[jira] Updated: (DERBY-2893) INSERT and UPDATES succeed when permission has not been granted.

Tue, 10 Jul 2007 13:06:26 -0700 

     [ 
https://issues.apache.org/jira/browse/DERBY-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kathey Marsden updated DERBY-2893:
----------------------------------

    Attachment: DERBY-2893_diff.txt

OK. I think I have it now.  Here is the patch to fix the test. The problem was 
that for assertInsertPrivilege we had 
        
Connection c = openUserConnection(users[0]); 

instead of 

Connection c = openUserConnection(user);
So since users[0] was the DBO the insert succeeded.  Also the error SQLState 
was different than the one expected in the test, 42500 instead of 42502.  I 
think 42500 user does not have permission on table is correct.

For the updates I simply uncommented the DERBY-2893 comment and it seemed to 
work. So I am not sure what the original problem was there.



> INSERT and UPDATES succeed when permission has not been granted.
> ----------------------------------------------------------------
>
>                 Key: DERBY-2893
>                 URL: https://issues.apache.org/jira/browse/DERBY-2893
>             Project: Derby
>          Issue Type: Bug
>          Components: Security, SQL
>    Affects Versions: 10.3.0.0, 10.3.1.0, 10.4.0.0
>            Reporter: Daniel John Debrunner
>            Priority: Critical
>         Attachments: DERBY-2893_diff.txt
>
>
> GrantRevokeTest had assert methods (assertInsertPrivilege etc.) of the form
> try {
>    s.execute(command)
> } catch (SQLException sqle)
> {
>        if (!hasPrivilege) 
>             assertSQLState("42502", e);
>        else
>              fail(...);
> }
> Note that no fail() assert was in the try portion after the SQL execution. 
> The statement should not work if hasPrivilege is false, but the test will 
> incorrectly pass if the statement succeeds. I added fail asserts with 
> revision 552922 like:
> if (!hasPrivilege)
>        fail("expected no INSERT permission on table");
> but these two for INSERT and UPDATE caused the test to fail (about 6 fixtures 
> fail) indicating that the statement succeeds even if the permission is not 
> granted.
> It could be a test problem but needs some investigation.
> The asserts for assertInsertPrivilege and asserUpdatePrivilege are commented 
> out to stop the test failing.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to