Merge branch 'main' of github.com:taosdata/TDengine into szhou/cenc

cf6508c7 · shenglian zhou · f4ef8dc7 · 71587df6 · cf6508c7 · cf6508c7
5 changed file
--- a/source/dnode/mnode/impl/src/mndConsumer.c
+++ b/source/dnode/mnode/impl/src/mndConsumer.c
@@ -554,14 +554,6 @@ static int32_t mndProcessSubscribeReq(SRpcMsg *pMsg) {
      goto SUBSCRIBE_OVER;
    }

-    // check topic only
-#if 0
-    if (mndCheckDbPrivilegeByName(pMnode, pMsg->info.conn.user, MND_OPER_READ_DB, pTopic->db) != 0) {
-      mndReleaseTopic(pMnode, pTopic);
-      goto SUBSCRIBE_OVER;
-    }
-#endif
-
    if (mndCheckTopicPrivilege(pMnode, pMsg->info.conn.user, MND_OPER_SUBSCRIBE, pTopic) != 0) {
      mndReleaseTopic(pMnode, pTopic);
      goto SUBSCRIBE_OVER;

--- a/source/libs/parser/inc/sql.y
+++ b/source/libs/parser/inc/sql.y
@@ -232,7 +232,7 @@ alter_db_option(A) ::= KEEP integer_list(B).
 alter_db_option(A) ::= KEEP variable_list(B).                                     { A.type = DB_OPTION_KEEP; A.pList = B; }
 alter_db_option(A) ::= PAGES NK_INTEGER(B).                                       { A.type = DB_OPTION_PAGES; A.val = B; }
 alter_db_option(A) ::= REPLICA NK_INTEGER(B).                                     { A.type = DB_OPTION_REPLICA; A.val = B; }
-alter_db_option(A) ::= STRICT NK_STRING(B).                                       { A.type = DB_OPTION_STRICT; A.val = B; }
+//alter_db_option(A) ::= STRICT NK_STRING(B).                                       { A.type = DB_OPTION_STRICT; A.val = B; }
 alter_db_option(A) ::= WAL_LEVEL NK_INTEGER(B).                                   { A.type = DB_OPTION_WAL; A.val = B; }
 alter_db_option(A) ::= STT_TRIGGER NK_INTEGER(B).                                 { A.type = DB_OPTION_STT_TRIGGER; A.val = B; }


--- a/source/libs/parser/src/sql.c
+++ b/source/libs/parser/src/sql.c
--- a/tests/parallel_test/cases.task
+++ b/tests/parallel_test/cases.task
@@ -10,6 +10,7 @@
 ,,y,script,./test.sh -f tsim/user/password.sim
 ,,y,script,./test.sh -f tsim/user/privilege_db.sim
 ,,y,script,./test.sh -f tsim/user/privilege_sysinfo.sim
+,,y,script,./test.sh -f tsim/user/privilege_topic.sim
 ,,y,script,./test.sh -f tsim/db/alter_option.sim
 ,,y,script,./test.sh -f tsim/db/alter_replica_13.sim
 ,,y,script,./test.sh -f tsim/db/alter_replica_31.sim

--- a/tests/script/tsim/user/privilege_topic.sim
+++ b/tests/script/tsim/user/privilege_topic.sim
+system sh/stop_dnodes.sh
+system sh/deploy.sh -n dnode1 -i 1
+system sh/exec.sh -n dnode1 -s start
+sql connect
+
+print =============== create db
+sql create database root_d1 vgroups 1;
+sql create database root_d2 vgroups 1;
+sql create database root_d3 vgroups 1;
+
+sql show user privileges
+if $rows != 1 then 
+  return -1
+endi
+if $data(root)[1] != all then 
+  return -1
+endi
+if $data(root)[2] != all then 
+  return -1
+endi
+
+print =============== create users
+sql create user user1 PASS 'taosdata'
+sql create user user2 PASS 'taosdata'
+sql create user user3 PASS 'taosdata'
+sql create user user4 PASS 'taosdata'
+sql create user user5 PASS 'taosdata'
+sql create user user6 PASS 'taosdata'
+sql alter user user1 sysinfo 0
+
+sql select * from information_schema.ins_users
+if $rows != 7 then 
+  return -1
+endi
+
+sql GRANT read ON root_d1.* to user1;
+sql GRANT write ON root_d2.* to user2;
+sql GRANT read ON root_d3.* to user3;
+sql GRANT write ON root_d3.* to user3;
+
+sql show user privileges
+if $rows != 5 then 
+  return -1
+endi
+if $data(user1)[1] != read then 
+  return -1
+endi
+if $data(user1)[2] != root_d1 then 
+  return -1
+endi
+if $data(user2)[1] != write then 
+  return -1
+endi
+if $data(user2)[2] != root_d2 then 
+  return -1
+endi
+
+print =============== create topis
+sql use root_d1
+sql create table root_d1_stb (ts timestamp, i int) tags (j int)
+sql create topic root_d1_topic1 as select ts, i from root_d1_stb
+sql create topic root_d1_topic2 as select ts, i from root_d1_stb
+sql create topic root_d1_topic3 as select ts, i from root_d1_stb
+sql create topic root_d1_topic4 as select ts, i from root_d1_stb
+
+sql show user privileges
+if $rows != 5 then 
+  return -1
+endi
+
+sql GRANT subscribe ON root_d1_topic1 TO user4
+sql GRANT subscribe ON root_d1_topic2 TO user5
+sql GRANT subscribe ON root_d1_topic3 TO user6
+sql show user privileges
+if $rows != 8 then 
+  return -1
+endi
+
+if $data(user4)[1] != subscribe then 
+  return -1
+endi
+if $data(user4)[2] != root_d1_topic1 then 
+  return -1
+endi
+if $data(user5)[1] != subscribe then 
+  return -1
+endi
+if $data(user5)[2] != root_d1_topic2 then 
+  return -1
+endi
+if $data(user6)[1] != subscribe then 
+  return -1
+endi
+if $data(user6)[2] != root_d1_topic3 then 
+  return -1
+endi
+
+sql REVOKE subscribe ON root_d1_topic3 from user6
+sql show user privileges
+if $rows != 7 then 
+  return -1
+endi
+if $data(user4)[1] != subscribe then 
+  return -1
+endi
+if $data(user4)[2] != root_d1_topic1 then 
+  return -1
+endi
+if $data(user5)[1] != subscribe then 
+  return -1
+endi
+if $data(user5)[2] != root_d1_topic2 then 
+  return -1
+endi
+
+print =============== repeat revoke/grant or invalid revoke/grant
+sql GRANT subscribe ON root_d1_topic1 to user4
+sql GRANT subscribe ON root_d1_topic2 to user4
+sql GRANT subscribe ON root_d1_topic3 to user4
+sql GRANT subscribe ON root_d1_topic1 to user5
+sql GRANT subscribe ON root_d1_topic2 to user5
+sql GRANT subscribe ON root_d1_topic3 to user5
+sql GRANT subscribe ON root_d1_topic1 to user6
+sql GRANT subscribe ON root_d1_topic2 to user6
+sql GRANT subscribe ON root_d1_topic3 to user6
+sql REVOKE subscribe ON root_d1_topic1 from user4
+sql REVOKE subscribe ON root_d1_topic2 from user4
+sql REVOKE subscribe ON root_d1_topic3 from user4
+sql REVOKE subscribe ON root_d1_topic1 from user5
+sql REVOKE subscribe ON root_d1_topic2 from user5
+sql REVOKE subscribe ON root_d1_topic3 from user5
+sql REVOKE subscribe ON root_d1_topic1 from user6
+sql REVOKE subscribe ON root_d1_topic2 from user6
+sql REVOKE subscribe ON root_d1_topic3 from user6
+
+print =============== invalid revoke/grant
+sql_error GRANT subscribe ON root_d1_topicx from user5
+sql_error REVOKE subscribe ON root_d1_topicx from user5
+
+print =============== check 
+sql GRANT subscribe ON root_d1_topic1 TO user4
+sql GRANT subscribe ON root_d1_topic2 TO user5
+sql GRANT subscribe ON root_d1_topic3 TO user6
+sql show user privileges
+if $rows != 8 then 
+  return -1
+endi
+
+print =============== re connect
+print user u1 login
+sql close
+sql connect user1
+
+sql_error show user privileges
+
+system sh/exec.sh -n dnode1 -s stop -x SIGINT