Hi, I noticed that there is no test covering this part of the code: a user
must have more than just the AUTHORIZE permission to grant permissions to
others.
//
src/java/org/apache/cassandra/cql3/statements/PermissionsManagementStatement.java
public void authorize(ClientState state) throws UnauthorizedException
{
...
for (Permission p : permissions)
state.ensurePermission(p, resource);
}
If I remove these two lines, the existing tests will still pass. I've
written a test for this case; please take a look.
Link to PR:
https://github.com/apache/cassandra/pull/4502
