schema: prepare for fully-functioning CREATE/ALTER/DROP ACLs
In order to make CREATE/ALTER/DROP ACLs available to users other than admin, make sure utility functions in schema.lua do not require excess privileges to execute DDL. Right now many of schema.lua functions work directly with system spaces to construct a DDL statement or prepare a nice error message for the user. Siwtch to virtual system views wherever possible. System views for system spaces are available to role 'public' and display the same data as system spaces, but filtered through the user-specific access lense: i.e. they display only rows which should be visible to the effective user. Update test results, since now some error messages slightly differ. Extend test coverage. In scope of gh-3250 "Make grant/revoke not require accesses to universe"
Showing
- src/box/lua/schema.lua 2 additions, 2 deletionssrc/box/lua/schema.lua
- test/box/access.result 56 additions, 1 deletiontest/box/access.result
- test/box/access.test.lua 34 additions, 1 deletiontest/box/access.test.lua
- test/box/on_replace.result 15 additions, 1 deletiontest/box/on_replace.result
- test/box/on_replace.test.lua 4 additions, 0 deletionstest/box/on_replace.test.lua
- test/box/transaction.result 8 additions, 1 deletiontest/box/transaction.result
- test/box/transaction.test.lua 2 additions, 0 deletionstest/box/transaction.test.lua
Loading
Please register or sign in to comment