cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alek...@apache.org
Subject git commit: Require Permission.SELECT for CAS updates
Date Mon, 28 Oct 2013 12:52:58 GMT
Updated Branches:
  refs/heads/cassandra-2.0 f1c052434 -> 46f71866a


Require Permission.SELECT for CAS updates

patch by Aleksey Yeschenko; reviewed by Sylvain Lebresne for
CASSANDRA-6247


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/46f71866
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/46f71866
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/46f71866

Branch: refs/heads/cassandra-2.0
Commit: 46f71866a1dde31d499f7875833210dcb7bf3d04
Parents: f1c0524
Author: Aleksey Yeschenko <aleksey@apache.org>
Authored: Mon Oct 28 15:52:16 2013 +0300
Committer: Aleksey Yeschenko <aleksey@apache.org>
Committed: Mon Oct 28 15:52:16 2013 +0300

----------------------------------------------------------------------
 CHANGES.txt                                                      | 1 +
 .../apache/cassandra/cql3/statements/ModificationStatement.java  | 4 ++++
 src/java/org/apache/cassandra/thrift/CassandraServer.java        | 2 ++
 3 files changed, 7 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/46f71866/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 55da5d3..0ba6584 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -4,6 +4,7 @@
  * Add IRequestSink interface (CASSANDRA-6248)
  * Update memtable size while flushing (CASSANDRA-6249)
  * Provide hooks around CQL2/CQL3 statement execution (CASSANDRA-6252)
+ * Require Permission.SELECT for CAS updates (CASSANDRA-6247)
 
 
 2.0.2

http://git-wip-us.apache.org/repos/asf/cassandra/blob/46f71866/src/java/org/apache/cassandra/cql3/statements/ModificationStatement.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/cql3/statements/ModificationStatement.java b/src/java/org/apache/cassandra/cql3/statements/ModificationStatement.java
index 8445633..70bafb4 100644
--- a/src/java/org/apache/cassandra/cql3/statements/ModificationStatement.java
+++ b/src/java/org/apache/cassandra/cql3/statements/ModificationStatement.java
@@ -104,6 +104,10 @@ public abstract class ModificationStatement implements CQLStatement
     public void checkAccess(ClientState state) throws InvalidRequestException, UnauthorizedException
     {
         state.hasColumnFamilyAccess(keyspace(), columnFamily(), Permission.MODIFY);
+
+        // CAS updates can be used to simulate a SELECT query, so should require Permission.SELECT
as well.
+        if (hasConditions())
+            state.hasColumnFamilyAccess(keyspace(), columnFamily(), Permission.SELECT);
     }
 
     public void validate(ClientState state) throws InvalidRequestException

http://git-wip-us.apache.org/repos/asf/cassandra/blob/46f71866/src/java/org/apache/cassandra/thrift/CassandraServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/CassandraServer.java b/src/java/org/apache/cassandra/thrift/CassandraServer.java
index 8a1bdb5..a8ee93c 100644
--- a/src/java/org/apache/cassandra/thrift/CassandraServer.java
+++ b/src/java/org/apache/cassandra/thrift/CassandraServer.java
@@ -723,6 +723,8 @@ public class CassandraServer implements Cassandra.Iface
             ThriftClientState cState = state();
             String keyspace = cState.getKeyspace();
             cState.hasColumnFamilyAccess(keyspace, column_family, Permission.MODIFY);
+            // CAS updates can be used to simulate a get request, so should require Permission.SELECT.
+            cState.hasColumnFamilyAccess(keyspace, column_family, Permission.SELECT);
 
             CFMetaData metadata = ThriftValidation.validateColumnFamily(keyspace, column_family,
false);
             ThriftValidation.validateKey(metadata, key);


Mime
View raw message