OmniSciDB  04ee39c94c
DBObjectPrivilegesTest.cpp File Reference
#include <gtest/gtest.h>
#include <boost/filesystem/operations.hpp>
#include <csignal>
#include <thread>
#include <tuple>
#include "../Catalog/Catalog.h"
#include "../Catalog/DBObject.h"
#include "../DataMgr/DataMgr.h"
#include "../Parser/parser.h"
#include "../QueryEngine/ArrowResultSet.h"
#include "../QueryEngine/Descriptors/RelAlgExecutionDescriptor.h"
#include "../QueryEngine/Execute.h"
#include "../QueryRunner/QueryRunner.h"
#include "Shared/MapDParameters.h"
#include "Shared/scope.h"
#include "TestHelpers.h"
#include "gen-cpp/CalciteServer.h"
+ Include dependency graph for DBObjectPrivilegesTest.cpp:

Go to the source code of this file.

Classes

struct  Users
 
struct  Roles
 
struct  GrantSyntax
 
struct  DatabaseObject
 
struct  TableObject
 
struct  ViewObject
 
struct  DashboardObject
 

Namespaces

 anonymous_namespace{DBObjectPrivilegesTest.cpp}
 

Macros

#define BASE_PATH   "./tmp"
 

Typedefs

using QR = QueryRunner::QueryRunner
 

Functions

template<class T >
anonymous_namespace{DBObjectPrivilegesTest.cpp}::v (const TargetValue &r)
 
void anonymous_namespace{DBObjectPrivilegesTest.cpp}::run_ddl_statement (const std::string &query)
 
 TEST_F (GrantSyntax, MultiPrivilegeGrantRevoke)
 
 TEST_F (GrantSyntax, MultiRoleGrantRevoke)
 
 TEST (UserRoles, InvalidGrantsRevokesTest)
 
 TEST (UserRoles, ValidNames)
 
 TEST (UserRoles, RoleHierarchies)
 
 TEST_F (DatabaseObject, AccessDefaultsTest)
 
 TEST_F (DatabaseObject, SqlEditorAccessTest)
 
 TEST_F (DatabaseObject, DBLoginAccessTest)
 
 TEST_F (DatabaseObject, TableAccessTest)
 
 TEST_F (DatabaseObject, ViewAccessTest)
 
 TEST_F (DatabaseObject, DashboardAccessTest)
 
 TEST_F (DatabaseObject, DatabaseAllTest)
 
 TEST_F (TableObject, AccessDefaultsTest)
 
 TEST_F (TableObject, AccessAfterGrantsTest)
 
 TEST_F (TableObject, AccessAfterRevokesTest)
 
void testViewPermissions (std::string user, std::string roleToGrant)
 
 TEST_F (ViewObject, UserRoleBobGetsGrants)
 
 TEST_F (ViewObject, GroupRoleFooGetsGrants)
 
 TEST_F (ViewObject, CalciteViewResolution)
 
 TEST_F (DashboardObject, AccessDefaultsTest)
 
 TEST_F (DashboardObject, AccessAfterGrantsTest)
 
 TEST_F (DashboardObject, AccessAfterRevokesTest)
 
 TEST_F (DashboardObject, GranteesDefaultListTest)
 
 TEST_F (DashboardObject, GranteesListAfterGrantsTest)
 
 TEST_F (DashboardObject, GranteesListAfterRevokesTest)
 
void create_tables (std::string prefix, int max)
 
void create_views (std::string prefix, int max)
 
void create_dashboards (std::string prefix, int max)
 
void assert_grants (std::string prefix, int i, bool expected)
 
void check_grant_access (std::string prefix, int max)
 
void drop_dashboards (std::string prefix, int max)
 
void drop_views (std::string prefix, int max)
 
void drop_tables (std::string prefix, int max)
 
void run_concurrency_test (std::string prefix, int max)
 
 TEST (Catalog, Concurrency)
 
 TEST (DBObject, LoadKey)
 
 TEST (SysCatalog, RenameUser_Basic)
 
 TEST (SysCatalog, RenameUser_AlreadyExisting)
 
 TEST (SysCatalog, RenameUser_UserDoesntExist)
 
std::unique_ptr< QRanonymous_namespace{DBObjectPrivilegesTest.cpp}::get_qr_for_user (const std::string &user_name, const Catalog_Namespace::UserMetadata &user_metadata)
 
 TEST (SysCatalog, RenameUser_AlreadyLoggedInQueryAfterRename)
 
 TEST (SysCatalog, RenameUser_ReloginWithOldName)
 
 TEST (SysCatalog, RenameUser_CheckPrivilegeTransfer)
 
 TEST (SysCatalog, RenameUser_SuperUserRenameCheck)
 
 TEST (SysCatalog, RenameDatabase_Basic)
 
 TEST (SysCatalog, RenameDatabase_WrongUser)
 
 TEST (SysCatalog, RenameDatabase_SuperUser)
 
 TEST (SysCatalog, RenameDatabase_ExistingDB)
 
 TEST (SysCatalog, RenameDatabase_FailedCopy)
 
 TEST (SysCatalog, RenameDatabase_PrivsTest)
 
 TEST (SysCatalog, GetDatabaseList)
 
 TEST (SysCatalog, LoginWithDefaultDatabase)
 
 TEST (SysCatalog, SwitchDatabase)
 
void anonymous_namespace{DBObjectPrivilegesTest.cpp}::compare_user_lists (const std::vector< std::string > &expected, const std::list< Catalog_Namespace::UserMetadata > &actual)
 
 TEST (SysCatalog, AllUserMetaTest)
 
 TEST (SysCatalog, RecursiveRolesUserMetaData)
 
int main (int argc, char *argv[])
 

Variables

std::shared_ptr< Calciteanonymous_namespace{DBObjectPrivilegesTest.cpp}::g_calcite
 
Catalog_Namespace::UserMetadata anonymous_namespace{DBObjectPrivilegesTest.cpp}::user
 
std::vector< DBObjectanonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects
 
auto & anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat = Catalog_Namespace::SysCatalog::instance()
 

Macro Definition Documentation

◆ BASE_PATH

#define BASE_PATH   "./tmp"

Definition at line 20 of file DBObjectPrivilegesTest.cpp.

Referenced by main().

Typedef Documentation

◆ QR

Definition at line 23 of file DBObjectPrivilegesTest.cpp.

Function Documentation

◆ assert_grants()

void assert_grants ( std::string  prefix,
int  i,
bool  expected 
)

Definition at line 1291 of file DBObjectPrivilegesTest.cpp.

References CHECK, DashboardDBObjectType, QueryRunner::QueryRunner::get(), DBObject::getPrivileges(), QueryRunner::QueryRunner::getSession(), AccessPrivileges::hasPermission(), TablePrivileges::SELECT_FROM_TABLE, ViewPrivileges::SELECT_FROM_VIEW, session, anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, TableDBObjectType, to_string(), DashboardPrivileges::VIEW_DASHBOARD, and ViewDBObjectType.

Referenced by check_grant_access().

1291  {
1292  auto session = QR::get()->getSession();
1293  CHECK(session);
1294  auto& cat = session->getCatalog();
1295 
1296  DBObject tablePermission(prefix + std::to_string(i), DBObjectType::TableDBObjectType);
1297  try {
1298  sys_cat.getDBObjectPrivileges("bob", tablePermission, cat);
1299  } catch (std::runtime_error& e) {
1300  }
1301  ASSERT_EQ(
1302  expected,
1303  tablePermission.getPrivileges().hasPermission(TablePrivileges::SELECT_FROM_TABLE));
1304 
1305  DBObject viewPermission("view_" + prefix + std::to_string(i),
1307  try {
1308  sys_cat.getDBObjectPrivileges("bob", viewPermission, cat);
1309  } catch (std::runtime_error& e) {
1310  }
1311  ASSERT_EQ(
1312  expected,
1313  viewPermission.getPrivileges().hasPermission(ViewPrivileges::SELECT_FROM_VIEW));
1314 
1315  auto fvd =
1316  cat.getMetadataForDashboard(std::to_string(session->get_currentUser().userId),
1317  "dash_" + prefix + std::to_string(i));
1318  DBObject dashPermission(fvd->dashboardId, DBObjectType::DashboardDBObjectType);
1319  try {
1320  sys_cat.getDBObjectPrivileges("bob", dashPermission, cat);
1321  } catch (std::runtime_error& e) {
1322  }
1323  ASSERT_EQ(
1324  expected,
1325  dashPermission.getPrivileges().hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1326 }
static const int32_t SELECT_FROM_VIEW
Definition: DBObject.h:115
std::string to_string(char const *&&v)
static QueryRunner * get()
Definition: QueryRunner.h:115
static const int32_t VIEW_DASHBOARD
Definition: DBObject.h:104
#define CHECK(condition)
Definition: Logger.h:187
static const int32_t SELECT_FROM_TABLE
Definition: DBObject.h:89
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ check_grant_access()

void check_grant_access ( std::string  prefix,
int  max 
)

Definition at line 1328 of file DBObjectPrivilegesTest.cpp.

References assert_grants(), CHECK, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getSession(), run_ddl_statement(), session, and to_string().

Referenced by run_concurrency_test().

1328  {
1329  auto session = QR::get()->getSession();
1330  CHECK(session);
1331  auto& cat = session->getCatalog();
1332 
1333  for (int i = 0; i < max; i++) {
1334  assert_grants(prefix, i, false);
1335 
1336  auto fvd =
1337  cat.getMetadataForDashboard(std::to_string(session->get_currentUser().userId),
1338  "dash_" + prefix + std::to_string(i));
1339  run_ddl_statement("GRANT SELECT ON TABLE " + prefix + std::to_string(i) + " TO bob;");
1340  run_ddl_statement("GRANT SELECT ON VIEW view_" + prefix + std::to_string(i) +
1341  " TO bob;");
1342  run_ddl_statement("GRANT VIEW ON DASHBOARD " + std::to_string(fvd->dashboardId) +
1343  " TO bob;");
1344  assert_grants(prefix, i, true);
1345 
1346  run_ddl_statement("REVOKE SELECT ON TABLE " + prefix + std::to_string(i) +
1347  " FROM bob;");
1348  run_ddl_statement("REVOKE SELECT ON VIEW view_" + prefix + std::to_string(i) +
1349  " FROM bob;");
1350  run_ddl_statement("REVOKE VIEW ON DASHBOARD " + std::to_string(fvd->dashboardId) +
1351  " FROM bob;");
1352  assert_grants(prefix, i, false);
1353  }
1354 }
std::string to_string(char const *&&v)
static QueryRunner * get()
Definition: QueryRunner.h:115
#define CHECK(condition)
Definition: Logger.h:187
void assert_grants(std::string prefix, int i, bool expected)
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ create_dashboards()

void create_dashboards ( std::string  prefix,
int  max 
)

Definition at line 1268 of file DBObjectPrivilegesTest.cpp.

References CHECK, DashboardDescriptor::dashboardMetadata, DashboardDescriptor::dashboardName, DashboardDescriptor::dashboardState, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getSession(), DashboardDescriptor::imageHash, session, to_string(), DashboardDescriptor::user, and DashboardDescriptor::userId.

Referenced by run_concurrency_test().

1268  {
1269  auto session = QR::get()->getSession();
1270  CHECK(session);
1271  auto& cat = session->getCatalog();
1272  for (int i = 0; i < max; i++) {
1273  std::string name = "dash_" + prefix + std::to_string(i);
1275  vd.dashboardName = name;
1276  vd.dashboardState = name;
1277  vd.imageHash = name;
1278  vd.dashboardMetadata = name;
1279  vd.userId = session->get_currentUser().userId;
1280  ASSERT_EQ(0, session->get_currentUser().userId);
1281  vd.user = session->get_currentUser().userName;
1282  cat.createDashboard(vd);
1283 
1284  auto fvd = cat.getMetadataForDashboard(
1285  std::to_string(session->get_currentUser().userId), name);
1286  ASSERT_TRUE(fvd);
1287  ASSERT_EQ(fvd->dashboardName, name);
1288  }
1289 }
std::string to_string(char const *&&v)
static QueryRunner * get()
Definition: QueryRunner.h:115
#define CHECK(condition)
Definition: Logger.h:187
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ create_tables()

void create_tables ( std::string  prefix,
int  max 
)

Definition at line 1243 of file DBObjectPrivilegesTest.cpp.

References QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getCatalog(), run_ddl_statement(), and to_string().

Referenced by run_concurrency_test().

1243  {
1244  const auto cat = QR::get()->getCatalog();
1245  for (int i = 0; i < max; i++) {
1246  std::string name = prefix + std::to_string(i);
1247  run_ddl_statement("CREATE TABLE " + name + " (id integer);");
1248  auto td = cat->getMetadataForTable(name, false);
1249  ASSERT_TRUE(td);
1250  ASSERT_EQ(td->isView, false);
1251  ASSERT_EQ(td->tableName, name);
1252  }
1253 }
std::string to_string(char const *&&v)
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ create_views()

void create_views ( std::string  prefix,
int  max 
)

Definition at line 1255 of file DBObjectPrivilegesTest.cpp.

References QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getCatalog(), run_ddl_statement(), and to_string().

Referenced by main(), and run_concurrency_test().

1255  {
1256  const auto cat = QR::get()->getCatalog();
1257  for (int i = 0; i < max; i++) {
1258  std::string name = "view_" + prefix + std::to_string(i);
1259  run_ddl_statement("CREATE VIEW " + name + " AS SELECT * FROM " + prefix +
1260  std::to_string(i) + ";");
1261  auto td = cat->getMetadataForTable(name, false);
1262  ASSERT_TRUE(td);
1263  ASSERT_EQ(td->isView, true);
1264  ASSERT_EQ(td->tableName, name);
1265  }
1266 }
std::string to_string(char const *&&v)
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ drop_dashboards()

void drop_dashboards ( std::string  prefix,
int  max 
)

Definition at line 1356 of file DBObjectPrivilegesTest.cpp.

References CHECK, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getSession(), session, and to_string().

Referenced by DashboardObject::DashboardObject(), run_concurrency_test(), and DashboardObject::~DashboardObject().

1356  {
1357  auto session = QR::get()->getSession();
1358  CHECK(session);
1359  auto& cat = session->getCatalog();
1360 
1361  for (int i = 0; i < max; i++) {
1362  std::string name = "dash_" + prefix + std::to_string(i);
1363 
1364  cat.deleteMetadataForDashboard(std::to_string(session->get_currentUser().userId),
1365  name);
1366  auto fvd = cat.getMetadataForDashboard(
1367  std::to_string(session->get_currentUser().userId), name);
1368  ASSERT_FALSE(fvd);
1369  }
1370 }
std::string to_string(char const *&&v)
static QueryRunner * get()
Definition: QueryRunner.h:115
#define CHECK(condition)
Definition: Logger.h:187
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ drop_tables()

void drop_tables ( std::string  prefix,
int  max 
)

Definition at line 1383 of file DBObjectPrivilegesTest.cpp.

References QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getCatalog(), run_ddl_statement(), and to_string().

Referenced by GrantSyntax::GrantSyntax(), main(), run_concurrency_test(), TableObject::TableObject(), GrantSyntax::~GrantSyntax(), and TableObject::~TableObject().

1383  {
1384  const auto cat = QR::get()->getCatalog();
1385 
1386  for (int i = 0; i < max; i++) {
1387  std::string name = prefix + std::to_string(i);
1388  run_ddl_statement("DROP TABLE " + name + ";");
1389  auto td = cat->getMetadataForTable(name, false);
1390  ASSERT_FALSE(td);
1391  }
1392 }
std::string to_string(char const *&&v)
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ drop_views()

void drop_views ( std::string  prefix,
int  max 
)

Definition at line 1372 of file DBObjectPrivilegesTest.cpp.

References QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getCatalog(), run_ddl_statement(), and to_string().

Referenced by main(), and run_concurrency_test().

1372  {
1373  const auto cat = QR::get()->getCatalog();
1374 
1375  for (int i = 0; i < max; i++) {
1376  std::string name = "view_" + prefix + std::to_string(i);
1377  run_ddl_statement("DROP VIEW " + name + ";");
1378  auto td = cat->getMetadataForTable(name, false);
1379  ASSERT_FALSE(td);
1380  }
1381 }
std::string to_string(char const *&&v)
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ main()

int main ( int  argc,
char *  argv[] 
)

Definition at line 2325 of file DBObjectPrivilegesTest.cpp.

References BASE_PATH, logger::ERROR, anonymous_namespace{DBObjectPrivilegesTest.cpp}::g_calcite, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getCatalog(), QueryRunner::QueryRunner::init(), TestHelpers::init_logger_stderr_only(), LOG, and QueryRunner::QueryRunner::reset().

2325  {
2327  testing::InitGoogleTest(&argc, argv);
2328 
2330 
2331  g_calcite = QR::get()->getCatalog()->getCalciteMgr();
2332 
2333  int err{0};
2334  try {
2335  err = RUN_ALL_TESTS();
2336  } catch (const std::exception& e) {
2337  LOG(ERROR) << e.what();
2338  }
2339  QR::reset();
2340  return err;
2341 }
#define LOG(tag)
Definition: Logger.h:182
#define BASE_PATH
static QueryRunner * init(const char *db_path, const std::string &udf_filename="", const size_t max_gpu_mem=0, const int reserved_gpu_mem=256<< 20)
Definition: QueryRunner.h:70
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
void init_logger_stderr_only(int argc, char const *const *argv)
Definition: TestHelpers.h:194
+ Here is the call graph for this function:

◆ run_concurrency_test()

void run_concurrency_test ( std::string  prefix,
int  max 
)

Definition at line 1394 of file DBObjectPrivilegesTest.cpp.

References check_grant_access(), create_dashboards(), create_tables(), create_views(), drop_dashboards(), drop_tables(), and drop_views().

Referenced by TEST().

1394  {
1395  create_tables(prefix, max);
1396  create_views(prefix, max);
1397  create_dashboards(prefix, max);
1398  check_grant_access(prefix, max);
1399  drop_dashboards(prefix, max);
1400  drop_views(prefix, max);
1401  drop_tables(prefix, max);
1402 }
void create_tables(std::string prefix, int max)
void check_grant_access(std::string prefix, int max)
void drop_views(std::string prefix, int max)
void drop_dashboards(std::string prefix, int max)
void create_dashboards(std::string prefix, int max)
void drop_tables(std::string prefix, int max)
void create_views(std::string prefix, int max)
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ TEST() [1/23]

TEST ( UserRoles  ,
InvalidGrantsRevokesTest   
)

Definition at line 303 of file DBObjectPrivilegesTest.cpp.

References run_ddl_statement().

303  {
304  run_ddl_statement("CREATE USER Antazin(password = 'password', is_super = 'false');");
305  run_ddl_statement("CREATE USER Max(password = 'password', is_super = 'false');");
306 
307  EXPECT_THROW(run_ddl_statement("GRANT Antazin to Antazin;"), std::runtime_error);
308  EXPECT_THROW(run_ddl_statement("REVOKE Antazin from Antazin;"), std::runtime_error);
309  EXPECT_THROW(run_ddl_statement("GRANT Antazin to Max;"), std::runtime_error);
310  EXPECT_THROW(run_ddl_statement("REVOKE Antazin from Max;"), std::runtime_error);
311  EXPECT_THROW(run_ddl_statement("GRANT Max to Antazin;"), std::runtime_error);
312  EXPECT_THROW(run_ddl_statement("REVOKE Max from Antazin;"), std::runtime_error);
313 
314  run_ddl_statement("DROP USER Antazin;");
315  run_ddl_statement("DROP USER Max;");
316 }
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [2/23]

TEST ( UserRoles  ,
ValidNames   
)

Definition at line 318 of file DBObjectPrivilegesTest.cpp.

References run_ddl_statement().

318  {
319  EXPECT_NO_THROW(
320  run_ddl_statement("CREATE USER \"dumm.user\" (password = 'password');"));
321  EXPECT_NO_THROW(run_ddl_statement("DROP USER \"dumm.user\";"));
322  EXPECT_NO_THROW(run_ddl_statement("CREATE USER vasya (password = 'password');"));
323  EXPECT_NO_THROW(
324  run_ddl_statement("CREATE USER vasya.vasya@vasya.com (password = 'password');"));
325  EXPECT_NO_THROW(run_ddl_statement(
326  "CREATE USER \"vasya ivanov\"@vasya.ivanov.com (password = 'password');"));
327  EXPECT_NO_THROW(run_ddl_statement("CREATE USER vasya-vasya (password = 'password');"));
328  EXPECT_NO_THROW(run_ddl_statement("CREATE ROLE developer;"));
329  EXPECT_NO_THROW(run_ddl_statement("CREATE ROLE developer-backend;"));
330  EXPECT_NO_THROW(run_ddl_statement("CREATE ROLE developer-backend-rendering;"));
331  EXPECT_NO_THROW(run_ddl_statement("GRANT developer-backend-rendering TO vasya;"));
332  EXPECT_NO_THROW(
333  run_ddl_statement("GRANT developer-backend TO \"vasya ivanov\"@vasya.ivanov.com;"));
334  EXPECT_NO_THROW(run_ddl_statement("GRANT developer TO vasya.vasya@vasya.com;"));
335  EXPECT_NO_THROW(run_ddl_statement("GRANT developer-backend-rendering TO vasya-vasya;"));
336  EXPECT_NO_THROW(run_ddl_statement("DROP USER vasya;"));
337  EXPECT_NO_THROW(run_ddl_statement("DROP USER vasya.vasya@vasya.com;"));
338  EXPECT_NO_THROW(run_ddl_statement("DROP USER \"vasya ivanov\"@vasya.ivanov.com;"));
339  EXPECT_NO_THROW(run_ddl_statement("DROP USER vasya-vasya;"));
340  EXPECT_NO_THROW(run_ddl_statement("DROP ROLE developer;"));
341  EXPECT_NO_THROW(run_ddl_statement("DROP ROLE developer-backend;"));
342  EXPECT_NO_THROW(run_ddl_statement("DROP ROLE developer-backend-rendering;"));
343 }
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [3/23]

TEST ( UserRoles  ,
RoleHierarchies   
)

Definition at line 345 of file DBObjectPrivilegesTest.cpp.

References AccessPrivileges::add(), CHECK, AccessPrivileges::DELETE_FROM_TABLE, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getSession(), AccessPrivileges::INSERT_INTO_TABLE, anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, AccessPrivileges::remove(), run_ddl_statement(), AccessPrivileges::SELECT_FROM_TABLE, session, anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, TableDBObjectType, and AccessPrivileges::UPDATE_IN_TABLE.

345  {
346  // hr prefix here stands for hierarchical roles
347 
348  // create objects
349  run_ddl_statement("CREATE USER hr_u1 (password = 'u1');");
350  run_ddl_statement("CREATE ROLE hr_r1;");
351  run_ddl_statement("CREATE ROLE hr_r2;");
352  run_ddl_statement("CREATE ROLE hr_r3;");
353  run_ddl_statement("CREATE ROLE hr_r4;");
354  run_ddl_statement("CREATE TABLE hr_tbl1 (i INTEGER);");
355 
356  // check that we can't create cycles
357  EXPECT_NO_THROW(run_ddl_statement("GRANT hr_r4 TO hr_r3;"));
358  EXPECT_THROW(run_ddl_statement("GRANT hr_r3 TO hr_r4;"), std::runtime_error);
359  EXPECT_NO_THROW(run_ddl_statement("GRANT hr_r3 TO hr_r2;"));
360  EXPECT_THROW(run_ddl_statement("GRANT hr_r2 TO hr_r4;"), std::runtime_error);
361 
362  // make the grant hierarchy
363  EXPECT_NO_THROW(run_ddl_statement("GRANT hr_r2 TO hr_r1;"));
364  EXPECT_NO_THROW(run_ddl_statement("GRANT hr_r1 TO hr_u1;"));
365  EXPECT_NO_THROW(run_ddl_statement("GRANT SELECT ON TABLE hr_tbl1 TO hr_r1;"));
366  EXPECT_NO_THROW(run_ddl_statement("GRANT INSERT ON TABLE hr_tbl1 TO hr_r2;"));
367  EXPECT_NO_THROW(run_ddl_statement("GRANT DELETE ON TABLE hr_tbl1 TO hr_r3;"));
368  EXPECT_NO_THROW(run_ddl_statement("GRANT UPDATE ON TABLE hr_tbl1 TO hr_r4;"));
369 
370  // check that we see privileges gratnted via roles' hierarchy
371  auto session = QR::get()->getSession();
372  CHECK(session);
373  auto& cat = session->getCatalog();
374  AccessPrivileges tbl_privs;
375  ASSERT_NO_THROW(tbl_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
376  ASSERT_NO_THROW(tbl_privs.add(AccessPrivileges::INSERT_INTO_TABLE));
377  ASSERT_NO_THROW(tbl_privs.add(AccessPrivileges::DELETE_FROM_TABLE));
378  ASSERT_NO_THROW(tbl_privs.add(AccessPrivileges::UPDATE_IN_TABLE));
379  DBObject tbl1_object("hr_tbl1", DBObjectType::TableDBObjectType);
380  tbl1_object.loadKey(cat);
381  ASSERT_NO_THROW(tbl1_object.setPrivileges(tbl_privs));
382  privObjects.clear();
383  privObjects.push_back(tbl1_object);
384  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), true);
385  // check that when we remove privilege from one role, it's grantees are updated
386  EXPECT_NO_THROW(run_ddl_statement("REVOKE DELETE ON TABLE hr_tbl1 FROM hr_r3;"));
387  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), false);
389  ASSERT_NO_THROW(tbl1_object.setPrivileges(tbl_privs));
390  privObjects.clear();
391  privObjects.push_back(tbl1_object);
392  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), true);
393  // check that if we remove a role from a middle of hierarchy everythings is fine
394  EXPECT_NO_THROW(run_ddl_statement("REVOKE hr_r2 FROM hr_r1;"));
395  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), false);
397  ASSERT_NO_THROW(tbl1_object.setPrivileges(tbl_privs));
398  privObjects.clear();
399  privObjects.push_back(tbl1_object);
400  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), false);
402  ASSERT_NO_THROW(tbl1_object.setPrivileges(tbl_privs));
403  privObjects.clear();
404  privObjects.push_back(tbl1_object);
405  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), true);
406 
407  // clean-up objects
408  run_ddl_statement("DROP USER hr_u1;");
409  run_ddl_statement("DROP ROLE hr_r1;");
410  run_ddl_statement("DROP ROLE hr_r2;");
411  run_ddl_statement("DROP ROLE hr_r3;");
412  run_ddl_statement("DROP ROLE hr_r4;");
413  run_ddl_statement("DROP TABLE hr_tbl1;");
414 }
static const AccessPrivileges INSERT_INTO_TABLE
Definition: DBObject.h:154
static const AccessPrivileges SELECT_FROM_TABLE
Definition: DBObject.h:153
void remove(AccessPrivileges newprivs)
Definition: DBObject.h:139
void add(AccessPrivileges newprivs)
Definition: DBObject.h:138
static const AccessPrivileges DELETE_FROM_TABLE
Definition: DBObject.h:156
static QueryRunner * get()
Definition: QueryRunner.h:115
#define CHECK(condition)
Definition: Logger.h:187
static const AccessPrivileges UPDATE_IN_TABLE
Definition: DBObject.h:155
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [4/23]

TEST ( Catalog  ,
Concurrency   
)

Definition at line 1404 of file DBObjectPrivilegesTest.cpp.

References run_concurrency_test(), run_ddl_statement(), and to_string().

1404  {
1405  run_ddl_statement("CREATE USER bob (password = 'password', is_super = 'false');");
1406  std::string prefix = "for_bob";
1407 
1408  // only a single thread at the moment!
1409  // because calcite access the sqlite-dbs
1410  // directly when started in this mode
1411  int num_threads = 1;
1412  std::vector<std::shared_ptr<std::thread>> my_threads;
1413 
1414  for (int i = 0; i < num_threads; i++) {
1415  std::string prefix = "for_bob_" + std::to_string(i) + "_";
1416  my_threads.push_back(
1417  std::make_shared<std::thread>(run_concurrency_test, prefix, 100));
1418  }
1419 
1420  for (auto& thread : my_threads) {
1421  thread->join();
1422  }
1423 
1424  run_ddl_statement("DROP USER bob;");
1425 }
std::string to_string(char const *&&v)
void run_concurrency_test(std::string prefix, int max)
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [5/23]

TEST ( DBObject  ,
LoadKey   
)

Definition at line 1427 of file DBObjectPrivilegesTest.cpp.

References DatabaseDBObjectType, Catalog_Namespace::Catalog::get(), DBObject::loadKey(), OMNISCI_DEFAULT_DB, run_ddl_statement(), TableDBObjectType, and ViewDBObjectType.

1427  {
1428  static const std::string tbname{"test_tb"};
1429  static const std::string vwname{"test_vw"};
1430 
1431  // cleanup
1432  struct CleanupGuard {
1433  ~CleanupGuard() {
1434  run_ddl_statement("DROP VIEW IF EXISTS " + vwname + ";");
1435  run_ddl_statement("DROP TABLE IF EXISTS " + tbname + ";");
1436  }
1437  } cleanupGuard;
1438 
1439  // setup
1440  run_ddl_statement("CREATE TABLE IF NOT EXISTS " + tbname + "(id integer);");
1441  run_ddl_statement("CREATE VIEW IF NOT EXISTS " + vwname + " AS SELECT id FROM " +
1442  tbname + ";");
1443 
1444  // test the LoadKey() function
1446 
1450 
1451  ASSERT_NO_THROW(dbo1.loadKey());
1452  ASSERT_NO_THROW(dbo2.loadKey(*cat));
1453  ASSERT_NO_THROW(dbo3.loadKey(*cat));
1454 }
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [6/23]

TEST ( SysCatalog  ,
RenameUser_Basic   
)

Definition at line 1456 of file DBObjectPrivilegesTest.cpp.

