[jira] [Created] (CASSANDRA-13681) checkAccess throws exceptions when statement does not exist

Sun, 09 Jul 2017 19:20:04 -0700 

Hao Zhong created CASSANDRA-13681:
-------------------------------------

             Summary: checkAccess throws exceptions when statement does not 
exist
                 Key: CASSANDRA-13681
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13681
             Project: Cassandra
          Issue Type: Bug
            Reporter: Hao Zhong


CASSANDRA-6687 fixed a wrong exception. In DropTableStatement, the buggy code 
is:
{code}
public void checkAccess(ClientState state) throws UnauthorizedException, 
InvalidRequestException
    {
        state.hasColumnFamilyAccess(keyspace(), columnFamily(), 
Permission.DROP);
    }
{code}
The fixed code is:
{code}
public void checkAccess(ClientState state) throws UnauthorizedException, 
InvalidRequestException
    {
        try
        {
            state.hasColumnFamilyAccess(keyspace(), columnFamily(), 
Permission.DROP);
        }
        catch (InvalidRequestException e)
        {
            if (!ifExists)
                throw e;
        }
    }
{code}

I found that ModificationStatement_checkAccess can have the same problem, since 
it calls  state.hasColumnFamilyAccess. In particular, its code is as follow:
{code}
 public void checkAccess(ClientState state) throws InvalidRequestException, 
UnauthorizedException
    {
        state.hasColumnFamilyAccess(metadata, Permission.MODIFY);

        // CAS updates can be used to simulate a SELECT query, so should 
require Permission.SELECT as well.
        if (hasConditions())
            state.hasColumnFamilyAccess(metadata, Permission.SELECT);

        // MV updates need to get the current state from the table, and might 
update the views
        // Require Permission.SELECT on the base table, and Permission.MODIFY 
on the views
        Iterator<ViewMetadata> views = View.findAll(keyspace(), 
columnFamily()).iterator();
        if (views.hasNext())
        {
            state.hasColumnFamilyAccess(metadata, Permission.SELECT);
            do
            {
                state.hasColumnFamilyAccess(views.next().metadata, 
Permission.MODIFY);
            } while (views.hasNext());
        }

        for (Function function : getFunctions())
            state.ensureHasPermission(Permission.EXECUTE, function);
    }
{code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to