authorize dml cas requests (!663) · Merge requests · core / picodata

Dmitry Rodionov requested to merge dkr/access_checks into master Sep 05, 2023

Summary

This uses box_access_check_space to check write permissions for space that is targeted with CaS operation.

Note that box_access_check_space uses current session user, so the user that request originates from is passed to leader in CaS request. To switch to that user for actual check box.session.su is used.

Note that ddl requests are not covered yet, only dml is supported. Ddl support will be added separately after.

This patch adds a notion of special user used for intra cluster communication. Currently it is just an alias to guest, but one day this will change and there will be special system user and intra cluster communication will be authenticated using private/public keys

Additionally this patch includes bump of tarantool module version to include this commit: tarantool-module@99f72b2d

Ensure that

New code is covered by tests
~~API is documented // no api changes there, we validate permissions in existing api~~
Changelog is up to date
~~(if Lua API changed) Lua API version is bumped in luamod.rs~~
~~(if API docs changed) A follow-up doc issue is created in picodata/docs and linked here~~

Edited Oct 26, 2023 by Dmitry Rodionov

authorize dml cas requests

Summary

Ensure that

Merge request reports