References run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1456  {
1457  using namespace std::string_literals;
1458  auto username = "chuck"s;
1459  auto database_name = "nydb"s;
1460  auto rename_successful = false;
1461 
1462  ScopeGuard scope_guard = [&rename_successful] {
1463  if (rename_successful) {
1464  run_ddl_statement("DROP USER cryingchuck;");
1465  } else {
1466  run_ddl_statement("DROP USER chuck");
1467  }
1468  run_ddl_statement("DROP DATABASE nydb;");
1469  };
1470 
1472  auto username_out(username);
1473  auto database_out(database_name);
1474 
1475  run_ddl_statement("CREATE USER chuck (password='password');");
1476  run_ddl_statement("CREATE DATABASE nydb (owner='chuck');");
1477  run_ddl_statement("ALTER USER chuck (default_db='nydb')");
1478 
1479  // Check ability to login
1480  ASSERT_NO_THROW(
1481  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1482 
1483  // Rename should be fine
1484  EXPECT_NO_THROW(run_ddl_statement("ALTER USER chuck RENAME TO cryingchuck;"););
1485 
1486  rename_successful = true;
1487 
1488  // Check if we can login as the new user
1489  username_out = "cryingchuck"s;
1490  ASSERT_NO_THROW(
1491  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1492 }
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [7/23]

TEST ( SysCatalog  ,
RenameUser_AlreadyExisting   
)

Definition at line 1494 of file DBObjectPrivilegesTest.cpp.

References run_ddl_statement().

1494  {
1495  using namespace std::string_literals;
1496 
1497  auto username = "chuck"s;
1498  auto new_username = "marcy"s;
1499 
1500  ScopeGuard scope_guard = [] {
1501  run_ddl_statement("DROP USER chuck;");
1502  run_ddl_statement("DROP USER marcy;");
1503  };
1504 
1505  run_ddl_statement("CREATE USER chuck (password='password');");
1506  run_ddl_statement("CREATE USER marcy (password='password');");
1507 
1508  EXPECT_THROW(run_ddl_statement("ALTER USER chuck RENAME TO marcy;"),
1509  std::runtime_error);
1510 }
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [8/23]

TEST ( SysCatalog  ,
RenameUser_UserDoesntExist   
)

Definition at line 1512 of file DBObjectPrivilegesTest.cpp.

References run_ddl_statement().

1512  {
1513  using namespace std::string_literals;
1514 
1515  EXPECT_THROW(run_ddl_statement("ALTER USER lemont RENAME TO sanford;"),
1516  std::runtime_error);
1517 }
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [9/23]

TEST ( SysCatalog  ,
RenameUser_AlreadyLoggedInQueryAfterRename   
)

Definition at line 1534 of file DBObjectPrivilegesTest.cpp.

References CPU, anonymous_namespace{DBObjectPrivilegesTest.cpp}::get_qr_for_user(), run-benchmark-import::result, run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1534  {
1535  using namespace std::string_literals;
1536  auto username = "chuck"s;
1537  auto database_name = "nydb"s;
1538  auto rename_successful = false;
1539 
1540  ScopeGuard scope_guard = [&rename_successful] {
1541  if (rename_successful) {
1542  run_ddl_statement("DROP USER cryingchuck;");
1543  } else {
1544  run_ddl_statement("DROP USER chuck");
1545  }
1546  run_ddl_statement("DROP DATABASE nydb;");
1547  };
1548 
1550  auto username_out(username);
1551  auto database_out(database_name);
1552 
1553  EXPECT_NO_THROW(run_ddl_statement("CREATE USER chuck (password='password');"));
1554  EXPECT_NO_THROW(run_ddl_statement("CREATE DATABASE nydb (owner='chuck');"));
1555  EXPECT_NO_THROW(run_ddl_statement("ALTER USER chuck (default_db='nydb')"));
1556 
1557  // Check ability to login
1558  ASSERT_NO_THROW(
1559  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1560 
1561  auto dt = ExecutorDeviceType::CPU;
1562 
1564  username_out = "chuck"s;
1565  database_out = "nydb"s;
1566  ASSERT_NO_THROW(
1567  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1568 
1569  auto chuck_qr = get_qr_for_user("nydb"s, user_meta2);
1570  EXPECT_NO_THROW(chuck_qr->runDDLStatement("create table chaos ( x integer );"));
1571  EXPECT_NO_THROW(chuck_qr->runSQL("insert into chaos values ( 1234 );", dt));
1572 
1573  // Rename should be fine
1574  EXPECT_NO_THROW(run_ddl_statement("ALTER USER chuck RENAME TO cryingchuck;"););
1575 
1576  rename_successful = true;
1577 
1578  // After the rename, can we query with the old session?
1579  EXPECT_THROW(chuck_qr->runSQL("select x from chaos limit 1;", dt), std::runtime_error);
1580 
1582  username_out = "cryingchuck"s;
1583  ASSERT_NO_THROW(
1584  sys_cat.login(database_out, username_out, "password"s, user_meta3, false));
1585 
1586  auto cryingchuck_qr = get_qr_for_user("nydb"s, user_meta3);
1587  // After the rename, can we query with the new session?
1588  auto result = cryingchuck_qr->runSQL("select x from chaos limit 1;", dt);
1589  ASSERT_EQ(result->rowCount(), size_t(1));
1590  const auto crt_row = result->getNextRow(true, true);
1591  ASSERT_EQ(crt_row.size(), size_t(1));
1592  ASSERT_EQ(1234, v<int64_t>(crt_row[0]));
1593 }
std::unique_ptr< QR > get_qr_for_user(const std::string &user_name, const Catalog_Namespace::UserMetadata &user_metadata)
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [10/23]

TEST ( SysCatalog  ,
RenameUser_ReloginWithOldName   
)

Definition at line 1595 of file DBObjectPrivilegesTest.cpp.

References CPU, Catalog_Namespace::Catalog::get(), run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1595  {
1596  using namespace std::string_literals;
1597  auto username = "chuck"s;
1598  auto database_name = "nydb"s;
1599  auto rename_successful = false;
1600 
1601  ScopeGuard scope_guard = [&rename_successful] {
1602  if (rename_successful) {
1603  run_ddl_statement("DROP USER cryingchuck;");
1604  } else {
1605  run_ddl_statement("DROP USER chuck");
1606  }
1607  run_ddl_statement("DROP DATABASE nydb;");
1608  };
1609 
1611  auto username_out(username);
1612  auto database_out(database_name);
1613 
1614  EXPECT_NO_THROW(run_ddl_statement("CREATE USER chuck (password='password');"));
1615  EXPECT_NO_THROW(run_ddl_statement("CREATE DATABASE nydb (owner='chuck');"));
1616  EXPECT_NO_THROW(run_ddl_statement("ALTER USER chuck (default_db='nydb')"));
1617 
1618  // Check ability to login
1619  ASSERT_NO_THROW(
1620  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1621 
1623  username_out = "chuck"s;
1624  database_out = "nydb"s;
1625  ASSERT_NO_THROW(
1626  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1627 
1628  auto chuck_session = std::make_unique<Catalog_Namespace::SessionInfo>(
1629  Catalog_Namespace::Catalog::get("nydb"s), user_meta2, ExecutorDeviceType::CPU, "");
1630  auto chuck_qr = std::make_unique<QR>(std::move(chuck_session));
1631  EXPECT_NO_THROW(chuck_qr->runDDLStatement("create table chaos ( x integer );"));
1632  EXPECT_NO_THROW(
1633  chuck_qr->runSQL("insert into chaos values ( 1234 );", ExecutorDeviceType::CPU));
1634 
1635  // Rename should be fine
1636  EXPECT_NO_THROW(run_ddl_statement("ALTER USER chuck RENAME TO cryingchuck;"););
1637 
1638  rename_successful = true;
1639 
1641  EXPECT_THROW(sys_cat.login(database_out, username_out, "password"s, user_meta3, false),
1642  std::runtime_error);
1643 }
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [11/23]

TEST ( SysCatalog  ,
RenameUser_CheckPrivilegeTransfer   
)

Definition at line 1645 of file DBObjectPrivilegesTest.cpp.

References CPU, Catalog_Namespace::Catalog::get(), run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1645  {
1646  using namespace std::string_literals;
1647  auto rename_successful = false;
1648 
1649  ScopeGuard s = [&rename_successful] {
1650  run_ddl_statement("DROP USER rom;");
1651 
1652  if (rename_successful) {
1653  run_ddl_statement("DROP USER renamed_quark;");
1654  } else {
1655  run_ddl_statement("DROP USER quark;");
1656  }
1657  run_ddl_statement("DROP DATABASE Ferengi;");
1658  };
1659 
1660  EXPECT_NO_THROW(
1661  run_ddl_statement("CREATE USER quark (password='password',is_super='false');"));
1662  EXPECT_NO_THROW(
1663  run_ddl_statement("CREATE USER rom (password='password',is_super='false');"));
1664  EXPECT_NO_THROW(run_ddl_statement("CREATE DATABASE Ferengi (owner='rom');"));
1665 
1666  auto database_out = "Ferengi"s;
1667  auto username_out = "rom"s;
1669  ASSERT_NO_THROW(
1670  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1671 
1672  auto dt = ExecutorDeviceType::CPU;
1673 
1674  // Log in as rom, create the database tables
1676  username_out = "rom"s;
1677  database_out = "Ferengi"s;
1678  ASSERT_NO_THROW(
1679  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1680 
1681  auto rom_session = std::make_unique<Catalog_Namespace::SessionInfo>(
1682  Catalog_Namespace::Catalog::get("Ferengi"s),
1683  user_meta2,
1685  "");
1686  auto rom_qr = std::make_unique<QR>(std::move(rom_session));
1687 
1688  EXPECT_NO_THROW(
1689  rom_qr->runDDLStatement("create table bank_account ( latinum integer );"));
1690  EXPECT_NO_THROW(
1691  rom_qr->runDDLStatement("create view riches as select * from bank_account;"));
1692  EXPECT_NO_THROW(rom_qr->runSQL("insert into bank_account values (1234);", dt));
1693 
1694  EXPECT_NO_THROW(rom_qr->runDDLStatement("grant access on database Ferengi to quark;"));
1695  EXPECT_NO_THROW(
1696  rom_qr->runDDLStatement("grant select on table bank_account to quark;"));
1697  EXPECT_NO_THROW(rom_qr->runDDLStatement("grant select on view riches to quark;"));
1698 
1699  run_ddl_statement("ALTER USER quark RENAME TO renamed_quark;");
1700 
1701  rename_successful = true;
1702 
1704  username_out = "renamed_quark"s;
1705  database_out = "Ferengi"s;
1706  ASSERT_NO_THROW(
1707  sys_cat.login(database_out, username_out, "password"s, user_meta3, false));
1708 
1709  auto renamed_quark_session = std::make_unique<Catalog_Namespace::SessionInfo>(
1710  Catalog_Namespace::Catalog::get("Ferengi"s),
1711  user_meta3,
1713  "");
1714  auto renamed_quark_qr = std::make_unique<QR>(std::move(renamed_quark_session));
1715 
1716  EXPECT_NO_THROW(renamed_quark_qr->runSQL("select * from bank_account;", dt));
1717  EXPECT_NO_THROW(renamed_quark_qr->runSQL("select * from riches;", dt));
1718 }
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [12/23]

TEST ( SysCatalog  ,
RenameUser_SuperUserRenameCheck   
)

Definition at line 1720 of file DBObjectPrivilegesTest.cpp.

References CPU, Catalog_Namespace::Catalog::get(), run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1720  {
1721  using namespace std::string_literals;
1722 
1723  ScopeGuard s = [] {
1724  run_ddl_statement("DROP USER rom;");
1725  run_ddl_statement("DROP USER quark;");
1726 
1727  run_ddl_statement("DROP DATABASE Ferengi;");
1728  };
1729 
1730  run_ddl_statement("CREATE USER quark (password='password',is_super='false');");
1731  run_ddl_statement("CREATE USER rom (password='password',is_super='false');");
1732  run_ddl_statement("CREATE DATABASE Ferengi (owner='rom');");
1733 
1734  auto database_out = "Ferengi"s;
1735  auto username_out = "rom"s;
1737  ASSERT_NO_THROW(
1738  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1739 
1740  // Log in as rom, create the database tables
1742  username_out = "rom"s;
1743  database_out = "Ferengi"s;
1744  ASSERT_NO_THROW(
1745  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1746 
1747  auto rom_session = std::make_unique<Catalog_Namespace::SessionInfo>(
1748  Catalog_Namespace::Catalog::get("Ferengi"s),
1749  user_meta2,
1751  "");
1752  auto rom_qr = std::make_unique<QR>(std::move(rom_session));
1753  EXPECT_THROW(rom_qr->runDDLStatement("ALTER USER quark RENAME TO renamed_quark;"),
1754  std::runtime_error);
1755 }
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [13/23]

TEST ( SysCatalog  ,
RenameDatabase_Basic   
)

Definition at line 1757 of file DBObjectPrivilegesTest.cpp.

References run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1757  {
1758  using namespace std::string_literals;
1759  auto username = "magicwand"s;
1760  auto database_name = "gdpgrowth"s;
1761 
1762  auto rename_successful = false;
1763 
1764  ScopeGuard scope_guard = [&rename_successful] {
1765  if (!rename_successful) {
1766  run_ddl_statement("DROP DATABASE gdpgrowth;");
1767  } else {
1768  run_ddl_statement("DROP DATABASE moregdpgrowth;");
1769  }
1770  run_ddl_statement("DROP USER magicwand;");
1771  };
1772 
1773  run_ddl_statement("CREATE DATABASE gdpgrowth;");
1775  "CREATE USER magicwand (password='threepercent', default_db='gdpgrowth');");
1776 
1778  auto username_out(username);
1779  auto database_out(database_name);
1780 
1781  ASSERT_NO_THROW(
1782  sys_cat.login(database_out, username_out, "threepercent"s, user_meta, false));
1783  EXPECT_EQ(database_name, database_out);
1784 
1785  rename_successful = true;
1786 
1787  run_ddl_statement("ALTER DATABASE gdpgrowth RENAME TO moregdpgrowth;");
1788 
1789  username_out = username;
1790  database_out = database_name;
1791 
1792  EXPECT_THROW(
1793  sys_cat.login(database_out, username_out, "threepercent"s, user_meta, false),
1794  std::runtime_error);
1795 
1796  username_out = username;
1797  database_out = "moregdpgrowth";
1798 
1799  // Successfully login
1800  EXPECT_NO_THROW(
1801  sys_cat.login(database_out, username_out, "threepercent"s, user_meta, false));
1802 }
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [14/23]

TEST ( SysCatalog  ,
RenameDatabase_WrongUser   
)

Definition at line 1804 of file DBObjectPrivilegesTest.cpp.

