PermissionMetaData permission = new PermissionMetaData(); if (node.get(RESOURCE_NAME) != null) { permission.setResourceName(node.get(RESOURCE_NAME).asString()); permission.setResourceType(ResourceType.valueOf(node.get(RESOURCE_TYPE).asString())); permission.setAllowLanguage(node.get(ALLOW_LANGUAGE).asBoolean()); return permission; permission.setAllowCreate(node.get(ALLOW_CREATE).asBoolean()); permission.setAllowDelete(node.get(ALLOW_DELETE).asBoolean()); permission.setAllowUpdate(node.get(ALLOW_UPADTE).asBoolean()); permission.setAllowRead(node.get(ALLOW_READ).asBoolean()); permission.setAllowExecute(node.get(ALLOW_EXECUTE).asBoolean()); permission.setAllowAlter(node.get(ALLOW_ALTER).asBoolean()); permission.setCondition(node.get(CONDITION).asString()); permission.setMask(node.get(MASK).asString()); permission.setOrder(node.get(ORDER).asInt()); permission.setConstraint(node.get(CONSTRAINT).asBoolean());
roleOne.setGrantAll(true); PermissionMetaData perm1 = new PermissionMetaData(); perm1.setResourceName("myTable.T1"); //$NON-NLS-1$ perm1.setAllowRead(true); roleOne.addPermission(perm1); PermissionMetaData perm2 = new PermissionMetaData(); perm2.setResourceName("myTable.T2"); //$NON-NLS-1$ perm2.setAllowRead(false); perm2.setAllowDelete(true); perm2.setCondition("col1 = user()"); perm2.setConstraint(false); roleOne.addPermission(perm2); PermissionMetaData perm3 = new PermissionMetaData(); perm3.setResourceName("javascript"); //$NON-NLS-1$ perm3.setAllowLanguage(true); roleOne.addPermission(perm3); PermissionMetaData perm4 = new PermissionMetaData(); perm4.setResourceName("myTable.T2.col1"); //$NON-NLS-1$ perm4.setMask("col2"); perm4.setOrder(1); roleOne.addPermission(perm4);
switch (element) { case RESOURCE_NAME: permission.setResourceName(reader.getElementText()); break; case RESOURCE_TYPE: permission.setResourceType(ResourceType.valueOf(reader.getElementText())); break; case ALLOW_ALTER: permission.setAllowAlter(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_CREATE: permission.setAllowCreate(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_LANGUAGE: permission.setAllowLanguage(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_DELETE: permission.setAllowDelete(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_EXECUTE: permission.setAllowExecute(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_READ: permission.setAllowRead(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_UPADTE: permission.setAllowUpdate(Boolean.parseBoolean(reader.getElementText())); break; case CONDITION:
switch (element) { case RESOURCE_NAME: permission.setResourceName(reader.getElementText()); break; case RESOURCE_TYPE: permission.setResourceType(ResourceType.valueOf(reader.getElementText())); break; case ALLOW_ALTER: permission.setAllowAlter(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_CREATE: permission.setAllowCreate(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_LANGUAGE: permission.setAllowLanguage(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_DELETE: permission.setAllowDelete(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_EXECUTE: permission.setAllowExecute(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_READ: permission.setAllowRead(Boolean.parseBoolean(reader.getElementText())); break; case ALLOW_UPADTE: permission.setAllowUpdate(Boolean.parseBoolean(reader.getElementText())); break; case CONDITION:
