issue #1418: wire up grant permission
David Norton
parent
e6fdf27b73
commit
5cfb8d9210
|
|
@ -848,6 +848,30 @@ func TestHandler_AuthenticatedDatabases_UnauthorizedBasicAuth(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestHandler_GrantAdmin(t *testing.T) {
|
||||
srvr := OpenServer(NewMessagingClient())
|
||||
// Create a cluster admin that will grant admin to "john".
|
||||
srvr.CreateUser("lisa", "password", true)
|
||||
// Create user that will be granted cluster admin.
|
||||
srvr.CreateUser("john", "password", false)
|
||||
s := NewAuthenticatedHTTPServer(srvr)
|
||||
defer s.Close()
|
||||
|
||||
auth := make(map[string]string)
|
||||
auth["Authorization"] = "Basic " + base64.StdEncoding.EncodeToString([]byte("lisa:password"))
|
||||
query := map[string]string{"q": "GRANT ALL PRIVILEGES TO john"}
|
||||
|
||||
status, _ := MustHTTP("GET", s.URL+`/query`, query, auth, "")
|
||||
|
||||
if status != http.StatusOK {
|
||||
t.Fatalf("unexpected status: %d", status)
|
||||
}
|
||||
|
||||
if u := srvr.User("john"); !u.Admin {
|
||||
t.Fatal(`expected user "john" to be admin`)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHandler_serveWriteSeries(t *testing.T) {
|
||||
srvr := OpenServer(NewMessagingClient())
|
||||
srvr.CreateDatabase("foo")
|
||||
|
|
|
|||
34
server.go
34
server.go
|
|
@ -1656,7 +1656,7 @@ func (s *Server) ExecuteQuery(q *influxql.Query, database string, user *User) Re
|
|||
case *influxql.ShowFieldValuesStatement:
|
||||
continue
|
||||
case *influxql.GrantStatement:
|
||||
continue
|
||||
res = s.executeGrantStatement(stmt, database, user)
|
||||
case *influxql.RevokeStatement:
|
||||
continue
|
||||
case *influxql.CreateRetentionPolicyStatement:
|
||||
|
|
@ -2020,6 +2020,38 @@ func (s *Server) executeShowTagValuesStatement(stmt *influxql.ShowTagValuesState
|
|||
return result
|
||||
}
|
||||
|
||||
func (s *Server) executeGrantStatement(stmt *influxql.GrantStatement, database string, user *User) *Result {
|
||||
s.mu.RLock()
|
||||
defer s.mu.RUnlock()
|
||||
|
||||
// Look up the user in the statement that will be granted the privilege.
|
||||
// NOTE: the user passed in by the caller is the granter.
|
||||
u, ok := s.users[stmt.User]
|
||||
if !ok {
|
||||
return &Result{Err: ErrUserNotFound}
|
||||
}
|
||||
|
||||
// Check if this privilege is being granted on the cluster.
|
||||
if database == "" {
|
||||
// The only privilege allowed on the cluster is admin (AllPrivileges).
|
||||
if stmt.Privilege != influxql.AllPrivileges {
|
||||
return &Result{
|
||||
Err: fmt.Errorf("cannot grant %s on the cluser, only %s",
|
||||
stmt.Privilege.String(),
|
||||
influxql.AllPrivileges.String()),
|
||||
}
|
||||
}
|
||||
|
||||
// Grant user cluster admin privileges.
|
||||
u.Admin = true
|
||||
} else {
|
||||
// Grant user the requested privilege on the database.
|
||||
u.Privileges[database] = stmt.Privilege
|
||||
}
|
||||
|
||||
return &Result{}
|
||||
}
|
||||
|
||||
// str2iface converts an array of strings to an array of interfaces.
|
||||
func str2iface(strs []string) []interface{} {
|
||||
a := make([]interface{}, 0, len(strs))
|
||||
|
|
|
|||
Loading…
Reference in New Issue