cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-8849) ListUsersStatement should consider inherited superuser status
Date Tue, 03 Mar 2015 03:07:04 GMT


Aleksey Yeschenko commented on CASSANDRA-8849:

Looks good to me, overall, but some things don't belong to where they are right now:

1. "public static boolean hasSuperuserRole(RoleResource role)" does not belong to AuthenticatedUser.
Should move to a separate Roles helper class (like we did w/ Resources)
2. even though not introduced in this patch, "private static Set<RoleResource> getRoles(RoleResource
role)" also doesn't belong to AuthenticatedUser, and should also be moved to Roles
3. loadRoles/initRolesCache should probably go the way of PermissionsCache and get a separate
class (RolesCache).
4. "public static Set<Permission> getPermissions(AuthenticatedUser user, IResource resource)"
should not be static

Additionally, a dtest would be nice to have.

> ListUsersStatement should consider inherited superuser status
> -------------------------------------------------------------
>                 Key: CASSANDRA-8849
>                 URL:
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Sam Tunnicliffe
>            Assignee: Sam Tunnicliffe
>            Priority: Minor
>             Fix For: 3.0
>         Attachments: 8849.txt
> When introducing roles in CASSANDRA-7653, we retained {{LIST USERS}} support for backwards
compatibility. However, the {{super}} column in its results is derived from {{IRoleManager#isSuper}}
which only returns the superuser status for the named role and doesn't consider any other
roles granted to it. 
> {{LIST USERS}} then incorrectly shows a role which does not directly have superuser status,
but which inherits it as not-a-superuser.

This message was sent by Atlassian JIRA

View raw message