private void addPermissionMetadata(PermissionMetaData permission) { PermissionMetaData previous = null; if (permission.getAllowLanguage() != null) { previous = this.languagePermissions.put(permission.getResourceName(), permission); } else { previous = permissions.put(permission.getResourceName().toLowerCase(), permission); if (permission.getCondition() != null) { this.hasRowPermissions.add(permission.getResourceName()); if (permission.getMask() != null) { String resourceName = permission.getResourceName(); int lastSegment = permission.getResourceName().lastIndexOf('.'); if (lastSegment > 0) { resourceName = resourceName.substring(0, lastSegment); permission.bits |= previous.bits; permission.bitsSet |= previous.bitsSet; if (previous.getCondition() != null) { if (permission.getCondition() == null) { permission.setCondition(previous.getCondition()); permission.setConstraint(previous.getConstraint()); } else { throw new TeiidRuntimeException(AdminPlugin.Event.TEIID70053, AdminPlugin.Util.gs(AdminPlugin.Event.TEIID70053, this.getName(), permission.getResourceName())); if (previous.getMask() != null) { if (permission.getMask() != null) { throw new TeiidRuntimeException(AdminPlugin.Event.TEIID70053, AdminPlugin.Util.gs(AdminPlugin.Event.TEIID70053, this.getName(), permission.getResourceName())); permission.setMask(previous.getMask());
PermissionMetaData perm1 = new PermissionMetaData(); perm1.setResourceName("catalog.schema.Table1"); //$NON-NLS-1$ perm1.setAllowRead(true); PermissionMetaData perm2 = new PermissionMetaData(); perm2.setResourceName("catalog.schema.Table2"); //$NON-NLS-1$ perm2.setAllowRead(false); PermissionMetaData perm3 = new PermissionMetaData(); perm3.setResourceName("catalog.schema.Table3"); //$NON-NLS-1$ perm3.setAllowRead(true); PermissionMetaData perm4 = new PermissionMetaData(); perm4.setResourceName("catalog.schema.Table4"); //$NON-NLS-1$ perm4.setAllowRead(true); PermissionMetaData perm5 = new PermissionMetaData(); perm5.setResourceName("catalog.schema.Table5.column1"); //$NON-NLS-1$ perm5.setAllowRead(true);
private void addPermissionMetadata(PermissionMetaData permission) { PermissionMetaData previous = null; if (permission.getAllowLanguage() != null) { previous = this.languagePermissions.put(permission.getResourceName(), permission); } else { previous = permissions.put(permission.getResourceName().toLowerCase(), permission); if (permission.getCondition() != null) { this.hasRowPermissions.add(permission.getResourceName()); if (permission.getMask() != null) { String resourceName = permission.getResourceName(); int lastSegment = permission.getResourceName().lastIndexOf('.'); if (lastSegment > 0) { resourceName = resourceName.substring(0, lastSegment); permission.bits |= previous.bits; permission.bitsSet |= previous.bitsSet; if (previous.getCondition() != null) { if (permission.getCondition() == null) { permission.setCondition(previous.getCondition()); permission.setConstraint(previous.getConstraint()); } else { throw new TeiidRuntimeException(AdminPlugin.Event.TEIID70053, AdminPlugin.Util.gs(AdminPlugin.Event.TEIID70053, this.getName(), permission.getResourceName())); if (previous.getMask() != null) { if (permission.getMask() != null) { throw new TeiidRuntimeException(AdminPlugin.Event.TEIID70053, AdminPlugin.Util.gs(AdminPlugin.Event.TEIID70053, this.getName(), permission.getResourceName())); permission.setMask(previous.getMask());
PermissionMetaData permission = new PermissionMetaData(); if (node.get(RESOURCE_NAME) != null) { permission.setResourceName(node.get(RESOURCE_NAME).asString()); permission.setResourceType(ResourceType.valueOf(node.get(RESOURCE_TYPE).asString())); permission.setAllowLanguage(node.get(ALLOW_LANGUAGE).asBoolean()); return permission; permission.setAllowCreate(node.get(ALLOW_CREATE).asBoolean()); permission.setAllowDelete(node.get(ALLOW_DELETE).asBoolean()); permission.setAllowUpdate(node.get(ALLOW_UPADTE).asBoolean()); permission.setAllowRead(node.get(ALLOW_READ).asBoolean()); permission.setAllowExecute(node.get(ALLOW_EXECUTE).asBoolean()); permission.setAllowAlter(node.get(ALLOW_ALTER).asBoolean()); permission.setCondition(node.get(CONDITION).asString()); permission.setMask(node.get(MASK).asString()); permission.setOrder(node.get(ORDER).asInt()); permission.setConstraint(node.get(CONSTRAINT).asBoolean());
