You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by al...@apache.org on 2017/03/08 00:23:17 UTC
[02/10] cassandra git commit: Fix GRANT/REVOKE when keyspace isn't
specified
Fix GRANT/REVOKE when keyspace isn't specified
patch by Aleksey Yeschenko; reviewed by Sam Tunnicliffe for
CASSANDRA-13053
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/e4be2d06
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/e4be2d06
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/e4be2d06
Branch: refs/heads/cassandra-3.0
Commit: e4be2d06b756106d7ad31b36b3cc46bc97088064
Parents: 44fefef
Author: Aleksey Yeschenko <al...@apache.org>
Authored: Tue Feb 28 18:23:00 2017 +0000
Committer: Aleksey Yeschenko <al...@apache.org>
Committed: Wed Mar 8 00:16:10 2017 +0000
----------------------------------------------------------------------
CHANGES.txt | 2 ++
.../cql3/statements/PermissionsManagementStatement.java | 5 +++++
2 files changed, 7 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/e4be2d06/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index ca1aa27..0982de9 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
2.2.10
+ * Fix GRANT/REVOKE when keyspace isn't specified (CASSANDRA-13053)
* Avoid race on receiver by starting streaming sender thread after sending init message (CASSANDRA-12886)
* Fix "multiple versions of ant detected..." when running ant test (CASSANDRA-13232)
* Coalescing strategy sleeps too much (CASSANDRA-13090)
@@ -11,6 +12,7 @@ Merged from 2.1:
* Remove unused repositories (CASSANDRA-13278)
* Log stacktrace of uncaught exceptions (CASSANDRA-13108)
+
2.2.9
* Fix negative mean latency metric (CASSANDRA-12876)
* Use only one file pointer when creating commitlog segments (CASSANDRA-12539)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/e4be2d06/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java b/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java
index b22e400..56a2f26 100644
--- a/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java
+++ b/src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java
@@ -50,6 +50,7 @@ public abstract class PermissionsManagementStatement extends AuthorizationStatem
throw new InvalidRequestException(String.format("Role %s doesn't exist", grantee.getRoleName()));
// if a keyspace is omitted when GRANT/REVOKE ON TABLE <table>, we need to correct the resource.
+ // called both here and in checkAccess(), as in some cases we do not call the latter.
resource = maybeCorrectResource(resource, state);
// altering permissions on builtin functions is not supported
@@ -65,8 +66,12 @@ public abstract class PermissionsManagementStatement extends AuthorizationStatem
public void checkAccess(ClientState state) throws UnauthorizedException
{
+ // if a keyspace is omitted when GRANT/REVOKE ON TABLE <table>, we need to correct the resource.
+ resource = maybeCorrectResource(resource, state);
+
// check that the user has AUTHORIZE permission on the resource or its parents, otherwise reject GRANT/REVOKE.
state.ensureHasPermission(Permission.AUTHORIZE, resource);
+
// check that the user has [a single permission or all in case of ALL] on the resource or its parents.
for (Permission p : permissions)
state.ensureHasPermission(p, resource);