cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From eev...@apache.org
Subject git commit: reenable system ks r/w
Date Fri, 19 Oct 2012 02:23:41 GMT
Updated Branches:
  refs/heads/trunk d55408d97 -> e63a1ae1c


reenable system ks r/w

Patch by Pavel Yaskevich and eevans for CASSANDRA-4664


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/e63a1ae1
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/e63a1ae1
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/e63a1ae1

Branch: refs/heads/trunk
Commit: e63a1ae1c00acf130d33c1e8161f66a194b9bfa4
Parents: d55408d
Author: Eric Evans <eevans@apache.org>
Authored: Thu Oct 18 21:26:48 2012 -0500
Committer: Eric Evans <eevans@apache.org>
Committed: Thu Oct 18 21:26:48 2012 -0500

----------------------------------------------------------------------
 src/java/org/apache/cassandra/auth/Permission.java |    1 +
 .../org/apache/cassandra/service/ClientState.java  |    8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/e63a1ae1/src/java/org/apache/cassandra/auth/Permission.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/Permission.java b/src/java/org/apache/cassandra/auth/Permission.java
index ece8a02..69e2d90 100644
--- a/src/java/org/apache/cassandra/auth/Permission.java
+++ b/src/java/org/apache/cassandra/auth/Permission.java
@@ -48,6 +48,7 @@ public enum Permission
     public static final EnumSet<Permission> ALL = EnumSet.allOf(Permission.class);
     public static final EnumSet<Permission> NONE = EnumSet.noneOf(Permission.class);
     public static final EnumSet<Permission> GRANULAR_PERMISSIONS = EnumSet.range(FULL_ACCESS,
SELECT);
+    public static final EnumSet<Permission> ALLOWED_SYSTEM_ACTIONS = EnumSet.of(DESCRIBE,
UPDATE, DELETE, SELECT);
 
     /**
      * Maps old permissions to the new ones as we want to support old client IAuthority implementations

http://git-wip-us.apache.org/repos/asf/cassandra/blob/e63a1ae1/src/java/org/apache/cassandra/service/ClientState.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/service/ClientState.java b/src/java/org/apache/cassandra/service/ClientState.java
index df0b0a1..554feab 100644
--- a/src/java/org/apache/cassandra/service/ClientState.java
+++ b/src/java/org/apache/cassandra/service/ClientState.java
@@ -179,7 +179,7 @@ public class ClientState
         validateLogin();
         validateKeyspace(keyspace);
 
-        preventSystemKSModification(keyspace, perm);
+        preventSystemKSSchemaModification(keyspace, perm);
 
         resourceClear();
         resource.add(keyspace);
@@ -188,9 +188,9 @@ public class ClientState
         hasAccess(user, perms, perm, resource);
     }
 
-    private void preventSystemKSModification(String keyspace, Permission perm) throws InvalidRequestException
+    private void preventSystemKSSchemaModification(String keyspace, Permission perm) throws
InvalidRequestException
     {
-        if (keyspace.equalsIgnoreCase(Table.SYSTEM_KS) && perm != Permission.SELECT
&& perm != Permission.DESCRIBE)
+        if (keyspace.equalsIgnoreCase(Table.SYSTEM_KS) && !Permission.ALLOWED_SYSTEM_ACTIONS.contains(perm))
             throw new InvalidRequestException("system keyspace is not user-modifiable.");
     }
 
@@ -212,7 +212,7 @@ public class ClientState
         resource.add(keyspace);
 
         if (!internalCall)
-            preventSystemKSModification(keyspace, perm);
+            preventSystemKSSchemaModification(keyspace, perm);
 
         // check if keyspace access is set to Permission.FULL_ACCESS
         // (which means that user has all access on keyspace and it's underlying elements)


Mime
View raw message