cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alek...@apache.org
Subject [04/10] cassandra git commit: Fix GRANT/REVOKE when keyspace isn't specified
Date Wed, 08 Mar 2017 00:23:19 GMT
Fix GRANT/REVOKE when keyspace isn't specified

patch by Aleksey Yeschenko; reviewed by Sam Tunnicliffe for
CASSANDRA-13053


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/e4be2d06
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/e4be2d06
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/e4be2d06

Branch: refs/heads/trunk
Commit: e4be2d06b756106d7ad31b36b3cc46bc97088064
Parents: 44fefef
Author: Aleksey Yeschenko <aleksey@apache.org>
Authored: Tue Feb 28 18:23:00 2017 +0000
Committer: Aleksey Yeschenko <aleksey@apache.org>
Committed: Wed Mar 8 00:16:10 2017 +0000

----------------------------------------------------------------------
 CHANGES.txt                                                     | 2 ++
 .../cql3/statements/PermissionsManagementStatement.java         | 5 +++++
 2 files changed, 7 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/e4be2d06/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index ca1aa27..0982de9 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
 2.2.10
+ * Fix GRANT/REVOKE when keyspace isn't specified (CASSANDRA-13053)
  * Avoid race on receiver by starting streaming sender thread after sending init message
(CASSANDRA-12886)
  * Fix "multiple versions of ant detected..." when running ant test (CASSANDRA-13232)
  * Coalescing strategy sleeps too much (CASSANDRA-13090)
@@ -11,6 +12,7 @@ Merged from 2.1:
  * Remove unused repositories (CASSANDRA-13278)
  * Log stacktrace of uncaught exceptions (CASSANDRA-13108)
 
+
 2.2.9
  * Fix negative mean latency metric (CASSANDRA-12876)
  * Use only one file pointer when creating commitlog segments (CASSANDRA-12539)

http://git-wip-us.apache.org/repos/asf/cassandra/blob/e4be2d06/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java
b/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java
index b22e400..56a2f26 100644
--- a/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java
+++ b/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java
@@ -50,6 +50,7 @@ public abstract class PermissionsManagementStatement extends AuthorizationStatem
             throw new InvalidRequestException(String.format("Role %s doesn't exist", grantee.getRoleName()));
 
         // if a keyspace is omitted when GRANT/REVOKE ON TABLE <table>, we need to
correct the resource.
+        // called both here and in checkAccess(), as in some cases we do not call the latter.
         resource = maybeCorrectResource(resource, state);
 
         // altering permissions on builtin functions is not supported
@@ -65,8 +66,12 @@ public abstract class PermissionsManagementStatement extends AuthorizationStatem
 
     public void checkAccess(ClientState state) throws UnauthorizedException
     {
+        // if a keyspace is omitted when GRANT/REVOKE ON TABLE <table>, we need to
correct the resource.
+        resource = maybeCorrectResource(resource, state);
+
         // check that the user has AUTHORIZE permission on the resource or its parents, otherwise
reject GRANT/REVOKE.
         state.ensureHasPermission(Permission.AUTHORIZE, resource);
+
         // check that the user has [a single permission or all in case of ALL] on the resource
or its parents.
         for (Permission p : permissions)
             state.ensureHasPermission(p, resource);


Mime
View raw message