-
Notifications
You must be signed in to change notification settings - Fork 24.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
In #81400 we changed `superuser` to no longer have _every_ privilege. Consequently, we also removed the special case code that existed that would ignore all other roles for any user that had superuser role. However, we added some special handling so that failing to resolve those other roles would not block superuser access - when a user has superuser role, any failures in role resolution will be effectively ignored, and the user will be given the superuser role only. However, this failure handling did not account for the loading of application privileges. If application privileges needed to be loaded, but failed, this could prevent resolution of the superuser role. This change extends the failure handling to encompass the full resolution of roles, and fallback to superuser only, whenever other roles or application privileges are unavailable Relates: #85312
- Loading branch information
Showing
3 changed files
with
91 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
pr: 85519 | ||
summary: Ignore app priv failures when resolving superuser | ||
area: Authorization | ||
type: bug | ||
issues: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters