2828import org .apache .iotdb .commons .path .MeasurementPath ;
2929import org .apache .iotdb .commons .path .PartialPath ;
3030import org .apache .iotdb .commons .schema .table .InformationSchema ;
31+ import org .apache .iotdb .db .audit .DNAuditLogger ;
3132import org .apache .iotdb .db .auth .AuthorityChecker ;
3233import org .apache .iotdb .db .queryengine .plan .relational .metadata .QualifiedObjectName ;
3334import org .apache .iotdb .db .queryengine .plan .relational .sql .ast .RelationalAuthorStatement ;
@@ -117,9 +118,10 @@ public void checkCanCreateTable(
117118 }
118119 checkAuditDatabase (tableName .getDatabaseName ());
119120 if (hasGlobalPrivilege (auditEntity , PrivilegeType .SYSTEM )) {
120- ITableAuthCheckerImpl .recordAuditLog (
121- auditEntity .setPrivilegeType (PrivilegeType .CREATE ).setResult (true ),
122- tableName ::getObjectName );
121+ DNAuditLogger .getInstance ()
122+ .recordAuditLog (
123+ auditEntity .setPrivilegeType (PrivilegeType .CREATE ).setResult (true ),
124+ tableName ::getObjectName );
123125 return ;
124126 }
125127 authChecker .checkTablePrivilege (userName , tableName , TableModelPrivilege .CREATE , auditEntity );
@@ -134,9 +136,10 @@ public void checkCanDropTable(
134136 InformationSchemaUtils .checkDBNameInWrite (tableName .getDatabaseName ());
135137 checkAuditDatabase (tableName .getDatabaseName ());
136138 if (hasGlobalPrivilege (auditEntity , PrivilegeType .SYSTEM )) {
137- ITableAuthCheckerImpl .recordAuditLog (
138- auditEntity .setPrivilegeType (PrivilegeType .DROP ).setResult (true ),
139- tableName ::getObjectName );
139+ DNAuditLogger .getInstance ()
140+ .recordAuditLog (
141+ auditEntity .setPrivilegeType (PrivilegeType .DROP ).setResult (true ),
142+ tableName ::getObjectName );
140143 return ;
141144 }
142145 authChecker .checkTablePrivilege (userName , tableName , TableModelPrivilege .DROP , auditEntity );
@@ -148,7 +151,7 @@ public void checkCanAlterTable(
148151 InformationSchemaUtils .checkDBNameInWrite (tableName .getDatabaseName ());
149152 checkAuditDatabase (tableName .getDatabaseName ());
150153 if (hasGlobalPrivilege (auditEntity , PrivilegeType .SYSTEM )) {
151- ITableAuthCheckerImpl .recordAuditLog (auditEntity , tableName ::getObjectName );
154+ DNAuditLogger . getInstance () .recordAuditLog (auditEntity , tableName ::getObjectName );
152155 return ;
153156 }
154157 authChecker .checkTablePrivilege (userName , tableName , TableModelPrivilege .ALTER , auditEntity );
@@ -256,7 +259,8 @@ public void checkUserCanRunRelationalAuthorStatement(
256259 .setAuditLogOperation (AuditLogOperation .DDL )
257260 .setPrivilegeType (PrivilegeType .SECURITY );
258261 if (AuthorityChecker .SUPER_USER_ID == auditEntity .getUserId ()) {
259- ITableAuthCheckerImpl .recordAuditLog (auditEntity .setResult (true ), statement ::getUserName );
262+ DNAuditLogger .getInstance ()
263+ .recordAuditLog (auditEntity .setResult (true ), statement ::getUserName );
260264 return ;
261265 }
262266 authChecker .checkGlobalPrivilege (userName , TableModelPrivilege .MANAGE_USER , auditEntity );
@@ -266,19 +270,21 @@ public void checkUserCanRunRelationalAuthorStatement(
266270 auditEntity .setAuditLogOperation (AuditLogOperation .DDL );
267271 if (statement .getUserName ().equals (userName )) {
268272 // users can change the username and password of themselves
269- ITableAuthCheckerImpl .recordAuditLog (auditEntity .setResult (true ), statement ::getUserName );
273+ DNAuditLogger .getInstance ()
