From: Nikita Pettik <korablev@tarantool.org> To: Chris Sosnin <k.sosnin@tarantool.org> Cc: tarantool-patches@dev.tarantool.org, v.shpilevoy@tarantool.org Subject: Re: [Tarantool-patches] [PATCH 1/2] sql: remove grants associated with the table Date: Tue, 24 Dec 2019 04:37:31 +0300 [thread overview] Message-ID: <20191224013731.GE41539@tarantool.org> (raw) In-Reply-To: <d868b937bb74b4941b947b73da8e60a77ab4eff2.1576666151.git.k.sosnin@tarantool.org> On 18 Dec 14:00, Chris Sosnin wrote: > Dropping table with sql removes everything > associated with it but grants, which is > inconsistent. Generating code for it fixes this bug. Feel free to use up to 77 chars in commit message. You can enable auto-formatting in vim: au FileType gitcommit setlocal tw=72 Or you can manually highlight commit message and format with :gq > Closes #4546 > --- > branch: https://github.com/tarantool/tarantool/tree/ksosnin/gh-4546-sql-drop-grants > issue: https://github.com/tarantool/tarantool/issues/4546 You don't have to put these links in each patch, they are required only in cover letter. > diff --git a/src/box/sql/build.c b/src/box/sql/build.c > index 51cd7ce63..f1433645a 100644 > --- a/src/box/sql/build.c > +++ b/src/box/sql/build.c > +static void > +vdbe_emit_revoke_object(struct Parse *parser, const char *object_type, > + uint32_t object_id, struct access *access) > +{ > + struct Vdbe *v = sqlGetVdbe(parser); > + assert(v != NULL); > + /* > + * Get uid of users through access array > + * and generate code to delete corresponding > + * entries from _priv > + */ > + int key_reg = sqlGetTempRange(parser, 4); > + bool had_grants = false; As a rule we use present time: has_grants. > + for (uint8_t token = 0; token < BOX_USER_MAX; ++token) { > + if (!access[token].granted) > + continue; > + had_grants = true; Personally I wouldn't bother with separate variable solely to display comment. Let's keep it tho. > + const struct user *user = user_find_by_token(token); > + sqlVdbeAddOp2(v, OP_Integer, user->def->uid, key_reg); > + sqlVdbeAddOp4(v, OP_String8, 0, key_reg + 1, 0, > + object_type, P4_STATIC); > + sqlVdbeAddOp2(v, OP_Integer, object_id, key_reg + 2); > + sqlVdbeAddOp3(v, OP_MakeRecord, key_reg, 3, key_reg + 3); > + sqlVdbeAddOp2(v, OP_SDelete, BOX_PRIV_ID, key_reg + 3); > + } > + if (had_grants) > + VdbeComment((v, "Remove %s grants", object_type)); > + sqlReleaseTempRange(parser, key_reg, 4); > +} > + > /** > * Generate code to drop a table. > * This routine includes dropping triggers, sequences, > @@ -1538,6 +1578,12 @@ sql_code_drop_table(struct Parse *parse_context, struct space *space, > { > struct Vdbe *v = sqlGetVdbe(parse_context); > assert(v != NULL); > + /* > + * Remove all grants associated with > + * with the table being dropped. Nit: double with. The rest is OK. LGTM and pushed to master. > + */ > + vdbe_emit_revoke_object(parse_context, "space", space->def->id, > + space->access); > /*
next prev parent reply other threads:[~2019-12-24 1:37 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-12-06 12:53 [Tarantool-patches] [PATCH] " Chris Sosnin 2019-12-07 10:29 ` Chris Sosnin 2019-12-10 23:45 ` Vladislav Shpilevoy 2019-12-11 9:50 ` Chris Sosnin 2019-12-17 23:13 ` Vladislav Shpilevoy 2019-12-17 23:13 ` Vladislav Shpilevoy 2019-12-18 11:00 ` [Tarantool-patches] [PATCH 0/2] sql: revoke table privileges on drop Chris Sosnin 2019-12-18 11:00 ` [Tarantool-patches] [PATCH 1/2] sql: remove grants associated with the table Chris Sosnin 2019-12-24 1:37 ` Nikita Pettik [this message] 2019-12-24 16:47 ` Vladislav Shpilevoy 2019-12-18 11:00 ` [Tarantool-patches] [PATCH 2/2] sql: drop only generated sequence in DROP TABLE Chris Sosnin 2019-12-24 1:23 ` Nikita Pettik 2019-12-24 16:26 ` Vladislav Shpilevoy 2019-12-24 23:19 ` Nikita Pettik
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20191224013731.GE41539@tarantool.org \ --to=korablev@tarantool.org \ --cc=k.sosnin@tarantool.org \ --cc=tarantool-patches@dev.tarantool.org \ --cc=v.shpilevoy@tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH 1/2] sql: remove grants associated with the table' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox