OmniSciDB  5ade3759e0
DBObjectPrivilegesTest.cpp
Go to the documentation of this file.
1 #include <gtest/gtest.h>
2 #include <boost/filesystem/operations.hpp>
3 #include <csignal>
4 #include <thread>
5 #include <tuple>
6 #include "../Catalog/Catalog.h"
7 #include "../Catalog/DBObject.h"
8 #include "../DataMgr/DataMgr.h"
9 #include "../Parser/parser.h"
10 #include "../QueryEngine/ArrowResultSet.h"
11 #include "../QueryEngine/Descriptors/RelAlgExecutionDescriptor.h"
12 #include "../QueryEngine/Execute.h"
13 #include "../QueryRunner/QueryRunner.h"
14 #include "Shared/MapDParameters.h"
15 #include "Shared/scope.h"
16 #include "TestHelpers.h"
17 #include "gen-cpp/CalciteServer.h"
18 
19 #ifndef BASE_PATH
20 #define BASE_PATH "./tmp"
21 #endif
22 
24 namespace {
25 std::shared_ptr<Calcite> g_calcite;
26 
28 std::vector<DBObject> privObjects;
29 
31 
32 template <class T>
33 T v(const TargetValue& r) {
34  auto scalar_r = boost::get<ScalarTargetValue>(&r);
35  CHECK(scalar_r);
36  auto p = boost::get<T>(scalar_r);
37  CHECK(p);
38  return *p;
39 }
40 
41 inline void run_ddl_statement(const std::string& query) {
42  QR::get()->runDDLStatement(query);
43 }
44 
45 } // namespace
46 
47 struct Users {
48  void setup_users() {
49  if (!sys_cat.getMetadataForUser("Chelsea", user)) {
50  sys_cat.createUser("Chelsea", "password", true, "");
51  CHECK(sys_cat.getMetadataForUser("Chelsea", user));
52  }
53  if (!sys_cat.getMetadataForUser("Arsenal", user)) {
54  sys_cat.createUser("Arsenal", "password", false, "");
55  CHECK(sys_cat.getMetadataForUser("Arsenal", user));
56  }
57  if (!sys_cat.getMetadataForUser("Juventus", user)) {
58  sys_cat.createUser("Juventus", "password", false, "");
59  CHECK(sys_cat.getMetadataForUser("Juventus", user));
60  }
61  if (!sys_cat.getMetadataForUser("Bayern", user)) {
62  sys_cat.createUser("Bayern", "password", false, "");
63  CHECK(sys_cat.getMetadataForUser("Bayern", user));
64  }
65  }
66  void drop_users() {
67  if (sys_cat.getMetadataForUser("Chelsea", user)) {
68  sys_cat.dropUser("Chelsea");
69  CHECK(!sys_cat.getMetadataForUser("Chelsea", user));
70  }
71  if (sys_cat.getMetadataForUser("Arsenal", user)) {
72  sys_cat.dropUser("Arsenal");
73  CHECK(!sys_cat.getMetadataForUser("Arsenal", user));
74  }
75  if (sys_cat.getMetadataForUser("Juventus", user)) {
76  sys_cat.dropUser("Juventus");
77  CHECK(!sys_cat.getMetadataForUser("Juventus", user));
78  }
79  if (sys_cat.getMetadataForUser("Bayern", user)) {
80  sys_cat.dropUser("Bayern");
81  CHECK(!sys_cat.getMetadataForUser("Bayern", user));
82  }
83  }
84  Users() { setup_users(); }
85  virtual ~Users() { drop_users(); }
86 };
87 struct Roles {
88  void setup_roles() {
89  if (!sys_cat.getRoleGrantee("OldLady")) {
90  sys_cat.createRole("OldLady", false);
91  CHECK(sys_cat.getRoleGrantee("OldLady"));
92  }
93  if (!sys_cat.getRoleGrantee("Gunners")) {
94  sys_cat.createRole("Gunners", false);
95  CHECK(sys_cat.getRoleGrantee("Gunners"));
96  }
97  if (!sys_cat.getRoleGrantee("Sudens")) {
98  sys_cat.createRole("Sudens", false);
99  CHECK(sys_cat.getRoleGrantee("Sudens"));
100  }
101  }
102 
103  void drop_roles() {
104  if (sys_cat.getRoleGrantee("OldLady")) {
105  sys_cat.dropRole("OldLady");
106  CHECK(!sys_cat.getRoleGrantee("OldLady"));
107  }
108  if (sys_cat.getRoleGrantee("Gunners")) {
109  sys_cat.dropRole("Gunners");
110  CHECK(!sys_cat.getRoleGrantee("Gunners"));
111  }
112  if (sys_cat.getRoleGrantee("Sudens")) {
113  sys_cat.dropRole("Sudens");
114  CHECK(!sys_cat.getRoleGrantee("sudens"));
115  }
116  }
117  Roles() { setup_roles(); }
118  virtual ~Roles() { drop_roles(); }
119 };
120 
121 struct GrantSyntax : testing::Test {
124 
125  void setup_tables() { run_ddl_statement("CREATE TABLE IF NOT EXISTS tbl(i INTEGER)"); }
126  void drop_tables() { run_ddl_statement("DROP TABLE IF EXISTS tbl"); }
127  explicit GrantSyntax() {
128  drop_tables();
129  setup_tables();
130  }
131  ~GrantSyntax() override { drop_tables(); }
132 };
133 
134 struct DatabaseObject : testing::Test {
139 
140  explicit DatabaseObject() {}
141  ~DatabaseObject() override {}
142 };
143 
144 struct TableObject : testing::Test {
145  const std::string cquery1 =
146  "CREATE TABLE IF NOT EXISTS epl(gp SMALLINT, won SMALLINT);";
147  const std::string cquery2 =
148  "CREATE TABLE IF NOT EXISTS seriea(gp SMALLINT, won SMALLINT);";
149  const std::string cquery3 =
150  "CREATE TABLE IF NOT EXISTS bundesliga(gp SMALLINT, won SMALLINT);";
151  const std::string dquery1 = "DROP TABLE IF EXISTS epl;";
152  const std::string dquery2 = "DROP TABLE IF EXISTS seriea;";
153  const std::string dquery3 = "DROP TABLE IF EXISTS bundesliga;";
156 
157  void setup_tables() {
158  run_ddl_statement(cquery1);
159  run_ddl_statement(cquery2);
160  run_ddl_statement(cquery3);
161  }
162  void drop_tables() {
163  run_ddl_statement(dquery1);
164  run_ddl_statement(dquery2);
165  run_ddl_statement(dquery3);
166  }
167  explicit TableObject() {
168  drop_tables();
169  setup_tables();
170  }
171  ~TableObject() override { drop_tables(); }
172 };
173 
174 struct ViewObject : testing::Test {
175  void setup_objects() {
176  run_ddl_statement("CREATE USER bob (password = 'password', is_super = 'false');");
177  run_ddl_statement("CREATE ROLE salesDept;");
178  run_ddl_statement("CREATE USER foo (password = 'password', is_super = 'false');");
179  run_ddl_statement("GRANT salesDept TO foo;");
180 
181  run_ddl_statement("CREATE TABLE bill_table(id integer);");
182  run_ddl_statement("CREATE VIEW bill_view AS SELECT id FROM bill_table;");
183  run_ddl_statement("CREATE VIEW bill_view_outer AS SELECT id FROM bill_view;");
184  }
185 
186  void remove_objects() {
187  run_ddl_statement("DROP VIEW bill_view_outer;");
188  run_ddl_statement("DROP VIEW bill_view;");
189  run_ddl_statement("DROP TABLE bill_table");
190 
191  run_ddl_statement("DROP USER foo;");
192  run_ddl_statement("DROP ROLE salesDept;");
193  run_ddl_statement("DROP USER bob;");
194  }
195  explicit ViewObject() { setup_objects(); }
196  ~ViewObject() override { remove_objects(); }
197 };
198 
199 struct DashboardObject : testing::Test {
200  const std::string dname1 = "ChampionsLeague";
201  const std::string dname2 = "Europa";
202  const std::string dstate = "active";
203  const std::string dhash = "image00";
204  const std::string dmeta = "Chelsea are champions";
205  int id;
208 
210 
212  auto session = QR::get()->getSession();
213  CHECK(session);
214  auto& cat = session->getCatalog();
215  vd1.dashboardName = dname1;
216  vd1.dashboardState = dstate;
217  vd1.imageHash = dhash;
218  vd1.dashboardMetadata = dmeta;
219  vd1.userId = session->get_currentUser().userId;
220  vd1.user = session->get_currentUser().userName;
221  id = cat.createDashboard(vd1);
222  sys_cat.createDBObject(
223  session->get_currentUser(), dname1, DBObjectType::DashboardDBObjectType, cat, id);
224  }
225 
227  auto session = QR::get()->getSession();
228  CHECK(session);
229  auto& cat = session->getCatalog();
230  if (cat.getMetadataForDashboard(id)) {
231  cat.deleteMetadataForDashboard(id);
232  }
233  }
234 
235  explicit DashboardObject() {
236  drop_dashboards();
237  setup_dashboards();
238  }
239 
241 };
242 
243 TEST_F(GrantSyntax, MultiPrivilegeGrantRevoke) {
244  auto session = QR::get()->getSession();
245  CHECK(session);
246  auto& cat = session->getCatalog();
247  DBObject tbl_object("tbl", DBObjectType::TableDBObjectType);
248  tbl_object.loadKey(cat);
249  tbl_object.resetPrivileges();
250  auto tbl_object_select = tbl_object;
251  auto tbl_object_insert = tbl_object;
253  tbl_object_insert.setPrivileges(AccessPrivileges::INSERT_INTO_TABLE);
254  std::vector<DBObject> objects = {tbl_object_select, tbl_object_insert};
255  ASSERT_NO_THROW(
256  sys_cat.grantDBObjectPrivilegesBatch({"Arsenal", "Juventus"}, objects, cat));
257  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", objects), true);
258  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", objects), true);
259  ASSERT_NO_THROW(
260  sys_cat.revokeDBObjectPrivilegesBatch({"Arsenal", "Juventus"}, objects, cat));
261  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", objects), false);
262  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", objects), false);
263 
264  // now the same thing, but with SQL queries
265  ASSERT_NO_THROW(
266  run_ddl_statement("GRANT SELECT, INSERT ON TABLE tbl TO Arsenal, Juventus"));
267  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", objects), true);
268  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", objects), true);
269  ASSERT_NO_THROW(
270  run_ddl_statement("REVOKE SELECT, INSERT ON TABLE tbl FROM Arsenal, Juventus"));
271  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", objects), false);
272  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", objects), false);
273 }
274 
275 TEST_F(GrantSyntax, MultiRoleGrantRevoke) {
276  std::vector<std::string> roles = {"Gunners", "Sudens"};
277  std::vector<std::string> grantees = {"Juventus", "Bayern"};
278  auto check_grant = []() {
279  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Juventus", "Gunners", true), true);
280  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Bayern", "Gunners", true), true);
281  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Juventus", "Sudens", true), true);
282  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Bayern", "Sudens", true), true);
283  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Arsenal", "Sudens", true), false);
284  };
285  auto check_revoke = []() {
286  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Juventus", "Gunners", true), false);
287  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Bayern", "Gunners", true), false);
288  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Juventus", "Sudens", true), false);
289  EXPECT_EQ(sys_cat.isRoleGrantedToGrantee("Bayern", "Sudens", true), false);
290  };
291  ASSERT_NO_THROW(sys_cat.grantRoleBatch(roles, grantees));
292  check_grant();
293  ASSERT_NO_THROW(sys_cat.revokeRoleBatch(roles, grantees));
294  check_revoke();
295 
296  // now the same thing, but with SQL queries
297  ASSERT_NO_THROW(run_ddl_statement("GRANT Gunners, Sudens TO Juventus, Bayern"));
298  check_grant();
299  ASSERT_NO_THROW(run_ddl_statement("REVOKE Gunners, Sudens FROM Juventus, Bayern"));
300  check_revoke();
301 }
302 
303 TEST(UserRoles, InvalidGrantsRevokesTest) {
304  run_ddl_statement("CREATE USER Antazin(password = 'password', is_super = 'false');");
305  run_ddl_statement("CREATE USER Max(password = 'password', is_super = 'false');");
306 
307  EXPECT_THROW(run_ddl_statement("GRANT Antazin to Antazin;"), std::runtime_error);
308  EXPECT_THROW(run_ddl_statement("REVOKE Antazin from Antazin;"), std::runtime_error);
309  EXPECT_THROW(run_ddl_statement("GRANT Antazin to Max;"), std::runtime_error);
310  EXPECT_THROW(run_ddl_statement("REVOKE Antazin from Max;"), std::runtime_error);
311  EXPECT_THROW(run_ddl_statement("GRANT Max to Antazin;"), std::runtime_error);
312  EXPECT_THROW(run_ddl_statement("REVOKE Max from Antazin;"), std::runtime_error);
313 
314  run_ddl_statement("DROP USER Antazin;");
315  run_ddl_statement("DROP USER Max;");
316 }
317 
318 TEST(UserRoles, ValidNames) {
319  EXPECT_NO_THROW(
320  run_ddl_statement("CREATE USER \"dumm.user\" (password = 'password');"));
321  EXPECT_NO_THROW(run_ddl_statement("DROP USER \"dumm.user\";"));
322  EXPECT_NO_THROW(run_ddl_statement("CREATE USER vasya (password = 'password');"));
323  EXPECT_NO_THROW(
324  run_ddl_statement("CREATE USER vasya.vasya@vasya.com (password = 'password');"));
325  EXPECT_NO_THROW(run_ddl_statement(
326  "CREATE USER \"vasya ivanov\"@vasya.ivanov.com (password = 'password');"));
327  EXPECT_NO_THROW(run_ddl_statement("CREATE USER vasya-vasya (password = 'password');"));
328  EXPECT_NO_THROW(run_ddl_statement("CREATE ROLE developer;"));
329  EXPECT_NO_THROW(run_ddl_statement("CREATE ROLE developer-backend;"));
330  EXPECT_NO_THROW(run_ddl_statement("CREATE ROLE developer-backend-rendering;"));
331  EXPECT_NO_THROW(run_ddl_statement("GRANT developer-backend-rendering TO vasya;"));
332  EXPECT_NO_THROW(
333  run_ddl_statement("GRANT developer-backend TO \"vasya ivanov\"@vasya.ivanov.com;"));
334  EXPECT_NO_THROW(run_ddl_statement("GRANT developer TO vasya.vasya@vasya.com;"));
335  EXPECT_NO_THROW(run_ddl_statement("GRANT developer-backend-rendering TO vasya-vasya;"));
336  EXPECT_NO_THROW(run_ddl_statement("DROP USER vasya;"));
337  EXPECT_NO_THROW(run_ddl_statement("DROP USER vasya.vasya@vasya.com;"));
338  EXPECT_NO_THROW(run_ddl_statement("DROP USER \"vasya ivanov\"@vasya.ivanov.com;"));
339  EXPECT_NO_THROW(run_ddl_statement("DROP USER vasya-vasya;"));
340  EXPECT_NO_THROW(run_ddl_statement("DROP ROLE developer;"));
341  EXPECT_NO_THROW(run_ddl_statement("DROP ROLE developer-backend;"));
342  EXPECT_NO_THROW(run_ddl_statement("DROP ROLE developer-backend-rendering;"));
343 }
344 
345 TEST(UserRoles, RoleHierarchies) {
346  // hr prefix here stands for hierarchical roles
347 
348  // create objects
349  run_ddl_statement("CREATE USER hr_u1 (password = 'u1');");
350  run_ddl_statement("CREATE ROLE hr_r1;");
351  run_ddl_statement("CREATE ROLE hr_r2;");
352  run_ddl_statement("CREATE ROLE hr_r3;");
353  run_ddl_statement("CREATE ROLE hr_r4;");
354  run_ddl_statement("CREATE TABLE hr_tbl1 (i INTEGER);");
355 
356  // check that we can't create cycles
357  EXPECT_NO_THROW(run_ddl_statement("GRANT hr_r4 TO hr_r3;"));
358  EXPECT_THROW(run_ddl_statement("GRANT hr_r3 TO hr_r4;"), std::runtime_error);
359  EXPECT_NO_THROW(run_ddl_statement("GRANT hr_r3 TO hr_r2;"));
360  EXPECT_THROW(run_ddl_statement("GRANT hr_r2 TO hr_r4;"), std::runtime_error);
361 
362  // make the grant hierarchy
363  EXPECT_NO_THROW(run_ddl_statement("GRANT hr_r2 TO hr_r1;"));
364  EXPECT_NO_THROW(run_ddl_statement("GRANT hr_r1 TO hr_u1;"));
365  EXPECT_NO_THROW(run_ddl_statement("GRANT SELECT ON TABLE hr_tbl1 TO hr_r1;"));
366  EXPECT_NO_THROW(run_ddl_statement("GRANT INSERT ON TABLE hr_tbl1 TO hr_r2;"));
367  EXPECT_NO_THROW(run_ddl_statement("GRANT DELETE ON TABLE hr_tbl1 TO hr_r3;"));
368  EXPECT_NO_THROW(run_ddl_statement("GRANT UPDATE ON TABLE hr_tbl1 TO hr_r4;"));
369 
370  // check that we see privileges gratnted via roles' hierarchy
371  auto session = QR::get()->getSession();
372  CHECK(session);
373  auto& cat = session->getCatalog();
374  AccessPrivileges tbl_privs;
375  ASSERT_NO_THROW(tbl_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
376  ASSERT_NO_THROW(tbl_privs.add(AccessPrivileges::INSERT_INTO_TABLE));
377  ASSERT_NO_THROW(tbl_privs.add(AccessPrivileges::DELETE_FROM_TABLE));
378  ASSERT_NO_THROW(tbl_privs.add(AccessPrivileges::UPDATE_IN_TABLE));
379  DBObject tbl1_object("hr_tbl1", DBObjectType::TableDBObjectType);
380  tbl1_object.loadKey(cat);
381  ASSERT_NO_THROW(tbl1_object.setPrivileges(tbl_privs));
382  privObjects.clear();
383  privObjects.push_back(tbl1_object);
384  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), true);
385  // check that when we remove privilege from one role, it's grantees are updated
386  EXPECT_NO_THROW(run_ddl_statement("REVOKE DELETE ON TABLE hr_tbl1 FROM hr_r3;"));
387  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), false);
389  ASSERT_NO_THROW(tbl1_object.setPrivileges(tbl_privs));
390  privObjects.clear();
391  privObjects.push_back(tbl1_object);
392  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), true);
393  // check that if we remove a role from a middle of hierarchy everythings is fine
394  EXPECT_NO_THROW(run_ddl_statement("REVOKE hr_r2 FROM hr_r1;"));
395  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), false);
397  ASSERT_NO_THROW(tbl1_object.setPrivileges(tbl_privs));
398  privObjects.clear();
399  privObjects.push_back(tbl1_object);
400  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), false);
402  ASSERT_NO_THROW(tbl1_object.setPrivileges(tbl_privs));
403  privObjects.clear();
404  privObjects.push_back(tbl1_object);
405  EXPECT_EQ(sys_cat.checkPrivileges("hr_u1", privObjects), true);
406 
407  // clean-up objects
408  run_ddl_statement("DROP USER hr_u1;");
409  run_ddl_statement("DROP ROLE hr_r1;");
410  run_ddl_statement("DROP ROLE hr_r2;");
411  run_ddl_statement("DROP ROLE hr_r3;");
412  run_ddl_statement("DROP ROLE hr_r4;");
413  run_ddl_statement("DROP TABLE hr_tbl1;");
414 }
415 
416 TEST_F(DatabaseObject, AccessDefaultsTest) {
419  privObjects.clear();
420  mapd_object.loadKey(*cat_mapd);
421 
422  privObjects.push_back(mapd_object);
423  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
424  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
425  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
426  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
427 }
428 
429 TEST_F(DatabaseObject, SqlEditorAccessTest) {
430  std::unique_ptr<Catalog_Namespace::SessionInfo> session_juve;
431 
432  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
433  CHECK(sys_cat.getMetadataForUser("Juventus", user_meta));
434  session_juve.reset(
436  user_meta,
438  ""));
439  auto& cat_mapd = session_juve->getCatalog();
441  privObjects.clear();
442  mapd_object.loadKey(cat_mapd);
444  mapd_object.resetPrivileges();
445  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
446  privObjects.push_back(mapd_object);
447  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
448  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
449  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
450  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
451 
452  mapd_object.resetPrivileges();
453  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
454  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivilegesBatch(
455  {"Chelsea", "Juventus"}, {mapd_object}, cat_mapd));
456 
457  mapd_object.resetPrivileges();
458  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
459  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
460  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
461  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
462  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
463 
464  mapd_object.resetPrivileges();
465  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
466  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivilegesBatch(
467  {"Chelsea", "Juventus"}, {mapd_object}, cat_mapd));
468  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivilegesBatch(
469  {"Bayern", "Arsenal"}, {mapd_object}, cat_mapd));
470 
471  mapd_object.resetPrivileges();
472  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
473  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
474  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
475  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
476  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
477 }
478 
479 TEST_F(DatabaseObject, DBLoginAccessTest) {
480  std::unique_ptr<Catalog_Namespace::SessionInfo> session_juve;
481 
482  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
483  CHECK(sys_cat.getMetadataForUser("Bayern", user_meta));
484  session_juve.reset(
486  user_meta,
488  ""));
489  auto& cat_mapd = session_juve->getCatalog();
491  privObjects.clear();
492  mapd_object.loadKey(cat_mapd);
494  mapd_object.resetPrivileges();
495  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ACCESS));
496  privObjects.push_back(mapd_object);
497  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
498  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
499  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
500  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
501 
502  mapd_object.resetPrivileges();
503  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ACCESS));
504  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivilegesBatch(
505  {"Arsenal", "Bayern"}, {mapd_object}, cat_mapd));
506 
507  mapd_object.resetPrivileges();
508  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ACCESS));
509  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
510  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
511  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
512  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
513 
514  mapd_object.resetPrivileges();
515  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ACCESS));
516  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivilegesBatch(
517  {"Bayern", "Arsenal"}, {mapd_object}, cat_mapd));
518  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Juventus", mapd_object, cat_mapd));
519 
520  mapd_object.resetPrivileges();
521  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR));
522  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
523  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
524  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
525  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
526 }
527 
528 TEST_F(DatabaseObject, TableAccessTest) {
529  std::unique_ptr<Catalog_Namespace::SessionInfo> session_ars;
530 
531  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
532  CHECK(sys_cat.getMetadataForUser("Arsenal", user_meta));
533  session_ars.reset(
535  user_meta,
537  ""));
538  auto& cat_mapd = session_ars->getCatalog();
539  AccessPrivileges arsenal_privs;
540  AccessPrivileges bayern_privs;
541  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::CREATE_TABLE));
542  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::DROP_TABLE));
543  ASSERT_NO_THROW(bayern_privs.add(AccessPrivileges::ALTER_TABLE));
545  privObjects.clear();
546  mapd_object.loadKey(cat_mapd);
547  mapd_object.setPermissionType(TableDBObjectType);
548  mapd_object.resetPrivileges();
549  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
550  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
551 
552  mapd_object.resetPrivileges();
553  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
554  privObjects.push_back(mapd_object);
555  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
556 
557  mapd_object.resetPrivileges();
558  privObjects.clear();
559  ASSERT_NO_THROW(arsenal_privs.remove(AccessPrivileges::CREATE_TABLE));
560  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
561  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
562 
563  mapd_object.resetPrivileges();
564  privObjects.clear();
565  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::CREATE_TABLE));
566  privObjects.push_back(mapd_object);
567  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
568 
569  mapd_object.resetPrivileges();
570  privObjects.clear();
571  ASSERT_NO_THROW(mapd_object.setPrivileges(bayern_privs));
572  privObjects.push_back(mapd_object);
573  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
574 
575  mapd_object.resetPrivileges();
576  privObjects.clear();
577  ASSERT_NO_THROW(mapd_object.setPrivileges(bayern_privs));
578  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Bayern", mapd_object, cat_mapd));
579 
580  mapd_object.resetPrivileges();
581  privObjects.clear();
582  ASSERT_NO_THROW(mapd_object.setPrivileges(bayern_privs));
583  privObjects.push_back(mapd_object);
584  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
585 }
586 
587 TEST_F(DatabaseObject, ViewAccessTest) {
588  std::unique_ptr<Catalog_Namespace::SessionInfo> session_ars;
589  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
590  CHECK(sys_cat.getMetadataForUser("Arsenal", user_meta));
591  session_ars.reset(
593  user_meta,
595  ""));
596  auto& cat_mapd = session_ars->getCatalog();
597  AccessPrivileges arsenal_privs;
598  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::ALL_VIEW));
600  privObjects.clear();
601  mapd_object.loadKey(cat_mapd);
602  mapd_object.setPermissionType(ViewDBObjectType);
603  mapd_object.resetPrivileges();
604  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
605  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
606 
607  mapd_object.resetPrivileges();
608  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
609  privObjects.push_back(mapd_object);
610  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
611 
612  mapd_object.resetPrivileges();
613  privObjects.clear();
614  ASSERT_NO_THROW(arsenal_privs.remove(AccessPrivileges::DROP_VIEW));
615  ASSERT_NO_THROW(arsenal_privs.remove(AccessPrivileges::TRUNCATE_VIEW));
616  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
617  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
618 
619  mapd_object.resetPrivileges();
620  privObjects.clear();
621  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_VIEW));
622  privObjects.push_back(mapd_object);
623  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
624  mapd_object.resetPrivileges();
625  privObjects.clear();
626  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::DROP_VIEW));
627  privObjects.push_back(mapd_object);
628  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
629  mapd_object.resetPrivileges();
630  privObjects.clear();
631  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::TRUNCATE_VIEW));
632  privObjects.push_back(mapd_object);
633  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
634 }
635 
636 TEST_F(DatabaseObject, DashboardAccessTest) {
637  std::unique_ptr<Catalog_Namespace::SessionInfo> session_ars;
638  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
639  CHECK(sys_cat.getMetadataForUser("Arsenal", user_meta));
640  session_ars.reset(
642  user_meta,
644  ""));
645  auto& cat_mapd = session_ars->getCatalog();
646  AccessPrivileges arsenal_privs;
647  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::ALL_DASHBOARD));
649  privObjects.clear();
650  mapd_object.loadKey(cat_mapd);
651  mapd_object.setPermissionType(DashboardDBObjectType);
652  mapd_object.resetPrivileges();
653  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
654  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
655 
656  mapd_object.resetPrivileges();
657  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
658  privObjects.push_back(mapd_object);
659  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
660 
661  mapd_object.resetPrivileges();
662  privObjects.clear();
663  ASSERT_NO_THROW(arsenal_privs.remove(AccessPrivileges::EDIT_DASHBOARD));
664  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
665  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
666 
667  mapd_object.resetPrivileges();
668  privObjects.clear();
669  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::CREATE_DASHBOARD));
670  privObjects.push_back(mapd_object);
671  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
672  mapd_object.resetPrivileges();
673  privObjects.clear();
674  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::DELETE_DASHBOARD));
675  privObjects.push_back(mapd_object);
676  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
677  mapd_object.resetPrivileges();
678  privObjects.clear();
679  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::EDIT_DASHBOARD));
680  privObjects.push_back(mapd_object);
681  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
682 }
683 
684 TEST_F(DatabaseObject, DatabaseAllTest) {
685  std::unique_ptr<Catalog_Namespace::SessionInfo> session_ars;
686 
687  CHECK(sys_cat.getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta));
688  CHECK(sys_cat.getMetadataForUser("Arsenal", user_meta));
689  session_ars.reset(
691  user_meta,
693  ""));
694  auto& cat_mapd = session_ars->getCatalog();
695  AccessPrivileges arsenal_privs;
696  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::ALL_DATABASE));
698  privObjects.clear();
699  mapd_object.loadKey(cat_mapd);
700  mapd_object.resetPrivileges();
701  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
702  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
703 
704  mapd_object.resetPrivileges();
705  mapd_object.setPermissionType(TableDBObjectType);
706  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_TABLE));
707  privObjects.push_back(mapd_object);
708  mapd_object.setPermissionType(ViewDBObjectType);
709  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_VIEW));
710  privObjects.push_back(mapd_object);
711  mapd_object.setPermissionType(DashboardDBObjectType);
712  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_DASHBOARD));
713  privObjects.push_back(mapd_object);
714  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
715 
716  mapd_object.resetPrivileges();
717  privObjects.clear();
718  mapd_object.setPermissionType(TableDBObjectType);
719  ASSERT_NO_THROW(arsenal_privs.remove(AccessPrivileges::SELECT_FROM_TABLE));
720  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
721  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
722 
723  mapd_object.resetPrivileges();
724  privObjects.clear();
725  arsenal_privs.reset();
726  mapd_object.setPermissionType(DashboardDBObjectType);
727  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::DELETE_DASHBOARD));
728  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
729  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
730 
731  mapd_object.resetPrivileges();
732  privObjects.clear();
733  mapd_object.setPermissionType(ViewDBObjectType);
734  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_VIEW));
735  privObjects.push_back(mapd_object);
736  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
737 
738  mapd_object.resetPrivileges();
739  privObjects.clear();
740  mapd_object.setPermissionType(DashboardDBObjectType);
741  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::DELETE_DASHBOARD));
742  privObjects.push_back(mapd_object);
743  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
744 
745  mapd_object.resetPrivileges();
746  privObjects.clear();
747  mapd_object.setPermissionType(TableDBObjectType);
748  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::SELECT_FROM_TABLE));
749  privObjects.push_back(mapd_object);
750  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
751 
752  mapd_object.resetPrivileges();
753  privObjects.clear();
754  arsenal_privs.reset();
755  mapd_object.setPermissionType(DatabaseDBObjectType);
756  ASSERT_NO_THROW(arsenal_privs.add(AccessPrivileges::ALL_DATABASE));
757  ASSERT_NO_THROW(mapd_object.setPrivileges(arsenal_privs));
758  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", mapd_object, cat_mapd));
759 
760  mapd_object.resetPrivileges();
761  privObjects.clear();
762  mapd_object.setPermissionType(ViewDBObjectType);
763  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::ALL_VIEW));
764  privObjects.push_back(mapd_object);
765  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
766 
767  mapd_object.resetPrivileges();
768  privObjects.clear();
769  mapd_object.setPermissionType(TableDBObjectType);
770  ASSERT_NO_THROW(mapd_object.setPrivileges(AccessPrivileges::INSERT_INTO_TABLE));
771  privObjects.push_back(mapd_object);
772  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
773 }
774 
775 TEST_F(TableObject, AccessDefaultsTest) {
776  auto session = QR::get()->getSession();
777  CHECK(session);
778  auto& cat = session->getCatalog();
779  ASSERT_NO_THROW(sys_cat.grantRole("Sudens", "Bayern"));
780  ASSERT_NO_THROW(sys_cat.grantRole("OldLady", "Juventus"));
781  AccessPrivileges epl_privs;
782  AccessPrivileges seriea_privs;
783  AccessPrivileges bundesliga_privs;
784  ASSERT_NO_THROW(epl_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
785  ASSERT_NO_THROW(seriea_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
786  ASSERT_NO_THROW(bundesliga_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
787  privObjects.clear();
788  DBObject epl_object("epl", DBObjectType::TableDBObjectType);
789  DBObject seriea_object("seriea", DBObjectType::TableDBObjectType);
790  DBObject bundesliga_object("bundesliga", DBObjectType::TableDBObjectType);
791  epl_object.loadKey(cat);
792  seriea_object.loadKey(cat);
793  bundesliga_object.loadKey(cat);
794  ASSERT_NO_THROW(epl_object.setPrivileges(epl_privs));
795  ASSERT_NO_THROW(seriea_object.setPrivileges(seriea_privs));
796  ASSERT_NO_THROW(bundesliga_object.setPrivileges(bundesliga_privs));
797  privObjects.push_back(epl_object);
798  privObjects.push_back(seriea_object);
799  privObjects.push_back(bundesliga_object);
800 
801  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
802  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
803  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
804  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
805 }
806 TEST_F(TableObject, AccessAfterGrantsTest) {
807  auto session = QR::get()->getSession();
808  CHECK(session);
809  auto& cat = session->getCatalog();
810  ASSERT_NO_THROW(sys_cat.grantRole("Sudens", "Bayern"));
811  ASSERT_NO_THROW(sys_cat.grantRole("OldLady", "Juventus"));
812  AccessPrivileges epl_privs;
813  AccessPrivileges seriea_privs;
814  AccessPrivileges bundesliga_privs;
815  ASSERT_NO_THROW(epl_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
816  ASSERT_NO_THROW(seriea_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
817  ASSERT_NO_THROW(bundesliga_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
818  privObjects.clear();
819  DBObject epl_object("epl", DBObjectType::TableDBObjectType);
820  DBObject seriea_object("seriea", DBObjectType::TableDBObjectType);
821  DBObject bundesliga_object("bundesliga", DBObjectType::TableDBObjectType);
822  epl_object.loadKey(cat);
823  seriea_object.loadKey(cat);
824  bundesliga_object.loadKey(cat);
825  ASSERT_NO_THROW(epl_object.setPrivileges(epl_privs));
826  ASSERT_NO_THROW(seriea_object.setPrivileges(seriea_privs));
827  ASSERT_NO_THROW(bundesliga_object.setPrivileges(bundesliga_privs));
828  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Arsenal", epl_object, cat));
829  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Sudens", bundesliga_object, cat));
830  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("OldLady", seriea_object, cat));
831 
832  privObjects.push_back(epl_object);
833  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
834  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
835  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
836  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
837  privObjects.clear();
838  privObjects.push_back(seriea_object);
839  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
840  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
841  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
842  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
843  privObjects.clear();
844  privObjects.push_back(bundesliga_object);
845  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
846  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
847  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
848  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
849 }
850 
851 TEST_F(TableObject, AccessAfterRevokesTest) {
852  auto session = QR::get()->getSession();
853  CHECK(session);
854  auto& cat = session->getCatalog();
855  ASSERT_NO_THROW(sys_cat.grantRole("OldLady", "Juventus"));
856  ASSERT_NO_THROW(sys_cat.grantRole("Gunners", "Arsenal"));
857  AccessPrivileges epl_privs;
858  AccessPrivileges seriea_privs;
859  AccessPrivileges bundesliga_privs;
860  ASSERT_NO_THROW(epl_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
861  ASSERT_NO_THROW(epl_privs.add(AccessPrivileges::INSERT_INTO_TABLE));
862  ASSERT_NO_THROW(seriea_privs.add(AccessPrivileges::SELECT_FROM_TABLE));
863  ASSERT_NO_THROW(bundesliga_privs.add(AccessPrivileges::ALL_TABLE));
864  privObjects.clear();
865  DBObject epl_object("epl", DBObjectType::TableDBObjectType);
866  DBObject seriea_object("seriea", DBObjectType::TableDBObjectType);
867  DBObject bundesliga_object("bundesliga", DBObjectType::TableDBObjectType);
868  epl_object.loadKey(cat);
869  seriea_object.loadKey(cat);
870  bundesliga_object.loadKey(cat);
871  ASSERT_NO_THROW(epl_object.setPrivileges(epl_privs));
872  ASSERT_NO_THROW(seriea_object.setPrivileges(seriea_privs));
873  ASSERT_NO_THROW(bundesliga_object.setPrivileges(bundesliga_privs));
874  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Gunners", epl_object, cat));
875  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Bayern", bundesliga_object, cat));
876  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("OldLady", seriea_object, cat));
877 
878  privObjects.push_back(epl_object);
879  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
880  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
881  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
882  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
883  privObjects.clear();
884  privObjects.push_back(seriea_object);
885  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
886  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
887  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
888  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
889  privObjects.clear();
890  privObjects.push_back(bundesliga_object);
891  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
892  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
893  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
894  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
895 
896  epl_object.resetPrivileges();
897  seriea_object.resetPrivileges();
898  bundesliga_object.resetPrivileges();
899  ASSERT_NO_THROW(epl_privs.remove(AccessPrivileges::SELECT_FROM_TABLE));
900  ASSERT_NO_THROW(epl_object.setPrivileges(epl_privs));
901  ASSERT_NO_THROW(seriea_object.setPrivileges(seriea_privs));
902  ASSERT_NO_THROW(bundesliga_object.setPrivileges(bundesliga_privs));
903  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Gunners", epl_object, cat));
904  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Bayern", bundesliga_object, cat));
905  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("OldLady", seriea_object, cat));
906 
907  epl_object.resetPrivileges();
908 
909  ASSERT_NO_THROW(epl_object.setPrivileges(AccessPrivileges::SELECT_FROM_TABLE));
910  privObjects.clear();
911  privObjects.push_back(epl_object);
912  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
913  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
914 
915  epl_object.resetPrivileges();
916  ASSERT_NO_THROW(epl_object.setPrivileges(AccessPrivileges::INSERT_INTO_TABLE));
917  privObjects.clear();
918  privObjects.push_back(epl_object);
919  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
920  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
921 
922  seriea_object.resetPrivileges();
923  ASSERT_NO_THROW(seriea_object.setPrivileges(AccessPrivileges::SELECT_FROM_TABLE));
924  privObjects.clear();
925  privObjects.push_back(seriea_object);
926  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
927  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
928 
929  seriea_object.resetPrivileges();
930  ASSERT_NO_THROW(seriea_object.setPrivileges(AccessPrivileges::INSERT_INTO_TABLE));
931  privObjects.clear();
932  privObjects.push_back(seriea_object);
933  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
934  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
935 
936  bundesliga_object.resetPrivileges();
937  ASSERT_NO_THROW(bundesliga_object.setPrivileges(AccessPrivileges::ALL_TABLE));
938  privObjects.clear();
939  privObjects.push_back(bundesliga_object);
940  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
941  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
942 }
943 
944 void testViewPermissions(std::string user, std::string roleToGrant) {
945  DBObject bill_view("bill_view", DBObjectType::ViewDBObjectType);
946  auto session = QR::get()->getSession();
947  CHECK(session);
948  auto& cat = session->getCatalog();
949  bill_view.loadKey(cat);
950  std::vector<DBObject> privs;
951 
953  privs = {bill_view};
954  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
955 
957  privs = {bill_view};
958  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
959 
961  privs = {bill_view};
962  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
963 
965  sys_cat.grantDBObjectPrivileges(roleToGrant, bill_view, cat);
967  privs = {bill_view};
968  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), true);
969 
971  sys_cat.grantDBObjectPrivileges(roleToGrant, bill_view, cat);
973  privs = {bill_view};
974  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), true);
975 
977  sys_cat.grantDBObjectPrivileges(roleToGrant, bill_view, cat);
979  privs = {bill_view};
980  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), true);
981 
983  sys_cat.revokeDBObjectPrivileges(roleToGrant, bill_view, cat);
985  privs = {bill_view};
986  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
987 
989  sys_cat.revokeDBObjectPrivileges(roleToGrant, bill_view, cat);
991  privs = {bill_view};
992  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
993 
995  sys_cat.revokeDBObjectPrivileges(roleToGrant, bill_view, cat);
997  privs = {bill_view};
998  EXPECT_EQ(sys_cat.checkPrivileges(user, privs), false);
999 }
1000 
1001 TEST_F(ViewObject, UserRoleBobGetsGrants) {
1002  testViewPermissions("bob", "bob");
1003 }
1004 
1005 TEST_F(ViewObject, GroupRoleFooGetsGrants) {
1006  testViewPermissions("foo", "salesDept");
1007 }
1008 
1009 TEST_F(ViewObject, CalciteViewResolution) {
1010  const auto session = QR::get()->getSession();
1011  TPlanResult result =
1012  ::g_calcite->process(*session, "select * from bill_table", {}, true, false, false);
1013  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from.size(), (size_t)1);
1014  EXPECT_EQ(result.primary_accessed_objects.tables_inserted_into.size(), (size_t)0);
1015  EXPECT_EQ(result.primary_accessed_objects.tables_updated_in.size(), (size_t)0);
1016  EXPECT_EQ(result.primary_accessed_objects.tables_deleted_from.size(), (size_t)0);
1017  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from[0], "bill_table");
1018  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from.size(), (size_t)1);
1019  EXPECT_EQ(result.resolved_accessed_objects.tables_inserted_into.size(), (size_t)0);
1020  EXPECT_EQ(result.resolved_accessed_objects.tables_updated_in.size(), (size_t)0);
1021  EXPECT_EQ(result.resolved_accessed_objects.tables_deleted_from.size(), (size_t)0);
1022  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from[0], "bill_table");
1023 
1024  result =
1025  ::g_calcite->process(*session, "select * from bill_view", {}, true, false, false);
1026  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from.size(), (size_t)1);
1027  EXPECT_EQ(result.primary_accessed_objects.tables_inserted_into.size(), (size_t)0);
1028  EXPECT_EQ(result.primary_accessed_objects.tables_updated_in.size(), (size_t)0);
1029  EXPECT_EQ(result.primary_accessed_objects.tables_deleted_from.size(), (size_t)0);
1030  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from[0], "bill_view");
1031  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from.size(), (size_t)1);
1032  EXPECT_EQ(result.resolved_accessed_objects.tables_inserted_into.size(), (size_t)0);
1033  EXPECT_EQ(result.resolved_accessed_objects.tables_updated_in.size(), (size_t)0);
1034  EXPECT_EQ(result.resolved_accessed_objects.tables_deleted_from.size(), (size_t)0);
1035  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from[0], "bill_table");
1036 
1037  result = ::g_calcite->process(
1038  *session, "select * from bill_view_outer", {}, true, false, false);
1039  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from.size(), (size_t)1);
1040  EXPECT_EQ(result.primary_accessed_objects.tables_inserted_into.size(), (size_t)0);
1041  EXPECT_EQ(result.primary_accessed_objects.tables_updated_in.size(), (size_t)0);
1042  EXPECT_EQ(result.primary_accessed_objects.tables_deleted_from.size(), (size_t)0);
1043  EXPECT_EQ(result.primary_accessed_objects.tables_selected_from[0], "bill_view_outer");
1044  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from.size(), (size_t)1);
1045  EXPECT_EQ(result.resolved_accessed_objects.tables_inserted_into.size(), (size_t)0);
1046  EXPECT_EQ(result.resolved_accessed_objects.tables_updated_in.size(), (size_t)0);
1047  EXPECT_EQ(result.resolved_accessed_objects.tables_deleted_from.size(), (size_t)0);
1048  EXPECT_EQ(result.resolved_accessed_objects.tables_selected_from[0], "bill_table");
1049 }
1050 
1051 TEST_F(DashboardObject, AccessDefaultsTest) {
1052  const auto cat = QR::get()->getCatalog();
1053  ASSERT_NO_THROW(sys_cat.grantRole("Gunners", "Bayern"));
1054  ASSERT_NO_THROW(sys_cat.grantRole("Sudens", "Arsenal"));
1055  AccessPrivileges dash_priv;
1056  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1057  privObjects.clear();
1059  dash_object.loadKey(*cat);
1060  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1061  privObjects.push_back(dash_object);
1062 
1063  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
1064  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
1065  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
1066  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
1067 }
1068 
1069 TEST_F(DashboardObject, AccessAfterGrantsTest) {
1070  const auto cat = QR::get()->getCatalog();
1071  ASSERT_NO_THROW(sys_cat.grantRole("Gunners", "Arsenal"));
1072  AccessPrivileges dash_priv;
1073  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1074  privObjects.clear();
1076  dash_object.loadKey(*cat);
1077  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1078  privObjects.push_back(dash_object);
1079  ASSERT_NO_THROW(
1080  sys_cat.grantDBObjectPrivilegesBatch({"Gunners", "Juventus"}, {dash_object}, *cat));
1081 
1082  privObjects.clear();
1083  privObjects.push_back(dash_object);
1084  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
1085  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
1086  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
1087  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
1088 }
1089 
1090 TEST_F(DashboardObject, AccessAfterRevokesTest) {
1091  const auto cat = QR::get()->getCatalog();
1092  ASSERT_NO_THROW(sys_cat.grantRole("OldLady", "Juventus"));
1093  ASSERT_NO_THROW(sys_cat.grantRole("Sudens", "Bayern"));
1094  AccessPrivileges dash_priv;
1095  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1096  privObjects.clear();
1098  dash_object.loadKey(*cat);
1099  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1100  privObjects.push_back(dash_object);
1101  ASSERT_NO_THROW(
1102  sys_cat.grantDBObjectPrivilegesBatch({"OldLady", "Arsenal"}, {dash_object}, *cat));
1103 
1104  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
1105  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
1106  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), true);
1107  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
1108 
1109  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("OldLady", dash_object, *cat));
1110  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
1111  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), true);
1112  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
1113  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), false);
1114 
1115  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Arsenal", dash_object, *cat));
1116  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Bayern", dash_object, *cat));
1117  EXPECT_EQ(sys_cat.checkPrivileges("Chelsea", privObjects), true);
1118  EXPECT_EQ(sys_cat.checkPrivileges("Arsenal", privObjects), false);
1119  EXPECT_EQ(sys_cat.checkPrivileges("Juventus", privObjects), false);
1120  EXPECT_EQ(sys_cat.checkPrivileges("Bayern", privObjects), true);
1121 }
1122 
1123 TEST_F(DashboardObject, GranteesDefaultListTest) {
1124  const auto cat = QR::get()->getCatalog();
1125  auto perms_list =
1126  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1127  static_cast<int>(DBObjectType::DashboardDBObjectType),
1128  id);
1129  int size = static_cast<int>(perms_list.size());
1130  ASSERT_EQ(size, 0);
1131 }
1132 
1133 TEST_F(DashboardObject, GranteesListAfterGrantsTest) {
1134  const auto cat = QR::get()->getCatalog();
1135  auto perms_list =
1136  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1137  static_cast<int>(DBObjectType::DashboardDBObjectType),
1138  id);
1139  int recs1 = static_cast<int>(perms_list.size());
1140  ASSERT_NO_THROW(sys_cat.grantRole("OldLady", "Juventus"));
1141  AccessPrivileges dash_priv;
1142  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1143  privObjects.clear();
1145  dash_object.loadKey(*cat);
1146  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1147  privObjects.push_back(dash_object);
1148  ASSERT_NO_THROW(
1149  sys_cat.grantDBObjectPrivilegesBatch({"OldLady", "Bayern"}, {dash_object}, *cat));
1150  perms_list =
1151  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1152  static_cast<int>(DBObjectType::DashboardDBObjectType),
1153  id);
1154  int recs2 = static_cast<int>(perms_list.size());
1155  ASSERT_NE(recs1, recs2);
1156  ASSERT_EQ(recs2, 2);
1157  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1158  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1159  ASSERT_FALSE(perms_list[1]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1160 
1161  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::EDIT_DASHBOARD));
1162  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1163  ASSERT_NO_THROW(sys_cat.grantDBObjectPrivileges("Bayern", dash_object, *cat));
1164  perms_list =
1165  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1166  static_cast<int>(DBObjectType::DashboardDBObjectType),
1167  id);
1168  int recs3 = static_cast<int>(perms_list.size());
1169  ASSERT_EQ(recs3, 2);
1170  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1171  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1172  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1173 }
1174 
1175 TEST_F(DashboardObject, GranteesListAfterRevokesTest) {
1176  const auto cat = QR::get()->getCatalog();
1177  auto perms_list =
1178  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1179  static_cast<int>(DBObjectType::DashboardDBObjectType),
1180  id);
1181  int recs1 = static_cast<int>(perms_list.size());
1182  ASSERT_NO_THROW(sys_cat.grantRole("Gunners", "Arsenal"));
1183  AccessPrivileges dash_priv;
1184  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1185  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::EDIT_DASHBOARD));
1186  privObjects.clear();
1188  dash_object.loadKey(*cat);
1189  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1190  privObjects.push_back(dash_object);
1191  ASSERT_NO_THROW(
1192  sys_cat.grantDBObjectPrivilegesBatch({"Gunners", "Bayern"}, {dash_object}, *cat));
1193  perms_list =
1194  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1195  static_cast<int>(DBObjectType::DashboardDBObjectType),
1196  id);
1197  int recs2 = static_cast<int>(perms_list.size());
1198  ASSERT_NE(recs1, recs2);
1199  ASSERT_EQ(recs2, 2);
1200  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1201  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1202  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1203  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1204 
1205  ASSERT_NO_THROW(dash_priv.remove(AccessPrivileges::VIEW_DASHBOARD));