274+ .recordAuditLog (auditEntity .setResult (true ), statement ::getUserName );
270275 return ;
271276 }
272277 if (AuthorityChecker .SUPER_USER_ID
273278 == AuthorityChecker .getUserId (statement .getUserName ()).orElse (-1L )) {
274279 // Only the superuser can alter him/herself
275- ITableAuthCheckerImpl . recordAuditLog (
276- auditEntity .setResult (false ), statement ::getUserName );
280+ DNAuditLogger . getInstance ()
281+ . recordAuditLog ( auditEntity .setResult (false ), statement ::getUserName );
277282 throw new AccessDeniedException ("Only the superuser can alter him/herself." );
278283 }
279284 if (AuthorityChecker .SUPER_USER_ID == auditEntity .getUserId ()) {
280285 // the superuser can alter anyone
281- ITableAuthCheckerImpl .recordAuditLog (auditEntity .setResult (true ), statement ::getUserName );
286+ DNAuditLogger .getInstance ()
287+ .recordAuditLog (auditEntity .setResult (true ), statement ::getUserName );
282288 return ;
283289 }
284290 authChecker .checkGlobalPrivilege (userName , TableModelPrivilege .MANAGE_USER , auditEntity );
@@ -287,14 +293,16 @@ public void checkUserCanRunRelationalAuthorStatement(
287293 auditEntity .setAuditLogOperation (AuditLogOperation .QUERY );
288294 if (statement .getUserName ().equals (userName )) {
289295 // No need any privilege to list him/herself
290- ITableAuthCheckerImpl .recordAuditLog (auditEntity .setResult (true ), statement ::getUserName );
296+ DNAuditLogger .getInstance ()
297+ .recordAuditLog (auditEntity .setResult (true ), statement ::getUserName );
291298 return ;
292299 }
293300 // Require SECURITY privilege to list other users' privileges
294301 if (AuthorityChecker .SUPER_USER_ID == auditEntity .getUserId ()) {
295- ITableAuthCheckerImpl .recordAuditLog (
296- auditEntity .setPrivilegeType (PrivilegeType .SECURITY ).setResult (true ),
297- statement ::getUserName );
302+ DNAuditLogger .getInstance ()
303+ .recordAuditLog (
304+ auditEntity .setPrivilegeType (PrivilegeType .SECURITY ).setResult (true ),
305+ statement ::getUserName );
298306 return ;
299307 }
300308 authChecker .checkGlobalPrivilege (userName , TableModelPrivilege .MANAGE_USER , auditEntity );
@@ -304,11 +312,12 @@ public void checkUserCanRunRelationalAuthorStatement(
304312 if (!hasGlobalPrivilege (auditEntity , PrivilegeType .MANAGE_USER )) {
305313 // No need to check privilege to list himself/herself
306314 statement .setUserName (userName );
307- ITableAuthCheckerImpl .recordAuditLog (auditEntity , statement ::getUserName );
315+ DNAuditLogger . getInstance () .recordAuditLog (auditEntity , statement ::getUserName );
308316 } else {
309317 // Require SECURITY privilege to list other users
310- ITableAuthCheckerImpl .recordAuditLog (
311- auditEntity .setPrivilegeType (PrivilegeType .SECURITY ), statement ::getUserName );
318+ DNAuditLogger .getInstance ()
319+ .recordAuditLog (
320+ auditEntity .setPrivilegeType (PrivilegeType .SECURITY ), statement ::getUserName );
312321 }
313322 return ;
314323 case CREATE_ROLE :
@@ -317,7 +326,8 @@ public void checkUserCanRunRelationalAuthorStatement(
317326 .setAuditLogOperation (AuditLogOperation .DDL )
318327 .setPrivilegeType (PrivilegeType .SECURITY );
319328 if (AuthorityChecker .SUPER_USER_ID == auditEntity .getUserId ()) {
320- ITableAuthCheckerImpl .recordAuditLog (auditEntity .setResult (true ), statement ::getRoleName );
329+ DNAuditLogger .getInstance ()
330+ .recordAuditLog (auditEntity .setResult (true ), statement ::getRoleName );
321331 return ;
322332 }
