[tarantool-patches] [PATCH 2/4] Add entities user, role to access control.
Vladimir Davydov
vdavydov.dev at gmail.com
Wed Aug 22 15:53:38 MSK 2018
On Mon, Aug 20, 2018 at 11:10:06AM +0300, Serge Petrenko wrote:
> diff --git a/test/box/access.test.lua b/test/box/access.test.lua
> index 9ae0e1114..9b7510e64 100644
> --- a/test/box/access.test.lua
> +++ b/test/box/access.test.lua
> @@ -341,8 +341,7 @@ c:close()
> session = box.session
> box.schema.user.create('test')
> box.schema.user.grant('test', 'read', 'space', '_collation')
> ---box.schema.user.grant('test', 'write', 'space', '_collation')
> --- FIXME: granting create on 'collation' only doesn't work
> +
Hmm, why? I don't understand how this change is connected to this patch.
> box.schema.user.grant('test', 'create', 'universe')
> session.su('test')
> box.internal.collation.create('test', 'ICU', 'ru_RU')
> @@ -538,14 +537,10 @@ box.session.su("admin")
> -- tables from ddl
> --
> box.schema.user.grant('tester', 'write', 'universe')
> --- no entity user currently, so have to grant create
> --- on universe in order to create a user.
> -box.schema.user.grant('tester', 'create', 'universe')
> --- this should work instead:
> ---box.schema.user.grant('tester', 'create', 'user')
> ---box.schema.user.grant('tester', 'create', 'space')
> ---box.schema.user.grant('tester', 'create', 'function')
> ---box.schema.user.grant('tester', 'create' , 'sequence')
> +box.schema.user.grant('tester', 'create', 'user')
> +box.schema.user.grant('tester', 'create', 'space')
> +box.schema.user.grant('tester', 'create', 'function')
> +box.schema.user.grant('tester', 'create' , 'sequence')
This is OK, I guess.
> box.schema.user.grant('tester', 'read', 'space', '_sequence')
> box.session.su("tester")
> -- successful create
> diff --git a/test/box/role.test.lua b/test/box/role.test.lua
> index e97339f49..9845f4c4c 100644
> --- a/test/box/role.test.lua
> +++ b/test/box/role.test.lua
> @@ -69,7 +69,13 @@ box.schema.role.revoke('test', 'liaison')
> box.schema.role.drop('test')
>
> box.schema.user.grant('grantee', 'liaison')
> -box.schema.user.grant('test', 'read,write,create', 'universe')
> +
> +box.schema.user.grant('test', 'read,write', 'space', '_priv')
> +box.schema.user.grant('test', 'write', 'space', '_schema')
> +box.schema.user.grant('test', 'create', 'space')
> +box.schema.user.grant('test', 'read,write', 'space', '_space')
> +box.schema.user.grant('test', 'write', 'space', '_index')
> +box.schema.user.grant('test', 'read', 'space', '_user')
> box.session.su('test')
> s = box.schema.space.create('test')
> _ = s:create_index('i1')
> @@ -248,7 +254,9 @@ box.schema.role.drop("role10")
> box.schema.user.create('user')
> box.schema.user.create('grantee')
>
> -box.schema.user.grant('user', 'read,write,execute,create', 'universe')
> +box.schema.user.grant('user', 'read,write', 'space', '_user')
> +box.schema.user.grant('user', 'read,write', 'space', '_priv')
> +box.schema.user.grant('user', 'create', 'role')
IMO this belongs to the patch that will fix *all* access tests (it
should be separated from patch 4).
> box.session.su('user')
> box.schema.role.create('role')
> box.session.su('admin')
More information about the Tarantool-patches
mailing list