1206  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1207  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Gunners", dash_object, *cat));
1208  perms_list =
1209  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1210  static_cast<int>(DBObjectType::DashboardDBObjectType),
1211  id);
1212  int recs3 = static_cast<int>(perms_list.size());
1213  ASSERT_EQ(recs3, 2);
1214  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1215  ASSERT_FALSE(perms_list[0]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1216  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1217  ASSERT_TRUE(perms_list[1]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1218 
1219  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::VIEW_DASHBOARD));
1220  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1221  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Gunners", dash_object, *cat));
1222  perms_list =
1223  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1224  static_cast<int>(DBObjectType::DashboardDBObjectType),
1225  id);
1226  int recs4 = static_cast<int>(perms_list.size());
1227  ASSERT_EQ(recs4, 1);
1228  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::VIEW_DASHBOARD));
1229  ASSERT_TRUE(perms_list[0]->privs.hasPermission(DashboardPrivileges::EDIT_DASHBOARD));
1230 
1231  ASSERT_NO_THROW(dash_priv.add(AccessPrivileges::EDIT_DASHBOARD));
1232  ASSERT_NO_THROW(dash_object.setPrivileges(dash_priv));
1233  ASSERT_NO_THROW(sys_cat.revokeDBObjectPrivileges("Bayern", dash_object, *cat));
1234  perms_list =
1235  sys_cat.getMetadataForObject(cat->getCurrentDB().dbId,
1236  static_cast<int>(DBObjectType::DashboardDBObjectType),
1237  id);
1238  int recs5 = static_cast<int>(perms_list.size());
1239  ASSERT_EQ(recs1, recs5);
1240  ASSERT_EQ(recs5, 0);
1241 }
1242 
1243 void create_tables(std::string prefix, int max) {
1244  const auto cat = QR::get()->getCatalog();
1245  for (int i = 0; i < max; i++) {
1246  std::string name = prefix + std::to_string(i);
1247  run_ddl_statement("CREATE TABLE " + name + " (id integer);");
1248  auto td = cat->getMetadataForTable(name, false);
1249  ASSERT_TRUE(td);
1250  ASSERT_EQ(td->isView, false);
1251  ASSERT_EQ(td->tableName, name);
1252  }
1253 }
1254 
1255 void create_views(std::string prefix, int max) {
1256  const auto cat = QR::get()->getCatalog();
1257  for (int i = 0; i < max; i++) {
1258  std::string name = "view_" + prefix + std::to_string(i);
1259  run_ddl_statement("CREATE VIEW " + name + " AS SELECT * FROM " + prefix +
1260  std::to_string(i) + ";");
1261  auto td = cat->getMetadataForTable(name, false);
1262  ASSERT_TRUE(td);
1263  ASSERT_EQ(td->isView, true);
1264  ASSERT_EQ(td->tableName, name);
1265  }
1266 }
1267 
1268 void create_dashboards(std::string prefix, int max) {
1269  auto session = QR::get()->getSession();
1270  CHECK(session);
1271  auto& cat = session->getCatalog();
1272  for (int i = 0; i < max; i++) {
1273  std::string name = "dash_" + prefix + std::to_string(i);
1275  vd.dashboardName = name;
1276  vd.dashboardState = name;
1277  vd.imageHash = name;
1278  vd.dashboardMetadata = name;
1279  vd.userId = session->get_currentUser().userId;
1280  ASSERT_EQ(0, session->get_currentUser().userId);
1281  vd.user = session->get_currentUser().userName;
1282  cat.createDashboard(vd);
1283 
1284  auto fvd = cat.getMetadataForDashboard(
1285  std::to_string(session->get_currentUser().userId), name);
1286  ASSERT_TRUE(fvd);
1287  ASSERT_EQ(fvd->dashboardName, name);
1288  }
1289 }
1290 
1291 void assert_grants(std::string prefix, int i, bool expected) {
1292  auto session = QR::get()->getSession();
1293  CHECK(session);
1294  auto& cat = session->getCatalog();
1295 
1296  DBObject tablePermission(prefix + std::to_string(i), DBObjectType::TableDBObjectType);
1297  try {
1298  sys_cat.getDBObjectPrivileges("bob", tablePermission, cat);
1299  } catch (std::runtime_error& e) {
1300  }
1301  ASSERT_EQ(
1302  expected,
1304 
1305  DBObject viewPermission("view_" + prefix + std::to_string(i),
1307  try {
1308  sys_cat.getDBObjectPrivileges("bob", viewPermission, cat);
1309  } catch (std::runtime_error& e) {
1310  }
1311  ASSERT_EQ(
1312  expected,
1313  viewPermission.getPrivileges().hasPermission(ViewPrivileges::SELECT_FROM_VIEW));
1314 
1315  auto fvd =
1316  cat.getMetadataForDashboard(std::to_string(session->get_currentUser().userId),
1317  "dash_" + prefix + std::to_string(i));
1318  DBObject dashPermission(fvd->dashboardId, DBObjectType::DashboardDBObjectType);
1319  try {
1320  sys_cat.getDBObjectPrivileges("bob", dashPermission, cat);
1321  } catch (std::runtime_error& e) {
1322  }
1323  ASSERT_EQ(
1324  expected,
1326 }
1327 
1328 void check_grant_access(std::string prefix, int max) {
1329  auto session = QR::get()->getSession();
1330  CHECK(session);
1331  auto& cat = session->getCatalog();
1332 
1333  for (int i = 0; i < max; i++) {
1334  assert_grants(prefix, i, false);
1335 
1336  auto fvd =
1337  cat.getMetadataForDashboard(std::to_string(session->get_currentUser().userId),
1338  "dash_" + prefix + std::to_string(i));
1339  run_ddl_statement("GRANT SELECT ON TABLE " + prefix + std::to_string(i) + " TO bob;");
1340  run_ddl_statement("GRANT SELECT ON VIEW view_" + prefix + std::to_string(i) +
1341  " TO bob;");
1342  run_ddl_statement("GRANT VIEW ON DASHBOARD " + std::to_string(fvd->dashboardId) +
1343  " TO bob;");
1344  assert_grants(prefix, i, true);
1345 
1346  run_ddl_statement("REVOKE SELECT ON TABLE " + prefix + std::to_string(i) +
1347  " FROM bob;");
1348  run_ddl_statement("REVOKE SELECT ON VIEW view_" + prefix + std::to_string(i) +
1349  " FROM bob;");
1350  run_ddl_statement("REVOKE VIEW ON DASHBOARD " + std::to_string(fvd->dashboardId) +
1351  " FROM bob;");
1352  assert_grants(prefix, i, false);
1353  }
1354 }
1355 
1356 void drop_dashboards(std::string prefix, int max) {
1357  auto session = QR::get()->getSession();
1358  CHECK(session);
1359  auto& cat = session->getCatalog();
1360 
1361  for (int i = 0; i < max; i++) {
1362  std::string name = "dash_" + prefix + std::to_string(i);
1363 
1364  cat.deleteMetadataForDashboard(std::to_string(session->get_currentUser().userId),
1365  name);
1366  auto fvd = cat.getMetadataForDashboard(
1367  std::to_string(session->get_currentUser().userId), name);
1368  ASSERT_FALSE(fvd);
1369  }
1370 }
1371 
1372 void drop_views(std::string prefix, int max) {
1373  const auto cat = QR::get()->getCatalog();
1374 
1375  for (int i = 0; i < max; i++) {
1376  std::string name = "view_" + prefix + std::to_string(i);
1377  run_ddl_statement("DROP VIEW " + name + ";");
1378  auto td = cat->getMetadataForTable(name, false);
1379  ASSERT_FALSE(td);
1380  }
1381 }
1382 
1383 void drop_tables(std::string prefix, int max) {
1384  const auto cat = QR::get()->getCatalog();
1385 
1386  for (int i = 0; i < max; i++) {
1387  std::string name = prefix + std::to_string(i);
1388  run_ddl_statement("DROP TABLE " + name + ";");
1389  auto td = cat->getMetadataForTable(name, false);
1390  ASSERT_FALSE(td);
1391  }
1392 }
1393 
1394 void run_concurrency_test(std::string prefix, int max) {
1395  create_tables(prefix, max);
1396  create_views(prefix, max);
1397  create_dashboards(prefix, max);
1398  check_grant_access(prefix, max);
1399  drop_dashboards(prefix, max);
1400  drop_views(prefix, max);
1401  drop_tables(prefix, max);
1402 }
1403 
1404 TEST(Catalog, Concurrency) {
1405  run_ddl_statement("CREATE USER bob (password = 'password', is_super = 'false');");
1406  std::string prefix = "for_bob";
1407 
1408  // only a single thread at the moment!
1409  // because calcite access the sqlite-dbs
1410  // directly when started in this mode
1411  int num_threads = 1;
1412  std::vector<std::shared_ptr<std::thread>> my_threads;
1413 
1414  for (int i = 0; i < num_threads; i++) {
1415  std::string prefix = "for_bob_" + std::to_string(i) + "_";
1416  my_threads.push_back(
1417  std::make_shared<std::thread>(run_concurrency_test, prefix, 100));
1418  }
1419 
1420  for (auto& thread : my_threads) {
1421  thread->join();
1422  }
1423 
1424  run_ddl_statement("DROP USER bob;");
1425 }
1426 
1427 TEST(DBObject, LoadKey) {
1428  static const std::string tbname{"test_tb"};
1429  static const std::string vwname{"test_vw"};
1430 
1431  // cleanup
1432  struct CleanupGuard {
1433  ~CleanupGuard() {
1434  run_ddl_statement("DROP VIEW IF EXISTS " + vwname + ";");
1435  run_ddl_statement("DROP TABLE IF EXISTS " + tbname + ";");
1436  }
1437  } cleanupGuard;
1438 
1439  // setup
1440  run_ddl_statement("CREATE TABLE IF NOT EXISTS " + tbname + "(id integer);");
1441  run_ddl_statement("CREATE VIEW IF NOT EXISTS " + vwname + " AS SELECT id FROM " +
1442  tbname + ";");
1443 
1444  // test the LoadKey() function
1446 
1450 
1451  ASSERT_NO_THROW(dbo1.loadKey());
1452  ASSERT_NO_THROW(dbo2.loadKey(*cat));
1453  ASSERT_NO_THROW(dbo3.loadKey(*cat));
1454 }
1455 
1456 TEST(SysCatalog, RenameUser_Basic) {
1457  using namespace std::string_literals;
1458  auto username = "chuck"s;
1459  auto database_name = "nydb"s;
1460  auto rename_successful = false;
1461 
1462  ScopeGuard scope_guard = [&rename_successful] {
1463  if (rename_successful) {
1464  run_ddl_statement("DROP USER cryingchuck;");
1465  } else {
1466  run_ddl_statement("DROP USER chuck");
1467  }
1468  run_ddl_statement("DROP DATABASE nydb;");
1469  };
1470 
1472  auto username_out(username);
1473  auto database_out(database_name);
1474 
1475  run_ddl_statement("CREATE USER chuck (password='password');");
1476  run_ddl_statement("CREATE DATABASE nydb (owner='chuck');");
1477  run_ddl_statement("ALTER USER chuck (default_db='nydb')");
1478 
1479  // Check ability to login
1480  ASSERT_NO_THROW(
1481  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1482 
1483  // Rename should be fine
1484  EXPECT_NO_THROW(run_ddl_statement("ALTER USER chuck RENAME TO cryingchuck;"););
1485 
1486  rename_successful = true;
1487 
1488  // Check if we can login as the new user
1489  username_out = "cryingchuck"s;
1490  ASSERT_NO_THROW(
1491  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1492 }
1493 
1494 TEST(SysCatalog, RenameUser_AlreadyExisting) {
1495  using namespace std::string_literals;
1496 
1497  auto username = "chuck"s;
1498  auto new_username = "marcy"s;
1499 
1500  ScopeGuard scope_guard = [] {
1501  run_ddl_statement("DROP USER chuck;");
1502  run_ddl_statement("DROP USER marcy;");
1503  };
1504 
1505  run_ddl_statement("CREATE USER chuck (password='password');");
1506  run_ddl_statement("CREATE USER marcy (password='password');");
1507 
1508  EXPECT_THROW(run_ddl_statement("ALTER USER chuck RENAME TO marcy;"),
1509  std::runtime_error);
1510 }
1511 
1512 TEST(SysCatalog, RenameUser_UserDoesntExist) {
1513  using namespace std::string_literals;
1514 
1515  EXPECT_THROW(run_ddl_statement("ALTER USER lemont RENAME TO sanford;"),
1516  std::runtime_error);
1517 }
1518 
1519 namespace {
1520 
1521 std::unique_ptr<QR> get_qr_for_user(
1522  const std::string& user_name,
1523  const Catalog_Namespace::UserMetadata& user_metadata) {
1524  auto session = std::make_unique<Catalog_Namespace::SessionInfo>(
1526  user_metadata,
1528  "");
1529  return std::make_unique<QR>(std::move(session));
1530 }
1531 
1532 } // namespace
1533 
1534 TEST(SysCatalog, RenameUser_AlreadyLoggedInQueryAfterRename) {
1535  using namespace std::string_literals;
1536  auto username = "chuck"s;
1537  auto database_name = "nydb"s;
1538  auto rename_successful = false;
1539 
1540  ScopeGuard scope_guard = [&rename_successful] {
1541  if (rename_successful) {
1542  run_ddl_statement("DROP USER cryingchuck;");
1543  } else {
1544  run_ddl_statement("DROP USER chuck");
1545  }
1546  run_ddl_statement("DROP DATABASE nydb;");
1547  };
1548 
1550  auto username_out(username);
1551  auto database_out(database_name);
1552 
1553  EXPECT_NO_THROW(run_ddl_statement("CREATE USER chuck (password='password');"));
1554  EXPECT_NO_THROW(run_ddl_statement("CREATE DATABASE nydb (owner='chuck');"));
1555  EXPECT_NO_THROW(run_ddl_statement("ALTER USER chuck (default_db='nydb')"));
1556 
1557  // Check ability to login
1558  ASSERT_NO_THROW(
1559  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1560 
1561  auto dt = ExecutorDeviceType::CPU;
1562 
1564  username_out = "chuck"s;
1565  database_out = "nydb"s;
1566  ASSERT_NO_THROW(
1567  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1568 
1569  auto chuck_qr = get_qr_for_user("nydb"s, user_meta2);
1570  EXPECT_NO_THROW(chuck_qr->runDDLStatement("create table chaos ( x integer );"));
1571  EXPECT_NO_THROW(chuck_qr->runSQL("insert into chaos values ( 1234 );", dt));
1572 
1573  // Rename should be fine
1574  EXPECT_NO_THROW(run_ddl_statement("ALTER USER chuck RENAME TO cryingchuck;"););
1575 
1576  rename_successful = true;
1577 
1578  // After the rename, can we query with the old session?
