use of org.teiid.metadata.Grant.Permission in project teiid by teiid.
the class MetadataStore method addGrant.
void addGrant(Grant grant) {
if (grant == null) {
return;
}
Grant previous = this.grants.get(grant.getRole());
if (previous == null) {
this.grants.put(grant.getRole(), grant);
} else {
for (Permission addPermission : grant.getPermissions()) {
boolean found = false;
for (Permission currentPermission : new ArrayList<Permission>(previous.getPermissions())) {
if (currentPermission.resourceMatches(addPermission)) {
found = true;
if (addPermission.getMask() != null) {
if (currentPermission.getMask() != null) {
throw new MetadataException(DataPlugin.Event.TEIID60035, DataPlugin.Util.gs(DataPlugin.Event.TEIID60035, addPermission.getMask(), currentPermission.getMask()));
}
currentPermission.setMask(addPermission.getMask());
currentPermission.setMaskOrder(addPermission.getMaskOrder());
}
if (addPermission.getCondition() != null) {
if (currentPermission.getCondition() != null) {
throw new MetadataException(DataPlugin.Event.TEIID60036, DataPlugin.Util.gs(DataPlugin.Event.TEIID60036, addPermission.getMask(), currentPermission.getMask()));
}
currentPermission.setCondition(addPermission.getCondition(), addPermission.isConditionAConstraint());
}
currentPermission.appendPrivileges(addPermission.getPrivileges());
}
if (currentPermission.getPrivileges().isEmpty() && currentPermission.getRevokePrivileges().isEmpty() && currentPermission.getCondition() == null && currentPermission.getMask() == null) {
previous.removePermission(currentPermission);
}
if (found) {
break;
}
}
if (!found) {
previous.addPermission(addPermission);
}
}
if (previous.getPermissions().isEmpty()) {
this.grants.remove(grant.getRole());
}
}
}
use of org.teiid.metadata.Grant.Permission in project teiid by teiid.
the class DatabaseUtil method convert.
public static Database convert(VDBMetaData vdb, MetadataStore metadataStore) {
Database db = new Database(vdb.getName(), vdb.getVersion());
db.setProperties(vdb.getPropertiesMap());
if (vdb.getDescription() != null) {
db.setAnnotation(vdb.getDescription());
}
db.setProperty("connection-type", vdb.getConnectionType().name());
db.getMetadataStore().addDataTypes(metadataStore.getDatatypes());
// override translators
List<Translator> translators = vdb.getOverrideTranslators();
for (Translator t : translators) {
// add the base
if (db.getDataWrapper(t.getType()) == null) {
DataWrapper dw = new DataWrapper(t.getType());
db.addDataWrapper(dw);
}
// add override with properties
if (db.getDataWrapper(t.getName()) == null) {
DataWrapper dw = new DataWrapper(t.getName());
dw.setType(t.getType());
for (final String key : t.getProperties().stringPropertyNames()) {
dw.setProperty(key, t.getPropertyValue(key));
}
if (t.getDescription() != null) {
dw.setAnnotation(t.getDescription());
}
db.addDataWrapper(dw);
}
}
Collection<ModelMetaData> models = vdb.getModelMetaDatas().values();
for (ModelMetaData m : models) {
Schema schema = metadataStore.getSchema(m.getName());
// add servers
if (m.isSource()) {
Collection<SourceMappingMetadata> sources = m.getSourceMappings();
for (SourceMappingMetadata s : sources) {
// add translators, that are not override
if (db.getDataWrapper(s.getTranslatorName()) == null) {
DataWrapper dw = new DataWrapper(s.getTranslatorName());
db.addDataWrapper(dw);
}
// add servers
Server server = new Server(s.getName());
server.setJndiName(s.getConnectionJndiName());
server.setDataWrapper(s.getTranslatorName());
// no need to add duplicate definitions.
if (db.getServer(s.getName()) == null) {
db.addServer(server);
schema.addServer(server);
}
}
}
db.addSchema(schema);
}
for (String key : vdb.getDataPolicyMap().keySet()) {
DataPolicyMetadata dpm = vdb.getDataPolicyMap().get(key);
Role role = new Role(dpm.getName());
if (dpm.getMappedRoleNames() != null && !dpm.getMappedRoleNames().isEmpty()) {
role.setJaasRoles(dpm.getMappedRoleNames());
}
if (dpm.isAnyAuthenticated()) {
role.setAnyAuthenticated(true);
}
Grant grant = null;
if (dpm.isGrantAll()) {
if (grant == null) {
grant = new Grant();
grant.setRole(role.getName());
}
Permission permission = new Permission();
permission.setAllowAllPrivileges(true);
permission.setResourceType(ResourceType.DATABASE);
grant.addPermission(permission);
}
if (dpm.isAllowCreateTemporaryTables() != null && dpm.isAllowCreateTemporaryTables()) {
if (grant == null) {
grant = new Grant();
grant.setRole(role.getName());
}
Permission permission = new Permission();
permission.setAllowTemporyTables(true);
permission.setResourceType(ResourceType.DATABASE);
grant.addPermission(permission);
}
for (DataPolicy.DataPermission dp : dpm.getPermissions()) {
if (grant == null) {
grant = new Grant();
grant.setRole(role.getName());
}
Permission permission = convert(dp);
grant.addPermission(permission);
}
db.addRole(role);
db.addGrant(grant);
}
return db;
}
use of org.teiid.metadata.Grant.Permission in project teiid by teiid.
the class TestDDLParser method testRevokeGrant.
@Test
public void testRevokeGrant() throws Exception {
String ddl = "CREATE DATABASE FOO;" + "USE DATABASE FOO ;" + "CREATE FOREIGN DATA WRAPPER postgresql;" + "CREATE SERVER pgsql TYPE 'custom' FOREIGN DATA WRAPPER postgresql OPTIONS (\"jndi-name\" 'jndiname');" + "CREATE SCHEMA test SERVER pgsql;" + "SET SCHEMA test;" + "CREATE FOREIGN TABLE G1( e1 integer, e2 varchar, e3 date);" + "CREATE ROLE superuser WITH JAAS ROLE x,y WITH ANY AUTHENTICATED;" + "GRANT SELECT,INSERT,DELETE ON TABLE test.G1 TO superuser;" + "GRANT UPDATE ON TABLE test.G1 TO superuser;" + "REVOKE SELECT ON TABLE test.G1 FROM superuser;";
Database db = helpParse(ddl);
Role role = db.getRole("superuser");
assertNotNull(role);
Collection<Grant> grants = db.getGrants();
assertEquals(1, grants.size());
Grant g = grants.iterator().next();
assertEquals(1, g.getPermissions().size());
Permission p = g.getPermissions().iterator().next();
assertNull(p.hasPrivilege(Privilege.SELECT));
assertTrue(p.hasPrivilege(Privilege.INSERT));
assertTrue(p.hasPrivilege(Privilege.DELETE));
assertTrue(p.hasPrivilege(Privilege.UPDATE));
assertNull(p.hasPrivilege(Privilege.DROP));
}
use of org.teiid.metadata.Grant.Permission in project teiid by teiid.
the class TestDDLParser method testGrant.
@Test
public void testGrant() throws Exception {
String ddl = "CREATE DATABASE FOO;" + "USE DATABASE FOO ;" + "CREATE FOREIGN DATA WRAPPER postgresql;" + "CREATE SERVER pgsql TYPE 'custom' FOREIGN DATA WRAPPER postgresql OPTIONS (\"jndi-name\" 'jndiname');" + "CREATE SCHEMA test SERVER pgsql;" + "SET SCHEMA test;" + "CREATE FOREIGN TABLE G1( e1 integer, e2 varchar, e3 date);" + "CREATE ROLE superuser WITH JAAS ROLE x,y WITH ANY AUTHENTICATED;" + "GRANT SELECT,INSERT,DELETE ON TABLE test.G1 TO superuser;" + "GRANT UPDATE ON TABLE test.G1 TO superuser;";
Database db = helpParse(ddl);
Role role = db.getRole("superuser");
assertNotNull(role);
Collection<Grant> grants = db.getGrants();
assertEquals(1, grants.size());
Grant g = grants.iterator().next();
assertEquals(1, g.getPermissions().size());
Permission p = g.getPermissions().iterator().next();
assertTrue(p.hasPrivilege(Privilege.SELECT));
assertTrue(p.hasPrivilege(Privilege.INSERT));
assertTrue(p.hasPrivilege(Privilege.DELETE));
assertTrue(p.hasPrivilege(Privilege.UPDATE));
assertNull(p.hasPrivilege(Privilege.DROP));
}
use of org.teiid.metadata.Grant.Permission in project teiid by teiid.
the class DatabaseUtil method convert.
static DataPolicyMetadata convert(Grant from, Role role) {
DataPolicyMetadata dpm = new DataPolicyMetadata();
dpm.setName(role.getName());
if (from != null) {
for (Permission p : from.getPermissions()) {
if (Boolean.TRUE.equals(p.hasPrivilege(Privilege.ALL_PRIVILEGES))) {
dpm.setGrantAll(true);
continue;
} else if (Boolean.TRUE.equals(p.hasPrivilege(Privilege.TEMPORARY_TABLE))) {
dpm.setAllowCreateTemporaryTables(true);
continue;
}
PermissionMetaData pmd = convert(p);
dpm.addPermission(pmd);
}
}
dpm.setDescription(role.getAnnotation());
if (role.getJassRoles() != null && !role.getJassRoles().isEmpty()) {
dpm.setMappedRoleNames(role.getJassRoles());
}
if (role.isAnyAuthenticated()) {
dpm.setAnyAuthenticated(true);
}
return dpm;
}
Aggregations