[PATCH v2 4/4] sql: check read access while executing SQL query

Vladimir Davydov vdavydov.dev at gmail.com
Sat Oct 27 00:04:00 MSK 2018


On Thu, Oct 25, 2018 at 11:17:12AM +0300, Kirill Yukhin wrote:
> Since SQL front-end is not using box API,
> no checkes for read access are performed by VDBE engine.
> Add check to IteratorOpen op-code to make sure that read
> privilege exists for given space.
> Note, that there's is no need to perform DML/DDL checkes as
> they're performed by Tarantool's core.
> 
> @TarantoolBot document
> Title: Document behaviour of SQL in presence of
> read access restrictions. Need to clarify, that

This line is like 50 characters long. Why? The limit for commit messages
is 72. Doesn't emacs now that? Vim does.

> if there's no read access to the space, then not
> only SELECT statements will fail, but also those DML
> which implies reading from spaces indirectly, e.g.:
>   UPDATE t1 SET a=2 WHERE b=3;
> 
> Closes #2362
> ---
>  src/box/sql/vdbe.c                             |   5 ++
>  test/sql/gh-2362-select-access-rights.result   | 110 +++++++++++++++++++++++++
>  test/sql/gh-2362-select-access-rights.test.lua |  42 ++++++++++
>  3 files changed, 157 insertions(+)
>  create mode 100644 test/sql/gh-2362-select-access-rights.result
>  create mode 100644 test/sql/gh-2362-select-access-rights.test.lua

Pushed to 2.1



More information about the Tarantool-patches mailing list