Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BA4BD200C3F for ; Wed, 8 Mar 2017 01:23:18 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id B8D53160B89; Wed, 8 Mar 2017 00:23:18 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0DCEA160B85 for ; Wed, 8 Mar 2017 01:23:17 +0100 (CET) Received: (qmail 98491 invoked by uid 500); 8 Mar 2017 00:23:16 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 98066 invoked by uid 99); 8 Mar 2017 00:23:16 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Mar 2017 00:23:16 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 5068EDFF41; Wed, 8 Mar 2017 00:23:16 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: aleksey@apache.org To: commits@cassandra.apache.org Date: Wed, 08 Mar 2017 00:23:19 -0000 Message-Id: <554d585359e043f3aa3ddf3b9e561e30@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [04/10] cassandra git commit: Fix GRANT/REVOKE when keyspace isn't specified archived-at: Wed, 08 Mar 2017 00:23:18 -0000 Fix GRANT/REVOKE when keyspace isn't specified patch by Aleksey Yeschenko; reviewed by Sam Tunnicliffe for CASSANDRA-13053 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/e4be2d06 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/e4be2d06 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/e4be2d06 Branch: refs/heads/trunk Commit: e4be2d06b756106d7ad31b36b3cc46bc97088064 Parents: 44fefef Author: Aleksey Yeschenko Authored: Tue Feb 28 18:23:00 2017 +0000 Committer: Aleksey Yeschenko Committed: Wed Mar 8 00:16:10 2017 +0000 ---------------------------------------------------------------------- CHANGES.txt | 2 ++ .../cql3/statements/PermissionsManagementStatement.java | 5 +++++ 2 files changed, 7 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/e4be2d06/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index ca1aa27..0982de9 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 2.2.10 + * Fix GRANT/REVOKE when keyspace isn't specified (CASSANDRA-13053) * Avoid race on receiver by starting streaming sender thread after sending init message (CASSANDRA-12886) * Fix "multiple versions of ant detected..." when running ant test (CASSANDRA-13232) * Coalescing strategy sleeps too much (CASSANDRA-13090) @@ -11,6 +12,7 @@ Merged from 2.1: * Remove unused repositories (CASSANDRA-13278) * Log stacktrace of uncaught exceptions (CASSANDRA-13108) + 2.2.9 * Fix negative mean latency metric (CASSANDRA-12876) * Use only one file pointer when creating commitlog segments (CASSANDRA-12539) http://git-wip-us.apache.org/repos/asf/cassandra/blob/e4be2d06/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java b/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java index b22e400..56a2f26 100644 --- a/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java @@ -50,6 +50,7 @@ public abstract class PermissionsManagementStatement extends AuthorizationStatem throw new InvalidRequestException(String.format("Role %s doesn't exist", grantee.getRoleName())); // if a keyspace is omitted when GRANT/REVOKE ON TABLE , we need to correct the resource. + // called both here and in checkAccess(), as in some cases we do not call the latter. resource = maybeCorrectResource(resource, state); // altering permissions on builtin functions is not supported @@ -65,8 +66,12 @@ public abstract class PermissionsManagementStatement extends AuthorizationStatem public void checkAccess(ClientState state) throws UnauthorizedException { + // if a keyspace is omitted when GRANT/REVOKE ON TABLE
, we need to correct the resource. + resource = maybeCorrectResource(resource, state); + // check that the user has AUTHORIZE permission on the resource or its parents, otherwise reject GRANT/REVOKE. state.ensureHasPermission(Permission.AUTHORIZE, resource); + // check that the user has [a single permission or all in case of ALL] on the resource or its parents. for (Permission p : permissions) state.ensureHasPermission(p, resource);