You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by ee...@apache.org on 2011/02/26 06:20:06 UTC

svn commit: r1074795 - /cassandra/trunk/src/java/org/apache/cassandra/cql/QueryProcessor.java

Author: eevans
Date: Sat Feb 26 05:20:06 2011
New Revision: 1074795

URL: http://svn.apache.org/viewvc?rev=1074795&view=rev
Log:
apply authorization to queries

Patch by eevans for CASSANDRA-1708

Modified:
    cassandra/trunk/src/java/org/apache/cassandra/cql/QueryProcessor.java

Modified: cassandra/trunk/src/java/org/apache/cassandra/cql/QueryProcessor.java
URL: http://svn.apache.org/viewvc/cassandra/trunk/src/java/org/apache/cassandra/cql/QueryProcessor.java?rev=1074795&r1=1074794&r2=1074795&view=diff
==============================================================================
--- cassandra/trunk/src/java/org/apache/cassandra/cql/QueryProcessor.java (original)
+++ cassandra/trunk/src/java/org/apache/cassandra/cql/QueryProcessor.java Sat Feb 26 05:20:06 2011
@@ -33,6 +33,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import org.antlr.runtime.*;
+import org.apache.cassandra.auth.Permission;
 import org.apache.cassandra.concurrent.Stage;
 import org.apache.cassandra.concurrent.StageManager;
 import org.apache.cassandra.config.CFMetaData;
@@ -199,13 +200,22 @@ public class QueryProcessor
         return rows;
     }
     
-    private static void batchUpdate(String keyspace, List<UpdateStatement> updateStatements, ConsistencyLevel consistency)
+    private static void batchUpdate(ClientState clientState, List<UpdateStatement> updateStatements, ConsistencyLevel consistency)
     throws InvalidRequestException, UnavailableException, TimedOutException
     {
+        String keyspace = clientState.getKeyspace();
         List<RowMutation> rowMutations = new ArrayList<RowMutation>();
+        List<String> cfamsSeen = new ArrayList<String>();
 
         for (UpdateStatement update : updateStatements)
         {
+            // Avoid unnecessary authorizations.
+            if (!(cfamsSeen.contains(update.getColumnFamily())))
+            {
+                clientState.hasColumnFamilyAccess(update.getColumnFamily(), Permission.WRITE);
+                cfamsSeen.add(update.getColumnFamily());
+            }
+            
             ByteBuffer key = update.getKey().getByteBuffer();
             validateKey(key);
             validateColumnFamily(keyspace, update.getColumnFamily());
@@ -396,6 +406,7 @@ public class QueryProcessor
         {
             case SELECT:
                 SelectStatement select = (SelectStatement)statement.statement;
+                clientState.hasColumnFamilyAccess(select.getColumnFamily(), Permission.READ);
                 validateColumnFamily(keyspace, select.getColumnFamily());
                 validateSelect(keyspace, select);
                 
@@ -468,7 +479,7 @@ public class QueryProcessor
                 
             case UPDATE:
                 UpdateStatement update = (UpdateStatement)statement.statement;
-                batchUpdate(keyspace, Collections.singletonList(update), update.getConsistencyLevel());
+                batchUpdate(clientState, Collections.singletonList(update), update.getConsistencyLevel());
                 avroResult.type = CqlResultType.VOID;
                 return avroResult;
                 
@@ -480,7 +491,7 @@ public class QueryProcessor
                         throw new InvalidRequestException(
                                 "Consistency level must be set on the BATCH, not individual UPDATE statements");
                 
-                batchUpdate(keyspace, batch.getUpdates(), batch.getConsistencyLevel());
+                batchUpdate(clientState, batch.getUpdates(), batch.getConsistencyLevel());
                 avroResult.type = CqlResultType.VOID;
                 return avroResult;
                 
@@ -492,6 +503,7 @@ public class QueryProcessor
             
             case TRUNCATE:
                 String columnFamily = (String)statement.statement;
+                clientState.hasColumnFamilyAccess(columnFamily, Permission.WRITE);
                 
                 try
                 {
@@ -511,6 +523,7 @@ public class QueryProcessor
             
             case DELETE:
                 DeleteStatement delete = (DeleteStatement)statement.statement;
+                clientState.hasColumnFamilyAccess(delete.getColumnFamily(), Permission.WRITE);
                 
                 List<RowMutation> rowMutations = new ArrayList<RowMutation>();
                 for (Term key : delete.getKeys())
@@ -545,6 +558,7 @@ public class QueryProcessor
             case CREATE_KEYSPACE:
                 CreateKeyspaceStatement create = (CreateKeyspaceStatement)statement.statement;
                 create.validate();
+                clientState.hasKeyspaceListAccess(Permission.WRITE);
                 
                 try
                 {
@@ -572,6 +586,7 @@ public class QueryProcessor
                
             case CREATE_COLUMNFAMILY:
                 CreateColumnFamilyStatement createCf = (CreateColumnFamilyStatement)statement.statement;
+                clientState.hasColumnFamilyListAccess(Permission.WRITE);
                 
                 try
                 {
@@ -595,6 +610,7 @@ public class QueryProcessor
                 
             case CREATE_INDEX:
                 CreateIndexStatement createIdx = (CreateIndexStatement)statement.statement;
+                clientState.hasColumnFamilyListAccess(Permission.WRITE);
                 CFMetaData oldCfm = DatabaseDescriptor.getCFMetaData(CFMetaData.getId(keyspace,
                                                                                       createIdx.getColumnFamily()));
                 if (oldCfm == null)