OmniSciDB  72c90bc290
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
ViewPermissionsTest.java
Go to the documentation of this file.
1 /*
2  * Copyright 2015 The Apache Software Foundation.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package com.mapd.tests;
17 
18 import static com.mapd.tests.HeavyDBAsserts.shouldThrowException;
19 
20 import org.slf4j.Logger;
21 import org.slf4j.LoggerFactory;
22 
23 public class ViewPermissionsTest {
24  final static Logger logger = LoggerFactory.getLogger(ViewPermissionsTest.class);
25 
26  public static void main(String[] args) throws Exception {
28  test.testViewPermissions();
29  test.testCreateViewPermission();
30  }
31 
32  public void testCreateViewPermission() throws Exception {
33  logger.info("testCreateViewPermission()");
34 
35  HeavyDBTestClient su = HeavyDBTestClient.getClient(
36  "localhost", 6274, "mapd", "mapd", "HyperInteractive");
37 
38  su.runSql("CREATE USER dba (password = 'password', is_super = 'true');");
39  su.runSql("CREATE USER bob (password = 'password', is_super = 'false');");
40  su.runSql("CREATE USER bill (password = 'password', is_super = 'false');");
41 
42  su.runSql("CREATE ROLE salesDept;");
43  su.runSql("CREATE USER foo (password = 'password', is_super = 'false');");
44  su.runSql("GRANT salesDept TO foo;");
45 
46  su.runSql("CREATE DATABASE db1;");
47 
48  su.runSql("GRANT ACCESS on database db1 TO bob;");
49  su.runSql("GRANT ACCESS on database db1 TO bill;");
50  su.runSql("GRANT ACCESS on database db1 TO foo;");
51  su.runSql("GRANT ACCESS on database db1 TO dba;");
52 
53  HeavyDBTestClient dba =
54  HeavyDBTestClient.getClient("localhost", 6274, "db1", "dba", "password");
55  HeavyDBTestClient bill =
56  HeavyDBTestClient.getClient("localhost", 6274, "db1", "bill", "password");
57  HeavyDBTestClient bob =
58  HeavyDBTestClient.getClient("localhost", 6274, "db1", "bob", "password");
59 
60  dba.runSql("GRANT CREATE ON DATABASE db1 TO bill"); // table
61  dba.runSql("GRANT DROP ON DATABASE db1 TO bill"); // table
62  dba.runSql("GRANT CREATE VIEW ON DATABASE db1 TO bob");
63  dba.runSql("GRANT DROP VIEW ON DATABASE db1 TO bob");
64 
65  bill.runSql("CREATE TABLE bill_table(id integer)");
66  shouldThrowException("bob cannot see bill_table",
67  () -> bob.runSql("CREATE VIEW bob_view AS SELECT id FROM bill_table"));
68 
69  bill.runSql("GRANT SELECT ON TABLE bill_table TO bob");
70  bob.runSql("CREATE VIEW bob_view AS SELECT id FROM bill_table");
71 
72  su.runSql("DROP DATABASE db1;");
73  su.runSql("DROP USER foo;");
74  su.runSql("DROP ROLE salesDept;");
75  su.runSql("DROP USER bob;");
76  su.runSql("DROP USER bill;");
77  su.runSql("DROP USER dba;");
78  }
79 
80  public void testViewPermissions() throws Exception {
81  logger.info("testViewPermissions()");
82 
83  HeavyDBTestClient su = HeavyDBTestClient.getClient(
84  "localhost", 6274, "mapd", "mapd", "HyperInteractive");
85 
86  su.runSql("CREATE USER dba (password = 'password', is_super = 'true');");
87  su.runSql("CREATE USER bob (password = 'password', is_super = 'false');");
88  su.runSql("CREATE USER bill (password = 'password', is_super = 'false');");
89 
90  su.runSql("CREATE ROLE salesDept;");
91  su.runSql("CREATE USER foo (password = 'password', is_super = 'false');");
92  su.runSql("GRANT salesDept TO foo;");
93 
94  su.runSql("CREATE DATABASE db1;");
95  su.runSql("CREATE DATABASE db2;");
96 
97  su.runSql("GRANT ACCESS on database db1 TO bob;");
98  su.runSql("GRANT ACCESS on database db1 TO bill;");
99  su.runSql("GRANT ACCESS on database db1 TO foo;");
100  su.runSql("GRANT ACCESS on database db1 TO dba;");
101 
102  su.runSql("GRANT ACCESS on database db2 TO bob;");
103  su.runSql("GRANT ACCESS on database db2 TO bill;");
104  su.runSql("GRANT ACCESS on database db2 TO foo;");
105  su.runSql("GRANT ACCESS on database db2 TO dba;");
106 
107  HeavyDBTestClient dba =
108  HeavyDBTestClient.getClient("localhost", 6274, "db1", "dba", "password");
109  HeavyDBTestClient bill =
110  HeavyDBTestClient.getClient("localhost", 6274, "db1", "bill", "password");
111  HeavyDBTestClient bob =
112  HeavyDBTestClient.getClient("localhost", 6274, "db1", "bob", "password");
113  HeavyDBTestClient foo =
114  HeavyDBTestClient.getClient("localhost", 6274, "db1", "foo", "password");
115 
