use of io.trino.spi.security.ViewExpression in project trino by trinodb.
the class TestMaterializedViews method testMaterializedViewWithCasts.
@Test
public void testMaterializedViewWithCasts() {
TestingAccessControlManager accessControl = getQueryRunner().getAccessControl();
accessControl.columnMask(new QualifiedObjectName(CATALOG, SCHEMA, "materialized_view_with_casts"), "a", "user", new ViewExpression("user", Optional.empty(), Optional.empty(), "a + 1"));
assertPlan("SELECT * FROM materialized_view_with_casts", anyTree(project(ImmutableMap.of("A_CAST", expression("CAST(A as BIGINT) + BIGINT '1'"), "B_CAST", expression("CAST(B as BIGINT)")), tableScan("storage_table_with_casts", ImmutableMap.of("A", "a", "B", "b")))));
}
use of io.trino.spi.security.ViewExpression in project trino by trinodb.
the class FileBasedSystemAccessControl method getColumnMask.
@Override
public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName table, String columnName, Type type) {
SchemaTableName tableName = table.getSchemaTableName();
if (INFORMATION_SCHEMA_NAME.equals(tableName.getSchemaName())) {
return Optional.empty();
}
Identity identity = context.getIdentity();
return tableRules.stream().filter(rule -> rule.matches(identity.getUser(), identity.getEnabledRoles(), identity.getGroups(), table)).map(rule -> rule.getColumnMask(identity.getUser(), table.getCatalogName(), table.getSchemaTableName().getSchemaName(), columnName)).findFirst().flatMap(Function.identity());
}
use of io.trino.spi.security.ViewExpression in project trino by trinodb.
the class FileBasedSystemAccessControl method getRowFilter.
@Override
public Optional<ViewExpression> getRowFilter(SystemSecurityContext context, CatalogSchemaTableName table) {
SchemaTableName tableName = table.getSchemaTableName();
if (INFORMATION_SCHEMA_NAME.equals(tableName.getSchemaName())) {
return Optional.empty();
}
Identity identity = context.getIdentity();
return tableRules.stream().filter(rule -> rule.matches(identity.getUser(), identity.getEnabledRoles(), identity.getGroups(), table)).map(rule -> rule.getFilter(identity.getUser(), table.getCatalogName(), tableName.getSchemaName())).findFirst().flatMap(Function.identity());
}
use of io.trino.spi.security.ViewExpression in project trino by trinodb.
the class TestColumnMask method testLimitedScope.
@Test
public void testLimitedScope() {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "customer"), "custkey", USER, new ViewExpression(USER, Optional.of(CATALOG), Optional.of("tiny"), "orderkey"));
assertThatThrownBy(() -> assertions.query("SELECT (SELECT min(custkey) FROM customer WHERE customer.custkey = orders.custkey) FROM orders")).hasMessage("line 1:34: Invalid column mask for 'local.tiny.customer.custkey': Column 'orderkey' cannot be resolved");
}
use of io.trino.spi.security.ViewExpression in project trino by trinodb.
the class TestColumnMask method testColumnMaskWithHiddenColumns.
@Test
public void testColumnMaskWithHiddenColumns() {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(MOCK_CATALOG, "tiny", "nation_with_hidden_column"), "name", USER, new ViewExpression(USER, Optional.empty(), Optional.empty(), "'POLAND'"));
assertions.query("SELECT * FROM mock.tiny.nation_with_hidden_column WHERE nationkey = 1").assertThat().skippingTypesCheck().matches("VALUES (BIGINT '1', 'POLAND', BIGINT '1', 'al foxes promise slyly according to the regular accounts. bold requests alon')");
assertions.query("SELECT DISTINCT name FROM mock.tiny.nation_with_hidden_column WHERE nationkey = 1").assertThat().skippingTypesCheck().matches("VALUES 'POLAND'");
assertThatThrownBy(() -> assertions.query("INSERT INTO mock.tiny.nation_with_hidden_column SELECT * FROM mock.tiny.nation_with_hidden_column")).hasMessage("Insert into table with column masks is not supported");
assertThatThrownBy(() -> assertions.query("DELETE FROM mock.tiny.nation_with_hidden_column")).hasMessage("line 1:1: Delete from table with column mask");
assertThatThrownBy(() -> assertions.query("UPDATE mock.tiny.nation_with_hidden_column SET name = 'X'")).hasMessage("line 1:1: Updating a table with column masks is not supported");
}
Aggregations