From 130a617756abbfc88f800aa79e0adad7d50eb9f3 Mon Sep 17 00:00:00 2001 From: Raigor Date: Fri, 1 Nov 2024 13:12:07 +0800 Subject: [PATCH] Add RAL ACL object to support grant/revoke ral_operate (#34) --- .../config/AuthorityRuleConfiguration.java | 2 - .../operation/ACLOperationExtractor.java | 3 -- .../update/GrantDistPrivilegesExecutor.java | 6 +-- .../update/RevokeDistPrivilegesExecutor.java | 2 +- .../update/CreateDistUserExecutorTest.java | 6 +-- .../imports/authority/SphereExBaseRule.g4 | 21 +------- .../imports/authority/SphereExKeyword.g4 | 4 ++ .../imports/authority/SphereExRALStatement.g4 | 30 +----------- .../SphereExAuthorityDistSQLStatement.g4 | 7 --- ...ereExAuthorityDistSQLStatementVisitor.java | 48 ++++--------------- .../AlterPrivilegeProviderStatement.java | 3 +- .../user/CreateDistUserStatement.java | 2 - .../EnterprisePermittedPrivileges.java | 10 ++-- ...efaultLoggingRuleConfigurationBuilder.java | 5 +- 14 files changed, 35 insertions(+), 114 deletions(-) diff --git a/kernel/authority/api/src/main/java/org/apache/shardingsphere/authority/config/AuthorityRuleConfiguration.java b/kernel/authority/api/src/main/java/org/apache/shardingsphere/authority/config/AuthorityRuleConfiguration.java index c620fb4e4c3346..60af3ac31b580d 100644 --- a/kernel/authority/api/src/main/java/org/apache/shardingsphere/authority/config/AuthorityRuleConfiguration.java +++ b/kernel/authority/api/src/main/java/org/apache/shardingsphere/authority/config/AuthorityRuleConfiguration.java @@ -51,7 +51,5 @@ public AuthorityRuleConfiguration(final Collection users, fin this.authenticators = authenticators; this.defaultAuthenticator = defaultAuthenticator; this.subject = subject; - - // TODO when grant super to user, set admin to true } } diff --git a/kernel/authority/core/src/main/java/com/sphereex/dbplusengine/authority/operation/ACLOperationExtractor.java b/kernel/authority/core/src/main/java/com/sphereex/dbplusengine/authority/operation/ACLOperationExtractor.java index b7474f492e0638..ad1bf8fd8c2f3d 100644 --- a/kernel/authority/core/src/main/java/com/sphereex/dbplusengine/authority/operation/ACLOperationExtractor.java +++ b/kernel/authority/core/src/main/java/com/sphereex/dbplusengine/authority/operation/ACLOperationExtractor.java @@ -69,9 +69,6 @@ public final class ACLOperationExtractor { * @return ACL operation */ public static ACLOperation extract(final SQLStatement sqlStatement) { - if (sqlStatement instanceof MySQLShowDatabasesStatement) { - return ACLOperation.SHOW_DB; - } if (sqlStatement instanceof DMLStatement) { return extractDML((DMLStatement) sqlStatement); } diff --git a/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/update/GrantDistPrivilegesExecutor.java b/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/update/GrantDistPrivilegesExecutor.java index cfc0a1dcb09b38..e1605a4a443533 100644 --- a/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/update/GrantDistPrivilegesExecutor.java +++ b/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/update/GrantDistPrivilegesExecutor.java @@ -235,7 +235,7 @@ private Collection fillInDistSQLPrivileges(final GrantLevelSegment level } private String getDistSQLPrivilege(final GrantLevelSegment level, final ACLOperation operation, final String aclObjectType) { - if (ACLOperation.CREATE_USER == operation) { + if (ACLOperation.CREATE_USER == operation || ACLOperation.RAL_OPERATE == operation) { return operation.name(); } String databasePrivilege = null == level ? AuthorityConstants.PRIVILEGE_WILDCARD : level.getDatabaseName(); @@ -258,7 +258,7 @@ private void updatePrivileges(final Map> privileg private void updatePrivileges(final Map> privileges, final Collection toBeGrantedSubjects, final Collection toBeGrantedPrivileges) { for (ACLSubject each : toBeGrantedSubjects) { Collection userOrRolePrivileges = privileges.getOrDefault(each, new LinkedList<>()); - userOrRolePrivileges.addAll(toBeGrantedPrivileges); + toBeGrantedPrivileges.stream().filter(privilege -> !userOrRolePrivileges.contains(privilege)).forEach(userOrRolePrivileges::add); privileges.put(each, userOrRolePrivileges); } } @@ -270,7 +270,7 @@ private void updateRoles(final Map> conf for (ACLSubject each : toBeGrantedUsers) { ShardingSpherePreconditions.checkState(each instanceof GranteeSubject, () -> new RoleToRoleException(toBeGrantedRoles.iterator().next().getRoleName(), each.toString())); Collection userRoles = configuredUserRoles.getOrDefault(each, new LinkedList<>()); - userRoles.addAll(toBeGrantedRoles); + toBeGrantedRoles.stream().filter(role -> !userRoles.contains(role)).forEach(userRoles::add); configuredUserRoles.put((GranteeSubject) each, userRoles); } } diff --git a/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/update/RevokeDistPrivilegesExecutor.java b/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/update/RevokeDistPrivilegesExecutor.java index e45ebe5c8d31ab..2d1a5061b07e6b 100644 --- a/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/update/RevokeDistPrivilegesExecutor.java +++ b/kernel/authority/distsql/handler/src/main/java/com/sphereex/dbplusengine/authority/distsql/handler/update/RevokeDistPrivilegesExecutor.java @@ -182,7 +182,7 @@ private String getPrivilegeWithoutColumn(final GrantLevelSegment level, final Di } private String getDistSQLPrivilege(final GrantLevelSegment level, final ACLOperation operation, final String aclObject) { - if (ACLOperation.CREATE_USER == operation) { + if (ACLOperation.CREATE_USER == operation || ACLOperation.RAL_OPERATE == operation) { return operation.name(); } String dbPrivilege = null == level ? AuthorityConstants.PRIVILEGE_WILDCARD : level.getDatabaseName(); diff --git a/kernel/authority/distsql/handler/src/test/java/com/sphereex/dbplusengine/authority/distsql/handler/update/CreateDistUserExecutorTest.java b/kernel/authority/distsql/handler/src/test/java/com/sphereex/dbplusengine/authority/distsql/handler/update/CreateDistUserExecutorTest.java index ff108ee05f2ee4..0ef579582fb836 100644 --- a/kernel/authority/distsql/handler/src/test/java/com/sphereex/dbplusengine/authority/distsql/handler/update/CreateDistUserExecutorTest.java +++ b/kernel/authority/distsql/handler/src/test/java/com/sphereex/dbplusengine/authority/distsql/handler/update/CreateDistUserExecutorTest.java @@ -53,13 +53,13 @@ void assertExecuteWithDuplicatedUser() { when(rule.getConfiguration()).thenReturn(ruleConfig); when(rule.getGrantees()).thenReturn(ruleConfig.getUsers().stream().map(each -> new Grantee(each.getUsername(), each.getHostname())).collect(Collectors.toList())); executor.setRule(rule); - CreateDistUserStatement sqlStatement = new CreateDistUserStatement(Collections.singleton(new DistUserSegment("root", "", null, "root", false)), Collections.emptyList(), false); + CreateDistUserStatement sqlStatement = new CreateDistUserStatement(Collections.singleton(new DistUserSegment("root", "", null, "root", false)), false); assertThrows(DuplicateGranteeException.class, () -> executor.checkBeforeUpdate(sqlStatement)); } @Test void assertExecuteWithDuplicatedRole() { - CreateDistUserStatement sqlStatement = new CreateDistUserStatement(Collections.singleton(new