Search in sources :

Example 16 with PermissionMetaData

use of org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData in project teiid by teiid.

the class DatabaseUtil method convert.

static DataPolicyMetadata convert(Grant from, Role role) {
    DataPolicyMetadata dpm = new DataPolicyMetadata();
    dpm.setName(role.getName());
    if (from != null) {
        for (Permission p : from.getPermissions()) {
            if (Boolean.TRUE.equals(p.hasPrivilege(Privilege.ALL_PRIVILEGES))) {
                dpm.setGrantAll(true);
                continue;
            } else if (Boolean.TRUE.equals(p.hasPrivilege(Privilege.TEMPORARY_TABLE))) {
                dpm.setAllowCreateTemporaryTables(true);
                continue;
            }
            PermissionMetaData pmd = convert(p);
            dpm.addPermission(pmd);
        }
    }
    dpm.setDescription(role.getAnnotation());
    if (role.getJassRoles() != null && !role.getJassRoles().isEmpty()) {
        dpm.setMappedRoleNames(role.getJassRoles());
    }
    if (role.isAnyAuthenticated()) {
        dpm.setAnyAuthenticated(true);
    }
    return dpm;
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) DataPermission(org.teiid.adminapi.DataPolicy.DataPermission) Permission(org.teiid.metadata.Grant.Permission) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)

Example 17 with PermissionMetaData

use of org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData in project teiid by teiid.

the class TestAuthorizationValidationVisitor method testAccessibleCombination.

@Test
public void testAccessibleCombination() throws Exception {
    DataPolicyMetadata svc = new DataPolicyMetadata();
    // $NON-NLS-1$
    svc.setName("test");
    // $NON-NLS-1$
    svc.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
    PermissionMetaData p = addResource(DataPolicy.PermissionType.READ, "pm1.g1");
    p.setAllowRead(false);
    // $NON-NLS-1$
    svc.addPermission(p);
    DataPolicyMetadata svc1 = new DataPolicyMetadata();
    // $NON-NLS-1$
    svc1.setName("test1");
    // $NON-NLS-1$
    svc1.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
    // $NON-NLS-1$
    helpTest("SELECT e1 FROM pm1.g1", RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(), svc, svc1);
    svc1.addPermission(p);
    // $NON-NLS-1$
    helpTest("SELECT e1 FROM pm1.g1", RealMetadataFactory.example1Cached(), new String[] { "pm1.g1.e1", "pm1.g1" }, RealMetadataFactory.example1VDB(), svc, svc1);
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData) Test(org.junit.Test)

Example 18 with PermissionMetaData

use of org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData in project teiid by teiid.

the class TestAuthorizationValidationVisitor method addResource.

static PermissionMetaData addResource(PermissionType type, boolean flag, String resource) {
    PermissionMetaData p = new PermissionMetaData();
    p.setResourceName(resource);
    switch(type) {
        case CREATE:
            p.setAllowCreate(flag);
            break;
        case DELETE:
            p.setAllowDelete(flag);
            break;
        case READ:
            p.setAllowRead(flag);
            break;
        case UPDATE:
            p.setAllowUpdate(flag);
            break;
        case ALTER:
            p.setAllowAlter(flag);
            break;
        case EXECUTE:
            p.setAllowExecute(flag);
            break;
        case LANGUAGE:
            p.setAllowLanguage(flag);
    }
    return p;
}
Also used : PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)

Example 19 with PermissionMetaData

use of org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData in project teiid by teiid.

the class TestAuthorizationValidationVisitor method testPruneSelectAll.

