Search in sources :

Example 26 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class TestAuthorizationValidationVisitor method testInheritedGrantAll.

@Test
public void testInheritedGrantAll() throws Exception {
    String sql = "select * from pm1.g1";
    DataPolicyMetadata svc = new DataPolicyMetadata();
    // $NON-NLS-1$
    svc.setName("test");
    svc.setGrantAll(true);
    svc.setSchemas(Collections.singleton("pm1"));
    // $NON-NLS-1$ //$NON-NLS-2$
    helpTest(sql, RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(), svc);
    sql = "select e1 from pm2.g1";
    // $NON-NLS-1$ //$NON-NLS-2$
    helpTest(sql, RealMetadataFactory.example1Cached(), new String[] { "pm2.g1.e1", "pm2.g1" }, RealMetadataFactory.example1VDB(), svc);
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) Test(org.junit.Test)

Example 27 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class TestAuthorizationValidationVisitor method testAccessibleCombination.

@Test
public void testAccessibleCombination() throws Exception {
    DataPolicyMetadata svc = new DataPolicyMetadata();
    // $NON-NLS-1$
    svc.setName("test");
    // $NON-NLS-1$
    svc.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
    PermissionMetaData p = addResource(DataPolicy.PermissionType.READ, "pm1.g1");
    p.setAllowRead(false);
    // $NON-NLS-1$
    svc.addPermission(p);
    DataPolicyMetadata svc1 = new DataPolicyMetadata();
    // $NON-NLS-1$
    svc1.setName("test1");
    // $NON-NLS-1$
    svc1.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
    // $NON-NLS-1$
    helpTest("SELECT e1 FROM pm1.g1", RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(), svc, svc1);
    svc1.addPermission(p);
    // $NON-NLS-1$
    helpTest("SELECT e1 FROM pm1.g1", RealMetadataFactory.example1Cached(), new String[] { "pm1.g1.e1", "pm1.g1" }, RealMetadataFactory.example1VDB(), svc, svc1);
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData) Test(org.junit.Test)

Example 28 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class TestAuthorizationValidationVisitor method testGrantAll.

@Test
public void testGrantAll() throws Exception {
    DataPolicyMetadata svc = new DataPolicyMetadata();
    svc.setGrantAll(true);
    // $NON-NLS-1$ //$NON-NLS-2$
    helpTest("create foreign temporary table x (id string) on bqt1", RealMetadataFactory.exampleBQTCached(), new String[] {}, RealMetadataFactory.exampleBQTVDB(), svc);
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) Test(org.junit.Test)

Example 29 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class TestAuthorizationValidationVisitor method createPolicyDecider.

private DataRolePolicyDecider createPolicyDecider(QueryMetadataInterface metadata, VDBMetaData vdb, DataPolicyMetadata... roles) {
    vdb.addAttchment(QueryMetadataInterface.class, metadata);
    HashMap<String, DataPolicy> policies = new HashMap<String, DataPolicy>();
    for (DataPolicyMetadata dataPolicyMetadata : roles) {
        policies.put(dataPolicyMetadata.getName(), dataPolicyMetadata);
    }
    vdb.setDataPolicies(new ArrayList<DataPolicy>(policies.values()));
    this.context.getDQPWorkContext().setPolicies(policies);
    this.context.getSession().setVdb(vdb);
    this.context.setMetadata(metadata);
    DataRolePolicyDecider dataRolePolicyDecider = new DataRolePolicyDecider();
    dataRolePolicyDecider.setAllowFunctionCallsByDefault(false);
    return dataRolePolicyDecider;
}
Also used : HashMap(java.util.HashMap) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) DataPolicy(org.teiid.adminapi.DataPolicy)

Example 30 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class TestAuthorizationValidationVisitor method testPruneSelectAll.

@Test
public void testPruneSelectAll() throws Exception {
    String sql = "select * from pm1.g1";
    QueryMetadataInterface metadata = RealMetadataFactory.example1Cached();
    DataPolicyMetadata svc = new DataPolicyMetadata();
    // $NON-NLS-1$
    svc.setName("test");
    // $NON-NLS-1$
    svc.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
    PermissionMetaData p = addResource(DataPolicy.PermissionType.READ, "pm1.g1.e1");
    p.setAllowRead(false);
    // $NON-NLS-1$
    svc.addPermission(p);
    DataRolePolicyDecider dataRolePolicyDecider = createPolicyDecider(metadata, RealMetadataFactory.example1VDB(), svc);
    DefaultAuthorizationValidator dav = new DefaultAuthorizationValidator();
    dav.setPolicyDecider(dataRolePolicyDecider);
    this.context.setSessionVariable(DefaultAuthorizationValidator.IGNORE_UNAUTHORIZED_ASTERISK, "true");
    QueryParser parser = QueryParser.getQueryParser();
    Command command = parser.parseCommand(sql);
    QueryResolver.resolveCommand(command, metadata);
    assertEquals(4, command.getProjectedSymbols().size());
    boolean modified = dav.validate(new String[] {}, command, metadata, this.context, CommandType.USER);
    assertTrue(modified);
    assertEquals(3, command.getProjectedSymbols().size());
    p = addResource(DataPolicy.PermissionType.READ, "pm1.g1");
    p.setAllowRead(false);
    // $NON-NLS-1$
    svc.addPermission(p);
    command = parser.parseCommand(sql);
    QueryResolver.resolveCommand(command, metadata);
    assertEquals(4, command.getProjectedSymbols().size());
    try {
        dav.validate(new String[] {}, command, metadata, this.context, CommandType.USER);
        fail();
    } catch (QueryValidatorException e) {
    }
}
Also used : QueryParser(org.teiid.query.parser.QueryParser) Command(org.teiid.query.sql.lang.Command) QueryValidatorException(org.teiid.api.exception.query.QueryValidatorException) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) QueryMetadataInterface(org.teiid.query.metadata.QueryMetadataInterface) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData) Test(org.junit.Test)

Aggregations

DataPolicyMetadata (org.teiid.adminapi.impl.DataPolicyMetadata)47 Test (org.junit.Test)26 PermissionMetaData (org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)24 List (java.util.List)14 DefaultCapabilitiesFinder (org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder)13 DataPolicy (org.teiid.adminapi.DataPolicy)12 HashMap (java.util.HashMap)7 VDBMetaData (org.teiid.adminapi.impl.VDBMetaData)7 Map (java.util.Map)4 AdminProcessingException (org.teiid.adminapi.AdminProcessingException)4 ModelMetaData (org.teiid.adminapi.impl.ModelMetaData)3 ConnectorManagerRepository (org.teiid.dqp.internal.datamgr.ConnectorManagerRepository)3 DQPWorkContext (org.teiid.dqp.internal.process.DQPWorkContext)3 CommandContext (org.teiid.query.util.CommandContext)3 ArrayList (java.util.ArrayList)2 DataPermission (org.teiid.adminapi.DataPolicy.DataPermission)2 Translator (org.teiid.adminapi.Translator)2 ConnectorManager (org.teiid.dqp.internal.datamgr.ConnectorManager)2 Permission (org.teiid.metadata.Grant.Permission)2 Expression (org.teiid.query.sql.symbol.Expression)2