[
https://issues.apache.org/jira/browse/CASSANDRA-8849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14344416#comment-14344416
]
Aleksey Yeschenko commented on CASSANDRA-8849:
----------------------------------------------
Looks good to me, overall, but some things don't belong to where they are right
now:
1. "public static boolean hasSuperuserRole(RoleResource role)" does not belong
to AuthenticatedUser. Should move to a separate Roles helper class (like we did
w/ Resources)
2. even though not introduced in this patch, "private static Set<RoleResource>
getRoles(RoleResource role)" also doesn't belong to AuthenticatedUser, and
should also be moved to Roles
3. loadRoles/initRolesCache should probably go the way of PermissionsCache and
get a separate class (RolesCache).
4. "public static Set<Permission> getPermissions(AuthenticatedUser user,
IResource resource)" should not be static
Additionally, a dtest would be nice to have.
> ListUsersStatement should consider inherited superuser status
> -------------------------------------------------------------
>
> Key: CASSANDRA-8849
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8849
> Project: Cassandra
> Issue Type: Bug
> Reporter: Sam Tunnicliffe
> Assignee: Sam Tunnicliffe
> Priority: Minor
> Fix For: 3.0
>
> Attachments: 8849.txt
>
>
> When introducing roles in CASSANDRA-7653, we retained {{LIST USERS}} support
> for backwards compatibility. However, the {{super}} column in its results is
> derived from {{IRoleManager#isSuper}} which only returns the superuser status
> for the named role and doesn't consider any other roles granted to it.
> {{LIST USERS}} then incorrectly shows a role which does not directly have
> superuser status, but which inherits it as not-a-superuser.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
