You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by xe...@apache.org on 2012/09/21 12:08:42 UTC

[2/2] git commit: rename permission USE to DESCRIBE patch by Pavel Yaskevich; reviewed by Yuki Morishita for CASSANDRA-4664

rename permission USE to DESCRIBE
patch by Pavel Yaskevich; reviewed by Yuki Morishita for CASSANDRA-4664


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/117d91ae
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/117d91ae
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/117d91ae

Branch: refs/heads/trunk
Commit: 117d91ae2f13b5f6e602c754820973a5ce47d888
Parents: a4c397b
Author: Pavel Yaskevich <xe...@apache.org>
Authored: Fri Sep 21 13:03:42 2012 +0300
Committer: Pavel Yaskevich <xe...@apache.org>
Committed: Fri Sep 21 13:03:42 2012 +0300

----------------------------------------------------------------------
 CHANGES.txt                                        |    1 +
 src/java/org/apache/cassandra/auth/Permission.java |    6 +++---
 .../org/apache/cassandra/service/ClientState.java  |   12 +++++++++---
 .../apache/cassandra/thrift/CassandraServer.java   |    2 +-
 4 files changed, 14 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 65ba88f..b26917b 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -5,6 +5,7 @@
  * Adds offline sstablescrub to debian packaging (CASSANDRA-4642)
  * Automatic fixing of overlapping leveled sstables (CASSANDRA-4644)
  * fix error when using ORDER BY with extended selections (CASSANDRA-4689)
+ * rename permission USE to DESCRIBE (CASSANDRA-4664)
 
 
 1.1.5

http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/src/java/org/apache/cassandra/auth/Permission.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/Permission.java b/src/java/org/apache/cassandra/auth/Permission.java
index 7afb2ff..7518cdd 100644
--- a/src/java/org/apache/cassandra/auth/Permission.java
+++ b/src/java/org/apache/cassandra/auth/Permission.java
@@ -39,7 +39,7 @@ public enum Permission
     NO_ACCESS,
 
     // schema management
-    USE,
+    DESCRIBE,
     CREATE,
     ALTER,
     DROP,
@@ -59,7 +59,7 @@ public enum Permission
      */
     public static final Map<Permission, EnumSet<Permission>> oldToNew = new HashMap<Permission, EnumSet<Permission>>(2)
     {{
-        put(READ,  EnumSet.of(USE, SELECT));
-        put(WRITE, EnumSet.range(USE, DELETE));
+        put(READ,  EnumSet.of(DESCRIBE, SELECT));
+        put(WRITE, EnumSet.range(DESCRIBE, DELETE));
     }};
 }

http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/src/java/org/apache/cassandra/service/ClientState.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/service/ClientState.java b/src/java/org/apache/cassandra/service/ClientState.java
index b7bf7d7..279523f 100644
--- a/src/java/org/apache/cassandra/service/ClientState.java
+++ b/src/java/org/apache/cassandra/service/ClientState.java
@@ -161,9 +161,7 @@ public class ClientState
         validateLogin();
         validateKeyspace(keyspace);
 
-        // hardcode disallowing messing with system keyspace
-        if (keyspace.equalsIgnoreCase(Table.SYSTEM_TABLE) && (perm != Permission.USE))
-            throw new InvalidRequestException("system keyspace is not user-modifiable");
+        preventSystemKSModification(keyspace, perm);
 
         resourceClear();
         resource.add(keyspace);
@@ -172,6 +170,12 @@ public class ClientState
         hasAccess(user, perms, perm, resource);
     }
 
+    private void preventSystemKSModification(String keyspace, Permission perm) throws InvalidRequestException
+    {
+        if (keyspace.equalsIgnoreCase(Table.SYSTEM_TABLE) && perm != Permission.SELECT && perm != Permission.DESCRIBE)
+            throw new InvalidRequestException("system keyspace is not user-modifiable.");
+    }
+
     /**
      * Confirms that the client thread has the given Permission in the context of the given
      * ColumnFamily and the current keyspace.
@@ -189,6 +193,8 @@ public class ClientState
         resourceClear();
         resource.add(keyspace);
 
+        preventSystemKSModification(keyspace, perm);
+
         // check if keyspace access is set to Permission.FULL_ACCESS
         // (which means that user has all access on keyspace and it's underlying elements)
         if (DatabaseDescriptor.getAuthority().authorize(user, resource).contains(Permission.FULL_ACCESS))

http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/src/java/org/apache/cassandra/thrift/CassandraServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/CassandraServer.java b/src/java/org/apache/cassandra/thrift/CassandraServer.java
index ea2465e..a11472c 100644
--- a/src/java/org/apache/cassandra/thrift/CassandraServer.java
+++ b/src/java/org/apache/cassandra/thrift/CassandraServer.java
@@ -646,7 +646,7 @@ public class CassandraServer implements Cassandra.Iface
 
     public KsDef describe_keyspace(String table) throws NotFoundException, InvalidRequestException
     {
-        state().hasKeyspaceAccess(table, Permission.USE);
+        state().hasKeyspaceAccess(table, Permission.DESCRIBE);
 
         KSMetaData ksm = Schema.instance.getTableDefinition(table);
         if (ksm == null)