From: Vladimir Davydov <vdavydov.dev@gmail.com>
To: Serge Petrenko <sergepetrenko@tarantool.org>
Cc: kostja@tarantool.org, tarantool-patches@freelists.org
Subject: Re: [tarantool-patches] [PATCH 2/4] Add entities user, role to access control.
Date: Wed, 22 Aug 2018 15:53:38 +0300 [thread overview]
Message-ID: <20180822125338.m332lx4scw56tvvh@esperanza> (raw)
In-Reply-To: <4edfd1024c84ab0bfd1a752e9d84ef0356036b48.1534751862.git.sergepetrenko@tarantool.org>
On Mon, Aug 20, 2018 at 11:10:06AM +0300, Serge Petrenko wrote:
> diff --git a/test/box/access.test.lua b/test/box/access.test.lua
> index 9ae0e1114..9b7510e64 100644
> --- a/test/box/access.test.lua
> +++ b/test/box/access.test.lua
> @@ -341,8 +341,7 @@ c:close()
> session = box.session
> box.schema.user.create('test')
> box.schema.user.grant('test', 'read', 'space', '_collation')
> ---box.schema.user.grant('test', 'write', 'space', '_collation')
> --- FIXME: granting create on 'collation' only doesn't work
> +
Hmm, why? I don't understand how this change is connected to this patch.
> box.schema.user.grant('test', 'create', 'universe')
> session.su('test')
> box.internal.collation.create('test', 'ICU', 'ru_RU')
> @@ -538,14 +537,10 @@ box.session.su("admin")
> -- tables from ddl
> --
> box.schema.user.grant('tester', 'write', 'universe')
> --- no entity user currently, so have to grant create
> --- on universe in order to create a user.
> -box.schema.user.grant('tester', 'create', 'universe')
> --- this should work instead:
> ---box.schema.user.grant('tester', 'create', 'user')
> ---box.schema.user.grant('tester', 'create', 'space')
> ---box.schema.user.grant('tester', 'create', 'function')
> ---box.schema.user.grant('tester', 'create' , 'sequence')
> +box.schema.user.grant('tester', 'create', 'user')
> +box.schema.user.grant('tester', 'create', 'space')
> +box.schema.user.grant('tester', 'create', 'function')
> +box.schema.user.grant('tester', 'create' , 'sequence')
This is OK, I guess.
> box.schema.user.grant('tester', 'read', 'space', '_sequence')
> box.session.su("tester")
> -- successful create
> diff --git a/test/box/role.test.lua b/test/box/role.test.lua
> index e97339f49..9845f4c4c 100644
> --- a/test/box/role.test.lua
> +++ b/test/box/role.test.lua
> @@ -69,7 +69,13 @@ box.schema.role.revoke('test', 'liaison')
> box.schema.role.drop('test')
>
> box.schema.user.grant('grantee', 'liaison')
> -box.schema.user.grant('test', 'read,write,create', 'universe')
> +
> +box.schema.user.grant('test', 'read,write', 'space', '_priv')
> +box.schema.user.grant('test', 'write', 'space', '_schema')
> +box.schema.user.grant('test', 'create', 'space')
> +box.schema.user.grant('test', 'read,write', 'space', '_space')
> +box.schema.user.grant('test', 'write', 'space', '_index')
> +box.schema.user.grant('test', 'read', 'space', '_user')
> box.session.su('test')
> s = box.schema.space.create('test')
> _ = s:create_index('i1')
> @@ -248,7 +254,9 @@ box.schema.role.drop("role10")
> box.schema.user.create('user')
> box.schema.user.create('grantee')
>
> -box.schema.user.grant('user', 'read,write,execute,create', 'universe')
> +box.schema.user.grant('user', 'read,write', 'space', '_user')
> +box.schema.user.grant('user', 'read,write', 'space', '_priv')
> +box.schema.user.grant('user', 'create', 'role')
IMO this belongs to the patch that will fix *all* access tests (it
should be separated from patch 4).
> box.session.su('user')
> box.schema.role.create('role')
> box.session.su('admin')
next prev parent reply other threads:[~2018-08-22 12:53 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-20 8:10 [tarantool-patches] [PATCH 0/4] Finish implementation of privileges Serge Petrenko
2018-08-20 8:10 ` [tarantool-patches] [PATCH 1/4] Introduce separate entity object types for entity privileges Serge Petrenko
2018-08-22 10:28 ` Vladimir Davydov
2018-08-22 12:37 ` Vladimir Davydov
2018-08-20 8:10 ` [tarantool-patches] [PATCH 2/4] Add entities user, role to access control Serge Petrenko
2018-08-22 10:37 ` Vladimir Davydov
2018-08-22 12:53 ` Vladimir Davydov [this message]
2018-08-20 8:10 ` [tarantool-patches] [PATCH 3/4] Add single object privilege checks to access_check_ddl Serge Petrenko
2018-08-22 11:58 ` Vladimir Davydov
2018-08-20 8:10 ` [tarantool-patches] [PATCH 4/4] Add a privilege upgrade script and update tests Serge Petrenko
2018-08-22 12:48 ` Vladimir Davydov
-- strict thread matches above, loose matches on Subject: below --
2018-07-17 15:47 [tarantool-patches] [PATCH 0/4] Fixes in access control and privileges Serge Petrenko
2018-07-17 15:47 ` [tarantool-patches] [PATCH 2/4] Add entities user, role to access control Serge Petrenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180822125338.m332lx4scw56tvvh@esperanza \
--to=vdavydov.dev@gmail.com \
--cc=kostja@tarantool.org \
--cc=sergepetrenko@tarantool.org \
--cc=tarantool-patches@freelists.org \
--subject='Re: [tarantool-patches] [PATCH 2/4] Add entities user, role to access control.' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox