_error drop account root
-
-print =============== create user1
-sql create user user1 PASS 'user1'
-sql show users
-if $rows != 2 then 
-  return -1
-endi
-
-print $data[0][0] $data[0][1] $data[0][2]
-print $data[1][0] $data[1][1] $data[1][2]
-print $data[2][0] $data[1][2] $data[2][2]
-print $data[3][0] $data[3][1] $data[3][2]
-
-print =============== create user2
-sql create user user2 PASS 'user2'
-sql show users
-if $rows != 3 then 
-  return -1
-endi
-
-print $data[0][0] $data[0][1] $data[0][2]
-print $data[1][0] $data[1][1] $data[1][2]
-print $data[2][0] $data[1][2] $data[2][2]
-print $data[3][0] $data[3][1] $data[3][2]
-print $data40 $data41 $data42
-
-print =============== drop user1
-sql drop user user1
-sql show users
-if $rows != 2 then 
-  return -1
-endi
-
-print $data[0][0] $data[0][1] $data[0][2]
-print $data[1][0] $data[1][1] $data[1][2]
-print $data[2][0] $data[1][2] $data[2][2]
-print $data[3][0] $data[3][1] $data[3][2]
-
-print =============== restart taosd
-system sh/exec.sh -n dnode1 -s stop
-sleep 1000
-system sh/exec.sh -n dnode1 -s start
-
-print =============== show users
-sql show users
-if $rows != 2 then 
-  return -1
-endi
-
-print $data[0][0] $data[0][1] $data[0][2]
-print $data[1][0] $data[1][1] $data[1][2]
-print $data[2][0] $data[1][2] $data[2][2]
-print $data[3][0] $data[3][1] $data[3][2]
-
-system sh/exec.sh -n dnode1 -s stop -x SIGINT

tests/script/tsim/user/pass_len.sim

-system sh/stop_dnodes.sh
-system sh/deploy.sh -n dnode1 -i 1
-system sh/exec.sh -n dnode1 -s start
-sql connect
-
-$i = 0
-$dbPrefix = apdb
-$tbPrefix = aptb
-$db = $dbPrefix . $i
-$tb = $tbPrefix . $i
-$userPrefix = apusr
-
-print =============== step1
-$i = 0
-$user = $userPrefix . $i
-
-sql drop user $user -x step11
-  return -1
-step11:
-
-sql create user $user PASS -x step12
-  return -1
-step12:
-
-sql create user $user PASS 'taosdata'
-
-sql show users
-if $rows != 2 then 
-  return -1
-endi
-
-print =============== step2
-$i = 1
-$user = $userPrefix . $i
-sql drop user $user -x step2
-step2:
-sql create user $user PASS '1'
-sql show users
-if $rows != 3 then 
-  return -1
-endi
-
-print =============== step3
-$i = 2
-$user = $userPrefix . $i
-sql drop user $user -x step3
-step3:
-
-sql create user $user PASS 'abc0123456789'
-sql show users
-if $rows != 4 then 
-  return -1
-endi
-
-print =============== step4
-$i = 3
-$user = $userPrefix . $i
-sql create user $user PASS 'abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890123' -x step4
-	return -1
-
-step4:
-sql show users
-if $rows != 4 then 
-  return -1
-endi
-
-$i = 0
-while $i < 3
-  $user = $userPrefix . $i
-  sql drop user $user 
-  $i = $i + 1
-endw
-
-sql show users
-if $rows != 1 then 
-  return -1
-endi
-
-system sh/exec.sh -n dnode1 -s stop -x SIGINT
\ No newline at end of file

tests/script/tsim/user/pass_alter.sim → tests/script/tsim/user/password.sim

@@ -16,14 +16,12 @@ if $rows != 3 then
 endi
 
 print ============= step2
-sql close
-sleep 2500
 print user u_read login
+sql close
 sql connect u_read
+
 sql alter user u_read pass 'taosdata'
-sql alter user u_write pass 'taosdata1' -x step2
-  return -1
-step2:
+sql_error alter user u_write pass 'taosdata1' 
 
 sql_error create user read1 pass 'taosdata1'
 sql_error create user write1 pass 'taosdata1'
@@ -34,17 +32,14 @@ if $rows != 3 then
 endi
 
 print ============= step3
-sql close
-sleep 2500
 print user u_write login
+sql close
 sql connect u_write
 
 sql_error create user read2 pass 'taosdata1'
 sql_error create user write2 pass 'taosdata1'
 sql alter user u_write pass 'taosdata'
-sql alter user u_read pass 'taosdata' -x step3
-  return -1
-step3:
+sql_error alter user u_read pass 'taosdata' 
 
 sql show users
 if $rows != 3 then 
@@ -52,15 +47,41 @@ if $rows != 3 then
 endi
 
 print ============= step4
-sql close 
-sleep 2500
 print user root login
+sql close 
 sql connect
 sql create user oroot pass 'taosdata'
+sql_error create user $user PASS 'abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890123'
+sql_error create userabcd012345678901234567891234567890abcd01234567890123456789123456789  PASS 'taosdata'
+sql_error create user abcd0123456789012345678901234567890111 PASS '123'
+sql create user abc01234567890123456789 PASS '123'
 
