From 7e652c220b85663c2185021d24e0c2f306754e1b Mon Sep 17 00:00:00 2001
From: imarkov <imarkov@tarantool.org>
Date: Wed, 14 Feb 2018 15:56:30 +0300
Subject: [PATCH] schema: improve arguments check in grant or revoke on
 universe

The name of the universe is optional, so we don't check it. If a user
wants to specify extra options in the grant, such as if_not_exists, and
mistakes object name argument with options argument, options are
silently ignored:

  box.schema.user.grant('tnt', 'read,write,execute', 'universe', {if_not_exists = true})

Fix this by adding Lua code that ensures that universe name is a scalar
(string or nil).

Closes #3146
---
 src/box/lua/schema.lua   |  4 ++++
 test/box/access.result   | 41 ++++++++++++++++++++++++++++++++++++++++
 test/box/access.test.lua | 14 ++++++++++++++
 3 files changed, 59 insertions(+)

diff --git a/src/box/lua/schema.lua b/src/box/lua/schema.lua
index 756134b91e..bf8b1db297 100644
--- a/src/box/lua/schema.lua
+++ b/src/box/lua/schema.lua
@@ -1664,6 +1664,10 @@ end
 
 local function object_resolve(object_type, object_name)
     if object_type == 'universe' then
+        if object_name ~= nil and type(object_name) ~= 'string'
+                and type(object_name) ~= 'number' then
+            box.error(box.error.ILLEGAL_PARAMS, "wrong object name type")
+        end
         return 0
     end
     if object_type == 'space' then
diff --git a/test/box/access.result b/test/box/access.result
index 0ee17ebff7..191857f490 100644
--- a/test/box/access.result
+++ b/test/box/access.result
@@ -1450,3 +1450,44 @@ box.session.su("admin")
 box.schema.user.drop("tester")
 ---
 ...
+-- gh-3146 gotcha for granting universe with options
+box.schema.user.grant("guest", "read", "universe", {if_not_exists = true})
+---
+- error: Illegal parameters, wrong object name type
+...
+box.schema.user.grant("guest", "read", "universe", "useless name")
+---
+...
+box.schema.user.grant("guest", "read", "universe", "useless name", {if_not_exists = true})
+---
+...
+box.schema.user.grant("guest", "read", "universe", 0, {if_not_exists = true})
+---
+...
+box.schema.user.grant("guest", "read", "universe", nil, {if_not_exists = true})
+---
+...
+box.schema.user.grant("guest", "read", "universe", {}, {if_not_exists = true})
+---
+- error: Illegal parameters, wrong object name type
+...
+box.schema.user.revoke("guest", "read", "universe", {if_exists = true})
+---
+- error: Illegal parameters, wrong object name type
+...
+box.schema.user.revoke("guest", "read", "universe", "useless name")
+---
+...
+box.schema.user.revoke("guest", "read", "universe", "useless name", {if_exists = true})
+---
+...
+box.schema.user.revoke("guest", "read", "universe", 0, {if_exists = true})
+---
+...
+box.schema.user.revoke("guest", "read", "universe", nil, {if_exists = true})
+---
+...
+box.schema.user.revoke("guest", "read", "universe", {}, {if_exists = true})
+---
+- error: Illegal parameters, wrong object name type
+...
diff --git a/test/box/access.test.lua b/test/box/access.test.lua
index 241f254534..7e880a0cfc 100644
--- a/test/box/access.test.lua
+++ b/test/box/access.test.lua
@@ -561,3 +561,17 @@ box.session.su("tester", box.schema.func.drop, "test")
 
 box.session.su("admin")
 box.schema.user.drop("tester")
+
+-- gh-3146 gotcha for granting universe with options
+box.schema.user.grant("guest", "read", "universe", {if_not_exists = true})
+box.schema.user.grant("guest", "read", "universe", "useless name")
+box.schema.user.grant("guest", "read", "universe", "useless name", {if_not_exists = true})
+box.schema.user.grant("guest", "read", "universe", 0, {if_not_exists = true})
+box.schema.user.grant("guest", "read", "universe", nil, {if_not_exists = true})
+box.schema.user.grant("guest", "read", "universe", {}, {if_not_exists = true})
+box.schema.user.revoke("guest", "read", "universe", {if_exists = true})
+box.schema.user.revoke("guest", "read", "universe", "useless name")
+box.schema.user.revoke("guest", "read", "universe", "useless name", {if_exists = true})
+box.schema.user.revoke("guest", "read", "universe", 0, {if_exists = true})
+box.schema.user.revoke("guest", "read", "universe", nil, {if_exists = true})
+box.schema.user.revoke("guest", "read", "universe", {}, {if_exists = true})
-- 
GitLab