From: Serge Petrenko <sergepetrenko@tarantool.org>
To: vdavydov.dev@gmail.com
Cc: tarantool-patches@freelists.org,
Serge Petrenko <sergepetrenko@tarantool.org>
Subject: [PATCH 0/2] Remove 1.7 privilege compatibility mode
Date: Tue, 30 Oct 2018 16:31:59 +0300 [thread overview]
Message-ID: <cover.1540903773.git.sergepetrenko@tarantool.org> (raw)
We assume that if user has READ + WRITE on an object, it also has
CREATE + ALTER + DROP on an object. This was needed for compatibility
with old versions which didn't have CREATE, ALTER, DROP ACLs.
Now it's time to remove this compatibility mode.
The first patch removes this compatibility mode.
The second patch adds an upgrade script to automatically
grant CREATE, ALTER, DROP to everyone with READ and WRITE
on upgrade to 2.1.0
https://github.com/tarantool/tarantool/issues/3539
https://github.com/tarantool/tarantool/tree/sp/gh-3539-remove-legacy-grants
Serge Petrenko (2):
box: remove compatibility mode for privileges
box: autogrant CREATE,ALTER,DROP to users with READ+WRITE
src/box/alter.cc | 55 +++++++++++++++-------------------------
src/box/lua/upgrade.lua | 31 ++++++++++++++++++++++
test/box/access.result | 40 +++++++++++++++++++++++------
test/box/access.test.lua | 18 +++++++++----
test/sql/iproto.result | 6 +++++
test/sql/iproto.test.lua | 2 ++
6 files changed, 105 insertions(+), 47 deletions(-)
--
2.17.1 (Apple Git-112)
next reply other threads:[~2018-10-30 13:31 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-30 13:31 Serge Petrenko [this message]
2018-10-30 13:32 ` [PATCH 1/2] box: remove compatibility mode for privileges Serge Petrenko
2018-11-01 15:32 ` [tarantool-patches] " Konstantin Osipov
2018-10-30 13:32 ` [PATCH 2/2] box: autogrant CREATE,ALTER,DROP to users with READ+WRITE Serge Petrenko
2018-11-01 15:34 ` [tarantool-patches] " Konstantin Osipov
2018-10-30 17:48 ` [PATCH 0/2] Remove 1.7 privilege compatibility mode Vladimir Davydov
2018-11-01 15:35 ` [tarantool-patches] " Konstantin Osipov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1540903773.git.sergepetrenko@tarantool.org \
--to=sergepetrenko@tarantool.org \
--cc=tarantool-patches@freelists.org \
--cc=vdavydov.dev@gmail.com \
--subject='Re: [PATCH 0/2] Remove 1.7 privilege compatibility mode' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox