Adds box.schema.user.enable and box.schema.user.disable methods #5123
Conversation
…iption to Submodule box.schema
2 new files ("user_enable.rst" and user_disable.rst") added to the box.schema submodule.
Files describe methods that activate and deactivate users.
References added to existing files ("box_schema.rst", "user_grant.rst", "user_revoke.rst"
Fixes #5122
github-actions
bot
temporarily deployed
to
branch-gh-5122-add-box-schema-user-methods
github-actions
bot
temporarily deployed
to
branch-gh-5122-add-box-schema-user-methods
|
|
||
| .. function:: box.schema.user.enable(username) | ||
|
|
||
| Activate deactivated user. If :samp:`'{username}'` does not exist, it will be created. If :samp:`'{username}'` is already active, nothing changes. |
There was a problem hiding this comment.
Запуск box.schema.user.grant не создаёт пользователей. Вызов box.schema.user.enable сводится к запуску box.schema.user.grant с предустановленными параметрами. Передаваемый при этом параметр if_not_exists=true относится не к созданию пользователя, а к выводу/сокрытию ошибки повторной выдачи прав (ссылка).
box.schema.user.enable('not-exists')
---
- error: User 'not-exists' is not found
...|
|
||
| .. function:: box.schema.user.disable(username) | ||
|
|
||
| Deactivate a user. If :samp:`'{username}'` does not exist, an error is returned. |
There was a problem hiding this comment.
Под box.schema.user.disable вызывается box.schema.user.revoke с if_exists = true. В случае if_exists = true ошибка отсутствия отзываемых прав не будет выведена не произойдёт.
There was a problem hiding this comment.
В файле есть текст:
Должен существовать пользователь, должен существовать объект, но если задано {if_exists=true}, то ошибки не будет, если у пользователя нет прав.
Он звучит немного нескладно. Может быть подправить его как-то так:
Отсутствие объекта или пользователя приводит к ошибке. В случае отсутствия у пользователя прав на объект, ошибка не возникнет при {if_exists=true}.
github-actions
bot
temporarily deployed
to
branch-gh-5122-add-box-schema-user-methods
|
|
||
| :param string username: the name of a user to be deactivated | ||
|
|
||
| :return: ``---`` |
There was a problem hiding this comment.
Может быть по аналогии с добавленным для box.schema.user.enable добавить "(if failure)"?
Вот пример:
box.schema.user.disable('nope')
---
- error: User 'nope' is not found
...There was a problem hiding this comment.
Да, добавлю конечно
| Initiates the :samp:`box.schema.user.revoke('{username}','usage,session','universe',nil,` :code:`{if_exists=true})` | ||
| (see section :ref:`box.schema.user.revoke <box_schema-user_revoke>`). |
There was a problem hiding this comment.
Please, explain the effect of this call. What does 'deactivated' mean?
You can use usage and session description from https://github.com/tarantool/tarantool/wiki/Privileges-and-Access-Control-explained#all-possible-combinations-of-object-type-and-permission
| Initiates the :samp:`box.schema.user.revoke('{username}','usage,session','universe',nil,` :code:`{if_exists=true})` | ||
| (see section :ref:`box.schema.user.revoke <box_schema-user_revoke>`). |
There was a problem hiding this comment.
Why the revoke call is splitted to two inline blocks?
Also, in my opinion it is long enough to make it a non-inline block of code.
|
|
||
| :param string username: the name of a user to be deactivated | ||
|
|
||
| :return: (if success) ``---`` |
There was a problem hiding this comment.
--- is YAML document start marker and it is not really what the function returns.
The function returns nothing -- zero amount of values. just like the following function:
function nop() endTarantool admin console encodes return values in YAML with document start (---) and document end (...) markers:
tarantool> nop()
---
...Please, describe Lua API in terms of Lua values. Here I would write that the function returns nothing.
|
|
||
| :return: (if success) ``---`` | ||
|
|
||
| (if failure) ``error: User 'username' is not found`` |
There was a problem hiding this comment.
This console output means that the given error is raised. It is different from returning {['error'] = <...>}. Please, clarify in some way that is consistent with other Lua API descriptions.
|
|
||
| .. code-block:: lua | ||
|
|
||
| box.schema.user.disable (username) |
There was a problem hiding this comment.
Trailing whitespaces are usually discouraged.
The same for enable.
|
|
||
| .. code-block:: lua | ||
|
|
||
| box.schema.user.disable (username) |
There was a problem hiding this comment.
Please, follow the usual Lua code style, here we write foo(), not foo ().
| .. code-block:: lua | ||
|
|
||
| box.schema.user.disable (username) | ||
| --- |
There was a problem hiding this comment.
This is not a return value. If we want to show a chunk of console session, let's add prompt (tarantool> ) and the document end marker (...). If we want to show a piece from a Lua file, let's remove this YAML artifact.
| (if failure) ``error: User 'username' is not found`` | ||
|
|
||
|
|
||
| **Example:** |
There was a problem hiding this comment.
TBH, I don't see what this example adds to the given description. Is it really needed?
There was a problem hiding this comment.
Most of disable comments are applicable here too.
Fixes #5122