References anonymous_namespace{DBObjectPrivilegesTest.cpp}::get_qr_for_user(), run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1804  {
1805  using namespace std::string_literals;
1806  auto username = "reader"s;
1807  auto database_name = "fnews"s;
1808 
1809  ScopeGuard scope_gard = [] {
1810  run_ddl_statement("DROP USER reader;");
1811  run_ddl_statement("DROP USER jkyle;");
1812 
1813  run_ddl_statement("DROP DATABASE qworg;");
1814  run_ddl_statement("DROP DATABASE fnews;");
1815  };
1816 
1817  run_ddl_statement("CREATE USER reader (password='rabbit');");
1818  run_ddl_statement("CREATE USER jkyle (password='password');");
1819 
1820  run_ddl_statement("CREATE DATABASE fnews (owner='reader');");
1821  run_ddl_statement("CREATE DATABASE qworg (owner='jkyle');");
1822 
1823  run_ddl_statement("ALTER USER reader (default_db='fnews');");
1824  run_ddl_statement("ALTER USER jkyle (default_db='qworg');");
1825 
1827  auto username_out(username);
1828  auto database_out(database_name);
1829 
1830  ASSERT_NO_THROW(sys_cat.login(database_out, username_out, "rabbit"s, user_meta, false));
1831  EXPECT_EQ(database_name, database_out);
1832 
1834  username_out = "jkyle"s;
1835  database_out = "qworg"s;
1836  ASSERT_NO_THROW(
1837  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1838 
1839  // Should not be permissable
1840  auto alternate_qr = get_qr_for_user("qworg"s, user_meta2);
1841  EXPECT_THROW(alternate_qr->runDDLStatement("ALTER DATABASE fnews RENAME TO cnn;"),
1842  std::runtime_error);
1843 }
std::unique_ptr< QR > get_qr_for_user(const std::string &user_name, const Catalog_Namespace::UserMetadata &user_metadata)
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [15/23]

TEST ( SysCatalog  ,
RenameDatabase_SuperUser   
)

Definition at line 1845 of file DBObjectPrivilegesTest.cpp.

References anonymous_namespace{DBObjectPrivilegesTest.cpp}::get_qr_for_user(), run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1845  {
1846  using namespace std::string_literals;
1847  auto username = "maurypovich"s;
1848  auto database_name = "paternitydb"s;
1849 
1850  auto rename_successful = false;
1851 
1852  ScopeGuard scope_guard = [&rename_successful] {
1853  run_ddl_statement("DROP USER maurypovich;");
1854  run_ddl_statement("DROP USER thefather;");
1855  run_ddl_statement("DROP DATABASE trouble;");
1856  if (rename_successful) {
1857  run_ddl_statement("DROP DATABASE nachovater;");
1858  } else {
1859  run_ddl_statement("DROP DATABASE paternitydb;");
1860  }
1861  };
1862 
1863  run_ddl_statement("CREATE USER maurypovich (password='password');");
1864  run_ddl_statement("CREATE USER thefather (password='password',is_super='true');");
1865 
1866  run_ddl_statement("CREATE DATABASE paternitydb (owner='maurypovich');");
1867  run_ddl_statement("CREATE DATABASE trouble (owner='thefather');");
1868 
1869  run_ddl_statement("ALTER USER maurypovich (default_db='paternitydb');");
1870  run_ddl_statement("ALTER USER thefather (default_db='trouble');");
1871 
1873  auto username_out(username);
1874  auto database_out(database_name);
1875 
1876  ASSERT_NO_THROW(
1877  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1878  EXPECT_EQ(database_name, database_out);
1879 
1881  username_out = "thefather"s;
1882  database_out = "trouble"s;
1883  ASSERT_NO_THROW(
1884  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1885 
1886  auto alternate_qr = get_qr_for_user("trouble"s, user_meta2);
1887  EXPECT_NO_THROW(
1888  alternate_qr->runDDLStatement("ALTER DATABASE paternitydb RENAME TO nachovater;"));
1889 
1890  rename_successful = true;
1891 }
std::unique_ptr< QR > get_qr_for_user(const std::string &user_name, const Catalog_Namespace::UserMetadata &user_metadata)
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [16/23]

TEST ( SysCatalog  ,
RenameDatabase_ExistingDB   
)

Definition at line 1893 of file DBObjectPrivilegesTest.cpp.

References run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1893  {
1894  using namespace std::string_literals;
1895  auto username = "rickgrimes"s;
1896  auto database_name = "zombies"s;
1897 
1898  ScopeGuard scope_guard = [] {
1899  run_ddl_statement("DROP DATABASE zombies;");
1900  run_ddl_statement("DROP DATABASE vampires;");
1901  run_ddl_statement("DROP USER rickgrimes;");
1902  };
1903 
1904  run_ddl_statement("CREATE DATABASE zombies;");
1905  run_ddl_statement("CREATE DATABASE vampires;");
1907  "CREATE USER rickgrimes (password='password', default_db='zombies');");
1908 
1910  auto username_out(username);
1911  auto database_out(database_name);
1912 
1913  ASSERT_NO_THROW(
1914  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1915  EXPECT_EQ(database_name, database_out);
1916 
1917  EXPECT_THROW(run_ddl_statement("ALTER DATABASE zombies RENAME TO vampires;"),
1918  std::runtime_error);
1919 }
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [17/23]

TEST ( SysCatalog  ,
RenameDatabase_FailedCopy   
)

Definition at line 1921 of file DBObjectPrivilegesTest.cpp.

References run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1921  {
1922  using namespace std::string_literals;
1923  auto trash_file_path = sys_cat.getBasePath() + "/mapd_catalogs/trash";
1924 
1925  ScopeGuard s = [&trash_file_path] {
1926  boost::filesystem::remove(trash_file_path);
1927  run_ddl_statement("DROP DATABASE hatchets;");
1928  run_ddl_statement("DROP USER bury;");
1929  };
1930 
1931  std::ofstream trash_file(trash_file_path);
1932  trash_file << "trash!";
1933  trash_file.close();
1934 
1935  auto username = "bury"s;
1936  auto database_name = "hatchets"s;
1937 
1938  run_ddl_statement("CREATE DATABASE hatchets;");
1939  run_ddl_statement("CREATE USER bury (password='password', default_db='hatchets');");
1940 
1942  auto username_out(username);
1943  auto database_out(database_name);
1944 
1945  ASSERT_NO_THROW(
1946  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1947  EXPECT_EQ(database_name, database_out);
1948 
1949  // Check that the file inteferes with the copy operation
1950  EXPECT_THROW(run_ddl_statement("ALTER DATABASE hatchets RENAME TO trash;"),
1951  std::runtime_error);
1952 
1953  // Now, check to see if we can log back into the original database
1954  ASSERT_NO_THROW(
1955  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1956 }
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [18/23]

TEST ( SysCatalog  ,
RenameDatabase_PrivsTest   
)

Definition at line 1958 of file DBObjectPrivilegesTest.cpp.

References CPU, anonymous_namespace{DBObjectPrivilegesTest.cpp}::get_qr_for_user(), run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1958  {
1959  using namespace std::string_literals;
1960  auto rename_successful = false;
1961 
1962  ScopeGuard s = [&rename_successful] {
1963  run_ddl_statement("DROP USER quark;");
1964  run_ddl_statement("DROP USER rom;");
1965 
1966  if (rename_successful) {
1967  run_ddl_statement("DROP DATABASE grandnagus;");
1968  } else {
1969  run_ddl_statement("DROP DATABASE Ferengi;");
1970  }
1971  };
1972 
1973  run_ddl_statement("CREATE USER quark (password='password',is_super='false');");
1974  run_ddl_statement("CREATE USER rom (password='password',is_super='false');");
1975  run_ddl_statement("CREATE DATABASE Ferengi (owner='rom');");
1976 
1977  auto database_out = "Ferengi"s;
1978  auto username_out = "rom"s;
1980  ASSERT_NO_THROW(
1981  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1982 
1983  auto dt = ExecutorDeviceType::CPU;
1984 
1985  // Log in as rom, create the database tables
1987  username_out = "rom"s;
1988  database_out = "Ferengi"s;
1989  ASSERT_NO_THROW(
1990  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1991 
1992  auto rom_qr = get_qr_for_user("Ferengi"s, user_meta2);
1993  EXPECT_NO_THROW(
1994  rom_qr->runDDLStatement("create table bank_account ( latinum integer );"));
1995  EXPECT_NO_THROW(
1996  rom_qr->runDDLStatement("create view riches as select * from bank_account;"));
1997  EXPECT_NO_THROW(rom_qr->runSQL("insert into bank_account values (1234);", dt));
1998 
1999  EXPECT_NO_THROW(rom_qr->runDDLStatement("grant access on database Ferengi to quark;"));
2000  EXPECT_NO_THROW(
2001  rom_qr->runDDLStatement("grant select on table bank_account to quark;"));
2002  EXPECT_NO_THROW(rom_qr->runDDLStatement("grant select on view riches to quark;"));
2003 
2004  EXPECT_NO_THROW(
2005  rom_qr->runDDLStatement("ALTER DATABASE Ferengi RENAME TO grandnagus;"));
2006 
2007  rename_successful = true;
2008 
2010  username_out = "quark"s;
2011  database_out = "grandnagus"s;
2012  ASSERT_NO_THROW(
2013  sys_cat.login(database_out, username_out, "password"s, user_meta3, false));
2014 
2015  auto quark_qr = get_qr_for_user("grandnagus"s, user_meta3);
2016 
2017  EXPECT_NO_THROW(quark_qr->runSQL("select * from bank_account;", dt));
2018  EXPECT_NO_THROW(quark_qr->runSQL("select * from riches;", dt));
2019 }
std::unique_ptr< QR > get_qr_for_user(const std::string &user_name, const Catalog_Namespace::UserMetadata &user_metadata)
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [19/23]

TEST ( SysCatalog  ,
GetDatabaseList   
)

Definition at line 2021 of file DBObjectPrivilegesTest.cpp.

References CHECK, run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

2021  {
2022  static const std::string username{"test_user"};
2023  static const std::string username2{username + "2"};
2024  static const std::string dbname{"test_db"};
2025  static const std::string dbname2{dbname + "2"};
2026  static const std::string dbname3{dbname + "3"};
2027  static const std::string dbname4{dbname + "4"};
2028 
2029  // cleanup
2030  struct CleanupGuard {
2031  ~CleanupGuard() {
2032  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname4 + ";");
2033  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname3 + ";");
2034  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname2 + ";");
2035  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname + ";");
2036  run_ddl_statement("DROP USER " + username2 + ";");
2037  run_ddl_statement("DROP USER " + username + ";");
2038  }
2039  } cleanupGuard;
2040 
2041  // setup
2042  run_ddl_statement("CREATE USER " + username + " (password = 'password');");
2043  run_ddl_statement("CREATE USER " + username2 + " (password = 'password');");
2044  run_ddl_statement("CREATE DATABASE " + dbname + "(owner='" + username + "');");
2045  run_ddl_statement("CREATE DATABASE " + dbname2 + "(owner='" + username2 + "');");
2046  run_ddl_statement("CREATE DATABASE " + dbname3 + "(owner='" + username2 + "');");
2047  run_ddl_statement("CREATE DATABASE " + dbname4 + "(owner='" + username + "');");
2048  run_ddl_statement("GRANT ACCESS ON DATABASE " + dbname + " TO " + username2 + ";");
2049  run_ddl_statement("GRANT ACCESS ON DATABASE " + dbname3 + " TO " + username + ";");
2050 
2051  Catalog_Namespace::UserMetadata user_meta, user_meta2;
2052  CHECK(sys_cat.getMetadataForUser(username, user_meta));
2053  CHECK(sys_cat.getMetadataForUser(username2, user_meta2));
2054 
2055  // test database list for arbitrary user #1
2056  auto dblist = sys_cat.getDatabaseListForUser(user_meta);
2057  EXPECT_EQ(dblist.front().dbName, dbname);
2058  EXPECT_EQ(dblist.front().dbOwnerName, username);
2059 
2060  dblist.pop_front();
2061  EXPECT_EQ(dblist.front().dbName, dbname3);
2062  EXPECT_EQ(dblist.front().dbOwnerName, username2);
2063 
2064  dblist.pop_front();
2065  EXPECT_EQ(dblist.front().dbName, dbname4);
2066  EXPECT_EQ(dblist.front().dbOwnerName, username);
2067 
2068  // test database list for arbitrary user #2
2069  dblist = sys_cat.getDatabaseListForUser(user_meta2);
2070  EXPECT_EQ(dblist.front().dbName, dbname);
2071  EXPECT_EQ(dblist.front().dbOwnerName, username);
2072 
2073  dblist.pop_front();
2074  EXPECT_EQ(dblist.front().dbName, dbname2);
2075  EXPECT_EQ(dblist.front().dbOwnerName, username2);
2076 
2077  dblist.pop_front();
2078  EXPECT_EQ(dblist.front().dbName, dbname3);
2079  EXPECT_EQ(dblist.front().dbOwnerName, username2);
2080 }
#define CHECK(condition)
Definition: Logger.h:187
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [20/23]

TEST ( SysCatalog  ,
LoginWithDefaultDatabase   
)

Definition at line 2082 of file DBObjectPrivilegesTest.cpp.

