Skip to content

Commit

Permalink
1,Refactor user processors code structure. 2,Remove user properties f…
Browse files Browse the repository at this point in the history 
…irst name and last name. 3, Add new user properties of resource limit. 4, Changed related thrift structure from 'name' to 'id', 5,Add some comments for role.
  • Loading branch information
boshengchen committed Jun 3, 2019
1 parent d95be2f commit 25813b6
Show file tree
Hide file tree
Showing 9 changed files with 198 additions and 100 deletions.
47 changes: 47 additions & 0 deletions src/graph/PermissionManager.h
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
/* Copyright (c) 2019 vesoft inc. All rights reserved.
*
* This source code is licensed under Apache 2.0 License,
* attached with Common Clause Condition 1.0, found in the LICENSES directory.
*/


#ifndef GRAPH_PERMISSIONMANAGER_H
#define GRAPH_PERMISSIONMANAGER_H

// Operation and permission define:
// Operation | GOD | ADMIN | USER | GUEST
// ---------------- | ------------- | ------------- | ------------- | -------------
// kGo | Y | Y | Y | Y
// kSet | Y | Y | Y | Y
// kPipe | Y | Y | Y | Y
// kUse | Y | Y | Y | Y
// kMatch | Y | Y | Y | Y
// kAssignment | Y | Y | Y | Y
// kCreateTag | Y | Y | |
// kAlterTag | Y | Y | |
// kCreateEdge | Y | Y | |
// kAlterEdge | Y | Y | |
// kDescribeTag | Y | Y | Y | Y
// kDescribeEdge | Y | Y | Y | Y
// kRemoveTag | Y | Y | |
// kRemoveEdge | Y | Y | |
// kInsertVertex | Y | Y | Y |
// kInsertEdge | Y | Y | Y |
// kShow | Y | Y | Y | Y
// kDeleteVertex | Y | Y | Y |
// kDeleteEdge | Y | Y | Y |
// kFind | Y | Y | Y | Y
// kAddHosts | Y | | |
// kRemoveHosts | Y | | |
// kCreateSpace | Y | | |
// kDropSpace | Y | Y | |
// kYield | Y | Y | Y | Y
// kCreateUser | Y | | |
// kDropUser | Y | | |
// kAlterUser | Y | Y | Y | Y
// kGrant | Y | Y | |
// kRevoke | Y | Y | |
// kChangePassword | Y | Y | Y | Y


#endif // GRAPH_PERMISSIONMANAGER_H
32 changes: 23 additions & 9 deletions src/interface/meta.thrift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,13 @@ enum AlterSchemaOp {
UNKNOWN = 0x04,
} (cpp.enum_strict)

/**
** GOD is A global senior administrator.like root of Linux systems.
** ADMIN is an administrator for a given Graph Space.
** USER is a normal user for a given Graph Space. A User can access (read and write) the data in the Graph Space.
** GUEST is a read-only role for a given Graph Space. A Guest cannot modify the data in the Graph Space.
** Refer to header file src/graph/PermissionManager.h for details.
**/

enum RoleType {
GOD = 0x01,
Expand Down Expand Up @@ -104,16 +111,23 @@ struct EdgeItem {


struct UserItem {
1: string account,
2: string first_name,
3: string last_name,
4: bool is_lock,
1: string account;
// Disable user if lock status is true.
2: bool is_lock,
// The number of queries an account can issue per hour
3: i32 max_queries_per_hour,
// The number of updates an account can issue per hour
4: i32 max_updates_per_hour,
// The number of times an account can connect to the server per hour
5: i32 max_connections_per_hour,
// The number of simultaneous connections to the server by an account
6: i32 max_user_connections,
}

struct RoleItem {
1: string account,
2: string space,
3: RoleType role_type,
1: common.UserID user_id,
2: common.GraphSpaceID space_id,
3: RoleType role_type,
}

struct ExecResp {
Expand Down Expand Up @@ -368,11 +382,11 @@ struct ListUsersResp {
1: ErrorCode code,
// Valid if ret equals E_LEADER_CHANGED.
2: common.HostAddr leader,
3: list<UserItem> users,
3: map<common.UserID, UserItem>(cpp.template = "std::unordered_map") users,
}

struct ListRolesReq {
1: string space,
1: common.GraphSpaceID space_id,
}

struct ListRolesResp {
Expand Down
26 changes: 19 additions & 7 deletions src/meta/MetaServiceUtils.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -342,15 +342,22 @@ folly::StringPiece MetaServiceUtils::userItemVal(folly::StringPiece rawVal) {
std::string MetaServiceUtils::replaceUserVal(const cpp2::UserItem& user, folly::StringPiece val) {
cpp2:: UserItem oldUser;
apache::thrift::CompactSerializer::deserialize(userItemVal(val), oldUser);
if (user.__isset.first_name) {
oldUser.set_first_name(user.get_first_name());
}
if (user.__isset.last_name) {
oldUser.set_last_name(user.get_last_name());
}
if (user.__isset.is_lock) {
oldUser.set_is_lock(user.get_is_lock());
}
if (user.__isset.max_queries_per_hour) {
oldUser.set_max_queries_per_hour(user.get_max_queries_per_hour());
}
if (user.__isset.max_updates_per_hour) {
oldUser.set_max_updates_per_hour(user.get_max_updates_per_hour());
}
if (user.__isset.max_connections_per_hour) {
oldUser.set_max_connections_per_hour(user.get_max_connections_per_hour());
}
if (user.__isset.max_user_connections) {
oldUser.set_max_user_connections(user.get_max_user_connections());
}

std::string newVal, userVal;
apache::thrift::CompactSerializer::serialize(oldUser, &userVal);
auto len = sizeof(int32_t) + *reinterpret_cast<const int32_t *>(val.begin());
Expand Down Expand Up @@ -402,11 +409,16 @@ std::string MetaServiceUtils::roleSpacePrefix(GraphSpaceID spaceId) {
return key;
}

UserID MetaServiceUtils::parseUserId(folly::StringPiece val) {
UserID MetaServiceUtils::parseRoleUserId(folly::StringPiece val) {
return *reinterpret_cast<const UserID *>(val.begin() +
kRolesTable.size() +
sizeof(GraphSpaceID));
}

UserID MetaServiceUtils::parseUserId(folly::StringPiece val) {
return *reinterpret_cast<const UserID *>(val.begin() +
kUsersTable.size());
}

} // namespace meta
} // namespace nebula
2 changes: 2 additions & 0 deletions src/meta/MetaServiceUtils.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,8 @@ class MetaServiceUtils final {

static std::string roleSpacePrefix(GraphSpaceID spaceId);

static UserID parseRoleUserId(folly::StringPiece val);

static UserID parseUserId(folly::StringPiece val);
};

Expand Down
12 changes: 12 additions & 0 deletions src/meta/processors/BaseProcessor.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,13 @@ GENERATE_LOCK(user);
return; \
}

#define CHECK_USER_ID_AND_RETURN(userID) \
if (userExist(userID) == Status::UserNotFound()) { \
resp_.set_code(cpp2::ErrorCode::E_NOT_FOUND); \
onFinished(); \
return; \
}

/**
* Check segemnt is consist of numbers and letters and should not empty.
* */
Expand Down Expand Up @@ -185,6 +192,11 @@ class BaseProcessor {
* */
Status spaceExist(GraphSpaceID spaceId);

/**
* Check userId exist or not.
**/
Status userExist(UserID userId);

/**
* Check host has been registered or not.
* */
Expand Down
12 changes: 12 additions & 0 deletions src/meta/processors/BaseProcessor.inl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,18 @@ Status BaseProcessor<RESP>::spaceExist(GraphSpaceID spaceId) {
return Status::SpaceNotFound();
}

template<typename RESP>
Status BaseProcessor<RESP>::userExist(UserID spaceId) {
folly::SharedMutex::ReadHolder rHolder(LockUtils::userLock());
auto userKey = MetaServiceUtils::userKey(spaceId);
std::string val;
auto ret = kvstore_->get(kDefaultSpaceId_, kDefaultPartId_, userKey, &val);
if (ret == kvstore::ResultCode::SUCCEEDED) {
return Status::OK();
}
return Status::UserNotFound();
}

template<typename RESP>
Status BaseProcessor<RESP>::hostExist(const std::string& hostKey) {
std::string val;
Expand Down
59 changes: 18 additions & 41 deletions src/meta/processors/usersMan/AuthenticationProcessor.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ void DropUserProcessor::process(const cpp2::DropUserReq& req) {
if (userRet == kvstore::ResultCode::SUCCEEDED) {
while (iter->valid()) {
auto key = iter->key();
auto userId = MetaServiceUtils::parseUserId(key);
auto userId = MetaServiceUtils::parseRoleUserId(key);
if (userId == ret.value()) {
keys.emplace_back(std::move(key));
}
Expand All @@ -105,45 +105,25 @@ void DropUserProcessor::process(const cpp2::DropUserReq& req) {


