From 53caa6eca4ade660e338210964cd00876a4fec41 Mon Sep 17 00:00:00 2001 From: Marcin Maliszkiewicz Date: Tue, 5 May 2026 15:43:06 +0200 Subject: [PATCH] auth: remove unused permissions field from cache role_record The permissions field in role_record was populated by fetch_role() but never read. Authorization uses cached_permissions instead, which is loaded via the permission_loader callback. Remove the dead field and its fetch code. The removed code also did not check for missing columns before accessing the permissions set, which could crash on ghost rows left by the removed auth v2 migration. The migration used INSERT (creating row markers), and when permissions were later revoked, the row marker survived while the permissions column became null. (cherry picked from commit 797bc28aaee47c1b8563bf90e0902a194097a5fe) --- auth/cache.cc | 13 ------------- auth/cache.hh | 1 - 2 files changed, 14 deletions(-) diff --git a/auth/cache.cc b/auth/cache.cc index bed290a288..e1e92e470e 100644 --- a/auth/cache.cc +++ b/auth/cache.cc @@ -190,19 +190,6 @@ future> cache::fetch_role(const role_name_t& r co_await coroutine::maybe_yield(); } } - // permissions - { - static const sstring q = format("SELECT role, resource, permissions FROM {}.{} WHERE role = ?", db::system_keyspace::NAME, PERMISSIONS_CF); - auto rs = co_await fetch(q); - for (const auto& r : *rs) { - auto resource = r.get_as("resource"); - auto perms_strings = r.get_set("permissions"); - std::unordered_set perms_set(perms_strings.begin(), perms_strings.end()); - auto pset = permissions::from_strings(perms_set); - rec->permissions[std::move(resource)] = std::move(pset); - co_await coroutine::maybe_yield(); - } - } co_return rec; } diff --git a/auth/cache.hh b/auth/cache.hh index d63c02466f..305ec01f3f 100644 --- a/auth/cache.hh +++ b/auth/cache.hh @@ -44,7 +44,6 @@ public: std::unordered_set members; sstring salted_hash; std::unordered_map attributes; - std::unordered_map permissions; private: friend cache; // cached permissions include effects of role's inheritance