1579  EXPECT_THROW(chuck_qr->runSQL("select x from chaos limit 1;", dt), std::runtime_error);
1580 
1582  username_out = "cryingchuck"s;
1583  ASSERT_NO_THROW(
1584  sys_cat.login(database_out, username_out, "password"s, user_meta3, false));
1585 
1586  auto cryingchuck_qr = get_qr_for_user("nydb"s, user_meta3);
1587  // After the rename, can we query with the new session?
1588  auto result = cryingchuck_qr->runSQL("select x from chaos limit 1;", dt);
1589  ASSERT_EQ(result->rowCount(), size_t(1));
1590  const auto crt_row = result->getNextRow(true, true);
1591  ASSERT_EQ(crt_row.size(), size_t(1));
1592  ASSERT_EQ(1234, v<int64_t>(crt_row[0]));
1593 }
1594 
1595 TEST(SysCatalog, RenameUser_ReloginWithOldName) {
1596  using namespace std::string_literals;
1597  auto username = "chuck"s;
1598  auto database_name = "nydb"s;
1599  auto rename_successful = false;
1600 
1601  ScopeGuard scope_guard = [&rename_successful] {
1602  if (rename_successful) {
1603  run_ddl_statement("DROP USER cryingchuck;");
1604  } else {
1605  run_ddl_statement("DROP USER chuck");
1606  }
1607  run_ddl_statement("DROP DATABASE nydb;");
1608  };
1609 
1611  auto username_out(username);
1612  auto database_out(database_name);
1613 
1614  EXPECT_NO_THROW(run_ddl_statement("CREATE USER chuck (password='password');"));
1615  EXPECT_NO_THROW(run_ddl_statement("CREATE DATABASE nydb (owner='chuck');"));
1616  EXPECT_NO_THROW(run_ddl_statement("ALTER USER chuck (default_db='nydb')"));
1617 
1618  // Check ability to login
1619  ASSERT_NO_THROW(
1620  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1621 
1623  username_out = "chuck"s;
1624  database_out = "nydb"s;
1625  ASSERT_NO_THROW(
1626  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1627 
1628  auto chuck_session = std::make_unique<Catalog_Namespace::SessionInfo>(
1629  Catalog_Namespace::Catalog::get("nydb"s), user_meta2, ExecutorDeviceType::CPU, "");
1630  auto chuck_qr = std::make_unique<QR>(std::move(chuck_session));
1631  EXPECT_NO_THROW(chuck_qr->runDDLStatement("create table chaos ( x integer );"));
1632  EXPECT_NO_THROW(
1633  chuck_qr->runSQL("insert into chaos values ( 1234 );", ExecutorDeviceType::CPU));
1634 
1635  // Rename should be fine
1636  EXPECT_NO_THROW(run_ddl_statement("ALTER USER chuck RENAME TO cryingchuck;"););
1637 
1638  rename_successful = true;
1639 
1641  EXPECT_THROW(sys_cat.login(database_out, username_out, "password"s, user_meta3, false),
1642  std::runtime_error);
1643 }
1644 
1645 TEST(SysCatalog, RenameUser_CheckPrivilegeTransfer) {
1646  using namespace std::string_literals;
1647  auto rename_successful = false;
1648 
1649  ScopeGuard s = [&rename_successful] {
1650  run_ddl_statement("DROP USER rom;");
1651 
1652  if (rename_successful) {
1653  run_ddl_statement("DROP USER renamed_quark;");
1654  } else {
1655  run_ddl_statement("DROP USER quark;");
1656  }
1657  run_ddl_statement("DROP DATABASE Ferengi;");
1658  };
1659 
1660  EXPECT_NO_THROW(
1661  run_ddl_statement("CREATE USER quark (password='password',is_super='false');"));
1662  EXPECT_NO_THROW(
1663  run_ddl_statement("CREATE USER rom (password='password',is_super='false');"));
1664  EXPECT_NO_THROW(run_ddl_statement("CREATE DATABASE Ferengi (owner='rom');"));
1665 
1666  auto database_out = "Ferengi"s;
1667  auto username_out = "rom"s;
1669  ASSERT_NO_THROW(
1670  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1671 
1672  auto dt = ExecutorDeviceType::CPU;
1673 
1674  // Log in as rom, create the database tables
1676  username_out = "rom"s;
1677  database_out = "Ferengi"s;
1678  ASSERT_NO_THROW(
1679  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1680 
1681  auto rom_session = std::make_unique<Catalog_Namespace::SessionInfo>(
1682  Catalog_Namespace::Catalog::get("Ferengi"s),
1683  user_meta2,
1685  "");
1686  auto rom_qr = std::make_unique<QR>(std::move(rom_session));
1687 
1688  EXPECT_NO_THROW(
1689  rom_qr->runDDLStatement("create table bank_account ( latinum integer );"));
1690  EXPECT_NO_THROW(
1691  rom_qr->runDDLStatement("create view riches as select * from bank_account;"));
1692  EXPECT_NO_THROW(rom_qr->runSQL("insert into bank_account values (1234);", dt));
1693 
1694  EXPECT_NO_THROW(rom_qr->runDDLStatement("grant access on database Ferengi to quark;"));
1695  EXPECT_NO_THROW(
1696  rom_qr->runDDLStatement("grant select on table bank_account to quark;"));
1697  EXPECT_NO_THROW(rom_qr->runDDLStatement("grant select on view riches to quark;"));
1698 
1699  run_ddl_statement("ALTER USER quark RENAME TO renamed_quark;");
1700 
1701  rename_successful = true;
1702 
1704  username_out = "renamed_quark"s;
1705  database_out = "Ferengi"s;
1706  ASSERT_NO_THROW(
1707  sys_cat.login(database_out, username_out, "password"s, user_meta3, false));
1708 
1709  auto renamed_quark_session = std::make_unique<Catalog_Namespace::SessionInfo>(
1710  Catalog_Namespace::Catalog::get("Ferengi"s),
1711  user_meta3,
1713  "");
1714  auto renamed_quark_qr = std::make_unique<QR>(std::move(renamed_quark_session));
1715 
1716  EXPECT_NO_THROW(renamed_quark_qr->runSQL("select * from bank_account;", dt));
1717  EXPECT_NO_THROW(renamed_quark_qr->runSQL("select * from riches;", dt));
1718 }
1719 
1720 TEST(SysCatalog, RenameUser_SuperUserRenameCheck) {
1721  using namespace std::string_literals;
1722 
1723  ScopeGuard s = [] {
1724  run_ddl_statement("DROP USER rom;");
1725  run_ddl_statement("DROP USER quark;");
1726 
1727  run_ddl_statement("DROP DATABASE Ferengi;");
1728  };
1729 
1730  run_ddl_statement("CREATE USER quark (password='password',is_super='false');");
1731  run_ddl_statement("CREATE USER rom (password='password',is_super='false');");
1732  run_ddl_statement("CREATE DATABASE Ferengi (owner='rom');");
1733 
1734  auto database_out = "Ferengi"s;
1735  auto username_out = "rom"s;
1737  ASSERT_NO_THROW(
1738  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1739 
1740  // Log in as rom, create the database tables
1742  username_out = "rom"s;
1743  database_out = "Ferengi"s;
1744  ASSERT_NO_THROW(
1745  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1746 
1747  auto rom_session = std::make_unique<Catalog_Namespace::SessionInfo>(
1748  Catalog_Namespace::Catalog::get("Ferengi"s),
1749  user_meta2,
1751  "");
1752  auto rom_qr = std::make_unique<QR>(std::move(rom_session));
1753  EXPECT_THROW(rom_qr->runDDLStatement("ALTER USER quark RENAME TO renamed_quark;"),
1754  std::runtime_error);
1755 }
1756 
1757 TEST(SysCatalog, RenameDatabase_Basic) {
1758  using namespace std::string_literals;
1759  auto username = "magicwand"s;
1760  auto database_name = "gdpgrowth"s;
1761 
1762  auto rename_successful = false;
1763 
1764  ScopeGuard scope_guard = [&rename_successful] {
1765  if (!rename_successful) {
1766  run_ddl_statement("DROP DATABASE gdpgrowth;");
1767  } else {
1768  run_ddl_statement("DROP DATABASE moregdpgrowth;");
1769  }
1770  run_ddl_statement("DROP USER magicwand;");
1771  };
1772 
1773  run_ddl_statement("CREATE DATABASE gdpgrowth;");
1775  "CREATE USER magicwand (password='threepercent', default_db='gdpgrowth');");
1776 
1778  auto username_out(username);
1779  auto database_out(database_name);
1780 
1781  ASSERT_NO_THROW(
1782  sys_cat.login(database_out, username_out, "threepercent"s, user_meta, false));
1783  EXPECT_EQ(database_name, database_out);
1784 
1785  rename_successful = true;
1786 
1787  run_ddl_statement("ALTER DATABASE gdpgrowth RENAME TO moregdpgrowth;");
1788 
1789  username_out = username;
1790  database_out = database_name;
1791 
1792  EXPECT_THROW(
1793  sys_cat.login(database_out, username_out, "threepercent"s, user_meta, false),
1794  std::runtime_error);
1795 
1796  username_out = username;
1797  database_out = "moregdpgrowth";
1798 
1799  // Successfully login
1800  EXPECT_NO_THROW(
1801  sys_cat.login(database_out, username_out, "threepercent"s, user_meta, false));
1802 }
1803 
1804 TEST(SysCatalog, RenameDatabase_WrongUser) {
1805  using namespace std::string_literals;
1806  auto username = "reader"s;
1807  auto database_name = "fnews"s;
1808 
1809  ScopeGuard scope_gard = [] {
1810  run_ddl_statement("DROP USER reader;");
1811  run_ddl_statement("DROP USER jkyle;");
1812 
1813  run_ddl_statement("DROP DATABASE qworg;");
1814  run_ddl_statement("DROP DATABASE fnews;");
1815  };
1816 
1817  run_ddl_statement("CREATE USER reader (password='rabbit');");
1818  run_ddl_statement("CREATE USER jkyle (password='password');");
1819 
1820  run_ddl_statement("CREATE DATABASE fnews (owner='reader');");
1821  run_ddl_statement("CREATE DATABASE qworg (owner='jkyle');");
1822 
1823  run_ddl_statement("ALTER USER reader (default_db='fnews');");
1824  run_ddl_statement("ALTER USER jkyle (default_db='qworg');");
1825 
1827  auto username_out(username);
1828  auto database_out(database_name);
1829 
1830  ASSERT_NO_THROW(sys_cat.login(database_out, username_out, "rabbit"s, user_meta, false));
1831  EXPECT_EQ(database_name, database_out);
1832 
1834  username_out = "jkyle"s;
1835  database_out = "qworg"s;
1836  ASSERT_NO_THROW(
1837  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1838 
1839  // Should not be permissable
1840  auto alternate_qr = get_qr_for_user("qworg"s, user_meta2);
1841  EXPECT_THROW(alternate_qr->runDDLStatement("ALTER DATABASE fnews RENAME TO cnn;"),
1842  std::runtime_error);
1843 }
1844 
1845 TEST(SysCatalog, RenameDatabase_SuperUser) {
1846  using namespace std::string_literals;
1847  auto username = "maurypovich"s;
1848  auto database_name = "paternitydb"s;
1849 
1850  auto rename_successful = false;
1851 
1852  ScopeGuard scope_guard = [&rename_successful] {
1853  run_ddl_statement("DROP USER maurypovich;");
1854  run_ddl_statement("DROP USER thefather;");
1855  run_ddl_statement("DROP DATABASE trouble;");
1856  if (rename_successful) {
1857  run_ddl_statement("DROP DATABASE nachovater;");
1858  } else {
1859  run_ddl_statement("DROP DATABASE paternitydb;");
1860  }
1861  };
1862 
1863  run_ddl_statement("CREATE USER maurypovich (password='password');");
1864  run_ddl_statement("CREATE USER thefather (password='password',is_super='true');");
1865 
1866  run_ddl_statement("CREATE DATABASE paternitydb (owner='maurypovich');");
1867  run_ddl_statement("CREATE DATABASE trouble (owner='thefather');");
1868 
1869  run_ddl_statement("ALTER USER maurypovich (default_db='paternitydb');");
1870  run_ddl_statement("ALTER USER thefather (default_db='trouble');");
1871 
1873  auto username_out(username);
1874  auto database_out(database_name);
1875 
1876  ASSERT_NO_THROW(
1877  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1878  EXPECT_EQ(database_name, database_out);
1879 
1881  username_out = "thefather"s;
1882  database_out = "trouble"s;
1883  ASSERT_NO_THROW(
1884  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1885 
1886  auto alternate_qr = get_qr_for_user("trouble"s, user_meta2);
1887  EXPECT_NO_THROW(
1888  alternate_qr->runDDLStatement("ALTER DATABASE paternitydb RENAME TO nachovater;"));
1889 
1890  rename_successful = true;
1891 }
1892 
1893 TEST(SysCatalog, RenameDatabase_ExistingDB) {
1894  using namespace std::string_literals;
1895  auto username = "rickgrimes"s;
1896  auto database_name = "zombies"s;
1897 
1898  ScopeGuard scope_guard = [] {
1899  run_ddl_statement("DROP DATABASE zombies;");
1900  run_ddl_statement("DROP DATABASE vampires;");
1901  run_ddl_statement("DROP USER rickgrimes;");
1902  };
1903 
1904  run_ddl_statement("CREATE DATABASE zombies;");
1905  run_ddl_statement("CREATE DATABASE vampires;");
1907  "CREATE USER rickgrimes (password='password', default_db='zombies');");
1908 
1910  auto username_out(username);
1911  auto database_out(database_name);
1912 
1913  ASSERT_NO_THROW(
1914  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1915  EXPECT_EQ(database_name, database_out);
1916 
1917  EXPECT_THROW(run_ddl_statement("ALTER DATABASE zombies RENAME TO vampires;"),
1918  std::runtime_error);
1919 }
1920 
1921 TEST(SysCatalog, RenameDatabase_FailedCopy) {
1922  using namespace std::string_literals;
1923  auto trash_file_path = sys_cat.getBasePath() + "/mapd_catalogs/trash";
1924 
1925  ScopeGuard s = [&trash_file_path] {
1926  boost::filesystem::remove(trash_file_path);
1927  run_ddl_statement("DROP DATABASE hatchets;");
1928  run_ddl_statement("DROP USER bury;");
1929  };
1930 
1931  std::ofstream trash_file(trash_file_path);
1932  trash_file << "trash!";
1933  trash_file.close();
1934 
1935  auto username = "bury"s;
1936  auto database_name = "hatchets"s;
1937 
1938  run_ddl_statement("CREATE DATABASE hatchets;");
1939  run_ddl_statement("CREATE USER bury (password='password', default_db='hatchets');");
1940 
1942  auto username_out(username);
1943  auto database_out(database_name);
1944 
1945  ASSERT_NO_THROW(
1946  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1947  EXPECT_EQ(database_name, database_out);
1948 
1949  // Check that the file inteferes with the copy operation
1950  EXPECT_THROW(run_ddl_statement("ALTER DATABASE hatchets RENAME TO trash;"),
1951  std::runtime_error);
1952 
1953  // Now, check to see if we can log back into the original database
1954  ASSERT_NO_THROW(
1955  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1956 }
1957 
1958 TEST(SysCatalog, RenameDatabase_PrivsTest) {
1959  using namespace std::string_literals;
1960  auto rename_successful = false;
1961 
1962  ScopeGuard s = [&rename_successful] {
1963  run_ddl_statement("DROP USER quark;");
1964  run_ddl_statement("DROP USER rom;");
1965 
1966  if (rename_successful) {
1967  run_ddl_statement("DROP DATABASE grandnagus;");
1968  } else {
1969  run_ddl_statement("DROP DATABASE Ferengi;");
1970  }
1971  };
1972 
1973  run_ddl_statement("CREATE USER quark (password='password',is_super='false');");
1974  run_ddl_statement("CREATE USER rom (password='password',is_super='false');");
1975  run_ddl_statement("CREATE DATABASE Ferengi (owner='rom');");
1976 
1977  auto database_out = "Ferengi"s;
1978  auto username_out = "rom"s;
1980  ASSERT_NO_THROW(
1981  sys_cat.login(database_out, username_out, "password"s, user_meta, false));
1982 
1983  auto dt = ExecutorDeviceType::CPU;
1984 
1985  // Log in as rom, create the database tables
1987  username_out = "rom"s;
1988  database_out = "Ferengi"s;
1989  ASSERT_NO_THROW(
1990  sys_cat.login(database_out, username_out, "password"s, user_meta2, false));
1991 
1992  auto rom_qr = get_qr_for_user("Ferengi"s, user_meta2);
1993  EXPECT_NO_THROW(
1994  rom_qr->runDDLStatement("create table bank_account ( latinum integer );"));
1995  EXPECT_NO_THROW(
1996  rom_qr->runDDLStatement("create view riches as select * from bank_account;"));
1997  EXPECT_NO_THROW(rom_qr->runSQL("insert into bank_account values (1234);", dt));
1998 
1999  EXPECT_NO_THROW(rom_qr->runDDLStatement("grant access on database Ferengi to quark;"));
2000  EXPECT_NO_THROW(
2001  rom_qr->runDDLStatement("grant select on table bank_account to quark;"));
2002  EXPECT_NO_THROW(rom_qr->runDDLStatement("grant select on view riches to quark;"));
2003 
2004  EXPECT_NO_THROW(
2005  rom_qr->runDDLStatement("ALTER DATABASE Ferengi RENAME TO grandnagus;"));
2006 
2007  rename_successful = true;
2008 
2010  username_out = "quark"s;
2011  database_out = "grandnagus"s;
2012  ASSERT_NO_THROW(
2013  sys_cat.login(database_out, username_out, "password"s, user_meta3, false));
2014 
2015  auto quark_qr = get_qr_for_user("grandnagus"s, user_meta3);
2016 
2017  EXPECT_NO_THROW(quark_qr->runSQL("select * from bank_account;", dt));
2018  EXPECT_NO_THROW(quark_qr->runSQL("select * from riches;", dt));
2019 }
2020 
2021 TEST(SysCatalog, GetDatabaseList) {
2022  static const std::string username{"test_user"};
2023  static const std::string username2{username + "2"};
2024  static const std::string dbname{"test_db"};
2025  static const std::string dbname2{dbname + "2"};
2026  static const std::string dbname3{dbname + "3"};
2027  static const std::string dbname4{dbname + "4"};
2028 
2029  // cleanup
2030  struct CleanupGuard {
2031  ~CleanupGuard() {
2032  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname4 + ";");
2033  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname3 + ";");
2034  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname2 + ";");
2035  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname + ";");
2036  run_ddl_statement("DROP USER " + username2 + ";");
2037  run_ddl_statement("DROP USER " + username + ";");
2038  }
2039  } cleanupGuard;
2040 
2041  // setup
2042  run_ddl_statement("CREATE USER " + username + " (password = 'password');");
2043  run_ddl_statement("CREATE USER " + username2 + " (password = 'password');");
2044  run_ddl_statement("CREATE DATABASE " + dbname + "(owner='" + username + "');");
2045  run_ddl_statement("CREATE DATABASE " + dbname2 + "(owner='" + username2 + "');");
2046  run_ddl_statement("CREATE DATABASE " + dbname3 + "(owner='" + username2 + "');");
2047  run_ddl_statement("CREATE DATABASE " + dbname4 + "(owner='" + username + "');");
2048  run_ddl_statement("GRANT ACCESS ON DATABASE " + dbname + " TO " + username2 + ";");
2049  run_ddl_statement("GRANT ACCESS ON DATABASE " + dbname3 + " TO " + username + ";");
2050 
2051  Catalog_Namespace::UserMetadata user_meta, user_meta2;
2052  CHECK(sys_cat.getMetadataForUser(username, user_meta));
2053  CHECK(sys_cat.getMetadataForUser(username2, user_meta2));
2054 
2055  // test database list for arbitrary user #1
2056  auto dblist = sys_cat.getDatabaseListForUser(user_meta);
2057  EXPECT_EQ(dblist.front().dbName, dbname);
2058  EXPECT_EQ(dblist.front().dbOwnerName, username);
2059 
2060  dblist.pop_front();
2061  EXPECT_EQ(dblist.front().dbName, dbname3);
2062  EXPECT_EQ(dblist.front().dbOwnerName, username2);
2063 
2064  dblist.pop_front();
2065  EXPECT_EQ(dblist.front().dbName, dbname4);
2066  EXPECT_EQ(dblist.front().dbOwnerName, username);
2067 
2068  // test database list for arbitrary user #2
2069  dblist = sys_cat.getDatabaseListForUser(user_meta2);
2070  EXPECT_EQ(dblist.front().dbName, dbname);
2071  EXPECT_EQ(dblist.front().dbOwnerName, username);
2072 
2073  dblist.pop_front();
2074  EXPECT_EQ(dblist.front().dbName, dbname2);
2075  EXPECT_EQ(dblist.front().dbOwnerName, username2);
2076 
2077  dblist.pop_front();
2078  EXPECT_EQ(dblist.front().dbName, dbname3);
2079  EXPECT_EQ(dblist.front().dbOwnerName, username2);
2080 }
2081 
2082 TEST(SysCatalog, LoginWithDefaultDatabase) {
2083  static const std::string username{"test_user"};
2084  static const std::string dbname{"test_db"};
2085  static const std::string dbnamex{dbname + "x"};
2086 
2087  // cleanup
2088  struct CleanupGuard {
2089  ~CleanupGuard() {
2090  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname + ";");
2091  run_ddl_statement("DROP DATABASE IF EXISTS " + dbnamex + ";");
2092  run_ddl_statement("DROP USER " + username + ";");
2093  }
2094  } cleanupGuard;
2095 
2096  // setup
2097  run_ddl_statement("CREATE DATABASE " + dbname + ";");
2098  run_ddl_statement("CREATE DATABASE " + dbnamex + ";");
2099  run_ddl_statement("CREATE USER " + username +
2100  " (password = 'password', default_db = '" + dbnamex + "');");
2102 
2103  // test the user's default database
2104  std::string username2{username};
2105  std::string dbname2{dbname};
2106  ASSERT_NO_THROW(sys_cat.login(dbname2, username2, "password", user_meta, false));
2107  EXPECT_EQ(dbname2, dbname); // correctly ignored user's default of dbnamex
2108 
2109  username2 = username;
2110  dbname2.clear();
2111  ASSERT_NO_THROW(sys_cat.login(dbname2, username2, "password", user_meta, false));
2112  EXPECT_EQ(dbname2, dbnamex); // correctly used user's default of dbnamex
2113 
2114  // change the user's default database
2115  ASSERT_NO_THROW(
2116  run_ddl_statement("ALTER USER " + username + " (default_db = '" + dbname + "');"));
2117 
2118  // test the user's default database
2119  username2 = username;
2120  dbname2.clear();
2121  ASSERT_NO_THROW(sys_cat.login(dbname2, username2, "password", user_meta, false));
2122  EXPECT_EQ(dbname2, dbname); // correctly used user's default of dbname
2123 
2124  // remove the user's default database
2125  ASSERT_NO_THROW(run_ddl_statement("ALTER USER " + username + " (default_db = NULL);"));
2126 
2127  // test the user's default database
2128  username2 = username;
2129  dbname2.clear();
2130  ASSERT_NO_THROW(sys_cat.login(dbname2, username2, "password", user_meta, false));
