Search in sources :

Example 36 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class TestRowBasedSecurity method testUpdateFilter4.

/**
 * Tests an outside column in the constraint
 */
@Test
public void testUpdateFilter4() throws Exception {
    DataPolicyMetadata policy1 = new DataPolicyMetadata();
    PermissionMetaData pmd3 = new PermissionMetaData();
    pmd3.setResourceName("pm1.g1");
    pmd3.setCondition("e2 = 1 and e3");
    policy1.addPermission(pmd3);
    policy1.setName("some-role");
    context.getAllowedDataPolicies().put("some-role", policy1);
    HardcodedDataManager dataManager = new HardcodedDataManager();
    dataManager.addData("SELECT g_0.e4, g_0.e3, g_0.e1 FROM pm1.g1 AS g_0 WHERE (g_0.e3 = TRUE) AND (g_0.e2 = 1) AND (g_0.e1 IN ('a', 'b'))", new List<?>[] { Arrays.asList(Double.valueOf(1), Boolean.TRUE, "a"), Arrays.asList(Double.valueOf(1), Boolean.TRUE, "b") });
    dataManager.addData("UPDATE pm1.g1 SET e2 = 1 WHERE pm1.g1.e1 = 'a'", new List<?>[] { Arrays.asList(1) });
    dataManager.addData("UPDATE pm1.g1 SET e2 = 1 WHERE pm1.g1.e1 = 'b'", new List<?>[] { Arrays.asList(1) });
    ProcessorPlan plan = helpGetPlan(helpParse("update pm1.g1 set e2 = case when e4 = 1 then 1 else 2 end where e1 in ('a', 'b')"), RealMetadataFactory.example4(), TestOptimizer.getGenericFinder(), context);
    List<?>[] expectedResults = new List<?>[] { Arrays.asList(2) };
    helpProcess(plan, context, dataManager, expectedResults);
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) List(java.util.List) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData) Test(org.junit.Test)

Example 37 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class TestRowBasedSecurity method testSubqueryHint.

@Test
public void testSubqueryHint() throws Exception {
    DataPolicyMetadata policy1 = new DataPolicyMetadata();
    PermissionMetaData pmd3 = new PermissionMetaData();
    pmd3.setResourceName("pm1.g1");
    pmd3.setCondition("e1 in /*+ DJ */ (select e1 from pm1.g3)");
    policy1.addPermission(pmd3);
    policy1.setName("some-other-role");
    context.getAllowedDataPolicies().clear();
    context.getAllowedDataPolicies().put("some-other-role", policy1);
    HardcodedDataManager dataManager = new HardcodedDataManager();
    dataManager.addData("SELECT pm1.g3.e1 FROM pm1.g3", new List<?>[] { Arrays.asList("b"), Arrays.asList("a") });
    dataManager.addData("SELECT pm1.g1.e1, pm1.g1.e2 FROM pm1.g1", new List<?>[] { Arrays.asList("b", 1), Arrays.asList("a", 2) });
    ProcessorPlan plan = helpGetPlan(helpParse("select e1, e2 from pm1.g1"), RealMetadataFactory.example1Cached(), new DefaultCapabilitiesFinder(), context);
    List<?>[] expectedResults = new List<?>[] { Arrays.asList("a", 2), Arrays.asList("b", 1) };
    helpProcess(plan, context, dataManager, expectedResults);
    dataManager.addData("SELECT g_0.e1 AS c_0 FROM pm1.g3 AS g_0 ORDER BY c_0", new List<?>[] { Arrays.asList("a"), Arrays.asList("b") });
    dataManager.addData("SELECT g_0.e1 AS c_0, g_0.e2 AS c_1 FROM pm1.g1 AS g_0 WHERE g_0.e1 IN ('a', 'b') ORDER BY c_0", new List<?>[] { Arrays.asList("a", 2), Arrays.asList("b", 1) });
    plan = helpGetPlan(helpParse("select e1, e2 from pm1.g1"), RealMetadataFactory.example1Cached(), TestOptimizer.getGenericFinder(), context);
    expectedResults = new List<?>[] { Arrays.asList("a", 2), Arrays.asList("b", 1) };
    helpProcess(plan, context, dataManager, expectedResults);
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) List(java.util.List) DefaultCapabilitiesFinder(org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData) Test(org.junit.Test)

Example 38 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class TestRowBasedSecurity method testMultipleRoles.

