use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.
the class TestAuthorizationValidationVisitor method testInheritedGrantAll.
@Test
public void testInheritedGrantAll() throws Exception {
String sql = "select * from pm1.g1";
DataPolicyMetadata svc = new DataPolicyMetadata();
// $NON-NLS-1$
svc.setName("test");
svc.setGrantAll(true);
svc.setSchemas(Collections.singleton("pm1"));
// $NON-NLS-1$ //$NON-NLS-2$
helpTest(sql, RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(), svc);
sql = "select e1 from pm2.g1";
// $NON-NLS-1$ //$NON-NLS-2$
helpTest(sql, RealMetadataFactory.example1Cached(), new String[] { "pm2.g1.e1", "pm2.g1" }, RealMetadataFactory.example1VDB(), svc);
}
use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.
the class TestAuthorizationValidationVisitor method testAccessibleCombination.
@Test
public void testAccessibleCombination() throws Exception {
DataPolicyMetadata svc = new DataPolicyMetadata();
// $NON-NLS-1$
svc.setName("test");
// $NON-NLS-1$
svc.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
PermissionMetaData p = addResource(DataPolicy.PermissionType.READ, "pm1.g1");
p.setAllowRead(false);
// $NON-NLS-1$
svc.addPermission(p);
DataPolicyMetadata svc1 = new DataPolicyMetadata();
// $NON-NLS-1$
svc1.setName("test1");
// $NON-NLS-1$
svc1.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
// $NON-NLS-1$
helpTest("SELECT e1 FROM pm1.g1", RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(), svc, svc1);
svc1.addPermission(p);
// $NON-NLS-1$
helpTest("SELECT e1 FROM pm1.g1", RealMetadataFactory.example1Cached(), new String[] { "pm1.g1.e1", "pm1.g1" }, RealMetadataFactory.example1VDB(), svc, svc1);
}
use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.
the class TestAuthorizationValidationVisitor method testGrantAll.
@Test
public void testGrantAll() throws Exception {
DataPolicyMetadata svc = new DataPolicyMetadata();
svc.setGrantAll(true);
// $NON-NLS-1$ //$NON-NLS-2$
helpTest("create foreign temporary table x (id string) on bqt1", RealMetadataFactory.exampleBQTCached(), new String[] {}, RealMetadataFactory.exampleBQTVDB(), svc);
}
use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.
the class TestAuthorizationValidationVisitor method createPolicyDecider.
private DataRolePolicyDecider createPolicyDecider(QueryMetadataInterface metadata, VDBMetaData vdb, DataPolicyMetadata... roles) {
vdb.addAttchment(QueryMetadataInterface.class, metadata);
HashMap<String, DataPolicy> policies = new HashMap<String, DataPolicy>();
for (DataPolicyMetadata dataPolicyMetadata : roles) {
policies.put(dataPolicyMetadata.getName(), dataPolicyMetadata);
}
vdb.setDataPolicies(new ArrayList<DataPolicy>(policies.values()));
this.context.getDQPWorkContext().setPolicies(policies);
this.context.getSession().setVdb(vdb);
this.context.setMetadata(metadata);
DataRolePolicyDecider dataRolePolicyDecider = new DataRolePolicyDecider();
dataRolePolicyDecider.setAllowFunctionCallsByDefault(false);
return dataRolePolicyDecider;
}
use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.
the class TestAuthorizationValidationVisitor method testPruneSelectAll.
@Test
public void testPruneSelectAll() throws Exception {
String sql = "select * from pm1.g1";
QueryMetadataInterface metadata = RealMetadataFactory.example1Cached();
DataPolicyMetadata svc = new DataPolicyMetadata();
// $NON-NLS-1$
svc.setName("test");
// $NON-NLS-1$
svc.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1"));
PermissionMetaData p = addResource(DataPolicy.PermissionType.READ, "pm1.g1.e1");
p.setAllowRead(false);
// $NON-NLS-1$
svc.addPermission(p);
DataRolePolicyDecider dataRolePolicyDecider = createPolicyDecider(metadata, RealMetadataFactory.example1VDB(), svc);
DefaultAuthorizationValidator dav = new DefaultAuthorizationValidator();
dav.setPolicyDecider(dataRolePolicyDecider);
this.context.setSessionVariable(DefaultAuthorizationValidator.IGNORE_UNAUTHORIZED_ASTERISK, "true");
QueryParser parser = QueryParser.getQueryParser();
Command command = parser.parseCommand(sql);
QueryResolver.resolveCommand(command, metadata);
assertEquals(4, command.getProjectedSymbols().size());
boolean modified = dav.validate(new String[] {}, command, metadata, this.context, CommandType.USER);
assertTrue(modified);
assertEquals(3, command.getProjectedSymbols().size());
p = addResource(DataPolicy.PermissionType.READ, "pm1.g1");
p.setAllowRead(false);
// $NON-NLS-1$
svc.addPermission(p);
command = parser.parseCommand(sql);
QueryResolver.resolveCommand(command, metadata);
assertEquals(4, command.getProjectedSymbols().size());
try {
dav.validate(new String[] {}, command, metadata, this.context, CommandType.USER);
fail();
} catch (QueryValidatorException e) {
}
}
Aggregations