void GrantProcessor::process(const cpp2::GrantRoleReq& req) {
folly::SharedMutex::WriteHolder wHolder(LockUtils::userLock());
const auto& roleItem = req.get_role_item();
auto spaceRet = getSpaceId(roleItem.get_space());
if (!spaceRet.ok()) {
resp_.set_code(to(spaceRet.status()));
onFinished();
return;;
}
auto userRet = getUserId(roleItem.get_account());
if (!userRet.ok()) {
resp_.set_code(to(userRet.status()));
onFinished();
return;
}
CHECK_SPACE_ID_AND_RETURN(roleItem.get_space_id());
CHECK_USER_ID_AND_RETURN(roleItem.get_user_id());
folly::SharedMutex::WriteHolder wHolder(LockUtils::userLock());
std::vector<kvstore::KV> data;
data.emplace_back(MetaServiceUtils::roleKey(spaceRet.value(), userRet.value()),
data.emplace_back(MetaServiceUtils::roleKey(roleItem.get_space_id(), roleItem.get_user_id()),
MetaServiceUtils::roleVal(roleItem.get_role_type()));
resp_.set_code(cpp2::ErrorCode::SUCCEEDED);
doPut(std::move(data));
}


void RevokeProcessor::process(const cpp2::RevokeRoleReq& req) {
folly::SharedMutex::WriteHolder wHolder(LockUtils::userLock());
const auto& roleItem = req.get_role_item();
auto spaceRet = getSpaceId(roleItem.get_space());
if (!spaceRet.ok()) {
resp_.set_code(to(spaceRet.status()));
onFinished();
return;;
}
auto userRet = getUserId(roleItem.get_account());
if (!userRet.ok()) {
resp_.set_code(to(userRet.status()));
onFinished();
return;
}
auto roleKey = MetaServiceUtils::roleKey(spaceRet.value(), userRet.value());
resp_.set_id(to(userRet.value(), EntryType::USER));
CHECK_SPACE_ID_AND_RETURN(roleItem.get_space_id());
CHECK_USER_ID_AND_RETURN(roleItem.get_user_id());
folly::SharedMutex::WriteHolder wHolder(LockUtils::userLock());
auto roleKey = MetaServiceUtils::roleKey(roleItem.get_space_id(), roleItem.get_user_id());
resp_.set_id(to(roleItem.get_user_id(), EntryType::USER));
resp_.set_code(cpp2::ErrorCode::SUCCEEDED);
doRemove(std::move(roleKey));
}
Expand Down Expand Up @@ -222,7 +202,8 @@ void ListUsersProcessor::process(const cpp2::ListUsersReq& req) {
decltype(resp_.users) users;
while (iter->valid()) {
cpp2::UserItem user = MetaServiceUtils::parseUserItem(iter->val());
users.emplace_back(std::move(user));
auto userId = MetaServiceUtils::parseUserId(iter->key());
users.emplace(userId, std::move(user));
iter->next();
}
resp_.set_users(users);
Expand Down Expand Up @@ -252,26 +233,22 @@ void CheckPasswordProcessor::process(const cpp2::CheckPasswordReq& req) {


void ListRolesProcessor::process(const cpp2::ListRolesReq& req) {
auto spaceId = req.get_space_id();
CHECK_SPACE_ID_AND_RETURN(spaceId);
folly::SharedMutex::ReadHolder rHolder(LockUtils::userLock());
auto spaceRet = getSpaceId(req.get_space());
if (!spaceRet.ok()) {
resp_.set_code(cpp2::ErrorCode::E_NOT_FOUND);
onFinished();
return;;
}
auto prefix = MetaServiceUtils::roleSpacePrefix(spaceRet.value());
auto prefix = MetaServiceUtils::roleSpacePrefix(spaceId);
std::unique_ptr<kvstore::KVIterator> iter;
auto ret = kvstore_->prefix(kDefaultSpaceId_, kDefaultPartId_, prefix, &iter);
if (ret != kvstore::ResultCode::SUCCEEDED) {
LOG(ERROR) << "Can't find any roles by space " << req.get_space();
LOG(ERROR) << "Can't find any roles by space id " << spaceId;
resp_.set_code(cpp2::ErrorCode::E_NOT_FOUND);
onFinished();
return;
}

decltype(resp_.roles) roles;
while (iter->valid()) {
auto userId = MetaServiceUtils::parseUserId(iter->key());
auto userId = MetaServiceUtils::parseRoleUserId(iter->key());
auto val = iter->val();
auto account = getUserAccount(userId);
if (!account.ok()) {
Expand All @@ -281,7 +258,7 @@ void ListRolesProcessor::process(const cpp2::ListRolesReq& req) {
return;
}
cpp2::RoleItem role(apache::thrift::FragileConstructor::FRAGILE,
account.value(), ""/*space name can be ignore at here*/,
userId, spaceId,
*reinterpret_cast<const cpp2::RoleType *>(val.begin()));
roles.emplace_back(std::move(role));
iter->next();
Expand Down
Loading

0 comments on commit 25813b6

Please sign in to comment.