Repository: cassandra Updated Branches: refs/heads/trunk 10e9c193b -> 1a1c5a008
Change authorization handling for MVs patch by Paulo Motta; reviewed by Aleksey Yeschenko for CASSANDRA-9927 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/1a9286c0 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/1a9286c0 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/1a9286c0 Branch: refs/heads/trunk Commit: 1a9286c07a5c168df677da9d6be7178d087ea005 Parents: 269f078 Author: Paulo Motta <pauloricard...@gmail.com> Authored: Fri Aug 7 19:08:04 2015 -0300 Committer: Aleksey Yeschenko <alek...@apache.org> Committed: Tue Aug 11 02:16:39 2015 +0300 ---------------------------------------------------------------------- CHANGES.txt | 1 + .../AlterMaterializedViewStatement.java | 5 ++- .../CreateMaterializedViewStatement.java | 2 +- .../DropMaterializedViewStatement.java | 35 ++++++-------------- .../cql3/statements/SelectStatement.java | 14 ++++++-- .../cassandra/db/view/MaterializedView.java | 17 ++++++++++ 6 files changed, 46 insertions(+), 28 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/1a9286c0/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 7eff824..eacc110 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 3.0.0-beta1 + * Change authorization handling for MVs (CASSANDRA-9927) * Add custom JMX enabled executor for UDF sandbox (CASSANDRA-10026) * Fix row deletion bug for Materialized Views (CASSANDRA-10014) * Support mixed-version clusters with Cassandra 2.1 and 2.2 (CASSANDRA-9704) http://git-wip-us.apache.org/repos/asf/cassandra/blob/1a9286c0/src/java/org/apache/cassandra/cql3/statements/AlterMaterializedViewStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/AlterMaterializedViewStatement.java b/src/java/org/apache/cassandra/cql3/statements/AlterMaterializedViewStatement.java index d0116fb..acc2f90 100644 --- a/src/java/org/apache/cassandra/cql3/statements/AlterMaterializedViewStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/AlterMaterializedViewStatement.java @@ -20,6 +20,7 @@ package org.apache.cassandra.cql3.statements; import org.apache.cassandra.auth.Permission; import org.apache.cassandra.config.CFMetaData; import org.apache.cassandra.cql3.CFName; +import org.apache.cassandra.db.view.MaterializedView; import org.apache.cassandra.exceptions.InvalidRequestException; import org.apache.cassandra.exceptions.RequestValidationException; import org.apache.cassandra.exceptions.UnauthorizedException; @@ -41,7 +42,9 @@ public class AlterMaterializedViewStatement extends SchemaAlteringStatement public void checkAccess(ClientState state) throws UnauthorizedException, InvalidRequestException { - state.hasColumnFamilyAccess(keyspace(), columnFamily(), Permission.ALTER); + CFMetaData baseTable = MaterializedView.findBaseTable(keyspace(), columnFamily()); + if (baseTable != null) + state.hasColumnFamilyAccess(keyspace(), baseTable.cfName, Permission.ALTER); } public void validate(ClientState state) http://git-wip-us.apache.org/repos/asf/cassandra/blob/1a9286c0/src/java/org/apache/cassandra/cql3/statements/CreateMaterializedViewStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/CreateMaterializedViewStatement.java b/src/java/org/apache/cassandra/cql3/statements/CreateMaterializedViewStatement.java index 380b068..ec9e848 100644 --- a/src/java/org/apache/cassandra/cql3/statements/CreateMaterializedViewStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/CreateMaterializedViewStatement.java @@ -76,7 +76,7 @@ public class CreateMaterializedViewStatement extends SchemaAlteringStatement { if (!baseName.hasKeyspace()) baseName.setKeyspace(keyspace(), true); - state.hasKeyspaceAccess(keyspace(), Permission.CREATE); + state.hasColumnFamilyAccess(keyspace(), baseName.getColumnFamily(), Permission.ALTER); } public void validate(ClientState state) throws RequestValidationException http://git-wip-us.apache.org/repos/asf/cassandra/blob/1a9286c0/src/java/org/apache/cassandra/cql3/statements/DropMaterializedViewStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/DropMaterializedViewStatement.java b/src/java/org/apache/cassandra/cql3/statements/DropMaterializedViewStatement.java index 01d138c..8adba45 100644 --- a/src/java/org/apache/cassandra/cql3/statements/DropMaterializedViewStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/DropMaterializedViewStatement.java @@ -20,14 +20,12 @@ package org.apache.cassandra.cql3.statements; import org.apache.cassandra.auth.Permission; import org.apache.cassandra.config.CFMetaData; -import org.apache.cassandra.config.MaterializedViewDefinition; import org.apache.cassandra.config.Schema; import org.apache.cassandra.cql3.CFName; -import org.apache.cassandra.db.KeyspaceNotDefinedException; +import org.apache.cassandra.db.view.MaterializedView; import org.apache.cassandra.exceptions.ConfigurationException; import org.apache.cassandra.exceptions.InvalidRequestException; import org.apache.cassandra.exceptions.UnauthorizedException; -import org.apache.cassandra.schema.KeyspaceMetadata; import org.apache.cassandra.service.ClientState; import org.apache.cassandra.service.MigrationManager; import org.apache.cassandra.transport.Event; @@ -44,7 +42,9 @@ public class DropMaterializedViewStatement extends SchemaAlteringStatement public void checkAccess(ClientState state) throws UnauthorizedException, InvalidRequestException { - state.hasColumnFamilyAccess(keyspace(), columnFamily(), Permission.DROP); + CFMetaData baseTable = MaterializedView.findBaseTable(keyspace(), columnFamily()); + if (baseTable != null) + state.hasColumnFamilyAccess(keyspace(), baseTable.cfName, Permission.ALTER); } public void validate(ClientState state) @@ -67,9 +67,14 @@ public class DropMaterializedViewStatement extends SchemaAlteringStatement if (!viewCfm.isMaterializedView()) throw new ConfigurationException(String.format("Cannot drop non materialized view '%s' in keyspace '%s'", columnFamily(), keyspace())); - CFMetaData baseCfm = findBaseCf(); + CFMetaData baseCfm = MaterializedView.findBaseTable(keyspace(), columnFamily()); if (baseCfm == null) - throw new ConfigurationException(String.format("Cannot drop materialized view '%s' in keyspace '%s' without base CF.", columnFamily(), keyspace())); + { + if (ifExists) + throw new ConfigurationException(String.format("Cannot drop materialized view '%s' in keyspace '%s' without base CF.", columnFamily(), keyspace())); + else + throw new InvalidRequestException(String.format("View '%s' could not be found in any of the tables of keyspace '%s'", cfName, keyspace())); + } CFMetaData updatedCfm = baseCfm.copy(); updatedCfm.materializedViews(updatedCfm.getMaterializedViews().without(columnFamily())); @@ -84,22 +89,4 @@ public class DropMaterializedViewStatement extends SchemaAlteringStatement throw e; } } - - private CFMetaData findBaseCf() throws InvalidRequestException - { - KeyspaceMetadata ksm = Schema.instance.getKSMetaData(keyspace()); - if (ksm == null) - throw new KeyspaceNotDefinedException("Keyspace " + keyspace() + " does not exist"); - - for (CFMetaData cfm : ksm.tables) - { - if (cfm.getMaterializedViews().get(columnFamily()).isPresent()) - return cfm; - } - - if (ifExists) - return null; - else - throw new InvalidRequestException("View '" + cfName + "' could not be found in any of the tables of keyspace '" + keyspace() + '\''); - } } http://git-wip-us.apache.org/repos/asf/cassandra/blob/1a9286c0/src/java/org/apache/cassandra/cql3/statements/SelectStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/SelectStatement.java b/src/java/org/apache/cassandra/cql3/statements/SelectStatement.java index d08c56f..32177a4 100644 --- a/src/java/org/apache/cassandra/cql3/statements/SelectStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/SelectStatement.java @@ -29,7 +29,6 @@ import org.slf4j.LoggerFactory; import org.apache.cassandra.auth.Permission; import org.apache.cassandra.config.CFMetaData; import org.apache.cassandra.config.ColumnDefinition; -import org.apache.cassandra.config.Schema; import org.apache.cassandra.cql3.*; import org.apache.cassandra.cql3.functions.Function; import org.apache.cassandra.cql3.restrictions.StatementRestrictions; @@ -43,6 +42,7 @@ import org.apache.cassandra.db.index.SecondaryIndexManager; import org.apache.cassandra.db.marshal.CollectionType; import org.apache.cassandra.db.marshal.CompositeType; import org.apache.cassandra.db.marshal.Int32Type; +import org.apache.cassandra.db.view.MaterializedView; import org.apache.cassandra.dht.AbstractBounds; import org.apache.cassandra.exceptions.*; import org.apache.cassandra.serializers.MarshalException; @@ -166,7 +166,17 @@ public class SelectStatement implements CQLStatement public void checkAccess(ClientState state) throws InvalidRequestException, UnauthorizedException { - state.hasColumnFamilyAccess(keyspace(), columnFamily(), Permission.SELECT); + if (cfm.isMaterializedView()) + { + CFMetaData baseTable = MaterializedView.findBaseTable(keyspace(), columnFamily()); + if (baseTable != null) + state.hasColumnFamilyAccess(keyspace(), baseTable.cfName, Permission.SELECT); + } + else + { + state.hasColumnFamilyAccess(keyspace(), columnFamily(), Permission.SELECT); + } + for (Function function : getFunctions()) state.ensureHasPermission(Permission.EXECUTE, function); } http://git-wip-us.apache.org/repos/asf/cassandra/blob/1a9286c0/src/java/org/apache/cassandra/db/view/MaterializedView.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/db/view/MaterializedView.java b/src/java/org/apache/cassandra/db/view/MaterializedView.java index c953d5f..39b2769 100644 --- a/src/java/org/apache/cassandra/db/view/MaterializedView.java +++ b/src/java/org/apache/cassandra/db/view/MaterializedView.java @@ -26,6 +26,8 @@ import java.util.LinkedList; import java.util.List; import java.util.Set; +import javax.annotation.Nullable; + import com.google.common.collect.Iterables; import org.apache.cassandra.config.CFMetaData; @@ -59,6 +61,7 @@ import org.apache.cassandra.db.rows.ColumnData; import org.apache.cassandra.db.rows.ComplexColumnData; import org.apache.cassandra.db.rows.Row; import org.apache.cassandra.db.rows.RowIterator; +import org.apache.cassandra.schema.KeyspaceMetadata; import org.apache.cassandra.service.pager.QueryPager; /** @@ -634,6 +637,20 @@ public class MaterializedView CompactionManager.instance.submitMaterializedViewBuilder(builder); } + @Nullable + public static CFMetaData findBaseTable(String keyspace, String view) + { + KeyspaceMetadata ksm = Schema.instance.getKSMetaData(keyspace); + if (ksm == null) + return null; + + for (CFMetaData cfm : ksm.tables) + if (cfm.getMaterializedViews().get(view).isPresent()) + return cfm; + + return null; + } + /** * @return CFMetaData which represents the definition given */