References OMNISCI_DEFAULT_DB, run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

2082  {
2083  static const std::string username{"test_user"};
2084  static const std::string dbname{"test_db"};
2085  static const std::string dbnamex{dbname + "x"};
2086 
2087  // cleanup
2088  struct CleanupGuard {
2089  ~CleanupGuard() {
2090  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname + ";");
2091  run_ddl_statement("DROP DATABASE IF EXISTS " + dbnamex + ";");
2092  run_ddl_statement("DROP USER " + username + ";");
2093  }
2094  } cleanupGuard;
2095 
2096  // setup
2097  run_ddl_statement("CREATE DATABASE " + dbname + ";");
2098  run_ddl_statement("CREATE DATABASE " + dbnamex + ";");
2099  run_ddl_statement("CREATE USER " + username +
2100  " (password = 'password', default_db = '" + dbnamex + "');");
2102 
2103  // test the user's default database
2104  std::string username2{username};
2105  std::string dbname2{dbname};
2106  ASSERT_NO_THROW(sys_cat.login(dbname2, username2, "password", user_meta, false));
2107  EXPECT_EQ(dbname2, dbname); // correctly ignored user's default of dbnamex
2108 
2109  username2 = username;
2110  dbname2.clear();
2111  ASSERT_NO_THROW(sys_cat.login(dbname2, username2, "password", user_meta, false));
2112  EXPECT_EQ(dbname2, dbnamex); // correctly used user's default of dbnamex
2113 
2114  // change the user's default database
2115  ASSERT_NO_THROW(
2116  run_ddl_statement("ALTER USER " + username + " (default_db = '" + dbname + "');"));
2117 
2118  // test the user's default database
2119  username2 = username;
2120  dbname2.clear();
2121  ASSERT_NO_THROW(sys_cat.login(dbname2, username2, "password", user_meta, false));
2122  EXPECT_EQ(dbname2, dbname); // correctly used user's default of dbname
2123 
2124  // remove the user's default database
2125  ASSERT_NO_THROW(run_ddl_statement("ALTER USER " + username + " (default_db = NULL);"));
2126 
2127  // test the user's default database
2128  username2 = username;
2129  dbname2.clear();
2130  ASSERT_NO_THROW(sys_cat.login(dbname2, username2, "password", user_meta, false));
2131  EXPECT_EQ(dbname2,
2132  OMNISCI_DEFAULT_DB); // correctly fell back to system default database
2133 }
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [21/23]

TEST ( SysCatalog  ,
SwitchDatabase   
)

Definition at line 2135 of file DBObjectPrivilegesTest.cpp.

References run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

2135  {
2136  static const std::string username{"test_user"};
2137  static std::string dbname{"test_db"};
2138  static std::string dbname2{dbname + "2"};
2139  static std::string dbname3{dbname + "3"};
2140 
2141  // cleanup
2142  struct CleanupGuard {
2143  ~CleanupGuard() {
2144  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname3 + ";");
2145  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname2 + ";");
2146  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname + ";");
2147  run_ddl_statement("DROP USER " + username + ";");
2148  }
2149  } cleanupGuard;
2150 
2151  // setup
2152  run_ddl_statement("CREATE USER " + username + " (password = 'password');");
2153  run_ddl_statement("CREATE DATABASE " + dbname + "(owner='" + username + "');");
2154  run_ddl_statement("CREATE DATABASE " + dbname2 + "(owner='" + username + "');");
2155  run_ddl_statement("CREATE DATABASE " + dbname3 + "(owner='" + username + "');");
2156  run_ddl_statement("REVOKE ACCESS ON DATABASE " + dbname3 + " FROM " + username + ";");
2157 
2158  // test some attempts to switch database
2159  ASSERT_NO_THROW(sys_cat.switchDatabase(dbname, username));
2160  ASSERT_NO_THROW(sys_cat.switchDatabase(dbname, username));
2161  ASSERT_NO_THROW(sys_cat.switchDatabase(dbname2, username));
2162  ASSERT_THROW(sys_cat.switchDatabase(dbname3, username), std::runtime_error);
2163 }
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [22/23]

TEST ( SysCatalog  ,
AllUserMetaTest   
)

Definition at line 2178 of file DBObjectPrivilegesTest.cpp.

References anonymous_namespace{DBObjectPrivilegesTest.cpp}::compare_user_lists(), Catalog_Namespace::DBMetadata::dbId, OMNISCI_DEFAULT_DB, run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

2178  {
2179  using namespace std::string_literals;
2180  Users users_;
2181 
2182  static const auto champions = "champions"s;
2183  static const auto europa = "europa"s;
2184 
2185  struct ExpectedUserLists {
2186  const std::vector<std::string> super_default = {"admin",
2187  "Chelsea",
2188  "Arsenal",
2189  "Juventus",
2190  "Bayern"};
2191  const std::vector<std::string> user_default = {"Arsenal", "Bayern"};
2192  const std::vector<std::string> user_champions = {"Juventus", "Bayern"};
2193  const std::vector<std::string> user_europa = {"Arsenal", "Juventus"};
2194  } expected;
2195 
2196  run_ddl_statement("DROP DATABASE IF EXISTS " + champions + ";");
2197  run_ddl_statement("DROP DATABASE IF EXISTS " + europa + ";");
2198  run_ddl_statement("CREATE DATABASE " + champions + ";");
2199  run_ddl_statement("CREATE DATABASE " + europa + ";");
2200  run_ddl_statement("GRANT ACCESS ON DATABASE " + champions + " TO Bayern;");
2201  run_ddl_statement("GRANT ACCESS ON DATABASE " + champions + " TO Juventus;");
2202  run_ddl_statement("GRANT ACCESS ON DATABASE " + OMNISCI_DEFAULT_DB + " TO Arsenal;");
2203  run_ddl_statement("GRANT CREATE ON DATABASE " + champions + " TO Juventus;");
2204  run_ddl_statement("GRANT SELECT ON DATABASE " + europa + " TO Arsenal;");
2205  run_ddl_statement("GRANT CREATE ON DATABASE " + OMNISCI_DEFAULT_DB + " TO Bayern;");
2206  run_ddl_statement("GRANT SELECT ON DATABASE " + europa + " TO Juventus;");
2207 
2209  auto db_default(OMNISCI_DEFAULT_DB);
2210  auto db_champions(champions);
2211  auto db_europa(europa);
2212  auto user_chelsea("Chelsea"s);
2213  auto user_arsenal("Arsenal"s);
2214  auto user_bayern("Bayern"s);
2215 
2216  // Super User
2217  ASSERT_NO_THROW(sys_cat.login(db_default, user_chelsea, "password"s, user_meta, false));
2218  const auto suser_list = sys_cat.getAllUserMetadata();
2219  compare_user_lists(expected.super_default, suser_list);
2220 
2221  ASSERT_NO_THROW(
2222  sys_cat.login(db_champions, user_chelsea, "password"s, user_meta, false));
2223  const auto suser_list1 = sys_cat.getAllUserMetadata();
2224  compare_user_lists(expected.super_default, suser_list1);
2225 
2226  ASSERT_NO_THROW(sys_cat.login(db_europa, user_chelsea, "password"s, user_meta, false));
2227  const auto suser_list2 = sys_cat.getAllUserMetadata();
2228  compare_user_lists(expected.super_default, suser_list2);
2229 
2230  // Normal User
2232  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_default, db));
2233  ASSERT_NO_THROW(sys_cat.login(db_default, user_arsenal, "password"s, user_meta, false));
2234  const auto nuser_list = sys_cat.getAllUserMetadata(db.dbId);
2235  compare_user_lists(expected.user_default, nuser_list);
2236 
2237  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_champions, db));
2238  ASSERT_NO_THROW(
2239  sys_cat.login(db_champions, user_bayern, "password"s, user_meta, false));
2240  const auto nuser_list1 = sys_cat.getAllUserMetadata(db.dbId);
2241  compare_user_lists(expected.user_champions, nuser_list1);
2242 
2243  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_europa, db));
2244  ASSERT_NO_THROW(sys_cat.login(db_europa, user_arsenal, "password"s, user_meta, false));
2245  const auto nuser_list2 = sys_cat.getAllUserMetadata(db.dbId);
2246  compare_user_lists(expected.user_europa, nuser_list2);
2247 }
void compare_user_lists(const std::vector< std::string > &expected, const std::list< Catalog_Namespace::UserMetadata > &actual)
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST() [23/23]

TEST ( SysCatalog  ,
RecursiveRolesUserMetaData   
)

Definition at line 2249 of file DBObjectPrivilegesTest.cpp.

References anonymous_namespace{DBObjectPrivilegesTest.cpp}::compare_user_lists(), Catalog_Namespace::DBMetadata::dbId, OMNISCI_DEFAULT_DB, run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

2249  {
2250  using namespace std::string_literals;
2251  Users users_;
2252  Roles roles_;
2253 
2254  static const auto champions = "champions"s;
2255  static const auto europa = "europa"s;
2256  static const auto london = "london"s;
2257  static const auto north_london = "north_london"s;
2258  static const auto munich = "munich"s;
2259  static const auto turin = "turin"s;
2260 
2261  struct CleanupGuard {
2262  ~CleanupGuard() {
2263  run_ddl_statement("DROP ROLE " + london + ";");
2264  run_ddl_statement("DROP ROLE " + north_london + ";");
2265  run_ddl_statement("DROP ROLE " + munich + ";");
2266  run_ddl_statement("DROP ROLE " + turin + ";");
2267  }
2268  } cleanupGuard;
2269 
2270  struct ExpectedUserLists {
2271  const std::vector<std::string> user_default = {"Arsenal", "Bayern"};
2272  const std::vector<std::string> user_champions = {"Juventus", "Bayern"};
2273  const std::vector<std::string> user_europa = {"Arsenal", "Juventus"};
2274  } expected;
2275 
2276  run_ddl_statement("CREATE ROLE " + london + ";");
2277  run_ddl_statement("CREATE ROLE " + north_london + ";");
2278  run_ddl_statement("CREATE ROLE " + munich + ";");
2279  run_ddl_statement("CREATE ROLE " + turin + ";");
2280  run_ddl_statement("DROP DATABASE IF EXISTS " + champions + ";");
2281  run_ddl_statement("DROP DATABASE IF EXISTS " + europa + ";");
2282  run_ddl_statement("CREATE DATABASE " + champions + ";");
2283  run_ddl_statement("CREATE DATABASE " + europa + ";");
2284  run_ddl_statement("GRANT ACCESS ON DATABASE " + champions + " TO Sudens;");
2285  run_ddl_statement("GRANT ACCESS ON DATABASE " + champions + " TO OldLady;");
2286  run_ddl_statement("GRANT ACCESS ON DATABASE " + OMNISCI_DEFAULT_DB + " TO Gunners;");
2287  run_ddl_statement("GRANT CREATE ON DATABASE " + champions + " TO OldLady;");
2288  run_ddl_statement("GRANT SELECT ON DATABASE " + europa + " TO Gunners;");
2289  run_ddl_statement("GRANT CREATE ON DATABASE " + OMNISCI_DEFAULT_DB + " TO Sudens;");
2290  run_ddl_statement("GRANT SELECT ON DATABASE " + europa + " TO OldLady;");
2291 
2293  auto db_default(OMNISCI_DEFAULT_DB);
2294  auto db_champions(champions);
2295  auto db_europa(europa);
2296  auto user_chelsea("Chelsea"s);
2297  auto user_arsenal("Arsenal"s);
2298  auto user_bayern("Bayern"s);
2299  auto user_juventus("Juventus"s);
2300 
2301  run_ddl_statement("GRANT Gunners to " + london + ";");
2302  run_ddl_statement("GRANT " + london + " to " + north_london + ";");
2303  run_ddl_statement("GRANT " + north_london + " to " + user_arsenal + ";");
2304  run_ddl_statement("GRANT Sudens to " + user_bayern + ";");
2305  run_ddl_statement("GRANT OldLady to " + user_juventus + ";");
2306 
2308  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_default, db));
2309  ASSERT_NO_THROW(sys_cat.login(db_default, user_arsenal, "password"s, user_meta, false));
2310  const auto nuser_list = sys_cat.getAllUserMetadata(db.dbId);
2311  compare_user_lists(expected.user_default, nuser_list);
2312 
2313  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_champions, db));
2314  ASSERT_NO_THROW(
2315  sys_cat.login(db_champions, user_bayern, "password"s, user_meta, false));
2316  const auto nuser_list1 = sys_cat.getAllUserMetadata(db.dbId);
2317  compare_user_lists(expected.user_champions, nuser_list1);
2318 
2319  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_europa, db));
2320  ASSERT_NO_THROW(sys_cat.login(db_europa, user_arsenal, "password"s, user_meta, false));
2321  const auto nuser_list2 = sys_cat.getAllUserMetadata(db.dbId);
2322  compare_user_lists(expected.user_europa, nuser_list2);
2323 }
void compare_user_lists(const std::vector< std::string > &expected, const std::list< Catalog_Namespace::UserMetadata > &actual)
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST_F() [1/21]

TEST_F ( GrantSyntax  ,
MultiPrivilegeGrantRevoke   
)

Definition at line 243 of file DBObjectPrivilegesTest.cpp.

References CHECK, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getSession(), AccessPrivileges::INSERT_INTO_TABLE, DBObject::loadKey(), DBObject::resetPrivileges(), run_ddl_statement(), AccessPrivileges::SELECT_FROM_TABLE, session, DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, and TableDBObjectType.

243  {
244  auto session = QR::get()->getSession();
245  CHECK(session);
246  auto& cat = session->getCatalog();
247  DBObject tbl_object("tbl", DBObjectType::TableDBObjectType);
248  tbl_object.loadKey(cat);
249  tbl_object.resetPrivileges();
250  auto tbl_object_select = tbl_object;
251  auto tbl_object_insert = tbl_object;
252  tbl_object_select.setPrivileges(AccessPrivileges::SELECT_FROM_TABLE);
253  tbl_object_insert.setPrivileges(AccessPrivileges::INSERT_INTO_TABLE);
254  std::vector<DBObject> objects = {tbl_object_select, tbl_object_insert};
255  ASSERT_NO_THROW(
256  sys_cat.grantDBObjectPrivilegesBatch({"Arsenal", "Juventus"}, objects, cat));
257  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", objects), true);
258  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", objects), true);
259  ASSERT_NO_THROW(
260  sys_cat.revokeDBObjectPrivilegesBatch({"Arsenal", "Juventus"}, objects, cat));
261  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", objects), false);
262  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", objects), false);
263 
264  // now the same thing, but with SQL queries
265  ASSERT_NO_THROW(
266  run_ddl_statement("GRANT SELECT, INSERT ON TABLE tbl TO Arsenal, Juventus"));
267  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", objects), true);
268  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", objects), true);
269  ASSERT_NO_THROW(
270  run_ddl_statement("REVOKE SELECT, INSERT ON TABLE tbl FROM Arsenal, Juventus"));
271  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", objects), false);
272  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", objects), false);
273 }
static const AccessPrivileges INSERT_INTO_TABLE
Definition: DBObject.h:154
static const AccessPrivileges SELECT_FROM_TABLE
Definition: DBObject.h:153
static QueryRunner * get()
Definition: QueryRunner.h:115
#define CHECK(condition)
Definition: Logger.h:187
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST_F() [2/21]

TEST_F ( GrantSyntax  ,
MultiRoleGrantRevoke   
)

Definition at line 275 of file DBObjectPrivilegesTest.cpp.

References run_ddl_statement(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

275  {
276  std::vector<std::string> roles = {"Gunners", "Sudens"};
277  std::vector<std::string> grantees = {"Juventus", "Bayern"};
278  auto check_grant = []() {
279  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Juventus", "Gunners", true), true);
280  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Bayern", "Gunners", true), true);
281  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Juventus", "Sudens", true), true);
282  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Bayern", "Sudens", true), true);
283  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Arsenal", "Sudens", true), false);
284  };
285  auto check_revoke = []() {
286  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Juventus", "Gunners", true), false);
287  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Bayern", "Gunners", true), false);
288  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Juventus", "Sudens", true), false);
289  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Bayern", "Sudens", true), false);
290  };
291  ASSERT_NO_THROW(sys_cat.grantRoleBatch(roles, grantees));
292  check_grant();
293  ASSERT_NO_THROW(sys_cat.revokeRoleBatch(roles, grantees));
294  check_revoke();
295 
296  // now the same thing, but with SQL queries
297  ASSERT_NO_THROW(run_ddl_statement("GRANT Gunners, Sudens TO Juventus, Bayern"));
298  check_grant();
299  ASSERT_NO_THROW(run_ddl_statement("REVOKE Gunners, Sudens FROM Juventus, Bayern"));
300  check_revoke();
301 }
void run_ddl_statement(std::string ddl)
+ Here is the call graph for this function:

◆ TEST_F() [3/21]

TEST_F ( DatabaseObject  ,
AccessDefaultsTest   
)

Definition at line 416 of file DBObjectPrivilegesTest.cpp.

References DatabaseDBObjectType, Catalog_Namespace::Catalog::get(), DBObject::loadKey(), OMNISCI_DEFAULT_DB, anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

416  {
419  privObjects.clear();
420  mapd_object.loadKey(*cat_mapd);
421 
422  privObjects.push_back(mapd_object);
423  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
424  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
425  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
426  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
427 }
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
+ Here is the call graph for this function:

◆ TEST_F() [4/21]

TEST_F ( DatabaseObject  ,
SqlEditorAccessTest   
)

Definition at line 429 of file DBObjectPrivilegesTest.cpp.

References CHECK, DatabaseDBObjectType, Catalog_Namespace::Catalog::get(), GPU, DBObject::loadKey(), OMNISCI_DEFAULT_DB, anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, DBObject::resetPrivileges(), DBObject::setPermissionType(), DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, and AccessPrivileges::VIEW_SQL_EDITOR.

429  {
430  std::unique_ptr<Catalog_Namespace::SessionInfo> session_juve;
431 
432  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
433  CHECK(sys_cat.getMetadataForUser("Juventus", user_meta));
434  session_juve.reset(
436  user_meta,
438  ""));
439  auto& cat_mapd = session_juve->getCatalog();
441  privObjects.clear();
442  mapd_object.loadKey(cat_mapd);
443  mapd_object.setPermissionType(DatabaseDBObjectType);
444  mapd_object.resetPrivileges();
445  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
446  privObjects.push_back(mapd_object);
447  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
448  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
449  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
450  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
451 
452  mapd_object.resetPrivileges();
453  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
454  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivilegesBatch(
455  {"Chelsea", "Juventus"}, {mapd_object}, cat_mapd));
456 
457  mapd_object.resetPrivileges();
458  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
459  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
460  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
461  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
462  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
463 
464  mapd_object.resetPrivileges();
465  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
466  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivilegesBatch(
467  {"Chelsea", "Juventus"}, {mapd_object}, cat_mapd));
468  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivilegesBatch(
469  {"Bayern", "Arsenal"}, {mapd_object}, cat_mapd));
470 
471  mapd_object.resetPrivileges();
472  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
473  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
474  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
475  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
476  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
477 }
static const AccessPrivileges VIEW_SQL_EDITOR
Definition: DBObject.h:145
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
#define CHECK(condition)
Definition: Logger.h:187
+ Here is the call graph for this function:

◆ TEST_F() [5/21]

TEST_F ( DatabaseObject  ,
DBLoginAccessTest   
)

Definition at line 479 of file DBObjectPrivilegesTest.cpp.

References AccessPrivileges::ACCESS, CHECK, DatabaseDBObjectType, Catalog_Namespace::Catalog::get(), GPU, DBObject::loadKey(), OMNISCI_DEFAULT_DB, anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, DBObject::resetPrivileges(), DBObject::setPermissionType(), DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, and AccessPrivileges::VIEW_SQL_EDITOR.

479  {
480  std::unique_ptr<Catalog_Namespace::SessionInfo> session_juve;
481 
482  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
483  CHECK(sys_cat.getMetadataForUser("Bayern", user_meta));
484  session_juve.reset(
486  user_meta,
488  ""));
489  auto& cat_mapd = session_juve->getCatalog();
491  privObjects.clear();
492  mapd_object.loadKey(cat_mapd);
493  mapd_object.setPermissionType(DatabaseDBObjectType);
494  mapd_object.resetPrivileges();
495  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ACCESS));
496  privObjects.push_back(mapd_object);
497  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
498  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
499  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
500  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
501 
502  mapd_object.resetPrivileges();
503  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ACCESS));
504  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivilegesBatch(
505  {"Arsenal", "Bayern"}, {mapd_object}, cat_mapd));
506 
507  mapd_object.resetPrivileges();
508  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ACCESS));
509  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
510  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
511  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
512  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
513 
514  mapd_object.resetPrivileges();
515  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ACCESS));
516  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivilegesBatch(
517  {"Bayern", "Arsenal"}, {mapd_object}, cat_mapd));
518  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Juventus", mapd_object, cat_mapd));
519 
520  mapd_object.resetPrivileges();
521  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
522  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
523  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
524  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
525  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
526 }
static const AccessPrivileges VIEW_SQL_EDITOR
Definition: DBObject.h:145
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
static const AccessPrivileges ACCESS
Definition: DBObject.h:146
#define CHECK(condition)
Definition: Logger.h:187
+ Here is the call graph for this function:

◆ TEST_F() [6/21]

TEST_F ( DatabaseObject  ,
TableAccessTest   
)

Definition at line 528 of file DBObjectPrivilegesTest.cpp.

References AccessPrivileges::add(), AccessPrivileges::ALTER_TABLE, CHECK, AccessPrivileges::CREATE_TABLE, DatabaseDBObjectType, AccessPrivileges::DROP_TABLE, Catalog_Namespace::Catalog::get(), GPU, OMNISCI_DEFAULT_DB, anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, AccessPrivileges::remove(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, and TableDBObjectType.

528  {
529  std::unique_ptr<Catalog_Namespace::SessionInfo> session_ars;
530 
531  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
532  CHECK(sys_cat.getMetadataForUser("Arsenal", user_meta));
533  session_ars.reset(
535  user_meta,
537  ""));
538  auto& cat_mapd = session_ars->getCatalog();
539  AccessPrivileges arsenal_privs;
540  AccessPrivileges bayern_privs;
541  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::CREATE_TABLE));
542  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::DROP_TABLE));
543  ASSERT_NO_THROW(bayern_privs.add(AccessPrivileges::ALTER_TABLE));
545  privObjects.clear();
546  mapd_object.loadKey(cat_mapd);
547  mapd_object.setPermissionType(TableDBObjectType);
548  mapd_object.resetPrivileges();
549  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
550  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
551 
552  mapd_object.resetPrivileges();
553  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
554  privObjects.push_back(mapd_object);
555  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
556 
557  mapd_object.resetPrivileges();
558  privObjects.clear();
559  ASSERT_NO_THROW(arsenal_privs.remove(AccessPrivileges::CREATE_TABLE));
560  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
561  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
562 
563  mapd_object.resetPrivileges();
564  privObjects.clear();
565  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::CREATE_TABLE));
566  privObjects.push_back(mapd_object);
567  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
568 
569  mapd_object.resetPrivileges();
570  privObjects.clear();
571  ASSERT_NO_THROW(mapd_object.setPrivileges(bayern_privs));
572  privObjects.push_back(mapd_object);
573  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
574 
575  mapd_object.resetPrivileges();
576  privObjects.clear();
577  ASSERT_NO_THROW(mapd_object.setPrivileges(bayern_privs));
578  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Bayern", mapd_object, cat_mapd));
579 
580  mapd_object.resetPrivileges();
581  privObjects.clear();
582  ASSERT_NO_THROW(mapd_object.setPrivileges(bayern_privs));
583  privObjects.push_back(mapd_object);
584  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
585 }
static const AccessPrivileges ALTER_TABLE
Definition: DBObject.h:158
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
void remove(AccessPrivileges newprivs)
Definition: DBObject.h:139
void add(AccessPrivileges newprivs)
Definition: DBObject.h:138
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
static const AccessPrivileges DROP_TABLE
Definition: DBObject.h:152
static const AccessPrivileges CREATE_TABLE
Definition: DBObject.h:151
#define CHECK(condition)
Definition: Logger.h:187
+ Here is the call graph for this function:

◆ TEST_F() [7/21]

TEST_F ( DatabaseObject  ,
ViewAccessTest   
)

Definition at line 587 of file DBObjectPrivilegesTest.cpp.

References AccessPrivileges::add(), AccessPrivileges::ALL_VIEW, CHECK, DatabaseDBObjectType, AccessPrivileges::DROP_VIEW, Catalog_Namespace::Catalog::get(), GPU, OMNISCI_DEFAULT_DB, anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, AccessPrivileges::remove(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, AccessPrivileges::TRUNCATE_VIEW, and ViewDBObjectType.

587  {
588  std::unique_ptr<Catalog_Namespace::SessionInfo> session_ars;
589  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
590  CHECK(sys_cat.getMetadataForUser("Arsenal", user_meta));
591  session_ars.reset(
593  user_meta,
595  ""));
596  auto& cat_mapd = session_ars->getCatalog();
597  AccessPrivileges arsenal_privs;
598  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::ALL_VIEW));
600  privObjects.clear();
601  mapd_object.loadKey(cat_mapd);
602  mapd_object.setPermissionType(ViewDBObjectType);
603  mapd_object.resetPrivileges();
604  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
605  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
606 
607  mapd_object.resetPrivileges();
608  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
609  privObjects.push_back(mapd_object);
610  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
611 
612  mapd_object.resetPrivileges();
613  privObjects.clear();
614  ASSERT_NO_THROW(arsenal_privs.remove(AccessPrivileges::DROP_VIEW));
615  ASSERT_NO_THROW(arsenal_privs.remove(AccessPrivileges::TRUNCATE_VIEW));
616  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
617  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
618 
619  mapd_object.resetPrivileges();
620  privObjects.clear();
621  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_VIEW));
622  privObjects.push_back(mapd_object);
623  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
624  mapd_object.resetPrivileges();
625  privObjects.clear();
626  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::DROP_VIEW));
627  privObjects.push_back(mapd_object);
628  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
629  mapd_object.resetPrivileges();
630  privObjects.clear();
631  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::TRUNCATE_VIEW));
632  privObjects.push_back(mapd_object);
633  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
634 }
static const AccessPrivileges TRUNCATE_VIEW
Definition: DBObject.h:177
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
static const AccessPrivileges ALL_VIEW
Definition: DBObject.h:170
void remove(AccessPrivileges newprivs)
Definition: DBObject.h:139
void add(AccessPrivileges newprivs)
Definition: DBObject.h:138
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
static const AccessPrivileges DROP_VIEW
Definition: DBObject.h:172
#define CHECK(condition)
Definition: Logger.h:187
+ Here is the call graph for this function:

◆ TEST_F() [8/21]

TEST_F ( DatabaseObject  ,
DashboardAccessTest   
)

Definition at line 636 of file DBObjectPrivilegesTest.cpp.

References AccessPrivileges::add(), AccessPrivileges::ALL_DASHBOARD, CHECK, AccessPrivileges::CREATE_DASHBOARD, DashboardDBObjectType, DatabaseDBObjectType, AccessPrivileges::DELETE_DASHBOARD, AccessPrivileges::EDIT_DASHBOARD, Catalog_Namespace::Catalog::get(), GPU, OMNISCI_DEFAULT_DB, anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, AccessPrivileges::remove(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

636  {
637  std::unique_ptr<Catalog_Namespace::SessionInfo> session_ars;
638  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
639  CHECK(sys_cat.getMetadataForUser("Arsenal", user_meta));
640  session_ars.reset(
642  user_meta,
644  ""));
645  auto& cat_mapd = session_ars->getCatalog();
646  AccessPrivileges arsenal_privs;
647  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::ALL_DASHBOARD));
649  privObjects.clear();
650  mapd_object.loadKey(cat_mapd);
651  mapd_object.setPermissionType(DashboardDBObjectType);
652  mapd_object.resetPrivileges();
653  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
654  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
655 
656  mapd_object.resetPrivileges();
657  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
658  privObjects.push_back(mapd_object);
659  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
660 
661  mapd_object.resetPrivileges();
662  privObjects.clear();
663  ASSERT_NO_THROW(arsenal_privs.remove(AccessPrivileges::EDIT_DASHBOARD));
664  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
665  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
666 
667  mapd_object.resetPrivileges();
668  privObjects.clear();
669  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::CREATE_DASHBOARD));
670  privObjects.push_back(mapd_object);
671  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
672  mapd_object.resetPrivileges();
673  privObjects.clear();
674  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::DELETE_DASHBOARD));
675  privObjects.push_back(mapd_object);
676  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
677  mapd_object.resetPrivileges();
678  privObjects.clear();
679  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::EDIT_DASHBOARD));
680  privObjects.push_back(mapd_object);
681  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
682 }
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
static const AccessPrivileges CREATE_DASHBOARD
Definition: DBObject.h:163
void remove(AccessPrivileges newprivs)
Definition: DBObject.h:139
void add(AccessPrivileges newprivs)
Definition: DBObject.h:138
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:162
#define CHECK(condition)
Definition: Logger.h:187
static const AccessPrivileges DELETE_DASHBOARD
Definition: DBObject.h:166
static const AccessPrivileges EDIT_DASHBOARD
Definition: DBObject.h:165
+ Here is the call graph for this function:

◆ TEST_F() [9/21]

TEST_F ( DatabaseObject  ,
DatabaseAllTest   
)

Definition at line 684 of file DBObjectPrivilegesTest.cpp.

References AccessPrivileges::add(), AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, CHECK, DashboardDBObjectType, DatabaseDBObjectType, AccessPrivileges::DELETE_DASHBOARD, Catalog_Namespace::Catalog::get(), GPU, AccessPrivileges::INSERT_INTO_TABLE, OMNISCI_DEFAULT_DB, anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, AccessPrivileges::remove(), AccessPrivileges::reset(), AccessPrivileges::SELECT_FROM_TABLE, anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, TableDBObjectType, and ViewDBObjectType.

684  {
685  std::unique_ptr<Catalog_Namespace::SessionInfo> session_ars;
686 
687  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
688  CHECK(sys_cat.getMetadataForUser("Arsenal", user_meta));
689  session_ars.reset(
691  user_meta,
693  ""));
694  auto& cat_mapd = session_ars->getCatalog();
695  AccessPrivileges arsenal_privs;
696  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::ALL_DATABASE));
698  privObjects.clear();
699  mapd_object.loadKey(cat_mapd);
700  mapd_object.resetPrivileges();
701  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
702  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
703 
704  mapd_object.resetPrivileges();
705  mapd_object.setPermissionType(TableDBObjectType);
706  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_TABLE));
707  privObjects.push_back(mapd_object);
708  mapd_object.setPermissionType(ViewDBObjectType);
709  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_VIEW));
710  privObjects.push_back(mapd_object);
711  mapd_object.setPermissionType(DashboardDBObjectType);
712  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_DASHBOARD));
713  privObjects.push_back(mapd_object);
714  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
715 
716  mapd_object.resetPrivileges();
717  privObjects.clear();
718  mapd_object.setPermissionType(TableDBObjectType);
719  ASSERT_NO_THROW(arsenal_privs.remove(AccessPrivileges::SELECT_FROM_TABLE));
720  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
721  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
722 
723  mapd_object.resetPrivileges();
724  privObjects.clear();
725  arsenal_privs.reset();
726  mapd_object.setPermissionType(DashboardDBObjectType);
727  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::DELETE_DASHBOARD));
728  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
729  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
730 
731  mapd_object.resetPrivileges();
732  privObjects.clear();
733  mapd_object.setPermissionType(ViewDBObjectType);
734  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_VIEW));
735  privObjects.push_back(mapd_object);
736  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
737 
738  mapd_object.resetPrivileges();
739  privObjects.clear();
740  mapd_object.setPermissionType(DashboardDBObjectType);
741  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::DELETE_DASHBOARD));
742  privObjects.push_back(mapd_object);
743  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
744 
745  mapd_object.resetPrivileges();
746  privObjects.clear();
747  mapd_object.setPermissionType(TableDBObjectType);
748  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::SELECT_FROM_TABLE));
749  privObjects.push_back(mapd_object);
750  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
751 
752  mapd_object.resetPrivileges();
753  privObjects.clear();
754  arsenal_privs.reset();
755  mapd_object.setPermissionType(DatabaseDBObjectType);
756  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::ALL_DATABASE));
757  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
758  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
759 
760  mapd_object.resetPrivileges();
761  privObjects.clear();
762  mapd_object.setPermissionType(ViewDBObjectType);
763  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_VIEW));
764  privObjects.push_back(mapd_object);
765  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
766 
767  mapd_object.resetPrivileges();
768  privObjects.clear();
769  mapd_object.setPermissionType(TableDBObjectType);
770  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::INSERT_INTO_TABLE));
771  privObjects.push_back(mapd_object);
772  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
773 }
static const AccessPrivileges ALL_DATABASE
Definition: DBObject.h:144
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
static const AccessPrivileges INSERT_INTO_TABLE
Definition: DBObject.h:154
static const AccessPrivileges SELECT_FROM_TABLE
Definition: DBObject.h:153
static const AccessPrivileges ALL_VIEW
Definition: DBObject.h:170
void remove(AccessPrivileges newprivs)
Definition: DBObject.h:139
void add(AccessPrivileges newprivs)
Definition: DBObject.h:138
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:162
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:150
#define CHECK(condition)
Definition: Logger.h:187
static const AccessPrivileges DELETE_DASHBOARD
Definition: DBObject.h:166
+ Here is the call graph for this function:

◆ TEST_F() [10/21]

TEST_F ( TableObject  ,
AccessDefaultsTest   
)

Definition at line 775 of file DBObjectPrivilegesTest.cpp.

References AccessPrivileges::add(), CHECK, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getSession(), DBObject::loadKey(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, AccessPrivileges::SELECT_FROM_TABLE, session, DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, and TableDBObjectType.

775  {
776  auto session = QR::get()->getSession();
777  CHECK(session);
778  auto& cat = session->getCatalog();
779  ASSERT_NO_THROW(sys_cat.grantRole("Sudens", "Bayern"));
780  ASSERT_NO_THROW(sys_cat.grantRole("OldLady", "Juventus"));
781  AccessPrivileges epl_privs;
782  AccessPrivileges seriea_privs;
783  AccessPrivileges bundesliga_privs;
784  ASSERT_NO_THROW(epl_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
785  ASSERT_NO_THROW(seriea_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
786  ASSERT_NO_THROW(bundesliga_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
787  privObjects.clear();
788  DBObject epl_object("epl", DBObjectType::TableDBObjectType);
789  DBObject seriea_object("seriea", DBObjectType::TableDBObjectType);
790  DBObject bundesliga_object("bundesliga", DBObjectType::TableDBObjectType);
791  epl_object.loadKey(cat);
792  seriea_object.loadKey(cat);
793  bundesliga_object.loadKey(cat);
794  ASSERT_NO_THROW(epl_object.setPrivileges(epl_privs));
795  ASSERT_NO_THROW(seriea_object.setPrivileges(seriea_privs));
796  ASSERT_NO_THROW(bundesliga_object.setPrivileges(bundesliga_privs));
797  privObjects.push_back(epl_object);
798  privObjects.push_back(seriea_object);
799  privObjects.push_back(bundesliga_object);
800 
801  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
802  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
803  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
804  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
805 }
static const AccessPrivileges SELECT_FROM_TABLE
Definition: DBObject.h:153
void add(AccessPrivileges newprivs)
Definition: DBObject.h:138
static QueryRunner * get()
Definition: QueryRunner.h:115
#define CHECK(condition)
Definition: Logger.h:187
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
+ Here is the call graph for this function:

◆ TEST_F() [11/21]

TEST_F ( TableObject  ,
AccessAfterGrantsTest   
)

Definition at line 806 of file DBObjectPrivilegesTest.cpp.

References AccessPrivileges::add(), CHECK, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getSession(), DBObject::loadKey(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, AccessPrivileges::SELECT_FROM_TABLE, session, DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, and TableDBObjectType.

806  {
807  auto session = QR::get()->getSession();
808  CHECK(session);
809  auto& cat = session->getCatalog();
810  ASSERT_NO_THROW(sys_cat.grantRole("Sudens", "Bayern"));
811  ASSERT_NO_THROW(sys_cat.grantRole("OldLady", "Juventus"));
812  AccessPrivileges epl_privs;
813  AccessPrivileges seriea_privs;
814  AccessPrivileges bundesliga_privs;
815  ASSERT_NO_THROW(epl_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
816  ASSERT_NO_THROW(seriea_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
817  ASSERT_NO_THROW(bundesliga_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
818  privObjects.clear();
819  DBObject epl_object("epl", DBObjectType::TableDBObjectType);
820  DBObject seriea_object("seriea", DBObjectType::TableDBObjectType);
821  DBObject bundesliga_object("bundesliga", DBObjectType::TableDBObjectType);
822  epl_object.loadKey(cat);
823  seriea_object.loadKey(cat);
824  bundesliga_object.loadKey(cat);
825  ASSERT_NO_THROW(epl_object.setPrivileges(epl_privs));
826  ASSERT_NO_THROW(seriea_object.setPrivileges(seriea_privs));
827  ASSERT_NO_THROW(bundesliga_object.setPrivileges(bundesliga_privs));
828  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Arsenal", epl_object, cat));
829  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Sudens", bundesliga_object, cat));
830  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("OldLady", seriea_object, cat));
831 
832  privObjects.push_back(epl_object);
833  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
834  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
835  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
836  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
837  privObjects.clear();
838  privObjects.push_back(seriea_object);
839  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
840  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
841  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
842  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
843  privObjects.clear();
844  privObjects.push_back(bundesliga_object);
845  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
846  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
847  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
848  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
849 }
static const AccessPrivileges SELECT_FROM_TABLE
Definition: DBObject.h:153
void add(AccessPrivileges newprivs)
Definition: DBObject.h:138
static QueryRunner * get()
Definition: QueryRunner.h:115
#define CHECK(condition)
Definition: Logger.h:187
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
+ Here is the call graph for this function:

◆ TEST_F() [12/21]

TEST_F ( TableObject  ,
AccessAfterRevokesTest   
)

Definition at line 851 of file DBObjectPrivilegesTest.cpp.

References AccessPrivileges::add(), AccessPrivileges::ALL_TABLE, CHECK, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getSession(), AccessPrivileges::INSERT_INTO_TABLE, DBObject::loadKey(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, DBObject::resetPrivileges(), AccessPrivileges::SELECT_FROM_TABLE, session, DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, and TableDBObjectType.

851  {
852  auto session = QR::get()->getSession();
853  CHECK(session);
854  auto& cat = session->getCatalog();
855  ASSERT_NO_THROW(sys_cat.grantRole("OldLady", "Juventus"));
856  ASSERT_NO_THROW(sys_cat.grantRole("Gunners", "Arsenal"));
857  AccessPrivileges epl_privs;
858  AccessPrivileges seriea_privs;
859  AccessPrivileges bundesliga_privs;
860  ASSERT_NO_THROW(epl_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
861  ASSERT_NO_THROW(epl_privs.add(AccessPrivileges::INSERT_INTO_TABLE));
862  ASSERT_NO_THROW(seriea_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
863  ASSERT_NO_THROW(bundesliga_privs.add(AccessPrivileges::ALL_TABLE));
864  privObjects.clear();
865  DBObject epl_object("epl", DBObjectType::TableDBObjectType);
866  DBObject seriea_object("seriea", DBObjectType::TableDBObjectType);
867  DBObject bundesliga_object("bundesliga", DBObjectType::TableDBObjectType);
868  epl_object.loadKey(cat);
869  seriea_object.loadKey(cat);
870  bundesliga_object.loadKey(cat);
871  ASSERT_NO_THROW(epl_object.setPrivileges(epl_privs));
872  ASSERT_NO_THROW(seriea_object.setPrivileges(seriea_privs));
873  ASSERT_NO_THROW(bundesliga_object.setPrivileges(bundesliga_privs));
874  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Gunners", epl_object, cat));
875  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Bayern", bundesliga_object, cat));
876  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("OldLady", seriea_object, cat));
877 
878  privObjects.push_back(epl_object);
879  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
880  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
881  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
882  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
883  privObjects.clear();
884  privObjects.push_back(seriea_object);
885  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
886  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
887  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
888  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
889  privObjects.clear();
890  privObjects.push_back(bundesliga_object);
891  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
892  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
893  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
894  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
895 
896  epl_object.resetPrivileges();
897  seriea_object.resetPrivileges();
898  bundesliga_object.resetPrivileges();
899  ASSERT_NO_THROW(epl_privs.remove(AccessPrivileges::SELECT_FROM_TABLE));
900  ASSERT_NO_THROW(epl_object.setPrivileges(epl_privs));
901  ASSERT_NO_THROW(seriea_object.setPrivileges(seriea_privs));
902  ASSERT_NO_THROW(bundesliga_object.setPrivileges(bundesliga_privs));
903  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Gunners", epl_object, cat));
904  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Bayern", bundesliga_object, cat));
905  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("OldLady", seriea_object, cat));
906 
907  epl_object.resetPrivileges();
908 
909  ASSERT_NO_THROW(epl_object.setPrivileges(AccessPrivileges::SELECT_FROM_TABLE));
910  privObjects.clear();
911  privObjects.push_back(epl_object);
912  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
913  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
914 
915  epl_object.resetPrivileges();
916  ASSERT_NO_THROW(epl_object.setPrivileges(AccessPrivileges::INSERT_INTO_TABLE));
917  privObjects.clear();
918  privObjects.push_back(epl_object);
919  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
920  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
921 
922  seriea_object.resetPrivileges();
923  ASSERT_NO_THROW(seriea_object.setPrivileges(AccessPrivileges::SELECT_FROM_TABLE));
924  privObjects.clear();
925  privObjects.push_back(seriea_object);
926  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
927  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
928 
929  seriea_object.resetPrivileges();
930  ASSERT_NO_THROW(seriea_object.setPrivileges(AccessPrivileges::INSERT_INTO_TABLE));
931  privObjects.clear();
932  privObjects.push_back(seriea_object);
933  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
934  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
935 
936  bundesliga_object.resetPrivileges();
937  ASSERT_NO_THROW(bundesliga_object.setPrivileges(AccessPrivileges::ALL_TABLE));
938  privObjects.clear();
939  privObjects.push_back(bundesliga_object);
940  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
941  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
942 }
static const AccessPrivileges INSERT_INTO_TABLE
Definition: DBObject.h:154
static const AccessPrivileges SELECT_FROM_TABLE
Definition: DBObject.h:153
void add(AccessPrivileges newprivs)
Definition: DBObject.h:138
static QueryRunner * get()
Definition: QueryRunner.h:115
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:150
#define CHECK(condition)
Definition: Logger.h:187
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
+ Here is the call graph for this function:

◆ TEST_F() [13/21]

TEST_F ( ViewObject  ,
UserRoleBobGetsGrants   
)

Definition at line 1001 of file DBObjectPrivilegesTest.cpp.

References testViewPermissions().

1001  {
1002  testViewPermissions("bob", "bob");
1003 }
void testViewPermissions(std::string user, std::string roleToGrant)
+ Here is the call graph for this function:

◆ TEST_F() [14/21]

TEST_F ( ViewObject  ,
GroupRoleFooGetsGrants   
)

Definition at line 1005 of file DBObjectPrivilegesTest.cpp.

References testViewPermissions().

1005  {
1006  testViewPermissions("foo", "salesDept");
1007 }
void testViewPermissions(std::string user, std::string roleToGrant)
+ Here is the call graph for this function:

◆ TEST_F() [15/21]

TEST_F ( ViewObject  ,
CalciteViewResolution   
)

Definition at line 1009 of file DBObjectPrivilegesTest.cpp.

References anonymous_namespace{DBObjectPrivilegesTest.cpp}::g_calcite, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getSession(), run-benchmark-import::result, and session.

1009  {
1010  const auto session = QR::get()->getSession();
1011  TPlanResult result =
1012  ::g_calcite->process(*session, "select * from bill_table", {}, true, false, false);
1013  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from.size(), (size_t)1);
1014  EXPECT_EQ(result.primary_accessed_objects.tables_inserted_into.size(), (size_t)0);
1015  EXPECT_EQ(result.primary_accessed_objects.tables_updated_in.size(), (size_t)0);
1016  EXPECT_EQ(result.primary_accessed_objects.tables_deleted_from.size(), (size_t)0);
1017  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from[0], "bill_table");
1018  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from.size(), (size_t)1);
1019  EXPECT_EQ(result.resolved_accessed_objects.tables_inserted_into.size(), (size_t)0);
1020  EXPECT_EQ(result.resolved_accessed_objects.tables_updated_in.size(), (size_t)0);
1021  EXPECT_EQ(result.resolved_accessed_objects.tables_deleted_from.size(), (size_t)0);
1022  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from[0], "bill_table");
1023 
1024  result =
1025  ::g_calcite->process(*session, "select * from bill_view", {}, true, false, false);
1026  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from.size(), (size_t)1);
1027  EXPECT_EQ(result.primary_accessed_objects.tables_inserted_into.size(), (size_t)0);
1028  EXPECT_EQ(result.primary_accessed_objects.tables_updated_in.size(), (size_t)0);
1029  EXPECT_EQ(result.primary_accessed_objects.tables_deleted_from.size(), (size_t)0);
1030  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from[0], "bill_view");
1031  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from.size(), (size_t)1);
1032  EXPECT_EQ(result.resolved_accessed_objects.tables_inserted_into.size(), (size_t)0);
1033  EXPECT_EQ(result.resolved_accessed_objects.tables_updated_in.size(), (size_t)0);
1034  EXPECT_EQ(result.resolved_accessed_objects.tables_deleted_from.size(), (size_t)0);
1035  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from[0], "bill_table");
1036 
1037  result = ::g_calcite->process(
1038  *session, "select * from bill_view_outer", {}, true, false, false);
1039  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from.size(), (size_t)1);
1040  EXPECT_EQ(result.primary_accessed_objects.tables_inserted_into.size(), (size_t)0);
1041  EXPECT_EQ(result.primary_accessed_objects.tables_updated_in.size(), (size_t)0);
1042  EXPECT_EQ(result.primary_accessed_objects.tables_deleted_from.size(), (size_t)0);
1043  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from[0], "bill_view_outer");
1044  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from.size(), (size_t)1);
1045  EXPECT_EQ(result.resolved_accessed_objects.tables_inserted_into.size(), (size_t)0);
1046  EXPECT_EQ(result.resolved_accessed_objects.tables_updated_in.size(), (size_t)0);
1047  EXPECT_EQ(result.resolved_accessed_objects.tables_deleted_from.size(), (size_t)0);
1048  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from[0], "bill_table");
1049 }
static QueryRunner * get()
Definition: QueryRunner.h:115
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
+ Here is the call graph for this function:

◆ TEST_F() [16/21]

TEST_F ( DashboardObject  ,
AccessDefaultsTest   
)

Definition at line 1051 of file DBObjectPrivilegesTest.cpp.

References DashboardDBObjectType, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getCatalog(), DBObject::loadKey(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, and AccessPrivileges::VIEW_DASHBOARD.

1051  {
1052  const auto cat = QR::get()->getCatalog();
1053  ASSERT_NO_THROW(sys_cat.grantRole("Gunners", "Bayern"));
1054  ASSERT_NO_THROW(sys_cat.grantRole("Sudens", "Arsenal"));
1055  AccessPrivileges dash_priv;
1056  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1057  privObjects.clear();
1059  dash_object.loadKey(*cat);
1060  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1061  privObjects.push_back(dash_object);
1062 
1063  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
1064  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
1065  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
1066  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
1067 }
static const AccessPrivileges VIEW_DASHBOARD
Definition: DBObject.h:164
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
+ Here is the call graph for this function:

◆ TEST_F() [17/21]

TEST_F ( DashboardObject  ,
AccessAfterGrantsTest   
)

Definition at line 1069 of file DBObjectPrivilegesTest.cpp.

References DashboardDBObjectType, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getCatalog(), DBObject::loadKey(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, and AccessPrivileges::VIEW_DASHBOARD.

1069  {
1070  const auto cat = QR::get()->getCatalog();
1071  ASSERT_NO_THROW(sys_cat.grantRole("Gunners", "Arsenal"));
1072  AccessPrivileges dash_priv;
1073  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1074  privObjects.clear();
1076  dash_object.loadKey(*cat);
1077  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1078  privObjects.push_back(dash_object);
1079  ASSERT_NO_THROW(
1080  sys_cat.grantDBObjectPrivilegesBatch({"Gunners", "Juventus"}, {dash_object}, *cat));
1081 
1082  privObjects.clear();
1083  privObjects.push_back(dash_object);
1084  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
1085  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
1086  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
1087  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
1088 }
static const AccessPrivileges VIEW_DASHBOARD
Definition: DBObject.h:164
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
+ Here is the call graph for this function:

◆ TEST_F() [18/21]

TEST_F ( DashboardObject  ,
AccessAfterRevokesTest   
)

Definition at line 1090 of file DBObjectPrivilegesTest.cpp.

References DashboardDBObjectType, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getCatalog(), DBObject::loadKey(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, and AccessPrivileges::VIEW_DASHBOARD.

1090  {
1091  const auto cat = QR::get()->getCatalog();
1092  ASSERT_NO_THROW(sys_cat.grantRole("OldLady", "Juventus"));
1093  ASSERT_NO_THROW(sys_cat.grantRole("Sudens", "Bayern"));
1094  AccessPrivileges dash_priv;
1095  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1096  privObjects.clear();
1098  dash_object.loadKey(*cat);
1099  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1100  privObjects.push_back(dash_object);
1101  ASSERT_NO_THROW(
1102  sys_cat.grantDBObjectPrivilegesBatch({"OldLady", "Arsenal"}, {dash_object}, *cat));
1103 
1104  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
1105  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
1106  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
1107  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
1108 
1109  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("OldLady", dash_object, *cat));
1110  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
1111  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
1112  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
1113  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
1114 
1115  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", dash_object, *cat));
1116  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Bayern", dash_object, *cat));
1117  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
1118  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
1119  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
1120  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
1121 }
static const AccessPrivileges VIEW_DASHBOARD
Definition: DBObject.h:164
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
+ Here is the call graph for this function:

◆ TEST_F() [19/21]

TEST_F ( DashboardObject  ,
GranteesDefaultListTest   
)

Definition at line 1123 of file DBObjectPrivilegesTest.cpp.

References DashboardDBObjectType, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getCatalog(), and anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat.

1123  {
1124  const auto cat = QR::get()->getCatalog();
1125  auto perms_list =
1126  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1127  static_cast<int>(DBObjectType::DashboardDBObjectType),
1128  id);
1129  int size = static_cast<int>(perms_list.size());
1130  ASSERT_EQ(size, 0);
1131 }
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
+ Here is the call graph for this function:

◆ TEST_F() [20/21]

TEST_F ( DashboardObject  ,
GranteesListAfterGrantsTest   
)

Definition at line 1133 of file DBObjectPrivilegesTest.cpp.

References DashboardDBObjectType, DashboardPrivileges::EDIT_DASHBOARD, AccessPrivileges::EDIT_DASHBOARD, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getCatalog(), DBObject::loadKey(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, DashboardPrivileges::VIEW_DASHBOARD, and AccessPrivileges::VIEW_DASHBOARD.

1133  {
1134  const auto cat = QR::get()->getCatalog();
1135  auto perms_list =
1136  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1137  static_cast<int>(DBObjectType::DashboardDBObjectType),
1138  id);
1139  int recs1 = static_cast<int>(perms_list.size());
1140  ASSERT_NO_THROW(sys_cat.grantRole("OldLady", "Juventus"));
1141  AccessPrivileges dash_priv;
1142  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1143  privObjects.clear();
1145  dash_object.loadKey(*cat);
1146  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1147  privObjects.push_back(dash_object);
1148  ASSERT_NO_THROW(
1149  sys_cat.grantDBObjectPrivilegesBatch({"OldLady", "Bayern"}, {dash_object}, *cat));
1150  perms_list =
1151  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1152  static_cast<int>(DBObjectType::DashboardDBObjectType),
1153  id);
1154  int recs2 = static_cast<int>(perms_list.size());
1155  ASSERT_NE(recs1, recs2);
1156  ASSERT_EQ(recs2, 2);
1157  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1158  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1159  ASSERT_FALSE(perms_list[1]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1160 
1161  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::EDIT_DASHBOARD));
1162  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1163  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Bayern", dash_object, *cat));
1164  perms_list =
1165  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1166  static_cast<int>(DBObjectType::DashboardDBObjectType),
1167  id);
1168  int recs3 = static_cast<int>(perms_list.size());
1169  ASSERT_EQ(recs3, 2);
1170  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1171  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1172  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1173 }
static const AccessPrivileges VIEW_DASHBOARD
Definition: DBObject.h:164
static const int32_t EDIT_DASHBOARD
Definition: DBObject.h:105
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
static const int32_t VIEW_DASHBOARD
Definition: DBObject.h:104
static const AccessPrivileges EDIT_DASHBOARD
Definition: DBObject.h:165
+ Here is the call graph for this function:

◆ TEST_F() [21/21]

TEST_F ( DashboardObject  ,
GranteesListAfterRevokesTest   
)

Definition at line 1175 of file DBObjectPrivilegesTest.cpp.

References DashboardDBObjectType, DashboardPrivileges::EDIT_DASHBOARD, AccessPrivileges::EDIT_DASHBOARD, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getCatalog(), DBObject::loadKey(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::privObjects, DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, DashboardPrivileges::VIEW_DASHBOARD, and AccessPrivileges::VIEW_DASHBOARD.

1175  {
1176  const auto cat = QR::get()->getCatalog();
1177  auto perms_list =
1178  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1179  static_cast<int>(DBObjectType::DashboardDBObjectType),
1180  id);
1181  int recs1 = static_cast<int>(perms_list.size());
1182  ASSERT_NO_THROW(sys_cat.grantRole("Gunners", "Arsenal"));
1183  AccessPrivileges dash_priv;
1184  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1185  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::EDIT_DASHBOARD));
1186  privObjects.clear();
1188  dash_object.loadKey(*cat);
1189  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1190  privObjects.push_back(dash_object);
1191  ASSERT_NO_THROW(
1192  sys_cat.grantDBObjectPrivilegesBatch({"Gunners", "Bayern"}, {dash_object}, *cat));
1193  perms_list =
1194  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1195  static_cast<int>(DBObjectType::DashboardDBObjectType),
1196  id);
1197  int recs2 = static_cast<int>(perms_list.size());
1198  ASSERT_NE(recs1, recs2);
1199  ASSERT_EQ(recs2, 2);
1200  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1201  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1202  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1203  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1204 
1205  ASSERT_NO_THROW(dash_priv.remove(AccessPrivileges::VIEW_DASHBOARD));
1206  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1207  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Gunners", dash_object, *cat));
1208  perms_list =
1209  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1210  static_cast<int>(DBObjectType::DashboardDBObjectType),
1211  id);
1212  int recs3 = static_cast<int>(perms_list.size());
1213  ASSERT_EQ(recs3, 2);
1214  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1215  ASSERT_FALSE(perms_list[0]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1216  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1217  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1218 
1219  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1220  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1221  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Gunners", dash_object, *cat));
1222  perms_list =
1223  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1224  static_cast<int>(DBObjectType::DashboardDBObjectType),
1225  id);
1226  int recs4 = static_cast<int>(perms_list.size());
1227  ASSERT_EQ(recs4, 1);
1228  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1229  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1230 
1231  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::EDIT_DASHBOARD));
1232  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1233  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Bayern", dash_object, *cat));
1234  perms_list =
1235  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1236  static_cast<int>(DBObjectType::DashboardDBObjectType),
1237  id);
1238  int recs5 = static_cast<int>(perms_list.size());
1239  ASSERT_EQ(recs1, recs5);
1240  ASSERT_EQ(recs5, 0);
1241 }
static const AccessPrivileges VIEW_DASHBOARD
Definition: DBObject.h:164
static const int32_t EDIT_DASHBOARD
Definition: DBObject.h:105
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
static const int32_t VIEW_DASHBOARD
Definition: DBObject.h:104
static const AccessPrivileges EDIT_DASHBOARD
Definition: DBObject.h:165
+ Here is the call graph for this function:

◆ testViewPermissions()

void testViewPermissions ( std::string  user,
std::string  roleToGrant 
)

Definition at line 944 of file DBObjectPrivilegesTest.cpp.

References CHECK, AccessPrivileges::CREATE_VIEW, AccessPrivileges::DROP_VIEW, QueryRunner::QueryRunner::get(), QueryRunner::QueryRunner::getSession(), DBObject::loadKey(), AccessPrivileges::SELECT_FROM_VIEW, session, DBObject::setPrivileges(), anonymous_namespace{DBObjectPrivilegesTest.cpp}::sys_cat, and ViewDBObjectType.

Referenced by TEST_F().

944  {
945  DBObject bill_view("bill_view", DBObjectType::ViewDBObjectType);
946  auto session = QR::get()->getSession();
947  CHECK(session);
948  auto& cat = session->getCatalog();
949  bill_view.loadKey(cat);
950  std::vector<DBObject> privs;
951 
952  bill_view.setPrivileges(AccessPrivileges::CREATE_VIEW);
953  privs = {bill_view};
954  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
955 
956  bill_view.setPrivileges(AccessPrivileges::DROP_VIEW);
957  privs = {bill_view};
958  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
959 
960  bill_view.setPrivileges(AccessPrivileges::SELECT_FROM_VIEW);
961  privs = {bill_view};
962  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
963 
964  bill_view.setPrivileges(AccessPrivileges::CREATE_VIEW);
965  sys_cat.grantDBObjectPrivileges(roleToGrant, bill_view, cat);
966  bill_view.setPrivileges(AccessPrivileges::CREATE_VIEW);
967  privs = {bill_view};
968  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), true);
969 
970  bill_view.setPrivileges(AccessPrivileges::DROP_VIEW);
971  sys_cat.grantDBObjectPrivileges(roleToGrant, bill_view, cat);
972  bill_view.setPrivileges(AccessPrivileges::DROP_VIEW);
973  privs = {bill_view};
974  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), true);
975 
976  bill_view.setPrivileges(AccessPrivileges::SELECT_FROM_VIEW);
977  sys_cat.grantDBObjectPrivileges(roleToGrant, bill_view, cat);
978  bill_view.setPrivileges(AccessPrivileges::SELECT_FROM_VIEW);
979  privs = {bill_view};
980  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), true);
981 
982  bill_view.setPrivileges(AccessPrivileges::CREATE_VIEW);
983  sys_cat.revokeDBObjectPrivileges(roleToGrant, bill_view, cat);
984  bill_view.setPrivileges(AccessPrivileges::CREATE_VIEW);
985  privs = {bill_view};
986  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
987 
988  bill_view.setPrivileges(AccessPrivileges::DROP_VIEW);
989  sys_cat.revokeDBObjectPrivileges(roleToGrant, bill_view, cat);
990  bill_view.setPrivileges(AccessPrivileges::DROP_VIEW);
991  privs = {bill_view};
992  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
993 
994  bill_view.setPrivileges(AccessPrivileges::SELECT_FROM_VIEW);
995  sys_cat.revokeDBObjectPrivileges(roleToGrant, bill_view, cat);
996  bill_view.setPrivileges(AccessPrivileges::SELECT_FROM_VIEW);
997  privs = {bill_view};
998  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
999 }
static QueryRunner * get()
Definition: QueryRunner.h:115
static const AccessPrivileges SELECT_FROM_VIEW
Definition: DBObject.h:173
static const AccessPrivileges DROP_VIEW
Definition: DBObject.h:172
#define CHECK(condition)
Definition: Logger.h:187
static const AccessPrivileges CREATE_VIEW
Definition: DBObject.h:171
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
+ Here is the call graph for this function:
+ Here is the caller graph for this function: