cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-8849) ListUsersStatement should consider inherited superuser status
Date Tue, 03 Mar 2015 03:07:04 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-8849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14344416#comment-14344416
] 

Aleksey Yeschenko commented on CASSANDRA-8849:
----------------------------------------------

Looks good to me, overall, but some things don't belong to where they are right now:

1. "public static boolean hasSuperuserRole(RoleResource role)" does not belong to AuthenticatedUser.
Should move to a separate Roles helper class (like we did w/ Resources)
2. even though not introduced in this patch, "private static Set<RoleResource> getRoles(RoleResource
role)" also doesn't belong to AuthenticatedUser, and should also be moved to Roles
3. loadRoles/initRolesCache should probably go the way of PermissionsCache and get a separate
class (RolesCache).
4. "public static Set<Permission> getPermissions(AuthenticatedUser user, IResource resource)"
should not be static

Additionally, a dtest would be nice to have.

> ListUsersStatement should consider inherited superuser status
> -------------------------------------------------------------
>
>                 Key: CASSANDRA-8849
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8849
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Sam Tunnicliffe
>            Assignee: Sam Tunnicliffe
>            Priority: Minor
>             Fix For: 3.0
>
>         Attachments: 8849.txt
>
>
> When introducing roles in CASSANDRA-7653, we retained {{LIST USERS}} support for backwards
compatibility. However, the {{super}} column in its results is derived from {{IRoleManager#isSuper}}
which only returns the superuser status for the named role and doesn't consider any other
roles granted to it. 
> {{LIST USERS}} then incorrectly shows a role which does not directly have superuser status,
but which inherits it as not-a-superuser.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message