[patches] Re: [box 1/1] box: Change checks on usage access
Konstantin Osipov
kostja at tarantool.org
Mon Jan 29 16:49:45 MSK 2018
* imarkov <imarkov at tarantool.org> [18/01/29 15:46]:
> - sequence_access & ~seq->access[cr->auth_token].effective) {
> + if (sequence_access == PRIV_U || (seq->def->uid != cr->uid &&
> + sequence_access & ~seq->access[cr->auth_token].effective)) {
Why == PRIV_U and not & PRIV_U? Couldn't owner access be missing other
access bits? If I am right, this needs to be covered by a separate
test case.
> /* Access violation, report error. */
> struct user *user = user_find(cr->uid);
> if (user != NULL) {
> diff --git a/src/box/space.c b/src/box/space.c
> index c02eb88..e9d6fdd 100644
> --- a/src/box/space.c
> +++ b/src/box/space.c
> @@ -55,8 +55,9 @@ access_check_space(struct space *space, user_access_t access)
> */
> user_access_t space_access = access & ~cr->universal_access;
>
> - if (space_access && space->def->uid != cr->uid &&
> - space_access & ~space->access[cr->auth_token].effective) {
> + if (space_access == PRIV_U ||
> + (space_access && space->def->uid != cr->uid &&
> + space_access & ~space->access[cr->auth_token].effective)) {
I can see you're checking spaces and sequences. What about other
objects? You need to always look at enum object_type when writing
patches. Please mention in the changeset comment why other object
types are not affected if I am wrong.
--
Konstantin Osipov, Moscow, Russia, +7 903 626 22 32
http://tarantool.org - www.twitter.com/kostja_osipov
More information about the Tarantool-patches
mailing list