From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org> To: Mergen Imeev <imeevma@tarantool.org> Cc: tarantool-patches@dev.tarantool.org Subject: Re: [Tarantool-patches] [PATCH v1 1/1] box: remove unnecessary rights from peristent functions Date: Sat, 5 Dec 2020 00:10:38 +0100 [thread overview] Message-ID: <b93f02c9-bf2f-673a-ae6f-44d7224af501@tarantool.org> (raw) In-Reply-To: <20201203095423.GA204182@tarantool.org> Hi! Thanks for the patch! It looks good except for one comment below. Please, proceed to making it work on all versions, like we discussed. > diff --git a/src/box/lua/upgrade.lua b/src/box/lua/upgrade.lua > index add791cd7..b2475b0f6 100644 > --- a/src/box/lua/upgrade.lua > +++ b/src/box/lua/upgrade.lua > @@ -971,6 +971,36 @@ local function upgrade_to_2_3_1() > create_session_settings_space() > end > > +-------------------------------------------------------------------------------- > +-- Tarantool 2.7.1 > +-------------------------------------------------------------------------------- > +local function backport_upgrade_2_7_1_function_access() > + local _func = box.space._func > + local _priv = box.space._priv > + local datetime = os.date("%Y-%m-%d %H:%M:%S") > + local funcs_to_change = {'LUA', 'box.schema.user.info'} > + for _, name in pairs(funcs_to_change) do > + local func = _func.index['name']:get(name) > + -- Change setuid of function function if it is not 0. "function function"? Tbh, the entire comment looks unneeded. It just literally narrates the condition check. If you want to have a comment here, better explain what is wrong with having setuid set. Or nothing. > + if func ~= nil and func.setuid ~= 0 then > + local id = func.id > + log.info('remove old function "'..name..'"') > + _priv:delete({2, 'function', id}) > + _func:delete({id}) > + log.info('create function "'..name..'" with unset setuid') > + local new_func = func:update({{'=', 4, 0}, {'=', 18, datetime}, > + {'=', 19, datetime}}) > + _func:replace(new_func) > + log.info('grant execute on function "'..name..'" to public') > + _priv:replace{ADMIN, PUBLIC, 'function', id, box.priv.X} > + end > + end > +end > + > +local function upgrade_to_2_7_1() > + backport_upgrade_2_7_1_function_access() > +end
next prev parent reply other threads:[~2020-12-04 23:10 UTC|newest] Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-11-03 0:03 imeevma 2020-11-11 21:48 ` Vladislav Shpilevoy 2020-12-03 9:54 ` Mergen Imeev 2020-12-04 23:10 ` Vladislav Shpilevoy [this message] 2020-12-16 20:23 ` Mergen Imeev 2020-12-20 14:05 ` Vladislav Shpilevoy 2020-12-21 10:51 imeevma 2020-12-21 19:23 ` Sergey Ostanevich 2020-12-22 17:44 ` Mergen Imeev 2020-12-23 9:44 ` Sergey Ostanevich 2020-12-23 12:58 ` Kirill Yukhin 2020-12-21 11:38 imeevma 2020-12-21 19:14 ` Sergey Ostanevich 2020-12-22 7:56 imeevma 2020-12-22 8:13 ` Sergey Ostanevich
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=b93f02c9-bf2f-673a-ae6f-44d7224af501@tarantool.org \ --to=v.shpilevoy@tarantool.org \ --cc=imeevma@tarantool.org \ --cc=tarantool-patches@dev.tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH v1 1/1] box: remove unnecessary rights from peristent functions' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox