use of com.facebook.presto.testing.TestingAccessControlManager.TestingPrivilegeType.SELECT_COLUMN in project presto by prestodb.
the class TestHiveLogicalPlanner method testMaterializedViewQueryAccessControl.
@Test
public void testMaterializedViewQueryAccessControl() {
QueryRunner queryRunner = getQueryRunner();
Session invokerSession = Session.builder(getSession()).setIdentity(new Identity("test_view_invoker", Optional.empty())).setCatalog(getSession().getCatalog().get()).setSchema(getSession().getSchema().get()).setSystemProperty(QUERY_OPTIMIZATION_WITH_MATERIALIZED_VIEW_ENABLED, "true").build();
Session ownerSession = getSession();
queryRunner.execute(ownerSession, "CREATE TABLE test_orders_base WITH (partitioned_by = ARRAY['orderstatus']) " + "AS SELECT orderkey, custkey, totalprice, orderstatus FROM orders LIMIT 10");
queryRunner.execute(ownerSession, "CREATE MATERIALIZED VIEW test_orders_view " + "WITH (partitioned_by = ARRAY['orderstatus']) " + "AS SELECT SUM(totalprice) AS totalprice, orderstatus FROM test_orders_base GROUP BY orderstatus");
setReferencedMaterializedViews((DistributedQueryRunner) getQueryRunner(), "test_orders_base", ImmutableList.of("test_orders_view"));
Consumer<String> testQueryWithDeniedPrivilege = query -> {
// Verify checking the base table instead of the materialized view for SELECT permission
assertAccessDenied(invokerSession, query, "Cannot select from columns \\[.*\\] in table .*test_orders_base.*", privilege(invokerSession.getUser(), "test_orders_base", SELECT_COLUMN));
assertAccessAllowed(invokerSession, query, privilege(invokerSession.getUser(), "test_orders_view", SELECT_COLUMN));
};
try {
// Check for both the direct materialized view query and the base table query optimization with materialized view
String directMaterializedViewQuery = "SELECT totalprice, orderstatus FROM test_orders_view";
String queryWithMaterializedViewOptimization = "SELECT SUM(totalprice) AS totalprice, orderstatus FROM test_orders_base GROUP BY orderstatus";
// Test when the materialized view is not materialized yet
testQueryWithDeniedPrivilege.accept(directMaterializedViewQuery);
testQueryWithDeniedPrivilege.accept(queryWithMaterializedViewOptimization);
// Test when the materialized view is partially materialized
queryRunner.execute(ownerSession, "REFRESH MATERIALIZED VIEW test_orders_view WHERE orderstatus = 'F'");
testQueryWithDeniedPrivilege.accept(directMaterializedViewQuery);
testQueryWithDeniedPrivilege.accept(queryWithMaterializedViewOptimization);
// Test when the materialized view is fully materialized
queryRunner.execute(ownerSession, "REFRESH MATERIALIZED VIEW test_orders_view WHERE orderstatus <> 'F'");
testQueryWithDeniedPrivilege.accept(directMaterializedViewQuery);
testQueryWithDeniedPrivilege.accept(queryWithMaterializedViewOptimization);
} finally {
queryRunner.execute(ownerSession, "DROP MATERIALIZED VIEW test_orders_view");
queryRunner.execute(ownerSession, "DROP TABLE test_orders_base");
}
}
Aggregations