From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Wed, 22 Aug 2018 15:53:38 +0300 From: Vladimir Davydov Subject: Re: [tarantool-patches] [PATCH 2/4] Add entities user, role to access control. Message-ID: <20180822125338.m332lx4scw56tvvh@esperanza> References: <4edfd1024c84ab0bfd1a752e9d84ef0356036b48.1534751862.git.sergepetrenko@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4edfd1024c84ab0bfd1a752e9d84ef0356036b48.1534751862.git.sergepetrenko@tarantool.org> To: Serge Petrenko Cc: kostja@tarantool.org, tarantool-patches@freelists.org List-ID: On Mon, Aug 20, 2018 at 11:10:06AM +0300, Serge Petrenko wrote: > diff --git a/test/box/access.test.lua b/test/box/access.test.lua > index 9ae0e1114..9b7510e64 100644 > --- a/test/box/access.test.lua > +++ b/test/box/access.test.lua > @@ -341,8 +341,7 @@ c:close() > session = box.session > box.schema.user.create('test') > box.schema.user.grant('test', 'read', 'space', '_collation') > ---box.schema.user.grant('test', 'write', 'space', '_collation') > --- FIXME: granting create on 'collation' only doesn't work > + Hmm, why? I don't understand how this change is connected to this patch. > box.schema.user.grant('test', 'create', 'universe') > session.su('test') > box.internal.collation.create('test', 'ICU', 'ru_RU') > @@ -538,14 +537,10 @@ box.session.su("admin") > -- tables from ddl > -- > box.schema.user.grant('tester', 'write', 'universe') > --- no entity user currently, so have to grant create > --- on universe in order to create a user. > -box.schema.user.grant('tester', 'create', 'universe') > --- this should work instead: > ---box.schema.user.grant('tester', 'create', 'user') > ---box.schema.user.grant('tester', 'create', 'space') > ---box.schema.user.grant('tester', 'create', 'function') > ---box.schema.user.grant('tester', 'create' , 'sequence') > +box.schema.user.grant('tester', 'create', 'user') > +box.schema.user.grant('tester', 'create', 'space') > +box.schema.user.grant('tester', 'create', 'function') > +box.schema.user.grant('tester', 'create' , 'sequence') This is OK, I guess. > box.schema.user.grant('tester', 'read', 'space', '_sequence') > box.session.su("tester") > -- successful create > diff --git a/test/box/role.test.lua b/test/box/role.test.lua > index e97339f49..9845f4c4c 100644 > --- a/test/box/role.test.lua > +++ b/test/box/role.test.lua > @@ -69,7 +69,13 @@ box.schema.role.revoke('test', 'liaison') > box.schema.role.drop('test') > > box.schema.user.grant('grantee', 'liaison') > -box.schema.user.grant('test', 'read,write,create', 'universe') > + > +box.schema.user.grant('test', 'read,write', 'space', '_priv') > +box.schema.user.grant('test', 'write', 'space', '_schema') > +box.schema.user.grant('test', 'create', 'space') > +box.schema.user.grant('test', 'read,write', 'space', '_space') > +box.schema.user.grant('test', 'write', 'space', '_index') > +box.schema.user.grant('test', 'read', 'space', '_user') > box.session.su('test') > s = box.schema.space.create('test') > _ = s:create_index('i1') > @@ -248,7 +254,9 @@ box.schema.role.drop("role10") > box.schema.user.create('user') > box.schema.user.create('grantee') > > -box.schema.user.grant('user', 'read,write,execute,create', 'universe') > +box.schema.user.grant('user', 'read,write', 'space', '_user') > +box.schema.user.grant('user', 'read,write', 'space', '_priv') > +box.schema.user.grant('user', 'create', 'role') IMO this belongs to the patch that will fix *all* access tests (it should be separated from patch 4). > box.session.su('user') > box.schema.role.create('role') > box.session.su('admin')