323333 authChecker .checkGlobalPrivilege (userName , TableModelPrivilege .MANAGE_ROLE , auditEntity );
@@ -328,9 +338,10 @@ public void checkUserCanRunRelationalAuthorStatement(
328338 .setAuditLogOperation (AuditLogOperation .DDL )
329339 .setPrivilegeType (PrivilegeType .SECURITY );
330340 if (AuthorityChecker .SUPER_USER_ID == auditEntity .getUserId ()) {
331- ITableAuthCheckerImpl .recordAuditLog (
332- auditEntity .setResult (true ),
333- () -> "user: " + statement .getUserName () + ", role: " + statement .getRoleName ());
341+ DNAuditLogger .getInstance ()
342+ .recordAuditLog (
343+ auditEntity .setResult (true ),
344+ () -> "user: " + statement .getUserName () + ", role: " + statement .getRoleName ());
334345 return ;
335346 }
336347 authChecker .checkGlobalPrivilege (userName , TableModelPrivilege .MANAGE_ROLE , auditEntity );
@@ -345,26 +356,30 @@ public void checkUserCanRunRelationalAuthorStatement(
345356 if (!hasGlobalPrivilege (auditEntity , PrivilegeType .MANAGE_ROLE )) {
346357 // No need to check privilege to list his/hers own role
347358 statement .setUserName (userName );
348- ITableAuthCheckerImpl .recordAuditLog (auditEntity .setResult (true ), statement ::getRoleName );
359+ DNAuditLogger .getInstance ()
360+ .recordAuditLog (auditEntity .setResult (true ), statement ::getRoleName );
349361 } else {
350362 // Require SECURITY privilege to list all roles
351- ITableAuthCheckerImpl .recordAuditLog (
352- auditEntity .setPrivilegeType (PrivilegeType .SECURITY ).setResult (true ),
353- statement ::getRoleName );
363+ DNAuditLogger .getInstance ()
364+ .recordAuditLog (
365+ auditEntity .setPrivilegeType (PrivilegeType .SECURITY ).setResult (true ),
366+ statement ::getRoleName );
354367 }
355368 return ;
356369 case LIST_ROLE_PRIV :
357370 auditEntity .setAuditLogOperation (AuditLogOperation .QUERY );
358371 if (AuthorityChecker .checkRole (userName , statement .getRoleName ())) {
359372 // No need any privilege to list his/hers own role
360- ITableAuthCheckerImpl .recordAuditLog (auditEntity .setResult (true ), statement ::getRoleName );
373+ DNAuditLogger .getInstance ()
374+ .recordAuditLog (auditEntity .setResult (true ), statement ::getRoleName );
361375 return ;
362376 }
363377 // Require SECURITY privilege to list other roles' privileges
364378 if (AuthorityChecker .SUPER_USER_ID == auditEntity .getUserId ()) {
365- ITableAuthCheckerImpl .recordAuditLog (
366- auditEntity .setPrivilegeType (PrivilegeType .SECURITY ).setResult (true ),
367- statement ::getRoleName );
379+ DNAuditLogger .getInstance ()
380+ .recordAuditLog (
381+ auditEntity .setPrivilegeType (PrivilegeType .SECURITY ).setResult (true ),
382+ statement ::getRoleName );
368383 return ;
369384 }
370385 authChecker .checkGlobalPrivilege (userName , TableModelPrivilege .MANAGE_ROLE , auditEntity );
@@ -378,8 +393,10 @@ public void checkUserCanRunRelationalAuthorStatement(
378393 .setPrivilegeType (PrivilegeType .SECURITY )
379394 .setDatabase (statement .getDatabase ());
380395 if (hasGlobalPrivilege (auditEntity , PrivilegeType .SECURITY )) {
381- ITableAuthCheckerImpl .recordAuditLog (
382- auditEntity .setResult (true ), () -> statement .getUserName () + statement .getRoleName ());
396+ DNAuditLogger .getInstance ()
397+ .recordAuditLog (
398+ auditEntity .setResult (true ),
399+ () -> statement .getUserName () + statement .getRoleName ());
383400 return ;
384401 }
385402 for (PrivilegeType privilegeType : statement .getPrivilegeTypes ()) {
@@ -396,8 +413,10 @@ public void checkUserCanRunRelationalAuthorStatement(
