cassandra git commit: DropRoleStatement should only checks su status for existing roles

Sun, 03 May 2015 12:29:44 -0700 

Repository: cassandra
Updated Branches:
  refs/heads/trunk 0db1431e3 -> 6af82eddf


DropRoleStatement should only checks su status for existing roles

patch by Sam Tunnicliffe; reviewed by Aleksey Yeschenko for
CASSANDRA-9189


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/6af82edd
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/6af82edd
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/6af82edd

Branch: refs/heads/trunk
Commit: 6af82eddff9d2923ff5447120dac432bd0dadae4
Parents: 0db1431
Author: Sam Tunnicliffe <[email protected]>
Authored: Tue Apr 14 12:37:30 2015 -0500
Committer: Aleksey Yeschenko <[email protected]>
Committed: Sun May 3 22:27:30 2015 +0300

----------------------------------------------------------------------
 .../apache/cassandra/cql3/statements/DropRoleStatement.java   | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/6af82edd/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java
----------------------------------------------------------------------
diff --git 
a/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java 
b/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java
index ec4bde7..55fa83a 100644
--- a/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java
+++ b/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java
@@ -38,7 +38,12 @@ public class DropRoleStatement extends 
AuthenticationStatement
     public void checkAccess(ClientState state) throws UnauthorizedException
     {
         super.checkPermission(state, Permission.DROP, role);
-        if (Roles.hasSuperuserStatus(role) && !state.getUser().isSuper())
+
+        // We only check superuser status for existing roles to avoid
+        // caching info about roles which don't exist (CASSANDRA-9189)
+        if (DatabaseDescriptor.getRoleManager().isExistingRole(role)
+            && Roles.hasSuperuserStatus(role)
+            && !state.getUser().isSuper())
             throw new UnauthorizedException("Only superusers can drop a role 
with superuser status");
     }

Reply via email to