From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sergepetrenko@tarantool.org>
From: Serge Petrenko <sergepetrenko@tarantool.org>
Subject: [PATCH 0/2] Remove 1.7 privilege compatibility mode
Date: Tue, 30 Oct 2018 16:31:59 +0300
Message-Id: <cover.1540903773.git.sergepetrenko@tarantool.org>
To: vdavydov.dev@gmail.com
Cc: tarantool-patches@freelists.org, Serge Petrenko <sergepetrenko@tarantool.org>
List-ID: <tarantool-patches.dev.tarantool.org>

We assume that if user has READ + WRITE on an object, it also has
CREATE + ALTER + DROP on an object. This was needed for compatibility
with old versions which didn't have CREATE, ALTER, DROP ACLs.
Now it's time to remove this compatibility mode.

The first patch removes this compatibility mode.

The second patch adds an upgrade script to automatically
grant CREATE, ALTER, DROP to everyone with READ and WRITE
on upgrade to 2.1.0

https://github.com/tarantool/tarantool/issues/3539
https://github.com/tarantool/tarantool/tree/sp/gh-3539-remove-legacy-grants

Serge Petrenko (2):
  box: remove compatibility mode for privileges
  box: autogrant CREATE,ALTER,DROP to users with READ+WRITE

 src/box/alter.cc         | 55 +++++++++++++++-------------------------
 src/box/lua/upgrade.lua  | 31 ++++++++++++++++++++++
 test/box/access.result   | 40 +++++++++++++++++++++++------
 test/box/access.test.lua | 18 +++++++++----
 test/sql/iproto.result   |  6 +++++
 test/sql/iproto.test.lua |  2 ++
 6 files changed, 105 insertions(+), 47 deletions(-)

-- 
2.17.1 (Apple Git-112)