[PATCH v2 4/4] sql: check read access while executing SQL query
vdavydov.dev at gmail.com
Sat Oct 27 00:04:00 MSK 2018
On Thu, Oct 25, 2018 at 11:17:12AM +0300, Kirill Yukhin wrote:
> Since SQL front-end is not using box API,
> no checkes for read access are performed by VDBE engine.
> Add check to IteratorOpen op-code to make sure that read
> privilege exists for given space.
> Note, that there's is no need to perform DML/DDL checkes as
> they're performed by Tarantool's core.
> @TarantoolBot document
> Title: Document behaviour of SQL in presence of
> read access restrictions. Need to clarify, that
This line is like 50 characters long. Why? The limit for commit messages
is 72. Doesn't emacs now that? Vim does.
> if there's no read access to the space, then not
> only SELECT statements will fail, but also those DML
> which implies reading from spaces indirectly, e.g.:
> UPDATE t1 SET a=2 WHERE b=3;
> Closes #2362
> src/box/sql/vdbe.c | 5 ++
> test/sql/gh-2362-select-access-rights.result | 110 +++++++++++++++++++++++++
> test/sql/gh-2362-select-access-rights.test.lua | 42 ++++++++++
> 3 files changed, 157 insertions(+)
> create mode 100644 test/sql/gh-2362-select-access-rights.result
> create mode 100644 test/sql/gh-2362-select-access-rights.test.lua
Pushed to 2.1
More information about the Tarantool-patches