Grant job permission for all roles except GUEST (vesoft-inc#2928)

* Grant job permission for all roles except GUEST * Split AdminShowjob from AdminJOb for permission control Co-authored-by: CBS <[email protected]> Co-authored-by: Doodle <[email protected]>
L-shuai · Sep 27, 2021 · 7332381 · 7332381
1 parent 073fb37
commit 7332381
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 4 deletions.
diff --git a/src/graph/service/PermissionCheck.cpp b/src/graph/service/PermissionCheck.cpp
@@ -69,7 +69,6 @@ Status PermissionCheck::permissionCheck(ClientSession *session,
     case Sentence::Kind::kAddHostIntoZone:
     case Sentence::Kind::kDropHostFromZone:
     case Sentence::Kind::kBalance:
-    case Sentence::Kind::kAdminJob:
     case Sentence::Kind::kShowConfigs:
     case Sentence::Kind::kSetConfig:
     case Sentence::Kind::kGetConfig:
@@ -116,7 +115,8 @@ Status PermissionCheck::permissionCheck(ClientSession *session,
     case Sentence::Kind::kUpdateEdge:
     case Sentence::Kind::kDeleteVertices:
     case Sentence::Kind::kDeleteTags:
-    case Sentence::Kind::kDeleteEdges: {
+    case Sentence::Kind::kDeleteEdges:
+    case Sentence::Kind::kAdminJob: {
       return PermissionManager::canWriteData(session, vctx);
     }
     case Sentence::Kind::kDescribeTag:
@@ -153,7 +153,8 @@ Status PermissionCheck::permissionCheck(ClientSession *session,
     case Sentence::Kind::kShowCreateTagIndex:
     case Sentence::Kind::kShowCreateEdgeIndex:
     case Sentence::Kind::kShowListener:
-    case Sentence::Kind::kShowFTIndexes: {
+    case Sentence::Kind::kShowFTIndexes:
+    case Sentence::Kind::kAdminShowJobs: {
       /**
        * Above operations can get the space id via session,
        * so the permission same with canReadSchemaOrData.

diff --git a/src/graph/validator/Validator.cpp b/src/graph/validator/Validator.cpp
@@ -137,6 +137,7 @@ std::unique_ptr<Validator> Validator::makeValidator(Sentence* sentence, QueryCon
     case Sentence::Kind::kBalance:
       return std::make_unique<BalanceValidator>(sentence, context);
     case Sentence::Kind::kAdminJob:
+    case Sentence::Kind::kAdminShowJobs:
       return std::make_unique<AdminJobValidator>(sentence, context);
     case Sentence::Kind::kFetchVertices:
       return std::make_unique<FetchVerticesValidator>(sentence, context);

diff --git a/src/parser/AdminSentences.h b/src/parser/AdminSentences.h
@@ -554,7 +554,11 @@ class AdminJobSentence final : public Sentence {
   explicit AdminJobSentence(meta::cpp2::AdminJobOp op,
                             meta::cpp2::AdminCmd cmd = meta::cpp2::AdminCmd::UNKNOWN)
       : op_(op), cmd_(cmd) {
-    kind_ = Kind::kAdminJob;
+    if (op == meta::cpp2::AdminJobOp::SHOW || op == meta::cpp2::AdminJobOp::SHOW_All) {
+      kind_ = Kind::kAdminShowJobs;
+    } else {
+      kind_ = Kind::kAdminJob;
+    }
   }
 
   void addPara(const std::string& para);

diff --git a/src/parser/Sentence.h b/src/parser/Sentence.h
@@ -111,6 +111,7 @@ class Sentence {
     kCreateSnapshot,
     kDropSnapshot,
     kAdminJob,
+    kAdminShowJobs,
     kGetSubgraph,
     kAddGroup,
     kDropGroup,