Merge pull request #8132 from influxdata/er-db-privs

Ensure privileges can't be set on non-existent DB
2017-06-27 13:12:00 +01:00 · 2017-06-27 13:12:00 +01:00 · 87975c7b2b
parent 5f8761a78f e1a5ee4ede
commit 87975c7b2b
3 changed files with 38 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,7 @@

 - [#8480](https://github.com/influxdata/influxdb/pull/8480): Change the default stats interval to 1 second instead of 10 seconds.
 - [#8466](https://github.com/influxdata/influxdb/issues/8466): illumos build broken on syscall.Mmap
+- [#8124](https://github.com/influxdata/influxdb/issues/8124): Prevent privileges on non-existent databases from being set.

 ## v1.3.0 [unreleased]

--- a/services/meta/data.go
+++ b/services/meta/data.go
@ -611,6 +611,10 @@ func (data *Data) SetPrivilege(name, database string, p influxql.Privilege) erro
 		return ErrUserNotFound
 	}

+	if data.Database(database) == nil {
+		return influxdb.ErrDatabaseNotFound(database)
+	}
+
 	if ui.Privileges == nil {
 		ui.Privileges = make(map[string]influxql.Privilege)
 	}
--- a/services/meta/data_test.go
+++ b/services/meta/data_test.go
@ -5,6 +5,7 @@ import (
 	"testing"
 	"time"

+	"github.com/influxdata/influxdb"
 	"github.com/influxdata/influxdb/influxql"

 	"github.com/influxdata/influxdb/services/meta"
@ -188,6 +189,32 @@ func TestData_AdminUserExists(t *testing.T) {
 	}
 }

+func TestData_SetPrivilege(t *testing.T) {
+	data := meta.Data{}
+	if err := data.CreateDatabase("db0"); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := data.CreateUser("user1", "", false); err != nil {
+		t.Fatal(err)
+	}
+
+	// When the user does not exist, SetPrivilege returns an error.
+	if got, exp := data.SetPrivilege("not a user", "db0", influxql.AllPrivileges), meta.ErrUserNotFound; got != exp {
+		t.Fatalf("got %v, expected %v", got, exp)
+	}
+
+	// When the database does not exist, SetPrivilege returns an error.
+	if got, exp := data.SetPrivilege("user1", "db1", influxql.AllPrivileges), influxdb.ErrDatabaseNotFound("db1"); got == nil || got.Error() != exp.Error() {
+		t.Fatalf("got %v, expected %v", got, exp)
+	}
+
+	// Otherwise, SetPrivilege sets the expected privileges.
+	if got := data.SetPrivilege("user1", "db0", influxql.AllPrivileges); got != nil {
+		t.Fatalf("got %v, expected %v", got, nil)
+	}
+}
+
 func TestUserInfo_AuthorizeDatabase(t *testing.T) {
 	emptyUser := &meta.UserInfo{}
 	if !emptyUser.AuthorizeDatabase(influxql.NoPrivileges, "anydb") {