db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2893) INSERT and UPDATES succeed when permission has not been granted.
Date Wed, 11 Jul 2007 01:39:04 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12511626
] 

Kathey Marsden commented on DERBY-2893:
---------------------------------------

Looking at the test, we have:

	public void testColumnPrivileges() throws Exception {
		grant("select(c1),update(c3,c2),references(c3,c1,c2)", "s1", "t1", users[4]);
                ,,,,
		assertUpdatePrivilege(false, users[4], "S1", "T1", new String[] {"C2", "C3"});
	}

But if I read the grant statement correctly, the first argument to assertUpdatePrivilege should
be true, because we granted update to c3,c2. 

So, it makes sense why it was failing for Dan on trunk, for me on 10.3, but not why I saw
it pass on trunk with this set to false.  Setting the first argument to true passes the test
on both trunk and 10.3, so I think still we are dealing with a test issue, not a code issue
if my logic that indeed user[4] was granted update permission on C2, and C3.




> INSERT and UPDATES succeed when permission has not been granted.
> ----------------------------------------------------------------
>
>                 Key: DERBY-2893
>                 URL: https://issues.apache.org/jira/browse/DERBY-2893
>             Project: Derby
>          Issue Type: Bug
>          Components: Test
>    Affects Versions: 10.3.0.0, 10.3.1.0, 10.4.0.0
>            Reporter: Daniel John Debrunner
>         Attachments: DERBY-2893_diff.txt
>
>
> GrantRevokeTest had assert methods (assertInsertPrivilege etc.) of the form
> try {
>    s.execute(command)
> } catch (SQLException sqle)
> {
>        if (!hasPrivilege) 
>             assertSQLState("42502", e);
>        else
>              fail(...);
> }
> Note that no fail() assert was in the try portion after the SQL execution. The statement
should not work if hasPrivilege is false, but the test will incorrectly pass if the statement
succeeds. I added fail asserts with revision 552922 like:
> if (!hasPrivilege)
>        fail("expected no INSERT permission on table");
> but these two for INSERT and UPDATE caused the test to fail (about 6 fixtures fail) indicating
that the statement succeeds even if the permission is not granted.
> It could be a test problem but needs some investigation.
> The asserts for assertInsertPrivilege and asserUpdatePrivilege are commented out to stop
the test failing.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message