Re: [PR] Add test for check permissions after authorize [cassandra]

Mon, 01 Dec 2025 12:10:37 -0800 


ac1d0globlya commented on code in PR #4502:
URL: https://github.com/apache/cassandra/pull/4502#discussion_r2578468270


##########
test/unit/org/apache/cassandra/auth/GrantAndRevokeTest.java:
##########
@@ -577,6 +577,42 @@ public void testGrantOnVirtualKeyspaces() throws Throwable
         executeNet(ProtocolVersion.CURRENT, format("REVOKE SELECT PERMISSION 
ON KEYSPACE system_views FROM %s", user));
     }
 
+    @Test
+    public void testCheckPermissionsAfterAuthorize() throws Throwable
+    {
+        useSuperUser();
+
+        executeNet("CREATE KEYSPACE check_permissions WITH replication = 
{'class': 'SimpleStrategy', 'replication_factor': '1'}");
+        executeNet("CREATE TABLE check_permissions.t1 (k int PRIMARY KEY)");
+        executeNet("INSERT INTO check_permissions.t1 (k) VALUES (1)");
+
+        executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND 
password='%s'", user, pass));
+
+        final String idm_user = "idm_user";
+        executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND 
password='%s'", idm_user, idm_user));
+        executeNet("GRANT AUTHORIZE ON check_permissions.t1 TO " + idm_user);
+
+        useUser(user, pass);
+        assertUnauthorizedQuery("User user has no SELECT permission on <table 
check_permissions.t1> or any of its parents",
+                                "SELECT * FROM check_permissions.t1");
+
+        useUser(idm_user, idm_user);
+        assertUnauthorizedQuery("User idm_user has no SELECT permission on 
<table check_permissions.t1> or any of its parents",
+                                "SELECT * FROM check_permissions.t1");
+        assertUnauthorizedQuery("User idm_user has no SELECT permission on 
<table check_permissions.t1> or any of its parents",

Review Comment:
   Let's check that after this exception user "user" still has no select 
permission.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to