Updated Branches: refs/heads/trunk d55408d97 -> e63a1ae1c
reenable system ks r/w Patch by Pavel Yaskevich and eevans for CASSANDRA-4664 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/e63a1ae1 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/e63a1ae1 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/e63a1ae1 Branch: refs/heads/trunk Commit: e63a1ae1c00acf130d33c1e8161f66a194b9bfa4 Parents: d55408d Author: Eric Evans <[email protected]> Authored: Thu Oct 18 21:26:48 2012 -0500 Committer: Eric Evans <[email protected]> Committed: Thu Oct 18 21:26:48 2012 -0500 ---------------------------------------------------------------------- src/java/org/apache/cassandra/auth/Permission.java | 1 + .../org/apache/cassandra/service/ClientState.java | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/e63a1ae1/src/java/org/apache/cassandra/auth/Permission.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/auth/Permission.java b/src/java/org/apache/cassandra/auth/Permission.java index ece8a02..69e2d90 100644 --- a/src/java/org/apache/cassandra/auth/Permission.java +++ b/src/java/org/apache/cassandra/auth/Permission.java @@ -48,6 +48,7 @@ public enum Permission public static final EnumSet<Permission> ALL = EnumSet.allOf(Permission.class); public static final EnumSet<Permission> NONE = EnumSet.noneOf(Permission.class); public static final EnumSet<Permission> GRANULAR_PERMISSIONS = EnumSet.range(FULL_ACCESS, SELECT); + public static final EnumSet<Permission> ALLOWED_SYSTEM_ACTIONS = EnumSet.of(DESCRIBE, UPDATE, DELETE, SELECT); /** * Maps old permissions to the new ones as we want to support old client IAuthority implementations http://git-wip-us.apache.org/repos/asf/cassandra/blob/e63a1ae1/src/java/org/apache/cassandra/service/ClientState.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/service/ClientState.java b/src/java/org/apache/cassandra/service/ClientState.java index df0b0a1..554feab 100644 --- a/src/java/org/apache/cassandra/service/ClientState.java +++ b/src/java/org/apache/cassandra/service/ClientState.java @@ -179,7 +179,7 @@ public class ClientState validateLogin(); validateKeyspace(keyspace); - preventSystemKSModification(keyspace, perm); + preventSystemKSSchemaModification(keyspace, perm); resourceClear(); resource.add(keyspace); @@ -188,9 +188,9 @@ public class ClientState hasAccess(user, perms, perm, resource); } - private void preventSystemKSModification(String keyspace, Permission perm) throws InvalidRequestException + private void preventSystemKSSchemaModification(String keyspace, Permission perm) throws InvalidRequestException { - if (keyspace.equalsIgnoreCase(Table.SYSTEM_KS) && perm != Permission.SELECT && perm != Permission.DESCRIBE) + if (keyspace.equalsIgnoreCase(Table.SYSTEM_KS) && !Permission.ALLOWED_SYSTEM_ACTIONS.contains(perm)) throw new InvalidRequestException("system keyspace is not user-modifiable."); } @@ -212,7 +212,7 @@ public class ClientState resource.add(keyspace); if (!internalCall) - preventSystemKSModification(keyspace, perm); + preventSystemKSSchemaModification(keyspace, perm); // check if keyspace access is set to Permission.FULL_ACCESS // (which means that user has all access on keyspace and it's underlying elements)
