reenable system ks r/w
Patch by Pavel Yaskevich and eevans for CASSANDRA-4664
Conflicts:
src/java/org/apache/cassandra/service/ClientState.java
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/487c9168
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/487c9168
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/487c9168
Branch: refs/heads/trunk
Commit: 487c9168fce9a40f6906ee4a7ee250a9bd390fde
Parents: 9d7ba39
Author: Eric Evans <[email protected]>
Authored: Thu Oct 18 21:26:48 2012 -0500
Committer: Eric Evans <[email protected]>
Committed: Thu Oct 18 21:38:43 2012 -0500
----------------------------------------------------------------------
src/java/org/apache/cassandra/auth/Permission.java | 1 +
.../org/apache/cassandra/service/ClientState.java | 8 ++++----
2 files changed, 5 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/487c9168/src/java/org/apache/cassandra/auth/Permission.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/Permission.java
b/src/java/org/apache/cassandra/auth/Permission.java
index 7518cdd..65cbd29 100644
--- a/src/java/org/apache/cassandra/auth/Permission.java
+++ b/src/java/org/apache/cassandra/auth/Permission.java
@@ -52,6 +52,7 @@ public enum Permission
public static final EnumSet<Permission> ALL =
EnumSet.allOf(Permission.class);
public static final EnumSet<Permission> NONE =
EnumSet.noneOf(Permission.class);
public static final EnumSet<Permission> GRANULAR_PERMISSIONS =
EnumSet.range(FULL_ACCESS, SELECT);
+ public static final EnumSet<Permission> ALLOWED_SYSTEM_ACTIONS =
EnumSet.of(DESCRIBE, UPDATE, DELETE, SELECT);
/**
* Maps old permissions to the new ones as we want to support old client
IAuthority implementations
http://git-wip-us.apache.org/repos/asf/cassandra/blob/487c9168/src/java/org/apache/cassandra/service/ClientState.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/service/ClientState.java
b/src/java/org/apache/cassandra/service/ClientState.java
index ba1b502..a68a778 100644
--- a/src/java/org/apache/cassandra/service/ClientState.java
+++ b/src/java/org/apache/cassandra/service/ClientState.java
@@ -165,7 +165,7 @@ public class ClientState
validateLogin();
validateKeyspace(keyspace);
- preventSystemKSModification(keyspace, perm);
+ preventSystemKSSchemaModification(keyspace, perm);
resourceClear();
resource.add(keyspace);
@@ -174,9 +174,9 @@ public class ClientState
hasAccess(user, perms, perm, resource);
}
- private void preventSystemKSModification(String keyspace, Permission perm)
throws InvalidRequestException
+ private void preventSystemKSSchemaModification(String keyspace, Permission
perm) throws InvalidRequestException
{
- if (keyspace.equalsIgnoreCase(Table.SYSTEM_TABLE) && perm !=
Permission.SELECT && perm != Permission.DESCRIBE)
+ if (keyspace.equalsIgnoreCase(Table.SYSTEM_TABLE) &&
!Permission.ALLOWED_SYSTEM_ACTIONS.contains(perm))
throw new InvalidRequestException("system keyspace is not
user-modifiable.");
}
@@ -197,7 +197,7 @@ public class ClientState
resourceClear();
resource.add(keyspace);
- preventSystemKSModification(keyspace, perm);
+ preventSystemKSSchemaModification(keyspace, perm);
// check if keyspace access is set to Permission.FULL_ACCESS
// (which means that user has all access on keyspace and it's
underlying elements)
