[patches] [fix 1/1] fix: grant or revoke universe options
imarkov
imarkov at tarantool.org
Wed Feb 14 16:13:52 MSK 2018
* Add validation of object name parameter type in grant or revoke
on universe.
Closes #3146
Signed-off-by: imarkov <imarkov at tarantool.org>
---
src/box/lua/schema.lua | 4 ++++
test/box/access.result | 41 +++++++++++++++++++++++++++++++++++++++++
test/box/access.test.lua | 14 ++++++++++++++
3 files changed, 59 insertions(+)
diff --git a/src/box/lua/schema.lua b/src/box/lua/schema.lua
index 756134b..bf8b1db 100644
--- a/src/box/lua/schema.lua
+++ b/src/box/lua/schema.lua
@@ -1664,6 +1664,10 @@ end
local function object_resolve(object_type, object_name)
if object_type == 'universe' then
+ if object_name ~= nil and type(object_name) ~= 'string'
+ and type(object_name) ~= 'number' then
+ box.error(box.error.ILLEGAL_PARAMS, "wrong object name type")
+ end
return 0
end
if object_type == 'space' then
diff --git a/test/box/access.result b/test/box/access.result
index 0ee17eb..191857f 100644
--- a/test/box/access.result
+++ b/test/box/access.result
@@ -1450,3 +1450,44 @@ box.session.su("admin")
box.schema.user.drop("tester")
---
...
+-- gh-3146 gotcha for granting universe with options
+box.schema.user.grant("guest", "read", "universe", {if_not_exists = true})
+---
+- error: Illegal parameters, wrong object name type
+...
+box.schema.user.grant("guest", "read", "universe", "useless name")
+---
+...
+box.schema.user.grant("guest", "read", "universe", "useless name", {if_not_exists = true})
+---
+...
+box.schema.user.grant("guest", "read", "universe", 0, {if_not_exists = true})
+---
+...
+box.schema.user.grant("guest", "read", "universe", nil, {if_not_exists = true})
+---
+...
+box.schema.user.grant("guest", "read", "universe", {}, {if_not_exists = true})
+---
+- error: Illegal parameters, wrong object name type
+...
+box.schema.user.revoke("guest", "read", "universe", {if_exists = true})
+---
+- error: Illegal parameters, wrong object name type
+...
+box.schema.user.revoke("guest", "read", "universe", "useless name")
+---
+...
+box.schema.user.revoke("guest", "read", "universe", "useless name", {if_exists = true})
+---
+...
+box.schema.user.revoke("guest", "read", "universe", 0, {if_exists = true})
+---
+...
+box.schema.user.revoke("guest", "read", "universe", nil, {if_exists = true})
+---
+...
+box.schema.user.revoke("guest", "read", "universe", {}, {if_exists = true})
+---
+- error: Illegal parameters, wrong object name type
+...
diff --git a/test/box/access.test.lua b/test/box/access.test.lua
index 241f254..7e880a0 100644
--- a/test/box/access.test.lua
+++ b/test/box/access.test.lua
@@ -561,3 +561,17 @@ box.session.su("tester", box.schema.func.drop, "test")
box.session.su("admin")
box.schema.user.drop("tester")
+
+-- gh-3146 gotcha for granting universe with options
+box.schema.user.grant("guest", "read", "universe", {if_not_exists = true})
+box.schema.user.grant("guest", "read", "universe", "useless name")
+box.schema.user.grant("guest", "read", "universe", "useless name", {if_not_exists = true})
+box.schema.user.grant("guest", "read", "universe", 0, {if_not_exists = true})
+box.schema.user.grant("guest", "read", "universe", nil, {if_not_exists = true})
+box.schema.user.grant("guest", "read", "universe", {}, {if_not_exists = true})
+box.schema.user.revoke("guest", "read", "universe", {if_exists = true})
+box.schema.user.revoke("guest", "read", "universe", "useless name")
+box.schema.user.revoke("guest", "read", "universe", "useless name", {if_exists = true})
+box.schema.user.revoke("guest", "read", "universe", 0, {if_exists = true})
+box.schema.user.revoke("guest", "read", "universe", nil, {if_exists = true})
+box.schema.user.revoke("guest", "read", "universe", {}, {if_exists = true})
--
2.7.4
More information about the Tarantool-patches
mailing list