From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Mon, 3 Jun 2019 19:24:35 +0300 From: Vladimir Davydov Subject: Re: [PATCH v1 6/8] box: export _func functions with box.func folder Message-ID: <20190603162435.fhkbdaerianygfya@esperanza> References: <928eff71554a492f736b8c7595f2a060f70364e5.1559212747.git.kshcherbatov@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <928eff71554a492f736b8c7595f2a060f70364e5.1559212747.git.kshcherbatov@tarantool.org> To: Kirill Shcherbatov Cc: tarantool-patches@freelists.org List-ID: On Thu, May 30, 2019 at 01:45:33PM +0300, Kirill Shcherbatov wrote: > Closes #4182 > Needed for #1260 > > @TarantoolBot document > Title: Persistent Lua functions > > Lua functions managed by Tarantool are called 'persistent'. > They are stored in snapshoot and are available after server > restart. > Persistent Lua functions are exported in box.schema.func.persistent > folder. They may be called via .call exported object method or > via netbox:call. > > Some restrictions must be accounted writing such routines: > 1. only limited set of Lua functions and modules are available: > -assert -error -pairs -ipairs -next -pcall -xpcall -type > -print -select -string -tonumber -tostring -unpack -math -utf8; > 2. global variables are forbidden. > > Moreover all functions and their metadata are now exported in > box.func table (not only persistent). Persistent Lua functions > have box.func.FUNCNAME.call() method to execute it in interactive > console. > Persistent Lua functions are also available with net.box call. > > Example: > lua_code = [[function(a, b) return a + b end]] > box.schema.func.create('sum', { > body = lua_code, is_deterministic = true, > returns = 'integer', is_deterministic = true}) > box.func.sum > - call: 'function: 0x4016b6a0' > returns: integer > is_deterministic: true > id: 2 > language: LUA > name: sum > is_persistent: true > setuid: false > > box.func.sum.call(1, 2) Also, what about access checks? I may be wrong, but it looks like anyone can call a function this way in your implementation. I guess we should check 'execute' permission.