DistUserSegment("existed_role", "", null, "foo", false)), Collections.emptyList(), false); + CreateDistUserStatement sqlStatement = new CreateDistUserStatement(Collections.singleton(new DistUserSegment("existed_role", "", null, "foo", false)), false); AuthorityRule rule = mock(AuthorityRule.class); AuthorityRuleConfiguration ruleConfig = createCurrentRuleConfiguration(); when(rule.getConfiguration()).thenReturn(ruleConfig); @@ -69,7 +69,7 @@ void assertExecuteWithDuplicatedRole() { @Test void assertExecute() { - CreateDistUserStatement sqlStatement = new CreateDistUserStatement(Collections.singleton(new DistUserSegment("sharding", "%", null, "foo", false)), Collections.emptyList(), false); + CreateDistUserStatement sqlStatement = new CreateDistUserStatement(Collections.singleton(new DistUserSegment("sharding", "%", null, "foo", false)), false); AuthorityRule rule = mock(AuthorityRule.class); AuthorityRuleConfiguration ruleConfig = createCurrentRuleConfiguration(); when(rule.getConfiguration()).thenReturn(ruleConfig); diff --git a/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExBaseRule.g4 b/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExBaseRule.g4 index 18fe99458d4401..c3639d3f8a9261 100644 --- a/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExBaseRule.g4 +++ b/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExBaseRule.g4 @@ -58,8 +58,7 @@ ifNotExists ; createUserEntry - : userName_ (IDENTIFIED BY password_)? # createUserEntryIdentifiedBy - | userName_ IDENTIFIED WITH plugin AS string_ # createUserEntryIdentifiedWith + : userName_ IDENTIFIED BY password_ # createUserEntryIdentifiedBy ; createUserList @@ -68,11 +67,6 @@ createUserList alterUserEntry : userName_ IDENTIFIED BY password_ # alterUserEntryIdentifiedBy - | userName_ IDENTIFIED WITH plugin AS string_ # alterUserEntryIdentifiedWith - ; - -defaultRoleClause - : DEFAULT ROLE roleName_ (COMMA_ roleName_)* ; userIdentifierOrText @@ -160,14 +154,6 @@ plugin : textOrIdentifier ; -authenticatorDefinition - : authenticatorName LP_ authAlgorithmDefinition RP_ - ; - -authenticatorName - : IDENTIFIER_ - ; - authAlgorithmDefinition : TYPE LP_ NAME EQ_ typeName propertiesDefinition? RP_ ; @@ -176,10 +162,6 @@ typeName : IDENTIFIER_ ; -string_ - : STRING_ - ; - textOrIdentifier : IDENTIFIER_ | STRING_ ; @@ -205,6 +187,7 @@ distSQLACLOperation distSQLACLOperationWithoutObjectType : CREATE_USER + | RAL_OPERATE ; aclObjectType diff --git a/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExKeyword.g4 b/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExKeyword.g4 index 1f69d6dec4600d..4bff4c7c1b0f2a 100644 --- a/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExKeyword.g4 +++ b/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExKeyword.g4 @@ -91,6 +91,10 @@ CREATE_USER : C R E A T E UL_ U S E R ; +RAL_OPERATE + : R A L UL_ O P E R A T E + ; + DATABASES : D A T A B A S E S ; diff --git a/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExRALStatement.g4 b/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExRALStatement.g4 index 88554133d9cab9..3867c2d85ff586 100644 --- a/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExRALStatement.g4 +++ b/kernel/authority/distsql/parser/src/main/antlr4/imports/authority/SphereExRALStatement.g4 @@ -24,7 +24,7 @@ alterPrivilegeProvider ; createDistUser - : CREATE DIST USER ifNotExists? createUserList defaultRoleClause? + : CREATE DIST USER ifNotExists? createUserList ; alterDistUser @@ -77,31 +77,3 @@ showDistUsers showDistRoles : SHOW DIST ROLES ; - -createAuthenticator - : CREATE AUTHENTICATOR authenticatorDefinition - ; - -alterAuthenticator - : ALTER AUTHENTICATOR authenticatorDefinition - ; - -dropAuthenticator - : DROP AUTHENTICATOR authenticatorName (COMMA_ authenticatorName)* - ; - -createDefaultAuthenticator - : CREATE DEFAULT AUTHENTICATOR authenticatorName - ; - -alterDefaultAuthenticator - : ALTER DEFAULT AUTHENTICATOR authenticatorName - ; - -dropDefaultAuthenticator - : DROP DEFAULT AUTHENTICATOR - ; - -showAuthenticators - : SHOW AUTHENTICATORS - ; diff --git a/kernel/authority/distsql/parser/src/main/antlr4/org/apache/shardingsphere/distsql/parser/autogen/SphereExAuthorityDistSQLStatement.g4 b/kernel/authority/distsql/parser/src/main/antlr4/org/apache/shardingsphere/distsql/parser/autogen/SphereExAuthorityDistSQLStatement.g4 index a27c1289855a59..d97e053e54e5d7 100644 --- a/kernel/authority/distsql/parser/src/main/antlr4/org/apache/shardingsphere/distsql/parser/autogen/SphereExAuthorityDistSQLStatement.g4 +++ b/kernel/authority/distsql/parser/src/main/antlr4/org/apache/shardingsphere/distsql/parser/autogen/SphereExAuthorityDistSQLStatement.g4 @@ -33,12 +33,5 @@ execute | showDistGrants | showDistUsers | showDistRoles - | showAuthenticators - | createAuthenticator - | alterAuthenticator - | dropAuthenticator - | createDefaultAuthenticator - | alterDefaultAuthenticator - | dropDefaultAuthenticator ) SEMI_? EOF ; diff --git a/kernel/authority/distsql/parser/src/main/java/com/sphereex/dbplusengine/authority/distsql/parser/core/SphereExAuthorityDistSQLStatementVisitor.java b/kernel/authority/distsql/parser/src/main/java/com/sphereex/dbplusengine/authority/distsql/parser/core/SphereExAuthorityDistSQLStatementVisitor.java index 310c47eed3020d..224e3ddc722791 100644 --- a/kernel/authority/distsql/parser/src/main/java/com/sphereex/dbplusengine/authority/distsql/parser/core/SphereExAuthorityDistSQLStatementVisitor.java +++ b/kernel/authority/distsql/parser/src/main/java/com/sphereex/dbplusengine/authority/distsql/parser/core/SphereExAuthorityDistSQLStatementVisitor.java @@ -34,7 +34,6 @@ import com.sphereex.dbplusengine.authority.distsql.statement.user.DropDistUserStatement; import com.sphereex.dbplusengine.authority.distsql.statement.user.ShowDistUsersStatement; import com.sphereex.dbplusengine.authority.model.operation.ACLOperation; -import org.antlr.v4.runtime.RuleContext; import org.antlr.v4.runtime.tree.ParseTree; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementBaseVisitor; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.AclObjectTypeContext; @@ -42,13 +41,10 @@ import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.AlterDistUserContext; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.AlterPrivilegeProviderContext; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.AlterUserEntryIdentifiedByContext; -import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.AlterUserEntryIdentifiedWithContext; -import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.AuthAlgorithmDefinitionContext; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.ColumnNamesContext; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.CreateDistRoleContext; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.CreateDistUserContext; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.CreateUserEntryIdentifiedByContext; -import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.CreateUserEntryIdentifiedWithContext; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.DistSQLOperationContext; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.DistSQLOperationWithoutObjectTypeContext; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.DropDistRoleContext; @@ -85,7 +81,6 @@ import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.StaticPrivilegeUpdateContext; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.StaticPrivilegeUsageContext; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.StorageUnitContext; -import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.String_Context; import org.apache.shardingsphere.distsql.parser.autogen.SphereExAuthorityDistSQLStatementParser.UserName_Context; import org.apache.shardingsphere.distsql.segment.AlgorithmSegment; import org.apache.shardingsphere.sql.parser.api.ASTNode; @@ -107,10 +102,7 @@ public final class SphereExAuthorityDistSQLStatementVisitor extends SphereExAuth @Override public ASTNode visitCreateDistUser(final CreateDistUserContext ctx) { Collection users = ctx.createUserList().createUserEntry().stream().map(each -> (DistUserSegment) visit(each)).collect(Collectors.toList()); - Collection defaultRoles = null == ctx.defaultRoleClause() - ? Collections.emptyList() - : ctx.defaultRoleClause().roleName_().stream().map(RuleContext::getText).collect(Collectors.toList()); - return new CreateDistUserStatement(users, defaultRoles, null != ctx.ifNotExists()); + return new CreateDistUserStatement(users, null != ctx.ifNotExists()); } @Override @@ -121,30 +113,11 @@ public ASTNode visitCreateUserEntryIdentifiedBy(final CreateUserEntryIdentifiedB return new DistUserSegment(user, host, null, auth, false); } - @Override - public ASTNode visitCreateUserEntryIdentifiedWith(final CreateUserEntryIdentifiedWithContext ctx) { - String user = getIdentifierValue(ctx.userName_().userIdentifierOrText().textOrIdentifier(0)); - String host = null == ctx.userName_().userIdentifierOrText().AT_() ? null : getIdentifierValue(ctx.userName_().userIdentifierOrText().textOrIdentifier(1)); - return new DistUserSegment(user, host, ctx.plugin().getText(), ((StringLiteralValue) visit(ctx.string_())).getValue(), true); - } - - @Override - public ASTNode visitUserName_(final UserName_Context ctx) { - String user = getIdentifierValue(ctx.userIdentifierOrText().textOrIdentifier(0)); - String host = null == ctx.userIdentifierOrText().AT_() ? null : getIdentifierValue(ctx.userIdentifierOrText().textOrIdentifier(1)); - return new DistUserSegment(user, host, null, null, false); - } - @Override public ASTNode visitPassword_(final Password_Context ctx) { return new StringLiteralValue(ctx.getText()); } - @Override - public ASTNode visitString_(final String_Context ctx) { - return new StringLiteralValue(ctx.getText()); - } - @Override public ASTNode visitAlterDistUser(final AlterDistUserContext ctx) { return new AlterDistUserStatement((DistUserSegment) visit(ctx.alterUserEntry()), null != ctx.ifExists()); @@ -158,13 +131,6 @@ public ASTNode visitAlterUserEntryIdentifiedBy(final AlterUserEntryIdentifiedByC return new DistUserSegment(user, host, null, auth, false); } - @Override - public ASTNode visitAlterUserEntryIdentifiedWith(final AlterUserEntryIdentifiedWithContext ctx) { - String user = getIdentifierValue(ctx.userName_().userIdentifierOrText().textOrIdentifier(0)); - String host = null == ctx.userName_().userIdentifierOrText().AT_() ? null : getIdentifierValue(ctx.userName_().userIdentifierOrText().textOrIdentifier(1)); - return new DistUserSegment(user, host, ctx.plugin().getText(), ((StringLiteralValue) visit(ctx.string_())).getValue(), true); - } - @Override public ASTNode visitDropDistUser(final DropDistUserContext