[PATCH v2 3/4] Add single object privilege checks to access_check_ddl.
Serge Petrenko
sergepetrenko at tarantool.org
Thu Aug 23 10:51:29 MSK 2018
> 22 авг. 2018 г., в 19:47, Vladimir Davydov <vdavydov.dev at gmail.com> написал(а):
>
>>
>> +---
>> +- true
>> +...
>> +-- fixme: cannot grant create on a single space
>> +-- this is because when checking for create
>> +-- access_check_ddl ignores space privileges,
>
> Please don't use code function names in tests - if they change (and they
> can), it'll be difficult to understand what this test is about.
Sorry, fixed.
>
>> +-- assuming that there is no space yet.
>
> I thought you fixed that in v2 by dropping PRIV_C check from
> access_check_ddl, no?
Yes. This was fixed in v2, sorry. Changed the test accordingly.
I also rebased the patch on top of 1.10 and pushed it on a separate branch, since previous 2 patches
are already pushed to 1.10 and we decided not to push the fourth patch yet.
The branch is https://github.com/tarantool/tarantool/tree/sergepetrenko/gh-3530-object-access-checks
Here’s everything that's changed:
diff --git a/test/box/access.result b/test/box/access.result
index 4f0607471..933564a2b 100644
--- a/test/box/access.result
+++ b/test/box/access.result
@@ -1906,11 +1906,7 @@ box.space.space1.index[0] == nil
---
- true
...
--- fixme: cannot grant create on a single space
--- this is because when checking for create
--- access_check_ddl ignores space privileges,
--- assuming that there is no space yet.
-box.schema.user.grant("test", "create", "space")
+box.schema.user.grant("test", "create", "space", "space1")
---
...
box.session.su("test")
diff --git a/test/box/access.test.lua b/test/box/access.test.lua
index d3e2aab98..b252b4bd9 100644
--- a/test/box/access.test.lua
+++ b/test/box/access.test.lua
@@ -740,11 +740,7 @@ box.session.su("test")
box.space.space1:create_index("pk")
box.session.su("admin")
box.space.space1.index[0] == nil
--- fixme: cannot grant create on a single space
--- this is because when checking for create
--- access_check_ddl ignores space privileges,
--- assuming that there is no space yet.
-box.schema.user.grant("test", "create", "space")
+box.schema.user.grant("test", "create", "space", "space1")
box.session.su("test")
_ = box.space.space1:create_index("pk")
box.space.space1:insert{5}
More information about the Tarantool-patches
mailing list