You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by xe...@apache.org on 2012/09/21 12:08:42 UTC
[2/2] git commit: rename permission USE to DESCRIBE patch by Pavel
Yaskevich; reviewed by Yuki Morishita for CASSANDRA-4664
rename permission USE to DESCRIBE
patch by Pavel Yaskevich; reviewed by Yuki Morishita for CASSANDRA-4664
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/117d91ae
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/117d91ae
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/117d91ae
Branch: refs/heads/trunk
Commit: 117d91ae2f13b5f6e602c754820973a5ce47d888
Parents: a4c397b
Author: Pavel Yaskevich <xe...@apache.org>
Authored: Fri Sep 21 13:03:42 2012 +0300
Committer: Pavel Yaskevich <xe...@apache.org>
Committed: Fri Sep 21 13:03:42 2012 +0300
----------------------------------------------------------------------
CHANGES.txt | 1 +
src/java/org/apache/cassandra/auth/Permission.java | 6 +++---
.../org/apache/cassandra/service/ClientState.java | 12 +++++++++---
.../apache/cassandra/thrift/CassandraServer.java | 2 +-
4 files changed, 14 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 65ba88f..b26917b 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -5,6 +5,7 @@
* Adds offline sstablescrub to debian packaging (CASSANDRA-4642)
* Automatic fixing of overlapping leveled sstables (CASSANDRA-4644)
* fix error when using ORDER BY with extended selections (CASSANDRA-4689)
+ * rename permission USE to DESCRIBE (CASSANDRA-4664)
1.1.5
http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/src/java/org/apache/cassandra/auth/Permission.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/Permission.java b/src/java/org/apache/cassandra/auth/Permission.java
index 7afb2ff..7518cdd 100644
--- a/src/java/org/apache/cassandra/auth/Permission.java
+++ b/src/java/org/apache/cassandra/auth/Permission.java
@@ -39,7 +39,7 @@ public enum Permission
NO_ACCESS,
// schema management
- USE,
+ DESCRIBE,
CREATE,
ALTER,
DROP,
@@ -59,7 +59,7 @@ public enum Permission
*/
public static final Map<Permission, EnumSet<Permission>> oldToNew = new HashMap<Permission, EnumSet<Permission>>(2)
{{
- put(READ, EnumSet.of(USE, SELECT));
- put(WRITE, EnumSet.range(USE, DELETE));
+ put(READ, EnumSet.of(DESCRIBE, SELECT));
+ put(WRITE, EnumSet.range(DESCRIBE, DELETE));
}};
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/src/java/org/apache/cassandra/service/ClientState.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/service/ClientState.java b/src/java/org/apache/cassandra/service/ClientState.java
index b7bf7d7..279523f 100644
--- a/src/java/org/apache/cassandra/service/ClientState.java
+++ b/src/java/org/apache/cassandra/service/ClientState.java
@@ -161,9 +161,7 @@ public class ClientState
validateLogin();
validateKeyspace(keyspace);
- // hardcode disallowing messing with system keyspace
- if (keyspace.equalsIgnoreCase(Table.SYSTEM_TABLE) && (perm != Permission.USE))
- throw new InvalidRequestException("system keyspace is not user-modifiable");
+ preventSystemKSModification(keyspace, perm);
resourceClear();
resource.add(keyspace);
@@ -172,6 +170,12 @@ public class ClientState
hasAccess(user, perms, perm, resource);
}
+ private void preventSystemKSModification(String keyspace, Permission perm) throws InvalidRequestException
+ {
+ if (keyspace.equalsIgnoreCase(Table.SYSTEM_TABLE) && perm != Permission.SELECT && perm != Permission.DESCRIBE)
+ throw new InvalidRequestException("system keyspace is not user-modifiable.");
+ }
+
/**
* Confirms that the client thread has the given Permission in the context of the given
* ColumnFamily and the current keyspace.
@@ -189,6 +193,8 @@ public class ClientState
resourceClear();
resource.add(keyspace);
+ preventSystemKSModification(keyspace, perm);
+
// check if keyspace access is set to Permission.FULL_ACCESS
// (which means that user has all access on keyspace and it's underlying elements)
if (DatabaseDescriptor.getAuthority().authorize(user, resource).contains(Permission.FULL_ACCESS))
http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/src/java/org/apache/cassandra/thrift/CassandraServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/CassandraServer.java b/src/java/org/apache/cassandra/thrift/CassandraServer.java
index ea2465e..a11472c 100644
--- a/src/java/org/apache/cassandra/thrift/CassandraServer.java
+++ b/src/java/org/apache/cassandra/thrift/CassandraServer.java
@@ -646,7 +646,7 @@ public class CassandraServer implements Cassandra.Iface
public KsDef describe_keyspace(String table) throws NotFoundException, InvalidRequestException
{
- state().hasKeyspaceAccess(table, Permission.USE);
+ state().hasKeyspaceAccess(table, Permission.DESCRIBE);
KSMetaData ksm = Schema.instance.getTableDefinition(table);
if (ksm == null)