Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix isAdminUser. #11326

Merged
merged 11 commits into from
Mar 24, 2020
Merged

Fix isAdminUser. #11326

merged 11 commits into from
Mar 24, 2020

Conversation

neunhoef
Copy link
Member

This attacks the problem that if a cluster is in read-only mode, no
user (except the superuser) had RW access to the system db. Therefore,
isAdminUser was returning false.

@neunhoef neunhoef requested a review from jsteemann March 24, 2020 08:02
@neunhoef neunhoef added this to the 3.7 milestone Mar 24, 2020
@neunhoef neunhoef added the 1 Bug label Mar 24, 2020
@jsteemann jsteemann marked this pull request as ready for review March 24, 2020 10:54
@jsteemann
Copy link
Contributor

http://172.16.10.101:8080/view/PR/job/arangodb-matrix-pr/9139/

@jsteemann
Copy link
Contributor

http://172.16.10.101:8080/view/PR/job/arangodb-matrix-pr/9141/

neunhoef
neunhoef commented Mar 24, 2020
View reviewed changes
Copy link
Member Author

@neunhoef neunhoef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jsteemann
jsteemann reviewed Mar 24, 2020
View reviewed changes
arangod/RestHandler/RestReplicationHandler.cpp Outdated
@@ -1049,7 +1049,7 @@ Result RestReplicationHandler::processRestoreCollection(VPackSlice const& collec
return Result();
}

ExecContextSuperuserScope escope(ExecContext::current().isAdminUser());
ExecContextSuperuserScope escope(ExecContext::current().isAdminUser() || !ServerState::readOnly());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this this really be an ||? I would have expected &&.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Richtig. Ich fixe...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOL, I have done this correctly in 3 places but in this one I made a boolean mistake.
Thanks for catching this!

@neunhoef
Copy link
Member Author

http://jenkins01.arangodb.biz:8080/view/PR/job/arangodb-matrix-pr/9144/

@neunhoef
Copy link
Member Author

Still need to run arangosync tests on this.

@jsteemann
Copy link
Contributor

http://172.16.10.101:8080/view/PR/job/arangodb-matrix-pr/9148/

@neunhoef
Copy link
Member Author

arangosync tests have been green for me with this version. This is good to go from my perspective.

@jsteemann jsteemann merged commit d2a17a2 into devel Mar 24, 2020
@jsteemann jsteemann deleted the bug-fix/admin-perms branch March 24, 2020 16:07
ObiWahn added a commit that referenced this pull request Mar 25, 2020
@ObiWahn
Merge remote-tracking branch 'origin/devel' into feature/endpoint-whi…
a399f3c 
…telisting

* origin/devel: (80 commits)
  Feature/aql subquery execution block impl execute implementation batch sub queries (#11318)
  Fix isAdminUser. (#11326)
  Bug fix/fixes 20200318 (#11319)
  updated CHANGELOG
  Feature/out of search in range (#11324)
  fix "fix" for collection figures (#11323)
  updated CHANGELOG
  compilation fixes for clang-10s more strict checking (#11316)
  fix failing query (#11317)
  KShortestPathsExecutor must reset its KShortestPathFinder, including all caches. (#11312)
  Feature/aql subquery execution block impl execute implementation expected number of rows (#11274)
  Add DTRACE points to measure request timings. (#11245)
  USE_STRICT_OPENSSL is Off by default
  Fix usesRevisionAsDocumentId population and add syncByRevision flag (#11314)
  Traversal Bugfix  (#11310)
  Bug fix/issue 11275 (#11299)
  added simple test (#11301)
  Fix some typos (#10173)
  Documentation/typos 2020-01-24 (#10975)
  Update CHANGELOG
  ...
ObiWahn added a commit that referenced this pull request Mar 25, 2020
@ObiWahn
Merge remote-tracking branch 'origin/devel' into feature/upgrade-rocksdb
b2832c3 
* origin/devel:
  Feature/aql subquery execution block impl execute implementation batch sub queries (#11318)
  Fix isAdminUser. (#11326)
  Bug fix/fixes 20200318 (#11319)
  updated CHANGELOG
  Feature/out of search in range (#11324)
  fix "fix" for collection figures (#11323)
ObiWahn added a commit that referenced this pull request Mar 27, 2020
@ObiWahn
Merge remote-tracking branch 'origin/devel' into feature/validation-a…
a233b7e 
…ql-functions

* origin/devel:
  Bug fix/schema validation return code (#11341)
  Fix explainer output when restricting collections (#11338)
  remove tabstops
  Improve endpoint handling. (#11236)
  revert HTTP return code change for user API, add tests (#11331)
  remove unused header files (#11320)
  Feature/aql subquery execution block impl execute implementation batch sub queries (#11318)
  Fix isAdminUser. (#11326)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsteemann jsteemann jsteemann left review comments

Assignees
No one assigned
Labels
1 Bug
Projects
None yet
Milestone
3.7
Development

Successfully merging this pull request may close these issues.
2 participants
@neunhoef @jsteemann