Search in sources :

Example 1 with Permission

use of org.teiid.metadata.Grant.Permission in project teiid by teiid.

the class MetadataStore method addGrant.

void addGrant(Grant grant) {
    if (grant == null) {
        return;
    }
    Grant previous = this.grants.get(grant.getRole());
    if (previous == null) {
        this.grants.put(grant.getRole(), grant);
    } else {
        for (Permission addPermission : grant.getPermissions()) {
            boolean found = false;
            for (Permission currentPermission : new ArrayList<Permission>(previous.getPermissions())) {
                if (currentPermission.resourceMatches(addPermission)) {
                    found = true;
                    if (addPermission.getMask() != null) {
                        if (currentPermission.getMask() != null) {
                            throw new MetadataException(DataPlugin.Event.TEIID60035, DataPlugin.Util.gs(DataPlugin.Event.TEIID60035, addPermission.getMask(), currentPermission.getMask()));
                        }
                        currentPermission.setMask(addPermission.getMask());
                        currentPermission.setMaskOrder(addPermission.getMaskOrder());
                    }
                    if (addPermission.getCondition() != null) {
                        if (currentPermission.getCondition() != null) {
                            throw new MetadataException(DataPlugin.Event.TEIID60036, DataPlugin.Util.gs(DataPlugin.Event.TEIID60036, addPermission.getMask(), currentPermission.getMask()));
                        }
                        currentPermission.setCondition(addPermission.getCondition(), addPermission.isConditionAConstraint());
                    }
                    currentPermission.appendPrivileges(addPermission.getPrivileges());
                }
                if (currentPermission.getPrivileges().isEmpty() && currentPermission.getRevokePrivileges().isEmpty() && currentPermission.getCondition() == null && currentPermission.getMask() == null) {
                    previous.removePermission(currentPermission);
                }
                if (found) {
                    break;
                }
            }
            if (!found) {
                previous.addPermission(addPermission);
            }
        }
        if (previous.getPermissions().isEmpty()) {
            this.grants.remove(grant.getRole());
        }
    }
}
Also used : Permission(org.teiid.metadata.Grant.Permission) ArrayList(java.util.ArrayList)

Example 2 with Permission

use of org.teiid.metadata.Grant.Permission in project teiid by teiid.

the class DatabaseUtil method convert.

