From aaf6f8e92f3e8575b2990c2fc7a9c4d55e6c6b35 Mon Sep 17 00:00:00 2001
From: Nikolay Shirokovskiy <nshirokovskiy@tarantool.org>
Date: Mon, 27 Jun 2022 15:21:51 +0300
Subject: [PATCH] box: fix unexpected error on granting privileges to admin

We use LuaJIT 'bit' module for bitwise operations. Due to platform
interoperability it truncates arguments to 32bit and returns signed
result. Thus on granting rights using bit.bor to admin user which
have 0xffffffff rights (from bootstrap snapshot) we get -1 as a result.
This leads to type check error given in issue later in execution.

Closes #7226

NO_DOC=minor bugfix
---
 .../unreleased/gh-7226-admin-grant-error.md   |  5 ++++
 src/box/lua/schema.lua                        |  1 +
 .../gh_7226_admin_grant_error_test.lua        | 24 +++++++++++++++++++
 3 files changed, 30 insertions(+)
 create mode 100644 changelogs/unreleased/gh-7226-admin-grant-error.md
 create mode 100644 test/box-luatest/gh_7226_admin_grant_error_test.lua

diff --git a/changelogs/unreleased/gh-7226-admin-grant-error.md b/changelogs/unreleased/gh-7226-admin-grant-error.md
new file mode 100644
index 0000000000..417b4c71ef
--- /dev/null
+++ b/changelogs/unreleased/gh-7226-admin-grant-error.md
@@ -0,0 +1,5 @@
+## bugfix/box
+
+* Fixed internal error on granting rights to admin user. Now granting still
+fail but for proper reason and proper error message like "right is already
+granted" (gh-7226).
diff --git a/src/box/lua/schema.lua b/src/box/lua/schema.lua
index afcdf69c5a..38e881c2ac 100644
--- a/src/box/lua/schema.lua
+++ b/src/box/lua/schema.lua
@@ -3323,6 +3323,7 @@ local function grant(uid, name, privilege, object_type,
         old_privilege = 0
     end
     privilege_hex = bit.bor(privilege_hex, old_privilege)
+    privilege_hex = tonumber(ffi.cast('uint32_t', privilege_hex))
     -- do not execute a replace if it does not change anything
     -- XXX bug if we decide to add a grant option: new grantor
     -- replaces the old one, old grantor is lost
diff --git a/test/box-luatest/gh_7226_admin_grant_error_test.lua b/test/box-luatest/gh_7226_admin_grant_error_test.lua
new file mode 100644
index 0000000000..0f21312c29
--- /dev/null
+++ b/test/box-luatest/gh_7226_admin_grant_error_test.lua
@@ -0,0 +1,24 @@
+local server = require('test.luatest_helpers.server')
+local t = require('luatest')
+
+local g = t.group()
+
+g.before_all = function()
+    g.server = server:new{alias = 'default'}
+    g.server:start()
+end
+
+g.after_all = function()
+    g.server:drop()
+end
+
+g.test_grainting_to_admin = function()
+    g.server:exec(function()
+        local t = require('luatest')
+        local function grant()
+            box.schema.user.grant('admin', 'read', 'universe', nil, nil)
+        end
+        local msg = "User 'admin' already has read access on universe"
+        t.assert_error_msg_content_equals(msg, grant)
+    end)
+end
-- 
GitLab