 sql show users
-if $rows != 4 then 
+if $rows != 5 then 
   return -1
 endi
 
+print ============= step5
+sql create database db vgroups 1
+sql_error ALTER USER o_root SYSINFO 0
+sql_error ALTER USER o_root SYSINFO 1
+sql_error ALTER USER o_root enable 0
+sql_error ALTER USER o_root enable 1
+
+sql_error create database db vgroups 1;
+sql_error GRANT read ON db.* to o_root;
+sql_error GRANT read ON *.* to o_root;
+sql_error REVOKE read ON db.* from o_root;
+sql_error REVOKE read ON *.* from o_root;
+sql_error GRANT write ON db.* to o_root;
+sql_error GRANT write ON *.* to o_root;
+sql_error REVOKE write ON db.* from o_root;
+sql_error REVOKE write ON *.* from o_root;
+sql_error REVOKE write ON *.* from o_root;
+
+sql_error GRANT all ON *.* to o_root;
+sql_error REVOKE all ON *.* from o_root;
+sql_error GRANT read,write ON *.* to o_root;
+sql_error REVOKE read,write ON *.* from o_root;
+
 system sh/exec.sh -n dnode1 -s stop -x SIGINT
\ No newline at end of file

tests/script/tsim/user/privilege1.sim → tests/script/tsim/user/privilege_db.sim

@@ -3,7 +3,7 @@ system sh/deploy.sh -n dnode1 -i 1
 system sh/exec.sh -n dnode1 -s start
 sql connect
 
-print =============== show users
+print =============== create db
 sql create database d1 vgroups 1;
 sql create database d2 vgroups 1;
 sql create database d3 vgroups 1;
@@ -68,4 +68,26 @@ sql REVOKE read,write ON d1.* from user1;
 sql REVOKE read,write ON d2.* from user1;
 sql REVOKE read,write ON *.* from user1;
 
+
+print =============== create users
+sql create user u1 PASS 'taosdata'
+sql show users
+if $rows != 4 then 
+  return -1
+endi
+
+sql GRANT read ON d1.* to u1;
+sql GRANT write ON d2.* to u1;
+
+print =============== re connect
+print user u1 login
+sql close
+sql connect u1
+
+sql_error drop database d1;
+sql_error drop database d2;
+
+sql_error create stable d1.st (ts timestamp, i int) tags (j int)
+sql create stable d2.st (ts timestamp, i int) tags (j int)
+
 system sh/exec.sh -n dnode1 -s stop -x SIGINT

tests/script/tsim/user/privilege2.sim → tests/script/tsim/user/privilege_enable.sim

@@ -3,14 +3,13 @@ system sh/deploy.sh -n dnode1 -i 1
 system sh/exec.sh -n dnode1 -s start
 sql connect
 
-print =============== show users
+print =============== create db
 sql create database d1 vgroups 1;
-sql create database d2 vgroups 1;
-sql create database d3 vgroups 1;
-sql show databases
-if $rows != 5 then 
-  return -1
-endi
+
+print =============== create users
+sql create user u1 pass 'taosdata'
+sql alter user u1 enable 0
+
 
 print =============== create users
 sql create user user1 PASS 'taosdata'

tests/script/tsim/user/privilege_sysinfo.sim

+system sh/stop_dnodes.sh
+system sh/deploy.sh -n dnode1 -i 1
+system sh/exec.sh -n dnode1 -s start
+sql connect
+
+system sh/exec.sh -n dnode1 -s stop -x SIGINT
\ No newline at end of file

tests/script/tsim/user/user_len.sim

-system sh/stop_dnodes.sh
-system sh/deploy.sh -n dnode1 -i 1
-system sh/exec.sh -n dnode1 -s start
-sql connect
-
-$i = 0
-$dbPrefix = lm_us_db
-$tbPrefix = lm_us_tb
-$db = $dbPrefix . $i
-$tb = $tbPrefix . $i
-
-print =============== step1
-sql drop user ac -x step0
-	return -1
-step0:
-
-sql create user PASS '123' -x step1
-	return -1
-step1:
-
-sql show users
-if $rows != 1 then 
-  return -1
-endi
-
-print =============== step2
-sql drop user a -x step2
-step2:
-sql create user a PASS '123'
-sql show users
-if $rows != 2 then 
-  return -1
-endi
-
-sql drop user a
-sql show users
-if $rows != 1 then 
-  return -1
-endi
-
-print =============== step3
-sql drop user abc01234567890123456789 -x step3
-step3:
-
-sql create user abc01234567890123456789 PASS '123'
-sql show users
-if $rows != 2 then 
-  return -1
-endi
-
-sql drop user abc01234567890123456789
-sql show users
-if $rows != 1 then 
-  return -1
-endi
-
-print =============== step4
-sql create user abcd0123456789012345678901234567890111 PASS '123' -x step4
-	return -1
-step4:
-sql show users
-if $rows != 1 then 
-  return -1
-endi
-
-print =============== step5
-sql drop user 123 -x step5
-step5:
-sql create user 123 PASS '123' -x step61
-  return -1
-step61:
-
-sql create user a123 PASS '123'
-sql show users
-if $rows != 2 then 
-  return -1
-endi
-
-sql drop user a123
-sql show users
-if $rows != 1 then 
-  return -1
-endi
-
-system sh/exec.sh -n dnode1 -s stop -x SIGINT
\ No newline at end of file