public static Database convert(VDBMetaData vdb, MetadataStore metadataStore) {
    Database db = new Database(vdb.getName(), vdb.getVersion());
    db.setProperties(vdb.getPropertiesMap());
    if (vdb.getDescription() != null) {
        db.setAnnotation(vdb.getDescription());
    }
    db.setProperty("connection-type", vdb.getConnectionType().name());
    db.getMetadataStore().addDataTypes(metadataStore.getDatatypes());
    // override translators
    List<Translator> translators = vdb.getOverrideTranslators();
    for (Translator t : translators) {
        // add the base
        if (db.getDataWrapper(t.getType()) == null) {
            DataWrapper dw = new DataWrapper(t.getType());
            db.addDataWrapper(dw);
        }
        // add override with properties
        if (db.getDataWrapper(t.getName()) == null) {
            DataWrapper dw = new DataWrapper(t.getName());
            dw.setType(t.getType());
            for (final String key : t.getProperties().stringPropertyNames()) {
                dw.setProperty(key, t.getPropertyValue(key));
            }
            if (t.getDescription() != null) {
                dw.setAnnotation(t.getDescription());
            }
            db.addDataWrapper(dw);
        }
    }
    Collection<ModelMetaData> models = vdb.getModelMetaDatas().values();
    for (ModelMetaData m : models) {
        Schema schema = metadataStore.getSchema(m.getName());
        // add servers
        if (m.isSource()) {
            Collection<SourceMappingMetadata> sources = m.getSourceMappings();
            for (SourceMappingMetadata s : sources) {
                // add translators, that are not override
                if (db.getDataWrapper(s.getTranslatorName()) == null) {
                    DataWrapper dw = new DataWrapper(s.getTranslatorName());
                    db.addDataWrapper(dw);
                }
                // add servers
                Server server = new Server(s.getName());
                server.setJndiName(s.getConnectionJndiName());
                server.setDataWrapper(s.getTranslatorName());
                // no need to add duplicate definitions.
                if (db.getServer(s.getName()) == null) {
                    db.addServer(server);
                    schema.addServer(server);
                }
            }
        }
        db.addSchema(schema);
    }
    for (String key : vdb.getDataPolicyMap().keySet()) {
        DataPolicyMetadata dpm = vdb.getDataPolicyMap().get(key);
        Role role = new Role(dpm.getName());
        if (dpm.getMappedRoleNames() != null && !dpm.getMappedRoleNames().isEmpty()) {
            role.setJaasRoles(dpm.getMappedRoleNames());
        }
        if (dpm.isAnyAuthenticated()) {
            role.setAnyAuthenticated(true);
        }
        Grant grant = null;
        if (dpm.isGrantAll()) {
            if (grant == null) {
                grant = new Grant();
                grant.setRole(role.getName());
            }
            Permission permission = new Permission();
            permission.setAllowAllPrivileges(true);
            permission.setResourceType(ResourceType.DATABASE);
            grant.addPermission(permission);
        }
        if (dpm.isAllowCreateTemporaryTables() != null && dpm.isAllowCreateTemporaryTables()) {
            if (grant == null) {
                grant = new Grant();
                grant.setRole(role.getName());
            }
            Permission permission = new Permission();
            permission.setAllowTemporyTables(true);
            permission.setResourceType(ResourceType.DATABASE);
            grant.addPermission(permission);
        }
        for (DataPolicy.DataPermission dp : dpm.getPermissions()) {
            if (grant == null) {
                grant = new Grant();
                grant.setRole(role.getName());
            }
            Permission permission = convert(dp);
            grant.addPermission(permission);
        }
        db.addRole(role);
        db.addGrant(grant);
    }
    return db;
}
Also used : ModelMetaData(org.teiid.adminapi.impl.ModelMetaData) SourceMappingMetadata(org.teiid.adminapi.impl.SourceMappingMetadata) Translator(org.teiid.adminapi.Translator) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) DataPermission(org.teiid.adminapi.DataPolicy.DataPermission) DataPermission(org.teiid.adminapi.DataPolicy.DataPermission) Permission(org.teiid.metadata.Grant.Permission) DataPolicy(org.teiid.adminapi.DataPolicy)

Example 3 with Permission

use of org.teiid.metadata.Grant.Permission in project teiid by teiid.

the class TestDDLParser method testRevokeGrant.

@Test
public void testRevokeGrant() throws Exception {
    String ddl = "CREATE DATABASE FOO;" + "USE DATABASE FOO ;" + "CREATE FOREIGN DATA WRAPPER postgresql;" + "CREATE SERVER pgsql TYPE 'custom' FOREIGN DATA WRAPPER postgresql OPTIONS (\"jndi-name\" 'jndiname');" + "CREATE  SCHEMA test SERVER pgsql;" + "SET SCHEMA test;" + "CREATE FOREIGN TABLE G1( e1 integer, e2 varchar, e3 date);" + "CREATE ROLE superuser WITH JAAS ROLE x,y WITH ANY AUTHENTICATED;" + "GRANT SELECT,INSERT,DELETE ON TABLE test.G1 TO superuser;" + "GRANT UPDATE ON TABLE test.G1 TO superuser;" + "REVOKE SELECT ON TABLE test.G1 FROM superuser;";
    Database db = helpParse(ddl);
    Role role = db.getRole("superuser");
    assertNotNull(role);
    Collection<Grant> grants = db.getGrants();
    assertEquals(1, grants.size());
    Grant g = grants.iterator().next();
    assertEquals(1, g.getPermissions().size());
    Permission p = g.getPermissions().iterator().next();
    assertNull(p.hasPrivilege(Privilege.SELECT));
    assertTrue(p.hasPrivilege(Privilege.INSERT));
    assertTrue(p.hasPrivilege(Privilege.DELETE));
    assertTrue(p.hasPrivilege(Privilege.UPDATE));
    assertNull(p.hasPrivilege(Privilege.DROP));
}
Also used : Permission(org.teiid.metadata.Grant.Permission) Test(org.junit.Test)

Example 4 with Permission

use of org.teiid.metadata.Grant.Permission in project teiid by teiid.

the class TestDDLParser method testGrant.

