You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by al...@apache.org on 2013/10/28 13:52:58 UTC
git commit: Require Permission.SELECT for CAS updates
Updated Branches:
refs/heads/cassandra-2.0 f1c052434 -> 46f71866a
Require Permission.SELECT for CAS updates
patch by Aleksey Yeschenko; reviewed by Sylvain Lebresne for
CASSANDRA-6247
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/46f71866
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/46f71866
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/46f71866
Branch: refs/heads/cassandra-2.0
Commit: 46f71866a1dde31d499f7875833210dcb7bf3d04
Parents: f1c0524
Author: Aleksey Yeschenko <al...@apache.org>
Authored: Mon Oct 28 15:52:16 2013 +0300
Committer: Aleksey Yeschenko <al...@apache.org>
Committed: Mon Oct 28 15:52:16 2013 +0300
----------------------------------------------------------------------
CHANGES.txt | 1 +
.../apache/cassandra/cql3/statements/ModificationStatement.java | 4 ++++
src/java/org/apache/cassandra/thrift/CassandraServer.java | 2 ++
3 files changed, 7 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/46f71866/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 55da5d3..0ba6584 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -4,6 +4,7 @@
* Add IRequestSink interface (CASSANDRA-6248)
* Update memtable size while flushing (CASSANDRA-6249)
* Provide hooks around CQL2/CQL3 statement execution (CASSANDRA-6252)
+ * Require Permission.SELECT for CAS updates (CASSANDRA-6247)
2.0.2
http://git-wip-us.apache.org/repos/asf/cassandra/blob/46f71866/src/java/org/apache/cassandra/cql3/statements/ModificationStatement.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/cql3/statements/ModificationStatement.java b/src/java/org/apache/cassandra/cql3/statements/ModificationStatement.java
index 8445633..70bafb4 100644
--- a/src/java/org/apache/cassandra/cql3/statements/ModificationStatement.java
+++ b/src/java/org/apache/cassandra/cql3/statements/ModificationStatement.java
@@ -104,6 +104,10 @@ public abstract class ModificationStatement implements CQLStatement
public void checkAccess(ClientState state) throws InvalidRequestException, UnauthorizedException
{
state.hasColumnFamilyAccess(keyspace(), columnFamily(), Permission.MODIFY);
+
+ // CAS updates can be used to simulate a SELECT query, so should require Permission.SELECT as well.
+ if (hasConditions())
+ state.hasColumnFamilyAccess(keyspace(), columnFamily(), Permission.SELECT);
}
public void validate(ClientState state) throws InvalidRequestException
http://git-wip-us.apache.org/repos/asf/cassandra/blob/46f71866/src/java/org/apache/cassandra/thrift/CassandraServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/CassandraServer.java b/src/java/org/apache/cassandra/thrift/CassandraServer.java
index 8a1bdb5..a8ee93c 100644
--- a/src/java/org/apache/cassandra/thrift/CassandraServer.java
+++ b/src/java/org/apache/cassandra/thrift/CassandraServer.java
@@ -723,6 +723,8 @@ public class CassandraServer implements Cassandra.Iface
ThriftClientState cState = state();
String keyspace = cState.getKeyspace();
cState.hasColumnFamilyAccess(keyspace, column_family, Permission.MODIFY);
+ // CAS updates can be used to simulate a get request, so should require Permission.SELECT.
+ cState.hasColumnFamilyAccess(keyspace, column_family, Permission.SELECT);
CFMetaData metadata = ThriftValidation.validateColumnFamily(keyspace, column_family, false);
ThriftValidation.validateKey(metadata, key);