static DataPolicyMetadata convert(Grant from, Role role) { DataPolicyMetadata dpm = new DataPolicyMetadata(); dpm.setName(role.getName()); dpm.setGrantAll(true); continue; } else if (Boolean.TRUE.equals(p.hasPrivilege(Privilege.TEMPORARY_TABLE))) { dpm.setAllowCreateTemporaryTables(true); continue; dpm.addPermission(pmd); dpm.setDescription(role.getAnnotation()); dpm.setMappedRoleNames(role.getJassRoles()); dpm.setAnyAuthenticated(true);
node.get(POLICY_NAME).set(policy.getName()); if (policy.getDescription() != null) { node.get(POLICY_DESCRIPTION).set(policy.getDescription()); if (policy.isAllowCreateTemporaryTables() != null) { node.get(ALLOW_CREATE_TEMP_TABLES).set(policy.isAllowCreateTemporaryTables()); node.get(ANY_AUTHENTICATED).set(policy.isAnyAuthenticated()); if (policy.isGrantAll()) { node.get(GRANT_ALL).set(policy.isGrantAll()); List<DataPolicy.DataPermission> permissions = policy.getPermissions(); if (permissions != null && !permissions.isEmpty()) { ModelNode permissionNodes = node.get(DATA_PERMISSIONS); if (policy.getMappedRoleNames() != null && !policy.getMappedRoleNames().isEmpty()) { ModelNode mappedRoleNodes = node.get(MAPPED_ROLE_NAMES); for (String role:policy.getMappedRoleNames()) { mappedRoleNodes.add(role);
public void remoteDataRole(String policyName, String mappedRole) throws AdminProcessingException{ synchronized (this.vdb) { DataPolicyMetadata policy = getPolicy(policyName); List<String> previous = policy.getMappedRoleNames(); policy.removeMappedRoleName(mappedRole); try { this.listener.dataRoleChanged(policyName); } catch(AdminProcessingException e) { policy.setMappedRoleNames(previous); throw e; } } }
public void addDataRole(String policyName, String mappedRole) throws AdminProcessingException { synchronized (this.vdb) { DataPolicyMetadata policy = getPolicy(policyName); List<String> previous = policy.getMappedRoleNames(); policy.addMappedRoleName(mappedRole); try { this.listener.dataRoleChanged(policyName); } catch(AdminProcessingException e) { policy.setMappedRoleNames(previous); throw e; } } }
public void addAnyAuthenticated(String policyName) throws AdminProcessingException{ synchronized (this.vdb) { DataPolicyMetadata policy = getPolicy(policyName); boolean previous = policy.isAnyAuthenticated(); policy.setAnyAuthenticated(true); try { this.listener.dataRoleChanged(policyName); } catch(AdminProcessingException e) { policy.setAnyAuthenticated(previous); throw e; } } }
private static void parseDataRole(XMLStreamReader reader, DataPolicyMetadata policy) throws XMLStreamException { Properties props = getAttributes(reader); policy.setName(props.getProperty(Element.NAME.getLocalName())); policy.setAnyAuthenticated(Boolean.parseBoolean(props.getProperty(Element.DATA_ROLE_ANY_ATHENTICATED_ATTR.getLocalName()))); policy.setGrantAll(Boolean.parseBoolean(props.getProperty(Element.DATA_ROLE_GRANT_ALL_ATTR.getLocalName()))); policy.setAllowCreateTemporaryTables(Boolean.parseBoolean(props.getProperty(Element.DATA_ROLE_ALLOW_TEMP_TABLES_ATTR.getLocalName()))); while (reader.hasNext() && (reader.nextTag() != XMLStreamConstants.END_ELEMENT)) { Element element = Element.forName(reader.getLocalName()); switch (element) { case DESCRIPTION: policy.setDescription(reader.getElementText()); break; case PERMISSION: PermissionMetaData permission = new PermissionMetaData(); parsePermission(reader, permission); policy.addPermission(permission); break; case MAPPED_ROLE_NAME: policy.addMappedRoleName(reader.getElementText()); break; default: throw new XMLStreamException(AdminPlugin.Util.gs("unexpected_element2",reader.getName(), Element.DESCRIPTION.getLocalName(), Element.PERMISSION.getLocalName(), Element.MAPPED_ROLE_NAME.getLocalName()), reader.getLocation()); } } }
@Test public void testAccessibleCombination() throws Exception { DataPolicyMetadata svc = new DataPolicyMetadata(); svc.setName("test"); //$NON-NLS-1$ svc.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1")); //$NON-NLS-1$ PermissionMetaData p = addResource(DataPolicy.PermissionType.READ, "pm1.g1"); p.setAllowRead(false); svc.addPermission(p); //$NON-NLS-1$ DataPolicyMetadata svc1 = new DataPolicyMetadata(); svc1.setName("test1"); //$NON-NLS-1$ svc1.addPermission(addResource(DataPolicy.PermissionType.READ, "pm1")); //$NON-NLS-1$ helpTest("SELECT e1 FROM pm1.g1", RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(), svc, svc1); //$NON-NLS-1$ svc1.addPermission(p); helpTest("SELECT e1 FROM pm1.g1", RealMetadataFactory.example1Cached(), new String[] {"pm1.g1.e1", "pm1.g1"}, RealMetadataFactory.example1VDB(), svc, svc1); //$NON-NLS-1$ }
private DataPolicyMetadata examplePolicyBQT() { DataPolicyMetadata svc = new DataPolicyMetadata(); svc.setName("test"); //$NON-NLS-1$ svc.addPermission(addResource(DataPolicy.PermissionType.ALTER, "VQT.SmallA_2589")); //$NON-NLS-1$ svc.addPermission(addResource(DataPolicy.PermissionType.CREATE, "bqt1")); //$NON-NLS-1$ svc.setAllowCreateTemporaryTables(true); return svc; }
@Test public void testAllowed() { DataPolicyMetadata policy = new DataPolicyMetadata(); policy.setName("readOnly"); //$NON-NLS-1$ policy.setDescription("Only has read only permissions"); //$NON-NLS-1$ policy.setMappedRoleNames(Arrays.asList("jack", "susan")); //$NON-NLS-1$ //$NON-NLS-2$ perm5.setAllowRead(true); policy.addPermission(perm1, perm2, perm3, perm4, perm5); assertTrue(policy.allows("catalog.schema.Table1".toLowerCase(), PermissionType.READ)); //$NON-NLS-1$ assertNull(policy.allows("catalog.schema.Table1".toLowerCase(), PermissionType.CREATE)); //$NON-NLS-1$ assertNull(policy.allows("catalog.schema", PermissionType.READ)); //$NON-NLS-1$ assertNull(policy.allows("catalog.schema.Table2.column".toLowerCase(), PermissionType.READ)); //$NON-NLS-1$ assertFalse(policy.allows("catalog.schema.Table2".toLowerCase(), PermissionType.READ)); //$NON-NLS-1$ assertNull(policy.allows("catalog.schema.Table3.column".toLowerCase(), PermissionType.READ)); //$NON-NLS-1$ assertTrue(policy.allows("catalog.schema.Table3".toLowerCase(), PermissionType.READ)); //$NON-NLS-1$ assertTrue(policy.allows("catalog.schema.Table4".toLowerCase(), PermissionType.READ)); //$NON-NLS-1$ assertNull(policy.allows("catalog.schema.Table4".toLowerCase(), PermissionType.DELETE)); //$NON-NLS-1$ assertTrue(policy.allows("catalog.schema.Table5.column1".toLowerCase(), PermissionType.READ)); //$NON-NLS-1$ assertNull(policy.allows("catalog.schema.Table5.column2".toLowerCase(), PermissionType.READ)); //$NON-NLS-1$ assertNull(policy.allows("catalog.schema.Table5".toLowerCase(), PermissionType.READ)); //$NON-NLS-1$
@Test public void testInheritedGrantAll() throws Exception { String sql = "select * from pm1.g1"; DataPolicyMetadata svc = new DataPolicyMetadata(); svc.setName("test"); //$NON-NLS-1$ svc.setGrantAll(true); svc.setSchemas(Collections.singleton("pm1")); helpTest(sql, RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(), svc); //$NON-NLS-1$ //$NON-NLS-2$ sql = "select e1 from pm2.g1"; helpTest(sql, RealMetadataFactory.example1Cached(), new String[] {"pm2.g1.e1", "pm2.g1"}, RealMetadataFactory.example1VDB(), svc); //$NON-NLS-1$ //$NON-NLS-2$ } }
assertTrue(role.isGrantAll()); assertTrue(role.isAllowCreateTemporaryTables()); assertEquals("roleOne described", role.getDescription()); //$NON-NLS-1$ assertNotNull(role.getMappedRoleNames()); assertTrue(role.getMappedRoleNames().contains("ROLE1")); //$NON-NLS-1$ assertTrue(role.getMappedRoleNames().contains("ROLE2")); //$NON-NLS-1$ List<DataPolicy.DataPermission> permissions = role.getPermissions(); assertEquals(4, permissions.size());
for (Map.Entry<String, DataPolicy> entry : policies.entrySet()) { DataPolicyMetadata dpm = (DataPolicyMetadata)entry.getValue(); PermissionMetaData pmd = dpm.getPermissionMap().get(fullName); if (pmd == null) { continue; if (report.hasItems()) { ValidatorFailure firstFailure = report.getItems().iterator().next(); throw new QueryMetadataException(QueryPlugin.Event.TEIID31139, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31139, dpm.getName(), fullName) + " " + firstFailure); //$NON-NLS-1$ if (!dpm.isAnyAuthenticated()) { throw e; } catch (TeiidException e) { throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, e, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, dpm.getName(), fullName));
@Override public boolean isTempAccessible(PermissionType action, String resource, Context context, CommandContext commandContext) { if (resource != null) { return getInaccessibleResources(action, new HashSet<String>(Arrays.asList(resource)), context, commandContext).isEmpty(); } Boolean result = null; for(DataPolicy p:commandContext.getAllowedDataPolicies().values()) { DataPolicyMetadata policy = (DataPolicyMetadata)p; if (policy.isGrantAll()) { return true; } if (policy.isAllowCreateTemporaryTables() != null) { if (policy.isAllowCreateTemporaryTables()) { return true; } result = policy.isAllowCreateTemporaryTables(); } } if (result != null) { return result; } return allowCreateTemporaryTablesByDefault; }
continue; if (policy.isGrantAll()) { if (policy.getSchemas() == null) { resources.clear(); return resources; continue; if (policy.getSchemas().contains(resource)) { iter.remove(); continue outer; Boolean allows = policy.allows(resource, action); if (allows != null) { if (allows) {
DataPolicyMetadata role = (DataPolicyMetadata)dp; if (newMergedVDB.addDataPolicy(role) != null) { throw new VirtualDatabaseException(RuntimePlugin.Event.TEIID40084, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40084, vdb.getName(), vdb.getVersion(), vdbImport.getName(), vdbImport.getVersion(), role.getName())); if (role.isGrantAll()) { role.setSchemas(childVDB.getModelMetaDatas().keySet());
@Test public void testGrantAll() throws Exception { DataPolicyMetadata svc = new DataPolicyMetadata(); svc.setGrantAll(true); helpTest("create foreign temporary table x (id string) on bqt1", RealMetadataFactory.exampleBQTCached(), new String[] {}, RealMetadataFactory.exampleBQTVDB(), svc); //$NON-NLS-1$ //$NON-NLS-2$ }
public DataPolicyMetadata addDataPolicy(DataPolicyMetadata policy){ return this.dataPolicies.put(policy.getName(), policy); }
public DataPolicyMetadata clone() { DataPolicyMetadata clone = new DataPolicyMetadata(); clone.allowCreateTemporaryTables = this.allowCreateTemporaryTables; clone.anyAuthenticated = this.anyAuthenticated; clone.description = this.description; clone.hasRowPermissions = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER); clone.hasRowPermissions.addAll(this.hasRowPermissions); clone.languagePermissions = new HashMap<String, DataPolicyMetadata.PermissionMetaData>(this.languagePermissions); clone.mappedRoleNames = this.mappedRoleNames; //direct reference to preserve updates clone.name = this.name; clone.grantAll = this.grantAll; clone.permissions = new TreeMap<String, PermissionMetaData>(String.CASE_INSENSITIVE_ORDER); clone.permissions.putAll(this.permissions); return clone; }
@Test public void testAnyAuthenticated() { DQPWorkContext message = new DQPWorkContext(); SessionMetadata mock = Mockito.mock(SessionMetadata.class); message.setSession(mock); VDBMetaData vdb = new VDBMetaData(); DataPolicyMetadata dpm = new DataPolicyMetadata(); dpm.setAnyAuthenticated(true); vdb.addDataPolicy(dpm); Mockito.stub(mock.getVdb()).toReturn(vdb); //unauthenticated Map<String, DataPolicy> map = message.getAllowedDataPolicies(); assertEquals(0, map.size()); //authenticated message = new DQPWorkContext(); Mockito.stub(mock.getSubject()).toReturn(new Subject()); message.setSession(mock); map = message.getAllowedDataPolicies(); assertEquals(1, map.size()); }