@Test
public void testPruneSelectAll() throws Exception {
    String sql = "select * from pm1.g1";
    QueryMetadataInterface metadata = RealMetadataFactory.example1Cached();
    DataPolicyMetadata svc = new DataPolicyMetadata();
    // $NON-NLS-1$
    svc.setName("test");
    // $NON-NLS-1$
    svc.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
    PermissionMetaData p = addResource(DataPolicy.PermissionType.READ, "pm1.g1.e1");
    p.setAllowRead(false);
    // $NON-NLS-1$
    svc.addPermission(p);
    DataRolePolicyDecider dataRolePolicyDecider = createPolicyDecider(metadata, RealMetadataFactory.example1VDB(), svc);
    DefaultAuthorizationValidator dav = new DefaultAuthorizationValidator();
    dav.setPolicyDecider(dataRolePolicyDecider);
    this.context.setSessionVariable(DefaultAuthorizationValidator.IGNORE_UNAUTHORIZED_ASTERISK, "true");
    QueryParser parser = QueryParser.getQueryParser();
    Command command = parser.parseCommand(sql);
    QueryResolver.resolveCommand(command, metadata);
    assertEquals(4, command.getProjectedSymbols().size());
    boolean modified = dav.validate(new String[] {}, command, metadata, this.context, CommandType.USER);
    assertTrue(modified);
    assertEquals(3, command.getProjectedSymbols().size());
    p = addResource(DataPolicy.PermissionType.READ, "pm1.g1");
    p.setAllowRead(false);
    // $NON-NLS-1$
    svc.addPermission(p);
    command = parser.parseCommand(sql);
    QueryResolver.resolveCommand(command, metadata);
    assertEquals(4, command.getProjectedSymbols().size());
    try {
        dav.validate(new String[] {}, command, metadata, this.context, CommandType.USER);
        fail();
    } catch (QueryValidatorException e) {
    }
}
Also used : QueryParser(org.teiid.query.parser.QueryParser) Command(org.teiid.query.sql.lang.Command) QueryValidatorException(org.teiid.api.exception.query.QueryValidatorException) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) QueryMetadataInterface(org.teiid.query.metadata.QueryMetadataInterface) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData) Test(org.junit.Test)

Example 20 with PermissionMetaData

use of org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData in project teiid by teiid.

the class TestColumnMasking method testSubqueryTableMask.

@Test
public void testSubqueryTableMask() throws Exception {
    DataPolicyMetadata policy1 = new DataPolicyMetadata();
    PermissionMetaData pmd11 = new PermissionMetaData();
    pmd11.setResourceName("pm1.g1.e2");
    // takes presedence
    pmd11.setOrder(1);
    pmd11.setMask("(select min(e2) from pm1.g3)");
    policy1.addPermission(pmd11);
    policy1.setName("other-role");
    context.getAllowedDataPolicies().put("other-role", policy1);
    HardcodedDataManager dataManager = new HardcodedDataManager();
    dataManager.addData("SELECT pm1.g1.e1 FROM pm1.g1", new List<?>[] { Arrays.asList("a"), Arrays.asList("b") });
    dataManager.addData("SELECT pm1.g3.e2 FROM pm1.g3", new List<?>[] { Arrays.asList(1), Arrays.asList(2) });
    ProcessorPlan plan = helpGetPlan(helpParse("select e1, g2.e2 from pm1.g1 as g2"), RealMetadataFactory.example1Cached(), new DefaultCapabilitiesFinder(), context);
    List<?>[] expectedResults = new List<?>[] { Arrays.asList("a", 1), Arrays.asList("b", 1) };
    helpProcess(plan, context, dataManager, expectedResults);
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) List(java.util.List) DefaultCapabilitiesFinder(org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData) Test(org.junit.Test)

Aggregations

PermissionMetaData (org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)29 DataPolicyMetadata (org.teiid.adminapi.impl.DataPolicyMetadata)24 Test (org.junit.Test)20 List (java.util.List)14 DefaultCapabilitiesFinder (org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder)13 DataPolicy (org.teiid.adminapi.DataPolicy)6 HashMap (java.util.HashMap)4 ArrayList (java.util.ArrayList)3 DQPWorkContext (org.teiid.dqp.internal.process.DQPWorkContext)3 CommandContext (org.teiid.query.util.CommandContext)3 Map (java.util.Map)2 Translator (org.teiid.adminapi.Translator)2 Expression (org.teiid.query.sql.symbol.Expression)2 Properties (java.util.Properties)1 XMLStreamException (javax.xml.stream.XMLStreamException)1 ModelNode (org.jboss.dmr.ModelNode)1 DataPermission (org.teiid.adminapi.DataPolicy.DataPermission)1 ModelMetaData (org.teiid.adminapi.impl.ModelMetaData)1 VDBMetaData (org.teiid.adminapi.impl.VDBMetaData)1 VDBTranslatorMetaData (org.teiid.adminapi.impl.VDBTranslatorMetaData)1