use of io.trino.testing.TestingAccessControlManager in project trino by trinodb.
the class TestMaterializedViews method testMaterializedViewWithCasts.
@Test
public void testMaterializedViewWithCasts() {
TestingAccessControlManager accessControl = getQueryRunner().getAccessControl();
accessControl.columnMask(new QualifiedObjectName(CATALOG, SCHEMA, "materialized_view_with_casts"), "a", "user", new ViewExpression("user", Optional.empty(), Optional.empty(), "a + 1"));
assertPlan("SELECT * FROM materialized_view_with_casts", anyTree(project(ImmutableMap.of("A_CAST", expression("CAST(A as BIGINT) + BIGINT '1'"), "B_CAST", expression("CAST(B as BIGINT)")), tableScan("storage_table_with_casts", ImmutableMap.of("A", "a", "B", "b")))));
}
use of io.trino.testing.TestingAccessControlManager in project trino by trinodb.
the class TestCreateMaterializedViewTask method testCreateDenyPermission.
@Test
public void testCreateDenyPermission() {
CreateMaterializedView statement = new CreateMaterializedView(Optional.empty(), QualifiedName.of("test_mv"), simpleQuery(selectList(new AllColumns()), table(QualifiedName.of("catalog", "schema", "mock_table"))), false, true, ImmutableList.of(), Optional.empty());
TestingAccessControlManager accessControl = new TestingAccessControlManager(transactionManager, emptyEventListenerManager());
accessControl.loadSystemAccessControl(AllowAllSystemAccessControl.NAME, ImmutableMap.of());
accessControl.deny(privilege("test_mv", CREATE_MATERIALIZED_VIEW));
StatementAnalyzerFactory statementAnalyzerFactory = createTestingStatementAnalyzerFactory(plannerContext, accessControl, new TablePropertyManager(), new AnalyzePropertyManager());
AnalyzerFactory analyzerFactory = new AnalyzerFactory(statementAnalyzerFactory, new StatementRewrite(ImmutableSet.of()));
assertThatThrownBy(() -> getFutureValue(new CreateMaterializedViewTask(plannerContext, accessControl, parser, analyzerFactory, materializedViewPropertyManager, new FeaturesConfig()).execute(statement, queryStateMachine, ImmutableList.of(), WarningCollector.NOOP))).isInstanceOf(AccessDeniedException.class).hasMessageContaining("Cannot create materialized view catalog.schema.test_mv");
}
use of io.trino.testing.TestingAccessControlManager in project trino by trinodb.
the class TestCreateTableTask method testCreateLikeDenyPermission.
@Test
public void testCreateLikeDenyPermission() {
CreateTable statement = getCreatleLikeStatement(false);
TestingAccessControlManager accessControl = new TestingAccessControlManager(transactionManager, new EventListenerManager(new EventListenerConfig()));
accessControl.deny(privilege("parent_table", SELECT_COLUMN));
CreateTableTask createTableTask = new CreateTableTask(plannerContext, accessControl, columnPropertyManager, tablePropertyManager);
assertThatThrownBy(() -> getFutureValue(createTableTask.internalExecute(statement, testSession, List.of(), output -> {
}))).isInstanceOf(AccessDeniedException.class).hasMessageContaining("Cannot reference columns of table");
}
use of io.trino.testing.TestingAccessControlManager in project trino by trinodb.
the class TestCreateTableTask method testCreateLikeWithPropertiesDenyPermission.
@Test
public void testCreateLikeWithPropertiesDenyPermission() {
CreateTable statement = getCreatleLikeStatement(true);
TestingAccessControlManager accessControl = new TestingAccessControlManager(transactionManager, new EventListenerManager(new EventListenerConfig()));
accessControl.deny(privilege("parent_table", SHOW_CREATE_TABLE));
CreateTableTask createTableTask = new CreateTableTask(plannerContext, accessControl, columnPropertyManager, tablePropertyManager);
assertThatThrownBy(() -> getFutureValue(createTableTask.internalExecute(statement, testSession, List.of(), output -> {
}))).isInstanceOf(AccessDeniedException.class).hasMessageContaining("Cannot reference properties of table");
}
use of io.trino.testing.TestingAccessControlManager in project trino by trinodb.
the class TestAnalyzer method testAnalyzeMaterializedViewWithAccessControl.
@Test
public void testAnalyzeMaterializedViewWithAccessControl() {
TestingAccessControlManager accessControlManager = new TestingAccessControlManager(transactionManager, emptyEventListenerManager());
accessControlManager.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE));
analyze("SELECT * FROM fresh_materialized_view");
// materialized view analysis should succeed even if access to storage table is denied when querying the table directly
accessControlManager.deny(privilege("t2.a", SELECT_COLUMN));
analyze("SELECT * FROM fresh_materialized_view");
accessControlManager.deny(privilege("fresh_materialized_view.a", SELECT_COLUMN));
assertFails(CLIENT_SESSION, "SELECT * FROM fresh_materialized_view", accessControlManager).hasErrorCode(PERMISSION_DENIED).hasMessage("Access Denied: Cannot select from columns [a, b] in table or view tpch.s1.fresh_materialized_view");
}
Aggregations