Skip to content

Commit 7ed0dc3

Browse files
klammrocksmiklosovic
klammrock
authored and
smiklosovic
committed
Add a test for checking permissions after grant authorize
patch by Valery Baranov; reviewed by Stefan Miklosovic, Brandon Williams for CASSANDRA-21051
1 parent b5f8ac2 commit 7ed0dc3

File tree

1 file changed

+40
-0
lines changed

1 file changed

+40
-0
lines changed

test/unit/org/apache/cassandra/auth/GrantAndRevokeTest.java

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -577,6 +577,46 @@ public void testGrantOnVirtualKeyspaces() throws Throwable
577577
executeNet(ProtocolVersion.CURRENT, format("REVOKE SELECT PERMISSION ON KEYSPACE system_views FROM %s", user));
578578
}
579579

580+
@Test
581+
public void testCheckPermissionsAfterAuthorize() throws Throwable
582+
{
583+
useSuperUser();
584+
585+
executeNet("CREATE KEYSPACE check_permissions WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '1'}");
586+
executeNet("CREATE TABLE check_permissions.t1 (k int PRIMARY KEY)");
587+
executeNet("INSERT INTO check_permissions.t1 (k) VALUES (1)");
588+
589+
executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND password='%s'", user, pass));
590+
591+
final String simple_user = "simple_user";
592+
executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND password='%s'", simple_user, simple_user));
593+
executeNet("GRANT AUTHORIZE ON check_permissions.t1 TO " + simple_user);
594+
595+
useUser(user, pass);
596+
assertUnauthorizedQuery("User user has no SELECT permission on <table check_permissions.t1> or any of its parents",
597+
"SELECT * FROM check_permissions.t1");
598+
599+
useUser(simple_user, simple_user);
600+
assertUnauthorizedQuery("User simple_user has no SELECT permission on <table check_permissions.t1> or any of its parents",
601+
"SELECT * FROM check_permissions.t1");
602+
assertUnauthorizedQuery("User simple_user has no SELECT permission on <table check_permissions.t1> or any of its parents",
603+
"GRANT SELECT ON check_permissions.t1 TO " + user);
604+
605+
useUser(user, pass);
606+
assertUnauthorizedQuery("User user has no SELECT permission on <table check_permissions.t1> or any of its parents",
607+
"SELECT * FROM check_permissions.t1");
608+
609+
useSuperUser();
610+
executeNet("GRANT SELECT ON check_permissions.t1 TO " + simple_user);
611+
612+
useUser(simple_user, simple_user);
613+
executeNet("SELECT * FROM check_permissions.t1");
614+
executeNet("GRANT SELECT ON check_permissions.t1 TO " + user);
615+
616+
useUser(user, pass);
617+
executeNet("SELECT * FROM check_permissions.t1");
618+
}
619+
580620
private void maybeReadSystemTables(boolean superuser) throws Throwable
581621
{
582622
if (superuser)

0 commit comments

Comments
 (0)