From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Subject: Re: [PATCH v2 3/4] Add single object privilege checks to access_check_ddl. From: Serge Petrenko In-Reply-To: <20180822164755.6eomdsuptgluumc2@esperanza> Date: Thu, 23 Aug 2018 10:51:29 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <23130F39-64EC-4DB3-B72C-E795F2260457@tarantool.org> References: <6d1b868fa068adbfd54b7af731cc311e33f101fd.1534944662.git.sergepetrenko@tarantool.org> <20180822164755.6eomdsuptgluumc2@esperanza> To: Vladimir Davydov Cc: kostja@tarantool.org, tarantool-patches@freelists.org List-ID: > 22 =D0=B0=D0=B2=D0=B3. 2018 =D0=B3., =D0=B2 19:47, Vladimir Davydov = =D0=BD=D0=B0=D0=BF=D0=B8=D1=81=D0=B0=D0=BB(=D0=B0= ): >=20 >>=20 >> +--- >> +- true >> +... >> +-- fixme: cannot grant create on a single space >> +-- this is because when checking for create >> +-- access_check_ddl ignores space privileges, >=20 > Please don't use code function names in tests - if they change (and = they > can), it'll be difficult to understand what this test is about. Sorry, fixed. >=20 >> +-- assuming that there is no space yet. >=20 > I thought you fixed that in v2 by dropping PRIV_C check from > access_check_ddl, no? Yes. This was fixed in v2, sorry. Changed the test accordingly. I also rebased the patch on top of 1.10 and pushed it on a separate = branch, since previous 2 patches are already pushed to 1.10 and we decided not to push the fourth patch = yet. The branch is = https://github.com/tarantool/tarantool/tree/sergepetrenko/gh-3530-object-a= ccess-checks Here=E2=80=99s everything that's changed: diff --git a/test/box/access.result b/test/box/access.result index 4f0607471..933564a2b 100644 --- a/test/box/access.result +++ b/test/box/access.result @@ -1906,11 +1906,7 @@ box.space.space1.index[0] =3D=3D nil --- - true ... --- fixme: cannot grant create on a single space --- this is because when checking for create --- access_check_ddl ignores space privileges, --- assuming that there is no space yet. -box.schema.user.grant("test", "create", "space") +box.schema.user.grant("test", "create", "space", "space1") --- ... box.session.su("test") diff --git a/test/box/access.test.lua b/test/box/access.test.lua index d3e2aab98..b252b4bd9 100644 --- a/test/box/access.test.lua +++ b/test/box/access.test.lua @@ -740,11 +740,7 @@ box.session.su("test") box.space.space1:create_index("pk") box.session.su("admin") box.space.space1.index[0] =3D=3D nil --- fixme: cannot grant create on a single space --- this is because when checking for create --- access_check_ddl ignores space privileges, --- assuming that there is no space yet. -box.schema.user.grant("test", "create", "space") +box.schema.user.grant("test", "create", "space", "space1") box.session.su("test") _ =3D box.space.space1:create_index("pk") box.space.space1:insert{5}=