@Test
public void testGrant() throws Exception {
    String ddl = "CREATE DATABASE FOO;" + "USE DATABASE FOO ;" + "CREATE FOREIGN DATA WRAPPER postgresql;" + "CREATE SERVER pgsql TYPE 'custom' FOREIGN DATA WRAPPER postgresql OPTIONS (\"jndi-name\" 'jndiname');" + "CREATE  SCHEMA test SERVER pgsql;" + "SET SCHEMA test;" + "CREATE FOREIGN TABLE G1( e1 integer, e2 varchar, e3 date);" + "CREATE ROLE superuser WITH JAAS ROLE x,y WITH ANY AUTHENTICATED;" + "GRANT SELECT,INSERT,DELETE ON TABLE test.G1 TO superuser;" + "GRANT UPDATE ON TABLE test.G1 TO superuser;";
    Database db = helpParse(ddl);
    Role role = db.getRole("superuser");
    assertNotNull(role);
    Collection<Grant> grants = db.getGrants();
    assertEquals(1, grants.size());
    Grant g = grants.iterator().next();
    assertEquals(1, g.getPermissions().size());
    Permission p = g.getPermissions().iterator().next();
    assertTrue(p.hasPrivilege(Privilege.SELECT));
    assertTrue(p.hasPrivilege(Privilege.INSERT));
    assertTrue(p.hasPrivilege(Privilege.DELETE));
    assertTrue(p.hasPrivilege(Privilege.UPDATE));
    assertNull(p.hasPrivilege(Privilege.DROP));
}
Also used : Permission(org.teiid.metadata.Grant.Permission) Test(org.junit.Test)

Example 5 with Permission

use of org.teiid.metadata.Grant.Permission in project teiid by teiid.

the class DatabaseUtil method convert.

static DataPolicyMetadata convert(Grant from, Role role) {
    DataPolicyMetadata dpm = new DataPolicyMetadata();
    dpm.setName(role.getName());
    if (from != null) {
        for (Permission p : from.getPermissions()) {
            if (Boolean.TRUE.equals(p.hasPrivilege(Privilege.ALL_PRIVILEGES))) {
                dpm.setGrantAll(true);
                continue;
            } else if (Boolean.TRUE.equals(p.hasPrivilege(Privilege.TEMPORARY_TABLE))) {
                dpm.setAllowCreateTemporaryTables(true);
                continue;
            }
            PermissionMetaData pmd = convert(p);
            dpm.addPermission(pmd);
        }
    }
    dpm.setDescription(role.getAnnotation());
    if (role.getJassRoles() != null && !role.getJassRoles().isEmpty()) {
        dpm.setMappedRoleNames(role.getJassRoles());
    }
    if (role.isAnyAuthenticated()) {
        dpm.setAnyAuthenticated(true);
    }
    return dpm;
}
Also used : DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) DataPermission(org.teiid.adminapi.DataPolicy.DataPermission) Permission(org.teiid.metadata.Grant.Permission) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)

Aggregations

Permission (org.teiid.metadata.Grant.Permission)9 Test (org.junit.Test)4 DataPermission (org.teiid.adminapi.DataPolicy.DataPermission)3 ArrayList (java.util.ArrayList)2 DataPolicyMetadata (org.teiid.adminapi.impl.DataPolicyMetadata)2 DataPolicy (org.teiid.adminapi.DataPolicy)1 Translator (org.teiid.adminapi.Translator)1 PermissionMetaData (org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)1 ModelMetaData (org.teiid.adminapi.impl.ModelMetaData)1 SourceMappingMetadata (org.teiid.adminapi.impl.SourceMappingMetadata)1