p.setAllowRead(false); p.setAllowRead(false);
HashMap<String, DataPolicy> policies = new HashMap<String, DataPolicy>(); DataPolicyMetadata policy = new DataPolicyMetadata(); pmd = new PermissionMetaData(); pmd.setResourceName("y.v"); pmd.setCondition("x = user()");
private static void parseDataRole(XMLStreamReader reader, DataPolicyMetadata policy) throws XMLStreamException { Properties props = getAttributes(reader); policy.setName(props.getProperty(Element.NAME.getLocalName())); policy.setAnyAuthenticated(Boolean.parseBoolean(props.getProperty(Element.DATA_ROLE_ANY_ATHENTICATED_ATTR.getLocalName()))); policy.setGrantAll(Boolean.parseBoolean(props.getProperty(Element.DATA_ROLE_GRANT_ALL_ATTR.getLocalName()))); policy.setAllowCreateTemporaryTables(Boolean.parseBoolean(props.getProperty(Element.DATA_ROLE_ALLOW_TEMP_TABLES_ATTR.getLocalName()))); while (reader.hasNext() && (reader.nextTag() != XMLStreamConstants.END_ELEMENT)) { Element element = Element.forName(reader.getLocalName()); switch (element) { case DESCRIPTION: policy.setDescription(reader.getElementText()); break; case PERMISSION: PermissionMetaData permission = new PermissionMetaData(); parsePermission(reader, permission); policy.addPermission(permission); break; case MAPPED_ROLE_NAME: policy.addMappedRoleName(reader.getElementText()); break; default: throw new XMLStreamException(AdminPlugin.Util.gs("unexpected_element2",reader.getName(), Element.DESCRIPTION.getLocalName(), Element.PERMISSION.getLocalName(), Element.MAPPED_ROLE_NAME.getLocalName()), reader.getLocation()); } } }
private static void parseDataRole(XMLStreamReader reader, DataPolicyMetadata policy) throws XMLStreamException { Properties props = getAttributes(reader); policy.setName(props.getProperty(Element.NAME.getLocalName())); policy.setAnyAuthenticated(Boolean.parseBoolean(props.getProperty(Element.DATA_ROLE_ANY_ATHENTICATED_ATTR.getLocalName()))); policy.setGrantAll(Boolean.parseBoolean(props.getProperty(Element.DATA_ROLE_GRANT_ALL_ATTR.getLocalName()))); policy.setAllowCreateTemporaryTables(Boolean.parseBoolean(props.getProperty(Element.DATA_ROLE_ALLOW_TEMP_TABLES_ATTR.getLocalName()))); while (reader.hasNext() && (reader.nextTag() != XMLStreamConstants.END_ELEMENT)) { Element element = Element.forName(reader.getLocalName()); switch (element) { case DESCRIPTION: policy.setDescription(reader.getElementText()); break; case PERMISSION: PermissionMetaData permission = new PermissionMetaData(); parsePermission(reader, permission); policy.addPermission(permission); break; case MAPPED_ROLE_NAME: policy.addMappedRoleName(reader.getElementText()); break; default: throw new XMLStreamException(AdminPlugin.Util.gs("unexpected_element2",reader.getName(), Element.DESCRIPTION.getLocalName(), Element.PERMISSION.getLocalName(), Element.MAPPED_ROLE_NAME.getLocalName()), reader.getLocation()); } } }
HashMap<String, DataPolicy> policies = new HashMap<String, DataPolicy>(); DataPolicyMetadata policy = new DataPolicyMetadata(); pmd = new PermissionMetaData(); pmd.setResourceName("pm1.g1"); pmd.setCondition("e1 = user()"); PermissionMetaData pmd1 = new PermissionMetaData(); pmd1.setResourceName("pm1.g2"); pmd1.setCondition("foo = bar"); PermissionMetaData pmd2 = new PermissionMetaData(); pmd2.setResourceName("pm1.g4"); pmd2.setCondition("e1 = max(e2)"); PermissionMetaData pmd3 = new PermissionMetaData(); pmd3.setResourceName("pm1.g3"); pmd3.setAllowDelete(true); PermissionMetaData pmd4 = new PermissionMetaData(); pmd4.setResourceName("pm1.sp1"); pmd4.setCondition("e1 = 'a'");
static PermissionMetaData addResource(PermissionType type, boolean flag, String resource) { PermissionMetaData p = new PermissionMetaData(); p.setResourceName(resource); switch(type) { case CREATE: p.setAllowCreate(flag); break; case DELETE: p.setAllowDelete(flag); break; case READ: p.setAllowRead(flag); break; case UPDATE: p.setAllowUpdate(flag); break; case ALTER: p.setAllowAlter(flag); break; case EXECUTE: p.setAllowExecute(flag); break; case LANGUAGE: p.setAllowLanguage(flag); } return p; } static PermissionMetaData addResource(PermissionType type, String resource) {
@Test public void testSubqueryHint() throws Exception { DataPolicyMetadata policy1 = new DataPolicyMetadata(); PermissionMetaData pmd3 = new PermissionMetaData(); pmd3.setResourceName("pm1.g1"); pmd3.setCondition("e1 in /*+ DJ */ (select e1 from pm1.g3)"); policy1.addPermission(pmd3); policy1.setName("some-other-role"); context.getAllowedDataPolicies().clear(); context.getAllowedDataPolicies().put("some-other-role", policy1); HardcodedDataManager dataManager = new HardcodedDataManager(); dataManager.addData("SELECT pm1.g3.e1 FROM pm1.g3", new List<?>[] {Arrays.asList("b"), Arrays.asList("a")}); dataManager.addData("SELECT pm1.g1.e1, pm1.g1.e2 FROM pm1.g1", new List<?>[] {Arrays.asList("b", 1), Arrays.asList("a", 2)}); ProcessorPlan plan = helpGetPlan(helpParse("select e1, e2 from pm1.g1"), RealMetadataFactory.example1Cached(), new DefaultCapabilitiesFinder(), context); List<?>[] expectedResults = new List<?>[] {Arrays.asList("a", 2), Arrays.asList("b", 1)}; helpProcess(plan, context, dataManager, expectedResults); dataManager.addData("SELECT g_0.e1 AS c_0 FROM pm1.g3 AS g_0 ORDER BY c_0", new List<?>[] {Arrays.asList("a"), Arrays.asList("b")}); dataManager.addData("SELECT g_0.e1 AS c_0, g_0.e2 AS c_1 FROM pm1.g1 AS g_0 WHERE g_0.e1 IN ('a', 'b') ORDER BY c_0", new List<?>[] {Arrays.asList("a", 2), Arrays.asList("b", 1)}); plan = helpGetPlan(helpParse("select e1, e2 from pm1.g1"), RealMetadataFactory.example1Cached(), TestOptimizer.getGenericFinder(), context); expectedResults = new List<?>[] {Arrays.asList("a", 2), Arrays.asList("b", 1)}; helpProcess(plan, context, dataManager, expectedResults); }
/** * Here the other role makes the g1 rows visible again */ @Test public void testMultipleRoles() throws Exception { HardcodedDataManager dataManager = new HardcodedDataManager(); dataManager.addData("SELECT pm1.g1.e1, pm1.g1.e2 FROM pm1.g1", new List<?>[] {Arrays.asList("a", 1), Arrays.asList("b", 2)}); ProcessorPlan plan = helpGetPlan(helpParse("select e2 from pm1.g1"), RealMetadataFactory.example1Cached(), new DefaultCapabilitiesFinder(), context); helpProcess(plan, context, dataManager, new List<?>[0]); DataPolicyMetadata policy1 = new DataPolicyMetadata(); PermissionMetaData pmd3 = new PermissionMetaData(); pmd3.setResourceName("pm1.g1"); pmd3.setCondition("true"); policy1.addPermission(pmd3); policy1.setName("some-other-role"); context.getAllowedDataPolicies().put("some-other-role", policy1); dataManager = new HardcodedDataManager(); dataManager.addData("SELECT pm1.g1.e2 FROM pm1.g1", new List<?>[] {Arrays.asList(1), Arrays.asList(2)}); plan = helpGetPlan(helpParse("select e2 from pm1.g1"), RealMetadataFactory.example1Cached(), new DefaultCapabilitiesFinder(), context); List<?>[] expectedResults = new List<?>[] {Arrays.asList(1), Arrays.asList(2)}; helpProcess(plan, context, dataManager, expectedResults); }
