database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
a3b7cf484b9b58d483eb468b76bb4fed5c76f480
doris/docs
History
Mingyu Chen a46bf1ada3 [Authorization] Modify the authorization checking logic (#2372) 
**Authorization checking logic**

There are some problems with the current password and permission checking logic. For example:
First, we create a user by:
`create user cmy@"%" identified by "12345";`

And then 'cmy' can login with password '12345' from any hosts.

Second, we create another user by:
`create user cmy@"192.168.%" identified by "abcde";`

Because "192.168.%" has a higher priority in the permission table than "%". So when "cmy" try
to login in by password "12345" from host "192.168.1.1", it should match the second permission
entry, and will be rejected because of invalid password.
But in current implementation, Doris will continue to check password on first entry, than let it pass. So we should change it.

**Permission checking logic**

After a user login, it should has a unique identity which is got from permission table. For example,
when "cmy" from host "192.168.1.1" login, it's identity should be `cmy@"192.168.%"`. And Doris
should use this identity to check other permission, not by using the user's real identity, which is
`cmy@"192.168.1.1"`.

**Black list**
Functionally speaking, Doris only support adding WHITE LIST, which is to allow user to login from
those hosts in the white list. But is some cases, we do need a BLACK LIST function.
Fortunately, by changing the logic described above, we can simulate the effect of the BLACK LIST.

For example, First we add a user by:
`create user cmy@'%' identified by '12345';`

And now user 'cmy' can login from any hosts. and if we don't want 'cmy' to login from host A, we
can add a new user by:
`create user cmy@'A' identified by 'other_passwd';`

Because "A" has a higher priority in the permission table than "%". If 'cmy' try to login from A using password '12345', it will be rejected.
2019-12-06 17:45:56 +08:00
..
documentation
[Authorization] Modify the authorization checking logic (#2372)
2019-12-06 17:45:56 +08:00
resources
Add help doc for debug tool (#2019)
2019-10-20 22:58:03 +08:00
website
Add license header for md files and fix some translation's error (#2137)
2019-11-06 21:35:07 +08:00
Makefile
Merge Help document to documentation (#1586)
2019-08-07 21:31:53 +08:00
readme.md
Add license header for md files and fix some translation's error (#2137)
2019-11-06 21:35:07 +08:00

readme.md

Philosophy

write once, use everywhere

Documentations will be written once, and will be converted to other format according to different application scenarios.

Implementation

         +---------------+
         | Documentation |
         +-------+-------+
                 |
         +-------+-------+
         |  Doc Builder  |
         +-------+-------+
                 |
    +--------------------------------+
    |            |                   |
+---+---+    +---+----+        +-----+----+
|  PDF  |    |  HTML  |  ....  | Help Doc |
+-------+    +--------+        +----------+

Documentation:Text contents which is written by human. And this is the only place for documentation. Doc Builder: Tools that convert documentations to other format, such as PDF, HTML. There could be many tools, and we can use different tools to convert documentation to different formats.

Organization

docs/documentation: Root directory for documentation. And for different languages, there is a root directory for it. For example, docs/documentation/cn is the Chinese documentation's root directory. docs/scripts: Place of Doc Builder. docs/resources: Resources that are referenced in documentation, such as pictures. docs/website: A website for documentations built with Sphinx using a theme provided by Read-the-Docs.

Constraints

  1. All documents are written in Markdown format, and file name is end with ".md".
  2. All documents are started with level 1 title # Title, and should have only one level 1 title.
  3. Names of file and directory are in lowercase letters, and use dashes as separator.
  4. Documentation can be constructed as a directory or a single Markdown file, these two formats equal with each other in logical. Relationship is represented by parent-child directory in directory format, and by title level in file format. It is recommended to use directory format to manage a large documentation, because it is easy to maintain.
  5. A directory corresponds to a title, and readme.md in this directory is its content. Other documents in this directory is its sub-sections.
  6. For manual like section, such as function description, there should be Description, Syntax, Examples section in documents.

Level Directories

  1. doris-concepts
  2. installing
  3. getting-started
  4. administrator-guide
  5. sql-references
  6. best-practices
  7. internals
  8. community

Each directory, or its sub directories should contain a file index.rst, for constructing the navibar of the website. For example:

documentation/
└── cn
    ├── administrator-guide
    │   ├── index.rst
    │   ├── http-actions
    │   │   └── index.rst
    │   ├── load-data
    │   │   ├── index.rst
    │   ├── operation
    │   │   ├── index.rst
    ├── extending-doris
    │   ├── index.rst
    └── sql-reference
        ├── index.rst
        │   ├── date-time-functions
        │   │   ├── index.rst

Docs Styles

There are some styles need to be followed.

SQL-Statement

Docs under documentation/cn/sql-reference/sql-statements/ must obey the following style

# TITLE(capital)

## description

    The description of this doc. The "## description" must be reserved, with a following empty line.

## keyword

    The keyword of this doc. Usually, this can be the title of this doc.
    The "## keyword" must  be reserved, with a following empty line.