use of org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData in project teiid by teiid.
the class DatabaseUtil method convert.
static DataPolicyMetadata convert(Grant from, Role role) {
DataPolicyMetadata dpm = new DataPolicyMetadata();
dpm.setName(role.getName());
if (from != null) {
for (Permission p : from.getPermissions()) {
if (Boolean.TRUE.equals(p.hasPrivilege(Privilege.ALL_PRIVILEGES))) {
dpm.setGrantAll(true);
continue;
} else if (Boolean.TRUE.equals(p.hasPrivilege(Privilege.TEMPORARY_TABLE))) {
dpm.setAllowCreateTemporaryTables(true);
continue;
}
PermissionMetaData pmd = convert(p);
dpm.addPermission(pmd);
}
}
dpm.setDescription(role.getAnnotation());
if (role.getJassRoles() != null && !role.getJassRoles().isEmpty()) {
dpm.setMappedRoleNames(role.getJassRoles());
}
if (role.isAnyAuthenticated()) {
dpm.setAnyAuthenticated(true);
}
return dpm;
}
use of org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData in project teiid by teiid.
the class TestAuthorizationValidationVisitor method testAccessibleCombination.
@Test
public void testAccessibleCombination() throws Exception {
DataPolicyMetadata svc = new DataPolicyMetadata();
// $NON-NLS-1$
svc.setName("test");
// $NON-NLS-1$
svc.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
PermissionMetaData p = addResource(DataPolicy.PermissionType.READ, "pm1.g1");
p.setAllowRead(false);
// $NON-NLS-1$
svc.addPermission(p);
DataPolicyMetadata svc1 = new DataPolicyMetadata();
// $NON-NLS-1$
svc1.setName("test1");
// $NON-NLS-1$
svc1.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
// $NON-NLS-1$
helpTest("SELECT e1 FROM pm1.g1", RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(), svc, svc1);
svc1.addPermission(p);
// $NON-NLS-1$
helpTest("SELECT e1 FROM pm1.g1", RealMetadataFactory.example1Cached(), new String[] { "pm1.g1.e1", "pm1.g1" }, RealMetadataFactory.example1VDB(), svc, svc1);
}
use of org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData in project teiid by teiid.
the class TestAuthorizationValidationVisitor method addResource.
static PermissionMetaData addResource(PermissionType type, boolean flag, String resource) {
PermissionMetaData p = new PermissionMetaData();
p.setResourceName(resource);
switch(type) {
case CREATE:
p.setAllowCreate(flag);
break;
case DELETE:
p.setAllowDelete(flag);
break;
case READ:
p.setAllowRead(flag);
break;
case UPDATE:
p.setAllowUpdate(flag);
break;
case ALTER:
p.setAllowAlter(flag);
break;
case EXECUTE:
p.setAllowExecute(flag);
break;
case LANGUAGE:
p.setAllowLanguage(flag);
}
return p;
}
use of org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData in project teiid by teiid.
the class TestAuthorizationValidationVisitor method testPruneSelectAll.
@Test
public void testPruneSelectAll() throws Exception {
String sql = "select * from pm1.g1";
QueryMetadataInterface metadata = RealMetadataFactory.example1Cached();
DataPolicyMetadata svc = new DataPolicyMetadata();
// $NON-NLS-1$
svc.setName("test");
// $NON-NLS-1$
svc.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
PermissionMetaData p = addResource(DataPolicy.PermissionType.READ, "pm1.g1.e1");
p.setAllowRead(false);
// $NON-NLS-1$
svc.addPermission(p);
DataRolePolicyDecider dataRolePolicyDecider = createPolicyDecider(metadata, RealMetadataFactory.example1VDB(), svc);
DefaultAuthorizationValidator dav = new DefaultAuthorizationValidator();
dav.setPolicyDecider(dataRolePolicyDecider);
this.context.setSessionVariable(DefaultAuthorizationValidator.IGNORE_UNAUTHORIZED_ASTERISK, "true");
QueryParser parser = QueryParser.getQueryParser();
Command command = parser.parseCommand(sql);
QueryResolver.resolveCommand(command, metadata);
assertEquals(4, command.getProjectedSymbols().size());
boolean modified = dav.validate(new String[] {}, command, metadata, this.context, CommandType.USER);
assertTrue(modified);
assertEquals(3, command.getProjectedSymbols().size());
p = addResource(DataPolicy.PermissionType.READ, "pm1.g1");
p.setAllowRead(false);
// $NON-NLS-1$
svc.addPermission(p);
command = parser.parseCommand(sql);
QueryResolver.resolveCommand(command, metadata);
assertEquals(4, command.getProjectedSymbols().size());
try {
dav.validate(new String[] {}, command, metadata, this.context, CommandType.USER);
fail();
} catch (QueryValidatorException e) {
}
}
use of org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData in project teiid by teiid.
the class TestColumnMasking method testSubqueryTableMask.
@Test
public void testSubqueryTableMask() throws Exception {
DataPolicyMetadata policy1 = new DataPolicyMetadata();
PermissionMetaData pmd11 = new PermissionMetaData();
pmd11.setResourceName("pm1.g1.e2");
// takes presedence
pmd11.setOrder(1);
pmd11.setMask("(select min(e2) from pm1.g3)");
policy1.addPermission(pmd11);
policy1.setName("other-role");
context.getAllowedDataPolicies().put("other-role", policy1);
HardcodedDataManager dataManager = new HardcodedDataManager();
dataManager.addData("SELECT pm1.g1.e1 FROM pm1.g1", new List<?>[] { Arrays.asList("a"), Arrays.asList("b") });
dataManager.addData("SELECT pm1.g3.e2 FROM pm1.g3", new List<?>[] { Arrays.asList(1), Arrays.asList(2) });
ProcessorPlan plan = helpGetPlan(helpParse("select e1, g2.e2 from pm1.g1 as g2"), RealMetadataFactory.example1Cached(), new DefaultCapabilitiesFinder(), context);
List<?>[] expectedResults = new List<?>[] { Arrays.asList("a", 1), Arrays.asList("b", 1) };
helpProcess(plan, context, dataManager, expectedResults);
}
Aggregations