/** * Tests an outside column in the constraint */ @Test public void testUpdateFilter4() throws Exception { DataPolicyMetadata policy1 = new DataPolicyMetadata(); PermissionMetaData pmd3 = new PermissionMetaData(); pmd3.setResourceName("pm1.g1"); pmd3.setCondition("e2 = 1 and e3"); policy1.addPermission(pmd3); policy1.setName("some-role"); context.getAllowedDataPolicies().put("some-role", policy1); HardcodedDataManager dataManager = new HardcodedDataManager(); dataManager.addData("SELECT g_0.e4, g_0.e3, g_0.e1 FROM pm1.g1 AS g_0 WHERE (g_0.e3 = TRUE) AND (g_0.e2 = 1) AND (g_0.e1 IN ('a', 'b'))", new List<?>[] {Arrays.asList(Double.valueOf(1), Boolean.TRUE, "a"), Arrays.asList(Double.valueOf(1), Boolean.TRUE, "b")}); dataManager.addData("UPDATE pm1.g1 SET e2 = 1 WHERE pm1.g1.e1 = 'a'", new List<?>[] {Arrays.asList(1)}); dataManager.addData("UPDATE pm1.g1 SET e2 = 1 WHERE pm1.g1.e1 = 'b'", new List<?>[] {Arrays.asList(1)}); ProcessorPlan plan = helpGetPlan(helpParse("update pm1.g1 set e2 = case when e4 = 1 then 1 else 2 end where e1 in ('a', 'b')"), RealMetadataFactory.example4(), TestOptimizer.getGenericFinder(), context); List<?>[] expectedResults = new List<?>[] {Arrays.asList(2)}; helpProcess(plan, context, dataManager, expectedResults); }
private static CommandContext createContext() { CommandContext context = createCommandContext(); DQPWorkContext workContext = new DQPWorkContext(); HashMap<String, DataPolicy> policies = new HashMap<String, DataPolicy>(); DataPolicyMetadata policy = new DataPolicyMetadata(); PermissionMetaData pmd = new PermissionMetaData(); pmd.setResourceName("pm1.sp1.e1"); pmd.setMask("case when e2 > 1 then null else e1 end"); PermissionMetaData pmd1 = new PermissionMetaData(); pmd1.setResourceName("pm1.g1.e2"); pmd1.setMask("case when e1 = 'a' then null else e2 end"); policy.addPermission(pmd, pmd1); policy.setName("some-role"); policies.put("some-role", policy); workContext.setPolicies(policies); context.setDQPWorkContext(workContext); return context; }
@Test public void testViewMaskWithRowFilter() throws Exception { DataPolicyMetadata policy1 = new DataPolicyMetadata(); PermissionMetaData pmd11 = new PermissionMetaData(); pmd11.setResourceName("vm1.g1.e2"); pmd11.setMask("null"); PermissionMetaData pmd12 = new PermissionMetaData(); pmd12.setResourceName("vm1.g1"); pmd12.setCondition("e2 = 1"); //should be applied before the mask affect, otherwise we'd get no rows policy1.addPermission(pmd11, pmd12); policy1.setName("other-role"); context.getAllowedDataPolicies().put("other-role", policy1); HardcodedDataManager dataManager = new HardcodedDataManager(); dataManager.addData("SELECT pm1.g1.e1, pm1.g1.e2 FROM pm1.g1", new List<?>[] {Arrays.asList("a", 1), Arrays.asList("b", 1)}); ProcessorPlan plan = helpGetPlan(helpParse("select g2.e2 from vm1.g1 as g2"), RealMetadataFactory.example1Cached(), new DefaultCapabilitiesFinder(), context); List<?>[] expectedResults = new List<?>[] {Collections.singletonList(null)}; helpProcess(plan, context, dataManager, expectedResults); }
@Test public void testSubqueryTableMask() throws Exception { DataPolicyMetadata policy1 = new DataPolicyMetadata(); PermissionMetaData pmd11 = new PermissionMetaData(); pmd11.setResourceName("pm1.g1.e2"); pmd11.setOrder(1); //takes presedence pmd11.setMask("(select min(e2) from pm1.g3)"); policy1.addPermission(pmd11); policy1.setName("other-role"); context.getAllowedDataPolicies().put("other-role", policy1); HardcodedDataManager dataManager = new HardcodedDataManager(); dataManager.addData("SELECT pm1.g1.e1 FROM pm1.g1", new List<?>[] {Arrays.asList("a"), Arrays.asList("b")}); dataManager.addData("SELECT pm1.g3.e2 FROM pm1.g3", new List<?>[] {Arrays.asList(1), Arrays.asList(2)}); ProcessorPlan plan = helpGetPlan(helpParse("select e1, g2.e2 from pm1.g1 as g2"), RealMetadataFactory.example1Cached(), new DefaultCapabilitiesFinder(), context); List<?>[] expectedResults = new List<?>[] {Arrays.asList("a", 1), Arrays.asList("b", 1)}; helpProcess(plan, context, dataManager, expectedResults); }