ctx) { return new DropDistUserStatement(ctx.userList().userName_().stream().map(each -> (DistUserSegment) visit(each)).collect(Collectors.toList()), null != ctx.ifExists()); @@ -352,6 +318,13 @@ public ASTNode visitShowDistGrants(final ShowDistGrantsContext ctx) { return new ShowDistGrantsStatement((DistUserSegment) visit(ctx.userName_()), ctx.roleName_().stream().map(each -> new IdentifierValue(each.getText()).getValue()).collect(Collectors.toList())); } + @Override + public ASTNode visitUserName_(final UserName_Context ctx) { + String user = getIdentifierValue(ctx.userIdentifierOrText().textOrIdentifier(0)); + String host = null == ctx.userIdentifierOrText().AT_() ? null : getIdentifierValue(ctx.userIdentifierOrText().textOrIdentifier(1)); + return new DistUserSegment(user, host, null, null, false); + } + @Override public ASTNode visitShowDistUsers(final ShowDistUsersContext ctx) { return new ShowDistUsersStatement(); @@ -362,11 +335,6 @@ public ASTNode visitShowDistRoles(final ShowDistRolesContext ctx) { return new ShowDistRolesStatement(); } - @Override - public ASTNode visitAuthAlgorithmDefinition(final AuthAlgorithmDefinitionContext ctx) { - return new AlgorithmSegment(getIdentifierValue(ctx.typeName()), getProperties(ctx.propertiesDefinition())); - } - @Override public ASTNode visitAlterPrivilegeProvider(final AlterPrivilegeProviderContext ctx) { return new AlterPrivilegeProviderStatement((AlgorithmSegment) visit(ctx.algorithmDefinition())); diff --git a/kernel/authority/distsql/statement/src/main/java/com/sphereex/dbplusengine/authority/distsql/statement/privilege/AlterPrivilegeProviderStatement.java b/kernel/authority/distsql/statement/src/main/java/com/sphereex/dbplusengine/authority/distsql/statement/privilege/AlterPrivilegeProviderStatement.java index 842bda30dcad1b..47450c10a838ad 100644 --- a/kernel/authority/distsql/statement/src/main/java/com/sphereex/dbplusengine/authority/distsql/statement/privilege/AlterPrivilegeProviderStatement.java +++ b/kernel/authority/distsql/statement/src/main/java/com/sphereex/dbplusengine/authority/distsql/statement/privilege/AlterPrivilegeProviderStatement.java @@ -21,13 +21,14 @@ import lombok.RequiredArgsConstructor; import org.apache.shardingsphere.distsql.segment.AlgorithmSegment; import org.apache.shardingsphere.distsql.statement.rdl.rule.global.GlobalRuleDefinitionStatement; +import org.apache.shardingsphere.sql.parser.statement.core.statement.dcl.DCLStatement; /** * Alter privilege provider statement. */ @RequiredArgsConstructor @Getter -public final class AlterPrivilegeProviderStatement extends GlobalRuleDefinitionStatement { +public final class AlterPrivilegeProviderStatement extends GlobalRuleDefinitionStatement implements DCLStatement { private final AlgorithmSegment provider; } diff --git a/kernel/authority/distsql/statement/src/main/java/com/sphereex/dbplusengine/authority/distsql/statement/user/CreateDistUserStatement.java b/kernel/authority/distsql/statement/src/main/java/com/sphereex/dbplusengine/authority/distsql/statement/user/CreateDistUserStatement.java index 05f769851b0c2e..2e0b337952152b 100644 --- a/kernel/authority/distsql/statement/src/main/java/com/sphereex/dbplusengine/authority/distsql/statement/user/CreateDistUserStatement.java +++ b/kernel/authority/distsql/statement/src/main/java/com/sphereex/dbplusengine/authority/distsql/statement/user/CreateDistUserStatement.java @@ -34,7 +34,5 @@ public final class CreateDistUserStatement extends GlobalRuleDefinitionStatement private final Collection users; - private final Collection