/**
 * Here the other role makes the g1 rows visible again
 */
@Test
public void testMultipleRoles() throws Exception {
    HardcodedDataManager dataManager = new HardcodedDataManager();
    dataManager.addData("SELECT pm1.g1.e1, pm1.g1.e2 FROM pm1.g1", new List<?>[] { Arrays.asList("a", 1), Arrays.asList("b", 2) });
    ProcessorPlan plan = helpGetPlan(helpParse("select e2 from pm1.g1"), RealMetadataFactory.example1Cached(), new DefaultCapabilitiesFinder(), context);
    helpProcess(plan, context, dataManager, new List<?>[0]);
    DataPolicyMetadata policy1 = new DataPolicyMetadata();
    PermissionMetaData pmd3 = new PermissionMetaData();
    pmd3.setResourceName("pm1.g1");
    pmd3.setCondition("true");
    policy1.addPermission(pmd3);
    policy1.setName("some-other-role");
    context.getAllowedDataPolicies().put("some-other-role", policy1);
    dataManager = new HardcodedDataManager();
    dataManager.addData("SELECT pm1.g1.e2 FROM pm1.g1", new List<?>[] { Arrays.asList(1), Arrays.asList(2) });
    plan = helpGetPlan(helpParse("select e2 from pm1.g1"), RealMetadataFactory.example1Cached(), new DefaultCapabilitiesFinder(), context);
    List<?>[] expectedResults = new List<?>[] { Arrays.asList(1), Arrays.asList(2) };
    helpProcess(plan, context, dataManager, expectedResults);
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) List(java.util.List) DefaultCapabilitiesFinder(org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData) Test(org.junit.Test)

Example 39 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class TestRowBasedSecurity method testInsertConstraintCorrelatedSubquery.

@Test(expected = TeiidProcessingException.class)
public void testInsertConstraintCorrelatedSubquery() throws Exception {
    DataPolicyMetadata policy1 = new DataPolicyMetadata();
    PermissionMetaData pmd3 = new PermissionMetaData();
    pmd3.setResourceName("pm1.g1");
    pmd3.setCondition("e1 = (select min(e1) from pm1.g3 where pm1.g1.e2 = e2)");
    policy1.addPermission(pmd3);
    policy1.setName("some-other-role");
    context.getAllowedDataPolicies().put("some-other-role", policy1);
    HardcodedDataManager dataManager = new HardcodedDataManager();
    ProcessorPlan plan = helpGetPlan(helpParse("insert into pm1.g1 (e1, e2) values ('a', 1)"), RealMetadataFactory.example1Cached(), TestOptimizer.getGenericFinder(), context);
    List<?>[] expectedResults = new List<?>[] { Arrays.asList(0) };
    helpProcess(plan, context, dataManager, expectedResults);
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) List(java.util.List) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData) Test(org.junit.Test)

Example 40 with DataPolicyMetadata

use of org.teiid.adminapi.impl.DataPolicyMetadata in project teiid by teiid.

the class TestRowBasedSecurity method createContext.

private static CommandContext createContext() {
    CommandContext context = createCommandContext();
    DQPWorkContext workContext = new DQPWorkContext();
    HashMap<String, DataPolicy> policies = new HashMap<String, DataPolicy>();
    DataPolicyMetadata policy = new DataPolicyMetadata();
    pmd = new PermissionMetaData();
    pmd.setResourceName("pm1.g1");
    pmd.setCondition("e1 = user()");
    PermissionMetaData pmd1 = new PermissionMetaData();
    pmd1.setResourceName("pm1.g2");
    pmd1.setCondition("foo = bar");
    PermissionMetaData pmd2 = new PermissionMetaData();
    pmd2.setResourceName("pm1.g4");
    pmd2.setCondition("e1 = max(e2)");
    PermissionMetaData pmd3 = new PermissionMetaData();
    pmd3.setResourceName("pm1.g3");
    pmd3.setAllowDelete(true);
    PermissionMetaData pmd4 = new PermissionMetaData();
    pmd4.setResourceName("pm1.sp1");
    pmd4.setCondition("e1 = 'a'");
    policy.addPermission(pmd, pmd1, pmd2, pmd3, pmd4);
    policy.setName("some-role");
    policies.put("some-role", policy);
    workContext.setPolicies(policies);
    context.setDQPWorkContext(workContext);
    return context;
}
Also used : DQPWorkContext(org.teiid.dqp.internal.process.DQPWorkContext) CommandContext(org.teiid.query.util.CommandContext) HashMap(java.util.HashMap) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) DataPolicy(org.teiid.adminapi.DataPolicy) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)

Aggregations

DataPolicyMetadata (org.teiid.adminapi.impl.DataPolicyMetadata)47 Test (org.junit.Test)26 PermissionMetaData (org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)24 List (java.util.List)14 DefaultCapabilitiesFinder (org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder)13 DataPolicy (org.teiid.adminapi.DataPolicy)12 HashMap (java.util.HashMap)7 VDBMetaData (org.teiid.adminapi.impl.VDBMetaData)7 Map (java.util.Map)4 AdminProcessingException (org.teiid.adminapi.AdminProcessingException)4 ModelMetaData (org.teiid.adminapi.impl.ModelMetaData)3 ConnectorManagerRepository (org.teiid.dqp.internal.datamgr.ConnectorManagerRepository)3 DQPWorkContext (org.teiid.dqp.internal.process.DQPWorkContext)3 CommandContext (org.teiid.query.util.CommandContext)3 ArrayList (java.util.ArrayList)2 DataPermission (org.teiid.adminapi.DataPolicy.DataPermission)2 Translator (org.teiid.adminapi.Translator)2 ConnectorManager (org.teiid.dqp.internal.datamgr.ConnectorManager)2 Permission (org.teiid.metadata.Grant.Permission)2 Expression (org.teiid.query.sql.symbol.Expression)2