use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.
the class TestAuthorizationValidationVisitor method helpTest.
private void helpTest(String sql, QueryMetadataInterface metadata, String[] expectedInaccesible, VDBMetaData vdb, DataPolicyMetadata... roles) throws QueryParserException, QueryResolverException, TeiidComponentException {
QueryParser parser = QueryParser.getQueryParser();
Command command = parser.parseCommand(sql);
QueryResolver.resolveCommand(command, metadata);
DataRolePolicyDecider dataRolePolicyDecider = createPolicyDecider(metadata, vdb, roles);
// $NON-NLS-1$
AuthorizationValidationVisitor visitor = new AuthorizationValidationVisitor(dataRolePolicyDecider, context);
ValidatorReport report = Validator.validate(command, metadata, visitor);
if (report.hasItems()) {
ValidatorFailure firstFailure = report.getItems().iterator().next();
// strings
Set<String> expected = new HashSet<String>(Arrays.asList(expectedInaccesible));
// elements
Set<String> actual = new HashSet<String>();
for (LanguageObject obj : firstFailure.getInvalidObjects()) {
if (obj instanceof ElementSymbol) {
actual.add(((ElementSymbol) obj).getName());
} else {
actual.add(obj.toString());
}
}
assertEquals(expected, actual);
} else if (expectedInaccesible.length > 0) {
// $NON-NLS-1$
fail("Expected inaccessible objects, but got none.");
}
}
use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.
the class TestMetadataValidator method printError.
private String printError(ValidatorReport report) {
StringBuilder sb = new StringBuilder();
for (ValidatorFailure v : report.getItems()) {
if (v.getStatus() == ValidatorFailure.Status.ERROR) {
sb.append(v);
sb.append("\n");
}
}
return sb.toString();
}
use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.
the class RowBasedSecurityHelper method resolveCondition.
static Criteria resolveCondition(QueryMetadataInterface metadata, final GroupSymbol group, String fullName, Map.Entry<String, DataPolicy> entry, PermissionMetaData pmd, String filterString) throws QueryMetadataException {
Criteria filter = (Criteria) pmd.getResolvedCondition();
if (filter == null) {
try {
filter = QueryParser.getQueryParser().parseCriteria(filterString);
GroupSymbol gs = group;
if (group.getDefinition() != null) {
gs = new GroupSymbol(fullName);
gs.setMetadataID(group.getMetadataID());
}
Collection<GroupSymbol> groups = Arrays.asList(gs);
for (SubqueryContainer container : ValueIteratorProviderCollectorVisitor.getValueIteratorProviders(filter)) {
container.getCommand().pushNewResolvingContext(groups);
QueryResolver.resolveCommand(container.getCommand(), metadata, false);
}
ResolverVisitor.resolveLanguageObject(filter, groups, metadata);
ValidatorReport report = Validator.validate(filter, metadata, new ValidationVisitor());
if (report.hasItems()) {
ValidatorFailure firstFailure = report.getItems().iterator().next();
// $NON-NLS-1$
throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, entry.getKey(), fullName) + " " + firstFailure);
}
pmd.setResolvedCondition(filter.clone());
} catch (QueryMetadataException e) {
throw e;
} catch (TeiidException e) {
throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, e, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, entry.getKey(), fullName));
}
} else {
filter = (Criteria) filter.clone();
}
return filter;
}
use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.
the class ColumnMaskingHelper method maskColumn.
private static Expression maskColumn(ElementSymbol col, GroupSymbol unaliased, QueryMetadataInterface metadata, ExpressionMappingVisitor emv, Map<String, DataPolicy> policies, CommandContext cc) throws TeiidComponentException, TeiidProcessingException {
Object metadataID = col.getMetadataID();
String fullName = metadata.getFullName(metadataID);
final GroupSymbol group = col.getGroupSymbol();
String elementType = metadata.getElementRuntimeTypeName(col.getMetadataID());
Class<?> expectedType = DataTypeManager.getDataTypeClass(elementType);
List<WhenThen> cases = null;
Collection<GroupSymbol> groups = Arrays.asList(unaliased);
for (Map.Entry<String, DataPolicy> entry : policies.entrySet()) {
DataPolicyMetadata dpm = (DataPolicyMetadata) entry.getValue();
PermissionMetaData pmd = dpm.getPermissionMap().get(fullName);
if (pmd == null) {
continue;
}
String maskString = pmd.getMask();
if (maskString == null) {
continue;
}
Criteria condition = null;
if (pmd.getCondition() != null) {
condition = RowBasedSecurityHelper.resolveCondition(metadata, group, metadata.getFullName(group.getMetadataID()), entry, pmd, pmd.getCondition());
} else {
condition = QueryRewriter.TRUE_CRITERIA;
}
Expression mask = (Expression) pmd.getResolvedMask();
if (mask == null) {
try {
mask = QueryParser.getQueryParser().parseExpression(pmd.getMask());
for (SubqueryContainer container : ValueIteratorProviderCollectorVisitor.getValueIteratorProviders(mask)) {
container.getCommand().pushNewResolvingContext(groups);
QueryResolver.resolveCommand(container.getCommand(), metadata, false);
}
ResolverVisitor.resolveLanguageObject(mask, groups, metadata);
ValidatorReport report = Validator.validate(mask, metadata, new ValidationVisitor());
if (report.hasItems()) {
ValidatorFailure firstFailure = report.getItems().iterator().next();
// $NON-NLS-1$
throw new QueryMetadataException(QueryPlugin.Event.TEIID31139, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31139, dpm.getName(), fullName) + " " + firstFailure);
}
if (mask.getType() != expectedType) {
mask = ResolverUtil.convertExpression(mask, elementType, metadata);
}
pmd.setResolvedMask(mask.clone());
if (!dpm.isAnyAuthenticated()) {
// we treat this as user deterministic since the data roles won't change. this may change if the logic becomes dynamic
// TODO: this condition may not even be used
cc.setDeterminismLevel(Determinism.USER_DETERMINISTIC);
}
} catch (QueryMetadataException e) {
throw e;
} catch (TeiidException e) {
throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, e, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, dpm.getName(), fullName));
}
} else {
mask = (Expression) mask.clone();
}
if (group.getDefinition() != null) {
PreOrPostOrderNavigator.doVisit(mask, emv, PreOrPostOrderNavigator.PRE_ORDER, true);
}
if (cases == null) {
cases = new ArrayList<ColumnMaskingHelper.WhenThen>();
}
cases.add(new WhenThen(pmd.getOrder(), condition, mask));
}
if (cases == null) {
return col;
}
Collections.sort(cases);
List<Criteria> whens = new ArrayList<Criteria>();
List<Expression> thens = new ArrayList<Expression>();
for (WhenThen whenThen : cases) {
whens.add(whenThen.when);
thens.add(whenThen.then);
}
SearchedCaseExpression sce = new SearchedCaseExpression(whens, thens);
sce.setElseExpression(col);
sce.setType(expectedType);
Expression mask = QueryRewriter.rewriteExpression(sce, cc, metadata, true);
return mask;
}
use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.
the class TestProcedurePlanner method helpPlanProcedure.
// ################ getReplacementClause tests ###################
private ProcessorPlan helpPlanProcedure(String userQuery, String procedure, TriggerEvent procedureType) throws TeiidComponentException, QueryMetadataException, TeiidProcessingException {
QueryMetadataInterface metadata = RealMetadataFactory.exampleUpdateProc(procedureType, procedure);
QueryParser parser = QueryParser.getQueryParser();
Command userCommand = userQuery != null ? parser.parseCommand(userQuery) : parser.parseCommand(procedure);
if (userCommand instanceof CreateProcedureCommand) {
GroupSymbol gs = new GroupSymbol("proc");
gs.setMetadataID(new TempMetadataID("proc", Collections.EMPTY_LIST));
((CreateProcedureCommand) userCommand).setVirtualGroup(gs);
}
QueryResolver.resolveCommand(userCommand, metadata);
ValidatorReport report = Validator.validate(userCommand, metadata);
if (report.hasItems()) {
ValidatorFailure firstFailure = report.getItems().iterator().next();
throw new QueryValidatorException(firstFailure.getMessage());
}
userCommand = QueryRewriter.rewrite(userCommand, metadata, null);
AnalysisRecord analysisRecord = new AnalysisRecord(false, DEBUG);
try {
return QueryOptimizer.optimizePlan(userCommand, metadata, null, new DefaultCapabilitiesFinder(), analysisRecord, null);
} finally {
if (DEBUG) {
System.out.println(analysisRecord.getDebugLog());
}
}
}
Aggregations