rename permission USE to DESCRIBE patch by Pavel Yaskevich; reviewed by Yuki Morishita for CASSANDRA-4664
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/117d91ae Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/117d91ae Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/117d91ae Branch: refs/heads/trunk Commit: 117d91ae2f13b5f6e602c754820973a5ce47d888 Parents: a4c397b Author: Pavel Yaskevich <[email protected]> Authored: Fri Sep 21 13:03:42 2012 +0300 Committer: Pavel Yaskevich <[email protected]> Committed: Fri Sep 21 13:03:42 2012 +0300 ---------------------------------------------------------------------- CHANGES.txt | 1 + src/java/org/apache/cassandra/auth/Permission.java | 6 +++--- .../org/apache/cassandra/service/ClientState.java | 12 +++++++++--- .../apache/cassandra/thrift/CassandraServer.java | 2 +- 4 files changed, 14 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 65ba88f..b26917b 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -5,6 +5,7 @@ * Adds offline sstablescrub to debian packaging (CASSANDRA-4642) * Automatic fixing of overlapping leveled sstables (CASSANDRA-4644) * fix error when using ORDER BY with extended selections (CASSANDRA-4689) + * rename permission USE to DESCRIBE (CASSANDRA-4664) 1.1.5 http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/src/java/org/apache/cassandra/auth/Permission.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/auth/Permission.java b/src/java/org/apache/cassandra/auth/Permission.java index 7afb2ff..7518cdd 100644 --- a/src/java/org/apache/cassandra/auth/Permission.java +++ b/src/java/org/apache/cassandra/auth/Permission.java @@ -39,7 +39,7 @@ public enum Permission NO_ACCESS, // schema management - USE, + DESCRIBE, CREATE, ALTER, DROP, @@ -59,7 +59,7 @@ public enum Permission */ public static final Map<Permission, EnumSet<Permission>> oldToNew = new HashMap<Permission, EnumSet<Permission>>(2) {{ - put(READ, EnumSet.of(USE, SELECT)); - put(WRITE, EnumSet.range(USE, DELETE)); + put(READ, EnumSet.of(DESCRIBE, SELECT)); + put(WRITE, EnumSet.range(DESCRIBE, DELETE)); }}; } http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/src/java/org/apache/cassandra/service/ClientState.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/service/ClientState.java b/src/java/org/apache/cassandra/service/ClientState.java index b7bf7d7..279523f 100644 --- a/src/java/org/apache/cassandra/service/ClientState.java +++ b/src/java/org/apache/cassandra/service/ClientState.java @@ -161,9 +161,7 @@ public class ClientState validateLogin(); validateKeyspace(keyspace); - // hardcode disallowing messing with system keyspace - if (keyspace.equalsIgnoreCase(Table.SYSTEM_TABLE) && (perm != Permission.USE)) - throw new InvalidRequestException("system keyspace is not user-modifiable"); + preventSystemKSModification(keyspace, perm); resourceClear(); resource.add(keyspace); @@ -172,6 +170,12 @@ public class ClientState hasAccess(user, perms, perm, resource); } + private void preventSystemKSModification(String keyspace, Permission perm) throws InvalidRequestException + { + if (keyspace.equalsIgnoreCase(Table.SYSTEM_TABLE) && perm != Permission.SELECT && perm != Permission.DESCRIBE) + throw new InvalidRequestException("system keyspace is not user-modifiable."); + } + /** * Confirms that the client thread has the given Permission in the context of the given * ColumnFamily and the current keyspace. @@ -189,6 +193,8 @@ public class ClientState resourceClear(); resource.add(keyspace); + preventSystemKSModification(keyspace, perm); + // check if keyspace access is set to Permission.FULL_ACCESS // (which means that user has all access on keyspace and it's underlying elements) if (DatabaseDescriptor.getAuthority().authorize(user, resource).contains(Permission.FULL_ACCESS)) http://git-wip-us.apache.org/repos/asf/cassandra/blob/117d91ae/src/java/org/apache/cassandra/thrift/CassandraServer.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/thrift/CassandraServer.java b/src/java/org/apache/cassandra/thrift/CassandraServer.java index ea2465e..a11472c 100644 --- a/src/java/org/apache/cassandra/thrift/CassandraServer.java +++ b/src/java/org/apache/cassandra/thrift/CassandraServer.java @@ -646,7 +646,7 @@ public class CassandraServer implements Cassandra.Iface public KsDef describe_keyspace(String table) throws NotFoundException, InvalidRequestException { - state().hasKeyspaceAccess(table, Permission.USE); + state().hasKeyspaceAccess(table, Permission.DESCRIBE); KSMetaData ksm = Schema.instance.getTableDefinition(table); if (ksm == null)
