modification_statement: Check access for tables with views

This patch checks for additional permissions when modifying a table
with views, since that update will require reading from the table and
writing into its views.

Signed-off-by: Duarte Nunes <duarte@scylladb.com>

cql3/statements/modification_statement.cc

@@ -150,6 +150,19 @@ future<> modification_statement::check_access(const service::client_state& state
            return state.has_column_family_access(keyspace(), column_family(), auth::permission::SELECT);
         });
     }
+    // MV updates need to get the current state from the table, and might update the views
+    // Require Permission.SELECT on the base table, and Permission.MODIFY on the views
+    auto& db = service::get_local_storage_service().db().local();
+    auto&& views = db.find_column_family(keyspace(), column_family()).views();
+    if (!views.empty()) {
+        f = f.then([this, &state] {
+            return state.has_column_family_access(keyspace(), column_family(), auth::permission::SELECT);
+        }).then([this, &state, views = std::move(views)] {
+            return parallel_for_each(views, [this, &state] (auto&& view) {
+                return state.has_column_family_access(this->keyspace(), view->cf_name(), auth::permission::MODIFY);
+            });
+        });
+    }
     return f;
 }
 
@@ -565,7 +578,7 @@ modification_statement::process_where_clause(database& db, std::vector<relation_
         auto id = rel->get_entity()->prepare_column_identifier(s);
         auto def = get_column_definition(s, *id);
         if (!def) {
-            throw exceptions::invalid_request_exception(sprint("Unknown key identifier %s", *id));
+            throw exceptions::invalid_request_exception(sprint("Unknown key identifier %s on  table %s", *id, s->cf_name()));
         }
 
         if (def->is_primary_key()) {