ACK
On Fri, Aug 17, 2018 at 07:26:57PM +0300, Serge Petrenko wrote:
When granting or revoking a privilege on an entire entity, id 0 was used
to indicate the fact that we don't grant a privilege on a single object,
but on a whole entity. This caused confusion, because for entity USER,
for example, id 0 is a valid object id (user 'guest' uses it).
Any non-zero id dedicated to this cause obviously may be confused as well.
Fix this by creating separate schema_object_types for entities:
SC_ENTITY_SPACE, SC_ENTITY_USER, etc.
Closes: #3574
Prerequisite: #3524
---
https://github.com/tarantool/tarantool/tree/sergepetrenko/gh-3574-whole-entity-types
https://github.com/tarantool/tarantool/issues/3574
Changes in v3:
- Fix indentation in numerous places.
- Change '*' to '' (empty string) in
object_id field for _priv and _vpriv
Changes in v2:
- keep only old syntax for granting access
to all entities
- add an upgrade script to alter indices of spaces
_priv and _vpriv to store 'scalar' in object_id field,
and use an asterisk ('*') in object_id to indicate
granting on an entire entity.
- keep the new entity types in priv_def and use them
internally.
src/box/alter.cc | 27 +++++++++++++++++++-
src/box/bootstrap.snap | Bin 1540 -> 1556 bytes
src/box/lua/schema.lua | 58
++++++++++++++++++++++++++-----------------
src/box/lua/upgrade.lua | 23 +++++++++++++++++
src/box/schema.cc | 11 ++++----
src/box/schema.h | 23 +++++++++--------
src/box/schema_def.c | 21 ++++++++++++++++
src/box/schema_def.h | 18 +++++++++++++-
src/box/user.cc | 27 +++++++++++---------
test/box-py/bootstrap.result | 14 +++++------
test/box/access.result | 6 ++---
test/box/access_misc.result | 8 +++---
test/box/alter.result | 8 +++---
test/xlog/upgrade.result | 14 +++++------
14 files changed, 180 insertions(+), 78 deletions(-)
