Better error for unqualified functions in authz statements

Patch by Sam Tunnicliffe; reviewed by Carl Yeksigian for CASSANDRA-12925


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/4bbf9937
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/4bbf9937
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/4bbf9937

Branch: refs/heads/cassandra-3.11
Commit: 4bbf99372e677979c46de432d3b849895fb433ee
Parents: f3b452c
Author: Sam Tunnicliffe <s...@beobal.com>
Authored: Thu Nov 17 11:37:39 2016 +0000
Committer: Sam Tunnicliffe <s...@beobal.com>
Committed: Tue Jan 24 07:56:08 2017 -0800

----------------------------------------------------------------------
 CHANGES.txt                                     |  1 +
 .../apache/cassandra/auth/FunctionResource.java |  4 ++++
 .../cql3/validation/entities/UFAuthTest.java    | 25 ++++++++++++++++++++
 3 files changed, 30 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbf9937/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index a85386b..396fa3f 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
 3.0.11
+ * Better error when modifying function permissions without explicit keyspace 
(CASSANDRA-12925)
  * Indexer is not correctly invoked when building indexes over sstables 
(CASSANDRA-13075)
  * Read repair is not blocking repair to finish in foreground repair 
(CASSANDRA-13115)
  * Stress daemon help is incorrect (CASSANDRA-12563)

http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbf9937/src/java/org/apache/cassandra/auth/FunctionResource.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/FunctionResource.java 
b/src/java/org/apache/cassandra/auth/FunctionResource.java
index 2c5b8a1..01a4de5 100644
--- a/src/java/org/apache/cassandra/auth/FunctionResource.java
+++ b/src/java/org/apache/cassandra/auth/FunctionResource.java
@@ -34,6 +34,7 @@ import org.apache.cassandra.cql3.functions.Function;
 import org.apache.cassandra.cql3.functions.FunctionName;
 import org.apache.cassandra.db.marshal.AbstractType;
 import org.apache.cassandra.db.marshal.TypeParser;
+import org.apache.cassandra.exceptions.InvalidRequestException;
 
 /**
  * IResource implementation representing functions.
@@ -146,6 +147,9 @@ public class FunctionResource implements IResource
      */
     public static FunctionResource functionFromCql(String keyspace, String 
name, List<CQL3Type.Raw> argTypes)
     {
+        if (keyspace == null)
+            throw new InvalidRequestException("In this context function name 
must be " +
+                                              "explictly qualified by a 
keyspace");
         List<AbstractType<?>> abstractTypes = new ArrayList<>();
         for (CQL3Type.Raw cqlType : argTypes)
             abstractTypes.add(cqlType.prepare(keyspace).getType());

http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbf9937/test/unit/org/apache/cassandra/cql3/validation/entities/UFAuthTest.java
----------------------------------------------------------------------
diff --git 
a/test/unit/org/apache/cassandra/cql3/validation/entities/UFAuthTest.java 
b/test/unit/org/apache/cassandra/cql3/validation/entities/UFAuthTest.java
index 6993bec..e5ecc72 100644
--- a/test/unit/org/apache/cassandra/cql3/validation/entities/UFAuthTest.java
+++ b/test/unit/org/apache/cassandra/cql3/validation/entities/UFAuthTest.java
@@ -449,6 +449,31 @@ public class UFAuthTest extends CQLTester
         getStatement(cql).checkAccess(clientState);
     }
 
+    @Test
+    public void grantAndRevokeSyntaxRequiresExplicitKeyspace() throws Throwable
+    {
+        setupTable("CREATE TABLE %s (k int, s int STATIC, v1 int, v2 int, 
PRIMARY KEY(k, v1))");
+        String functionName = shortFunctionName(createSimpleFunction());
+        assertRequiresKeyspace(String.format("GRANT EXECUTE ON FUNCTION %s() 
TO %s",
+                                             functionName,
+                                             role.getRoleName()));
+        assertRequiresKeyspace(String.format("REVOKE EXECUTE ON FUNCTION %s() 
FROM %s",
+                                             functionName,
+                                             role.getRoleName()));
+    }
+
+    private void assertRequiresKeyspace(String cql) throws Throwable
+    {
+        try
+        {
+            getStatement(cql);
+        }
+        catch (InvalidRequestException e)
+        {
+            assertEquals("In this context function name must be explictly 
qualified by a keyspace", e.getMessage());
+        }
+    }
+
     private void assertPermissionsOnNestedFunctions(String innerFunction, 
String outerFunction) throws Throwable
     {
         String cql = String.format("SELECT k, %s FROM %s WHERE k=0",

Reply via email to