396413 .setPrivilegeType (PrivilegeType .SECURITY )
397414 .setDatabase (statement .getDatabase ());
398415 if (hasGlobalPrivilege (auditEntity , PrivilegeType .SECURITY )) {
399- ITableAuthCheckerImpl .recordAuditLog (
400- auditEntity .setResult (true ), () -> statement .getUserName () + statement .getRoleName ());
416+ DNAuditLogger .getInstance ()
417+ .recordAuditLog (
418+ auditEntity .setResult (true ),
419+ () -> statement .getUserName () + statement .getRoleName ());
401420 return ;
402421 }
403422 for (TableModelPrivilege privilege : TableModelPrivilege .values ()) {
@@ -419,8 +438,10 @@ public void checkUserCanRunRelationalAuthorStatement(
419438 .setPrivilegeType (PrivilegeType .SECURITY )
420439 .setDatabase (statement .getDatabase ());
421440 if (hasGlobalPrivilege (auditEntity , PrivilegeType .SECURITY )) {
422- ITableAuthCheckerImpl .recordAuditLog (
423- auditEntity .setResult (true ), () -> statement .getUserName () + statement .getRoleName ());
441+ DNAuditLogger .getInstance ()
442+ .recordAuditLog (
443+ auditEntity .setResult (true ),
444+ () -> statement .getUserName () + statement .getRoleName ());
424445 return ;
425446 }
426447 for (PrivilegeType privilegeType : statement .getPrivilegeTypes ()) {
@@ -440,8 +461,10 @@ public void checkUserCanRunRelationalAuthorStatement(
440461 .setPrivilegeType (PrivilegeType .SECURITY )
441462 .setDatabase (statement .getDatabase ());
442463 if (hasGlobalPrivilege (auditEntity , PrivilegeType .SECURITY )) {
443- ITableAuthCheckerImpl .recordAuditLog (
444- auditEntity .setResult (true ), () -> statement .getUserName () + statement .getRoleName ());
464+ DNAuditLogger .getInstance ()
465+ .recordAuditLog (
466+ auditEntity .setResult (true ),
467+ () -> statement .getUserName () + statement .getRoleName ());
445468 return ;
446469 }
447470 for (PrivilegeType privilegeType : statement .getPrivilegeTypes ()) {
@@ -462,8 +485,10 @@ public void checkUserCanRunRelationalAuthorStatement(
462485 .setAuditLogOperation (AuditLogOperation .DDL )
463486 .setPrivilegeType (PrivilegeType .SECURITY );
464487 if (hasGlobalPrivilege (auditEntity , PrivilegeType .SECURITY )) {
465- ITableAuthCheckerImpl .recordAuditLog (
466- auditEntity .setResult (true ), () -> statement .getUserName () + statement .getRoleName ());
488+ DNAuditLogger .getInstance ()
489+ .recordAuditLog (
490+ auditEntity .setResult (true ),
491+ () -> statement .getUserName () + statement .getRoleName ());
467492 return ;
468493 }
469494 for (PrivilegeType privilegeType : statement .getPrivilegeTypes ()) {
@@ -545,12 +570,13 @@ public TSStatus checkCanAlterTemplate(IAuditEntity entity, Supplier<String> audi
545570 public TSStatus checkCanAlterView (
546571 IAuditEntity entity , List <PartialPath > sourcePaths , List <PartialPath > targetPaths ) {
547572 if (AuthorityChecker .SUPER_USER_ID == entity .getUserId ()) {
548- ITableAuthCheckerImpl .recordAuditLog (
549- entity
550- .setPrivilegeTypes (
551- Arrays .asList (PrivilegeType .READ_SCHEMA , PrivilegeType .WRITE_SCHEMA ))
552- .setResult (true ),
553- () -> "source: " + sourcePaths + ", target: " + targetPaths );
573+ DNAuditLogger .getInstance ()
574+ .recordAuditLog (
575+ entity
576+ .setPrivilegeTypes (
577+ Arrays .asList (PrivilegeType .READ_SCHEMA , PrivilegeType .WRITE_SCHEMA ))
578+ .setResult (true ),
579+ () -> "source: " + sourcePaths + ", target: " + targetPaths );
554580 return SUCCEED ;
555581 }
556582 TSStatus status = new TSStatus (TSStatusCode .SUCCESS_STATUS .getStatusCode ());
0 commit comments