From: Vladimir Davydov <vdavydov.dev@gmail.com> To: Serge Petrenko <sergepetrenko@tarantool.org> Cc: kostja@tarantool.org, tarantool-patches@freelists.org Subject: Re: [tarantool-patches] [PATCH 2/4] Add entities user, role to access control. Date: Wed, 22 Aug 2018 15:53:38 +0300 [thread overview] Message-ID: <20180822125338.m332lx4scw56tvvh@esperanza> (raw) In-Reply-To: <4edfd1024c84ab0bfd1a752e9d84ef0356036b48.1534751862.git.sergepetrenko@tarantool.org> On Mon, Aug 20, 2018 at 11:10:06AM +0300, Serge Petrenko wrote: > diff --git a/test/box/access.test.lua b/test/box/access.test.lua > index 9ae0e1114..9b7510e64 100644 > --- a/test/box/access.test.lua > +++ b/test/box/access.test.lua > @@ -341,8 +341,7 @@ c:close() > session = box.session > box.schema.user.create('test') > box.schema.user.grant('test', 'read', 'space', '_collation') > ---box.schema.user.grant('test', 'write', 'space', '_collation') > --- FIXME: granting create on 'collation' only doesn't work > + Hmm, why? I don't understand how this change is connected to this patch. > box.schema.user.grant('test', 'create', 'universe') > session.su('test') > box.internal.collation.create('test', 'ICU', 'ru_RU') > @@ -538,14 +537,10 @@ box.session.su("admin") > -- tables from ddl > -- > box.schema.user.grant('tester', 'write', 'universe') > --- no entity user currently, so have to grant create > --- on universe in order to create a user. > -box.schema.user.grant('tester', 'create', 'universe') > --- this should work instead: > ---box.schema.user.grant('tester', 'create', 'user') > ---box.schema.user.grant('tester', 'create', 'space') > ---box.schema.user.grant('tester', 'create', 'function') > ---box.schema.user.grant('tester', 'create' , 'sequence') > +box.schema.user.grant('tester', 'create', 'user') > +box.schema.user.grant('tester', 'create', 'space') > +box.schema.user.grant('tester', 'create', 'function') > +box.schema.user.grant('tester', 'create' , 'sequence') This is OK, I guess. > box.schema.user.grant('tester', 'read', 'space', '_sequence') > box.session.su("tester") > -- successful create > diff --git a/test/box/role.test.lua b/test/box/role.test.lua > index e97339f49..9845f4c4c 100644 > --- a/test/box/role.test.lua > +++ b/test/box/role.test.lua > @@ -69,7 +69,13 @@ box.schema.role.revoke('test', 'liaison') > box.schema.role.drop('test') > > box.schema.user.grant('grantee', 'liaison') > -box.schema.user.grant('test', 'read,write,create', 'universe') > + > +box.schema.user.grant('test', 'read,write', 'space', '_priv') > +box.schema.user.grant('test', 'write', 'space', '_schema') > +box.schema.user.grant('test', 'create', 'space') > +box.schema.user.grant('test', 'read,write', 'space', '_space') > +box.schema.user.grant('test', 'write', 'space', '_index') > +box.schema.user.grant('test', 'read', 'space', '_user') > box.session.su('test') > s = box.schema.space.create('test') > _ = s:create_index('i1') > @@ -248,7 +254,9 @@ box.schema.role.drop("role10") > box.schema.user.create('user') > box.schema.user.create('grantee') > > -box.schema.user.grant('user', 'read,write,execute,create', 'universe') > +box.schema.user.grant('user', 'read,write', 'space', '_user') > +box.schema.user.grant('user', 'read,write', 'space', '_priv') > +box.schema.user.grant('user', 'create', 'role') IMO this belongs to the patch that will fix *all* access tests (it should be separated from patch 4). > box.session.su('user') > box.schema.role.create('role') > box.session.su('admin')
next prev parent reply other threads:[~2018-08-22 12:53 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-08-20 8:10 [tarantool-patches] [PATCH 0/4] Finish implementation of privileges Serge Petrenko 2018-08-20 8:10 ` [tarantool-patches] [PATCH 1/4] Introduce separate entity object types for entity privileges Serge Petrenko 2018-08-22 10:28 ` Vladimir Davydov 2018-08-22 12:37 ` Vladimir Davydov 2018-08-20 8:10 ` [tarantool-patches] [PATCH 2/4] Add entities user, role to access control Serge Petrenko 2018-08-22 10:37 ` Vladimir Davydov 2018-08-22 12:53 ` Vladimir Davydov [this message] 2018-08-20 8:10 ` [tarantool-patches] [PATCH 3/4] Add single object privilege checks to access_check_ddl Serge Petrenko 2018-08-22 11:58 ` Vladimir Davydov 2018-08-20 8:10 ` [tarantool-patches] [PATCH 4/4] Add a privilege upgrade script and update tests Serge Petrenko 2018-08-22 12:48 ` Vladimir Davydov -- strict thread matches above, loose matches on Subject: below -- 2018-07-17 15:47 [tarantool-patches] [PATCH 0/4] Fixes in access control and privileges Serge Petrenko 2018-07-17 15:47 ` [tarantool-patches] [PATCH 2/4] Add entities user, role to access control Serge Petrenko
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20180822125338.m332lx4scw56tvvh@esperanza \ --to=vdavydov.dev@gmail.com \ --cc=kostja@tarantool.org \ --cc=sergepetrenko@tarantool.org \ --cc=tarantool-patches@freelists.org \ --subject='Re: [tarantool-patches] [PATCH 2/4] Add entities user, role to access control.' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox