Examples with ViewExpression io.trino.spi.security.ViewExpression used on opensource projects

Example 41 with ViewExpression

use of io.trino.spi.security.ViewExpression in project trino by trinodb.

the class TestColumnMask method testOtherSchema.

@Test
public void testOtherSchema() {
    accessControl.reset();
    accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "orderkey", USER, // count is 15000 only when evaluating against sf1
    new ViewExpression(USER, Optional.of(CATALOG), Optional.of("sf1"), "(SELECT count(*) FROM customer)"));
    assertThat(assertions.query("SELECT max(orderkey) FROM orders")).matches("VALUES BIGINT '150000'");
}

Example 42 with ViewExpression

use of io.trino.spi.security.ViewExpression in project trino by trinodb.

the class TestColumnMask method testDeleteWithColumnMasking.

@Test
public void testDeleteWithColumnMasking() {
    accessControl.reset();
    accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "clerk", USER, new ViewExpression(USER, Optional.empty(), Optional.empty(), "clerk"));
    assertThatThrownBy(() -> assertions.query("DELETE FROM orders")).hasMessage("line 1:1: Delete from table with column mask");
}

Example 43 with ViewExpression

use of io.trino.spi.security.ViewExpression in project trino by trinodb.

the class TestColumnMask method testColumnMaskingUsingRestrictedColumn.

@Test
public void testColumnMaskingUsingRestrictedColumn() {
    accessControl.reset();
    accessControl.deny(privilege("orders.custkey", SELECT_COLUMN));
    accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "orderkey", USER, new ViewExpression(USER, Optional.empty(), Optional.empty(), "custkey"));
    assertThatThrownBy(() -> assertions.query("SELECT orderkey FROM orders")).hasMessage("Access Denied: Cannot select from columns [orderkey, custkey] in table or view local.tiny.orders");
}

Example 44 with ViewExpression

use of io.trino.spi.security.ViewExpression in project trino by trinodb.

the class TestColumnMask method testSubquery.

@Test
public void testSubquery() {
    // uncorrelated
    accessControl.reset();
    accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "clerk", USER, new ViewExpression(USER, Optional.of(CATALOG), Optional.of("tiny"), "(SELECT cast(max(name) AS VARCHAR(15)) FROM nation)"));
    assertThat(assertions.query("SELECT clerk FROM orders WHERE orderkey = 1")).matches("VALUES CAST('VIETNAM' AS VARCHAR(15))");
    // correlated
    accessControl.reset();
    accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "clerk", USER, new ViewExpression(USER, Optional.of(CATALOG), Optional.of("tiny"), "(SELECT cast(max(name) AS VARCHAR(15)) FROM nation WHERE nationkey = orderkey)"));
    assertThat(assertions.query("SELECT clerk FROM orders WHERE orderkey = 1")).matches("VALUES CAST('ARGENTINA' AS VARCHAR(15))");
}

Example 45 with ViewExpression

use of io.trino.spi.security.ViewExpression in project trino by trinodb.

the class TestColumnMask method testTableReferenceInWithClause.

@Test
public void testTableReferenceInWithClause() {
    accessControl.reset();
    accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "custkey", USER, new ViewExpression(USER, Optional.empty(), Optional.empty(), "-custkey"));
    assertThat(assertions.query("WITH t AS (SELECT custkey FROM orders WHERE orderkey = 1) SELECT * FROM t")).matches("VALUES BIGINT '-370'");
}