116  shouldThrowException("bill should not be able to create tables",
117  () -> bill.runSql("CREATE VIEW bill_view AS SELECT id FROM bill_table"));
118  shouldThrowException("bob should not be able to create tables",
119  () -> bob.runSql("CREATE VIEW bob_view AS SELECT id FROM bob_table"));
120  shouldThrowException("foo should not be able to create tables",
121  () -> foo.runSql("CREATE VIEW foo_view AS SELECT id FROM foo_table"));
122  ;
123 
124  dba.runSql("GRANT CREATE ON DATABASE db1 TO bill"); // table
125  dba.runSql("GRANT DROP ON DATABASE db1 TO bill"); // table
126  dba.runSql("GRANT CREATE VIEW ON DATABASE db1 TO bill");
127  dba.runSql("GRANT DROP VIEW ON DATABASE db1 TO bill");
128 
129  bill.runSql("CREATE TABLE bill_table(id integer)");
130  bill.runSql("CREATE VIEW bill_view AS SELECT id FROM bill_table");
131 
132  shouldThrowException(
133  "not allowed to select", () -> bob.runSql("SELECT * from bill_table"));
134  shouldThrowException(
135  "not allowed to select", () -> foo.runSql("SELECT * from bill_table"));
136  shouldThrowException(
137  "not allowed to select", () -> bob.runSql("SELECT * from bill_view"));
138  shouldThrowException(
139  "not allowed to select", () -> foo.runSql("SELECT * from bill_view"));
140 
141  bill.runSql("GRANT SELECT ON VIEW bill_view TO bob");
142  shouldThrowException(
143  "not allowed to select", () -> bob.runSql("SELECT * from bill_table"));
144  shouldThrowException(
145  "not allowed to select", () -> foo.runSql("SELECT * from bill_table"));
146  bob.runSql("SELECT * from bill_view");
147  shouldThrowException(
148  "foo not allowed to select", () -> foo.runSql("SELECT * from bill_view"));
149 
150  bill.runSql("GRANT SELECT ON VIEW bill_view TO salesDept"); // foo
151  shouldThrowException(
152  "not allowed to select", () -> bob.runSql("SELECT * from bill_table"));
153  shouldThrowException(
154  "not allowed to select", () -> foo.runSql("SELECT * from bill_table"));
155  bob.runSql("SELECT * from bill_view");
156  foo.runSql("SELECT * from bill_view");
157 
158  if (1 == 0) {
159  // these operations are not supported yet
160  shouldThrowException(
161  "insert not allowed", () -> bob.runSql("INSERT INTO bill_view VALUES(1)"));
162  shouldThrowException(
163  "insert not allowed ", () -> foo.runSql("INSERT INTO bill_view VALUES(1)"));
164 
165  bill.runSql("GRANT INSERT ON VIEW bill_view TO bob");
166  bob.runSql("INSERT INTO bill_view VALUES(1)");
167  shouldThrowException(
168  "insert not allowed ", () -> foo.runSql("INSERT INTO bill_view VALUES(1)"));
169 
170  bill.runSql("GRANT INSERT ON VIEW bill_view TO salesDept");
171  bob.runSql("INSERT INTO bill_view VALUES(1)");
172  foo.runSql("INSERT INTO bill_view VALUES(1)");
173 
174  shouldThrowException("update not allowed",
175  () -> bob.runSql("UPDATE bill_view SET id = 2 WHERE id = 0"));
176  shouldThrowException("update not allowed ",
177  () -> foo.runSql("UPDATE bill_view SET id = 2 WHERE id = 0"));
178 
179  bill.runSql("GRANT UPDATE ON VIEW bill_view TO bob");
180  bob.runSql("UPDATE bill_view SET id = 2 WHERE id = 0");
181  shouldThrowException("update not allowed ",
182  () -> foo.runSql("UPDATE bill_view SET id = 2 WHERE id = 0"));
183 
184  bill.runSql("GRANT UPDATE ON VIEW bill_table TO salesDept");
185  bob.runSql("UPDATE bill_table SET id = 2 WHERE id = 0");
186  foo.runSql("UPDATE bill_table SET id = 2 WHERE id = 0");
187 
188  shouldThrowException("update not allowed",
189  () -> bob.runSql("DELETE FROM bill_view WHERE id = 0"));
190  shouldThrowException("update not allowed ",
191  () -> foo.runSql("DELETE FROM bill_view WHERE id = 0"));
192 
193  bill.runSql("GRANT DELETE ON VIEW bill_table TO bob");
194  bob.runSql("DELETE FROM bill_view WHERE id = 0");
195  shouldThrowException("update not allowed ",
196  () -> foo.runSql("DELETE FROM bill_view WHERE id = 0"));
197 
198  bill.runSql("GRANT DELETE ON VIEW bill_view TO salesDept");
199  bob.runSql("DELETE FROM bill_view WHERE id = 0");
200  foo.runSql("DELETE FROM bill_view WHERE id = 0");
201  }
202 
203  su.runSql("DROP DATABASE db1;");
204  su.runSql("DROP DATABASE db2;");
205  su.runSql("DROP USER foo;");
206  su.runSql("DROP ROLE salesDept;");
207  su.runSql("DROP USER bob;");
208  su.runSql("DROP USER bill;");
209  su.runSql("DROP USER dba;");
210  }
211 }