defaultRoles; - private final boolean ifNotExists; } diff --git a/kernel/authority/provider/enterprise/src/main/java/com/sphereex/dbplusengine/authority/provider/enterprise/privilege/EnterprisePermittedPrivileges.java b/kernel/authority/provider/enterprise/src/main/java/com/sphereex/dbplusengine/authority/provider/enterprise/privilege/EnterprisePermittedPrivileges.java index d018f1eafbacfc..93591714481a03 100644 --- a/kernel/authority/provider/enterprise/src/main/java/com/sphereex/dbplusengine/authority/provider/enterprise/privilege/EnterprisePermittedPrivileges.java +++ b/kernel/authority/provider/enterprise/src/main/java/com/sphereex/dbplusengine/authority/provider/enterprise/privilege/EnterprisePermittedPrivileges.java @@ -23,6 +23,7 @@ import com.sphereex.dbplusengine.authority.obj.domain.DCLACLObject; import com.sphereex.dbplusengine.authority.obj.domain.DistSQLACLObject; import com.sphereex.dbplusengine.authority.obj.domain.ProjectionACLObject; +import com.sphereex.dbplusengine.authority.obj.domain.RALACLObject; import com.sphereex.dbplusengine.authority.obj.domain.TableACLObject; import com.sphereex.dbplusengine.authority.provider.enterprise.shiro.EnterpriseRealm; import com.sphereex.dbplusengine.authority.provider.enterprise.shiro.permission.EnterpriseColumnPermission; @@ -70,13 +71,16 @@ public boolean hasPrivileges(final ACLObject aclObject, final ACLOperation opera TableACLObject tableACLObject = (TableACLObject) aclObject; return owner.isPermitted(new EnterpriseTablePermission(tableACLObject.getDatabase(), tableACLObject.getTable(), operation.name().toLowerCase())); } + if (aclObject instanceof DCLACLObject) { + return owner.isPermitted(new EnterpriseDCLPermission(operation.name().toLowerCase())); + } + if (aclObject instanceof RALACLObject) { + return owner.isPermitted(new EnterpriseDCLPermission(operation.name().toLowerCase())); + } if (aclObject instanceof DistSQLACLObject) { DistSQLACLObject distSQLACLObject = (DistSQLACLObject) aclObject; return owner.isPermitted(new EnterpriseDistSQLPermission(distSQLACLObject.getDatabase(), distSQLACLObject.getResource(), distSQLACLObject.getType(), operation.name().toLowerCase())); } - if (aclObject instanceof DCLACLObject) { - return owner.isPermitted(new EnterpriseDCLPermission(operation.name().toLowerCase())); - } return true; } } diff --git a/kernel/logging/core/src/main/java/org/apache/shardingsphere/logging/rule/builder/DefaultLoggingRuleConfigurationBuilder.java b/kernel/logging/core/src/main/java/org/apache/shardingsphere/logging/rule/builder/DefaultLoggingRuleConfigurationBuilder.java index 107bb0dcb4ca55..aeefff50023ab5 100644 --- a/kernel/logging/core/src/main/java/org/apache/shardingsphere/logging/rule/builder/DefaultLoggingRuleConfigurationBuilder.java +++ b/kernel/logging/core/src/main/java/org/apache/shardingsphere/logging/rule/builder/DefaultLoggingRuleConfigurationBuilder.java @@ -35,7 +35,10 @@ public final class DefaultLoggingRuleConfigurationBuilder implements DefaultGlob @SuppressWarnings("unchecked") @Override public LoggingRuleConfiguration build() { - return new LoggingRuleConfiguration(Collections.emptyList(), Collections.emptySet()); + ILoggerFactory loggerFactory = LoggerFactory.getILoggerFactory(); + return TypedSPILoader.findService(ShardingSphereLogBuilder.class, loggerFactory.getClass()) + .map(optional -> new LoggingRuleConfiguration(optional.getDefaultLoggers(loggerFactory), optional.getDefaultAppenders(loggerFactory))) + .orElseGet(() -> new LoggingRuleConfiguration(Collections.emptyList(), Collections.emptySet())); } @Override