On Mon, Aug 20, 2018 at 11:10:08AM +0300, Serge Petrenko wrote:
This patch adds a privilege upgrade script, which runs on upgrade to
1.10.2 and automatically grants CREATE,ALTER,DROP on objects and entities
to all users, who have READ and WRITE access on them.
Also all tests are rewritten to grant only necessary privileges, not
privileges to universe.
diff --git a/src/box/lua/upgrade.lua b/src/box/lua/upgrade.lua
index 091da2dc4..d8d03288c 100644
--- a/src/box/lua/upgrade.lua
+++ b/src/box/lua/upgrade.lua
@@ -983,8 +983,31 @@ local function upgrade_space_priv_to_1_10_2()
_vpriv.index.object:alter{parts={3, 'string', 4, 'scalar'}}
end
+local function upgrade_users_to_1_10_2()
+ local _priv = box.space[box.schema.PRIV_ID]
+ local _user = box.space[box.schema.USER_ID]
+
+ for _, user in _user:pairs() do
+ if user[0] ~= ADMIN and user[0] ~= SUPER then
+ for _, priv in _priv:pairs(user[0]) do
+ if bit.band(priv[5], box.priv.W) ~= 0 and
+ bit.band(priv[5], box.priv.R) ~= 0 then
+ local new_privs = bit.bor(box.priv.A, box.priv.D)
+ -- for universal grants
+ if priv[3] == 'universe' then
+ new_privs = bit.bor(new_privs, box.priv.C)
+ end
+ _priv:update({priv[2], priv[3], priv[4]},
+ {{ "|", 5, new_privs}})
+ end
+ end
+ end
+ end
+end
+
local function upgrade_to_1_10_2()
upgrade_space_priv_to_1_10_2()
+ upgrade_users_to_1_10_2()
end
local function get_version()