[PATCH v2 3/4] Add single object privilege checks to access_check_ddl.
Vladimir Davydov
vdavydov.dev at gmail.com
Wed Aug 22 19:47:55 MSK 2018
On Wed, Aug 22, 2018 at 04:39:04PM +0300, Serge Petrenko wrote:
> @@ -1862,3 +1877,173 @@ box.session.su('admin')
> box.schema.user.drop('tester')
> ---
> ...
> +--
> +-- test case for 3530: do not ignore single object privileges
> +--
> +box.schema.user.create("test")
> +---
> +...
> +_ = box.schema.space.create("space1")
> +---
> +...
> +box.schema.user.grant("test", "read", "space", "space1")
> +---
> +...
> +box.schema.user.grant("test", "write", "space", "_index")
> +---
> +...
> +box.session.su("test")
> +---
> +...
> +box.space.space1:create_index("pk")
> +---
> +- error: Create access to space 'space1' is denied for user 'test'
> +...
> +box.session.su("admin")
> +---
> +...
> +box.space.space1.index[0] == nil
> +---
> +- true
> +...
> +-- fixme: cannot grant create on a single space
> +-- this is because when checking for create
> +-- access_check_ddl ignores space privileges,
Please don't use code function names in tests - if they change (and they
can), it'll be difficult to understand what this test is about.
> +-- assuming that there is no space yet.
I thought you fixed that in v2 by dropping PRIV_C check from
access_check_ddl, no?
More information about the Tarantool-patches
mailing list