This is an automated email from the ASF dual-hosted git repository.
smiklosovic pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/trunk by this push:
new 7ed0dc33d0 Add a test for checking permissions after grant authorize
7ed0dc33d0 is described below
commit 7ed0dc33d0f508cb006ebfbf41c5b015f83c56e0
Author: Valery Baranov <[email protected]>
AuthorDate: Tue Dec 2 10:06:16 2025 +0300
Add a test for checking permissions after grant authorize
patch by Valery Baranov; reviewed by Stefan Miklosovic, Brandon Williams
for CASSANDRA-21051
---
.../apache/cassandra/auth/GrantAndRevokeTest.java | 40 ++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/test/unit/org/apache/cassandra/auth/GrantAndRevokeTest.java
b/test/unit/org/apache/cassandra/auth/GrantAndRevokeTest.java
index 7b8a4cfb77..44abc70805 100644
--- a/test/unit/org/apache/cassandra/auth/GrantAndRevokeTest.java
+++ b/test/unit/org/apache/cassandra/auth/GrantAndRevokeTest.java
@@ -577,6 +577,46 @@ public class GrantAndRevokeTest extends CQLTester
executeNet(ProtocolVersion.CURRENT, format("REVOKE SELECT PERMISSION
ON KEYSPACE system_views FROM %s", user));
}
+ @Test
+ public void testCheckPermissionsAfterAuthorize() throws Throwable
+ {
+ useSuperUser();
+
+ executeNet("CREATE KEYSPACE check_permissions WITH replication =
{'class': 'SimpleStrategy', 'replication_factor': '1'}");
+ executeNet("CREATE TABLE check_permissions.t1 (k int PRIMARY KEY)");
+ executeNet("INSERT INTO check_permissions.t1 (k) VALUES (1)");
+
+ executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND
password='%s'", user, pass));
+
+ final String simple_user = "simple_user";
+ executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND
password='%s'", simple_user, simple_user));
+ executeNet("GRANT AUTHORIZE ON check_permissions.t1 TO " +
simple_user);
+
+ useUser(user, pass);
+ assertUnauthorizedQuery("User user has no SELECT permission on <table
check_permissions.t1> or any of its parents",
+ "SELECT * FROM check_permissions.t1");
+
+ useUser(simple_user, simple_user);
+ assertUnauthorizedQuery("User simple_user has no SELECT permission on
<table check_permissions.t1> or any of its parents",
+ "SELECT * FROM check_permissions.t1");
+ assertUnauthorizedQuery("User simple_user has no SELECT permission on
<table check_permissions.t1> or any of its parents",
+ "GRANT SELECT ON check_permissions.t1 TO " +
user);
+
+ useUser(user, pass);
+ assertUnauthorizedQuery("User user has no SELECT permission on <table
check_permissions.t1> or any of its parents",
+ "SELECT * FROM check_permissions.t1");
+
+ useSuperUser();
+ executeNet("GRANT SELECT ON check_permissions.t1 TO " + simple_user);
+
+ useUser(simple_user, simple_user);
+ executeNet("SELECT * FROM check_permissions.t1");
+ executeNet("GRANT SELECT ON check_permissions.t1 TO " + user);
+
+ useUser(user, pass);
+ executeNet("SELECT * FROM check_permissions.t1");
+ }
+
private void maybeReadSystemTables(boolean superuser) throws Throwable
{
if (superuser)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
