You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by al...@apache.org on 2015/05/03 21:29:29 UTC
cassandra git commit: DropRoleStatement should only checks su status
for existing roles
Repository: cassandra
Updated Branches:
refs/heads/trunk 0db1431e3 -> 6af82eddf
DropRoleStatement should only checks su status for existing roles
patch by Sam Tunnicliffe; reviewed by Aleksey Yeschenko for
CASSANDRA-9189
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/6af82edd
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/6af82edd
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/6af82edd
Branch: refs/heads/trunk
Commit: 6af82eddff9d2923ff5447120dac432bd0dadae4
Parents: 0db1431
Author: Sam Tunnicliffe <sa...@beobal.com>
Authored: Tue Apr 14 12:37:30 2015 -0500
Committer: Aleksey Yeschenko <al...@apache.org>
Committed: Sun May 3 22:27:30 2015 +0300
----------------------------------------------------------------------
.../apache/cassandra/cql3/statements/DropRoleStatement.java | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/6af82edd/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java b/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java
index ec4bde7..55fa83a 100644
--- a/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java
+++ b/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java
@@ -38,7 +38,12 @@ public class DropRoleStatement extends AuthenticationStatement
public void checkAccess(ClientState state) throws UnauthorizedException
{
super.checkPermission(state, Permission.DROP, role);
- if (Roles.hasSuperuserStatus(role) && !state.getUser().isSuper())
+
+ // We only check superuser status for existing roles to avoid
+ // caching info about roles which don't exist (CASSANDRA-9189)
+ if (DatabaseDescriptor.getRoleManager().isExistingRole(role)
+ && Roles.hasSuperuserStatus(role)
+ && !state.getUser().isSuper())
throw new UnauthorizedException("Only superusers can drop a role with superuser status");
}