2131  EXPECT_EQ(dbname2,
2132  OMNISCI_DEFAULT_DB); // correctly fell back to system default database
2133 }
2134 
2135 TEST(SysCatalog, SwitchDatabase) {
2136  static const std::string username{"test_user"};
2137  static std::string dbname{"test_db"};
2138  static std::string dbname2{dbname + "2"};
2139  static std::string dbname3{dbname + "3"};
2140 
2141  // cleanup
2142  struct CleanupGuard {
2143  ~CleanupGuard() {
2144  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname3 + ";");
2145  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname2 + ";");
2146  run_ddl_statement("DROP DATABASE IF EXISTS " + dbname + ";");
2147  run_ddl_statement("DROP USER " + username + ";");
2148  }
2149  } cleanupGuard;
2150 
2151  // setup
2152  run_ddl_statement("CREATE USER " + username + " (password = 'password');");
2153  run_ddl_statement("CREATE DATABASE " + dbname + "(owner='" + username + "');");
2154  run_ddl_statement("CREATE DATABASE " + dbname2 + "(owner='" + username + "');");
2155  run_ddl_statement("CREATE DATABASE " + dbname3 + "(owner='" + username + "');");
2156  run_ddl_statement("REVOKE ACCESS ON DATABASE " + dbname3 + " FROM " + username + ";");
2157 
2158  // test some attempts to switch database
2159  ASSERT_NO_THROW(sys_cat.switchDatabase(dbname, username));
2160  ASSERT_NO_THROW(sys_cat.switchDatabase(dbname, username));
2161  ASSERT_NO_THROW(sys_cat.switchDatabase(dbname2, username));
2162  ASSERT_THROW(sys_cat.switchDatabase(dbname3, username), std::runtime_error);
2163 }
2164 
2165 namespace {
2166 
2167 void compare_user_lists(const std::vector<std::string>& expected,
2168  const std::list<Catalog_Namespace::UserMetadata>& actual) {
2169  ASSERT_EQ(expected.size(), actual.size());
2170  size_t i = 0;
2171  for (const auto user : actual) {
2172  ASSERT_EQ(expected[i++], user.userName);
2173  }
2174 }
2175 
2176 } // namespace
2177 
2178 TEST(SysCatalog, AllUserMetaTest) {
2179  using namespace std::string_literals;
2180  Users users_;
2181 
2182  static const auto champions = "champions"s;
2183  static const auto europa = "europa"s;
2184 
2185  struct ExpectedUserLists {
2186  const std::vector<std::string> super_default = {"admin",
2187  "Chelsea",
2188  "Arsenal",
2189  "Juventus",
2190  "Bayern"};
2191  const std::vector<std::string> user_default = {"Arsenal", "Bayern"};
2192  const std::vector<std::string> user_champions = {"Juventus", "Bayern"};
2193  const std::vector<std::string> user_europa = {"Arsenal", "Juventus"};
2194  } expected;
2195 
2196  run_ddl_statement("DROP DATABASE IF EXISTS " + champions + ";");
2197  run_ddl_statement("DROP DATABASE IF EXISTS " + europa + ";");
2198  run_ddl_statement("CREATE DATABASE " + champions + ";");
2199  run_ddl_statement("CREATE DATABASE " + europa + ";");
2200  run_ddl_statement("GRANT ACCESS ON DATABASE " + champions + " TO Bayern;");
2201  run_ddl_statement("GRANT ACCESS ON DATABASE " + champions + " TO Juventus;");
2202  run_ddl_statement("GRANT ACCESS ON DATABASE " + OMNISCI_DEFAULT_DB + " TO Arsenal;");
2203  run_ddl_statement("GRANT CREATE ON DATABASE " + champions + " TO Juventus;");
2204  run_ddl_statement("GRANT SELECT ON DATABASE " + europa + " TO Arsenal;");
2205  run_ddl_statement("GRANT CREATE ON DATABASE " + OMNISCI_DEFAULT_DB + " TO Bayern;");
2206  run_ddl_statement("GRANT SELECT ON DATABASE " + europa + " TO Juventus;");
2207 
2209  auto db_default(OMNISCI_DEFAULT_DB);
2210  auto db_champions(champions);
2211  auto db_europa(europa);
2212  auto user_chelsea("Chelsea"s);
2213  auto user_arsenal("Arsenal"s);
2214  auto user_bayern("Bayern"s);
2215 
2216  // Super User
2217  ASSERT_NO_THROW(sys_cat.login(db_default, user_chelsea, "password"s, user_meta, false));
2218  const auto suser_list = sys_cat.getAllUserMetadata();
2219  compare_user_lists(expected.super_default, suser_list);
2220 
2221  ASSERT_NO_THROW(
2222  sys_cat.login(db_champions, user_chelsea, "password"s, user_meta, false));
2223  const auto suser_list1 = sys_cat.getAllUserMetadata();
2224  compare_user_lists(expected.super_default, suser_list1);
2225 
2226  ASSERT_NO_THROW(sys_cat.login(db_europa, user_chelsea, "password"s, user_meta, false));
2227  const auto suser_list2 = sys_cat.getAllUserMetadata();
2228  compare_user_lists(expected.super_default, suser_list2);
2229 
2230  // Normal User
2232  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_default, db));
2233  ASSERT_NO_THROW(sys_cat.login(db_default, user_arsenal, "password"s, user_meta, false));
2234  const auto nuser_list = sys_cat.getAllUserMetadata(db.dbId);
2235  compare_user_lists(expected.user_default, nuser_list);
2236 
2237  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_champions, db));
2238  ASSERT_NO_THROW(
2239  sys_cat.login(db_champions, user_bayern, "password"s, user_meta, false));
2240  const auto nuser_list1 = sys_cat.getAllUserMetadata(db.dbId);
2241  compare_user_lists(expected.user_champions, nuser_list1);
2242 
2243  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_europa, db));
2244  ASSERT_NO_THROW(sys_cat.login(db_europa, user_arsenal, "password"s, user_meta, false));
2245  const auto nuser_list2 = sys_cat.getAllUserMetadata(db.dbId);
2246  compare_user_lists(expected.user_europa, nuser_list2);
2247 }
2248 
2249 TEST(SysCatalog, RecursiveRolesUserMetaData) {
2250  using namespace std::string_literals;
2251  Users users_;
2252  Roles roles_;
2253 
2254  static const auto champions = "champions"s;
2255  static const auto europa = "europa"s;
2256  static const auto london = "london"s;
2257  static const auto north_london = "north_london"s;
2258  static const auto munich = "munich"s;
2259  static const auto turin = "turin"s;
2260 
2261  struct CleanupGuard {
2262  ~CleanupGuard() {
2263  run_ddl_statement("DROP ROLE " + london + ";");
2264  run_ddl_statement("DROP ROLE " + north_london + ";");
2265  run_ddl_statement("DROP ROLE " + munich + ";");
2266  run_ddl_statement("DROP ROLE " + turin + ";");
2267  }
2268  } cleanupGuard;
2269 
2270  struct ExpectedUserLists {
2271  const std::vector<std::string> user_default = {"Arsenal", "Bayern"};
2272  const std::vector<std::string> user_champions = {"Juventus", "Bayern"};
2273  const std::vector<std::string> user_europa = {"Arsenal", "Juventus"};
2274  } expected;
2275 
2276  run_ddl_statement("CREATE ROLE " + london + ";");
2277  run_ddl_statement("CREATE ROLE " + north_london + ";");
2278  run_ddl_statement("CREATE ROLE " + munich + ";");
2279  run_ddl_statement("CREATE ROLE " + turin + ";");
2280  run_ddl_statement("DROP DATABASE IF EXISTS " + champions + ";");
2281  run_ddl_statement("DROP DATABASE IF EXISTS " + europa + ";");
2282  run_ddl_statement("CREATE DATABASE " + champions + ";");
2283  run_ddl_statement("CREATE DATABASE " + europa + ";");
2284  run_ddl_statement("GRANT ACCESS ON DATABASE " + champions + " TO Sudens;");
2285  run_ddl_statement("GRANT ACCESS ON DATABASE " + champions + " TO OldLady;");
2286  run_ddl_statement("GRANT ACCESS ON DATABASE " + OMNISCI_DEFAULT_DB + " TO Gunners;");
2287  run_ddl_statement("GRANT CREATE ON DATABASE " + champions + " TO OldLady;");
2288  run_ddl_statement("GRANT SELECT ON DATABASE " + europa + " TO Gunners;");
2289  run_ddl_statement("GRANT CREATE ON DATABASE " + OMNISCI_DEFAULT_DB + " TO Sudens;");
2290  run_ddl_statement("GRANT SELECT ON DATABASE " + europa + " TO OldLady;");
2291 
2293  auto db_default(OMNISCI_DEFAULT_DB);
2294  auto db_champions(champions);
2295  auto db_europa(europa);
2296  auto user_chelsea("Chelsea"s);
2297  auto user_arsenal("Arsenal"s);
2298  auto user_bayern("Bayern"s);
2299  auto user_juventus("Juventus"s);
2300 
2301  run_ddl_statement("GRANT Gunners to " + london + ";");
2302  run_ddl_statement("GRANT " + london + " to " + north_london + ";");
2303  run_ddl_statement("GRANT " + north_london + " to " + user_arsenal + ";");
2304  run_ddl_statement("GRANT Sudens to " + user_bayern + ";");
2305  run_ddl_statement("GRANT OldLady to " + user_juventus + ";");
2306 
2308  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_default, db));
2309  ASSERT_NO_THROW(sys_cat.login(db_default, user_arsenal, "password"s, user_meta, false));
2310  const auto nuser_list = sys_cat.getAllUserMetadata(db.dbId);
2311  compare_user_lists(expected.user_default, nuser_list);
2312 
2313  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_champions, db));
2314  ASSERT_NO_THROW(
2315  sys_cat.login(db_champions, user_bayern, "password"s, user_meta, false));
2316  const auto nuser_list1 = sys_cat.getAllUserMetadata(db.dbId);
2317  compare_user_lists(expected.user_champions, nuser_list1);
2318 
2319  ASSERT_NO_THROW(sys_cat.getMetadataForDB(db_europa, db));
2320  ASSERT_NO_THROW(sys_cat.login(db_europa, user_arsenal, "password"s, user_meta, false));
2321  const auto nuser_list2 = sys_cat.getAllUserMetadata(db.dbId);
2322  compare_user_lists(expected.user_europa, nuser_list2);
2323 }
2324 
2325 int main(int argc, char* argv[]) {
2327  testing::InitGoogleTest(&argc, argv);
2328 
2330 
2331  g_calcite = QR::get()->getCatalog()->getCalciteMgr();
2332 
2333  int err{0};
2334  try {
2335  err = RUN_ALL_TESTS();
2336  } catch (const std::exception& e) {
2337  LOG(ERROR) << e.what();
2338  }
2339  QR::reset();
2340  return err;
2341 }
static const AccessPrivileges TRUNCATE_VIEW
Definition: DBObject.h:177
static const AccessPrivileges VIEW_SQL_EDITOR
Definition: DBObject.h:145
static const AccessPrivileges VIEW_DASHBOARD
Definition: DBObject.h:164
void compare_user_lists(const std::vector< std::string > &expected, const std::list< Catalog_Namespace::UserMetadata > &actual)
static const int32_t SELECT_FROM_VIEW
Definition: DBObject.h:115
int main(int argc, char *argv[])
void create_tables(std::string prefix, int max)
void check_grant_access(std::string prefix, int max)
TEST_F(GrantSyntax, MultiPrivilegeGrantRevoke)
static const AccessPrivileges ALL_DATABASE
Definition: DBObject.h:144
static const AccessPrivileges ALTER_TABLE
Definition: DBObject.h:158
#define LOG(tag)
Definition: Logger.h:182
static std::shared_ptr< Catalog > get(const std::string &dbName)
Definition: Catalog.cpp:2988
static const AccessPrivileges INSERT_INTO_TABLE
Definition: DBObject.h:154
static const AccessPrivileges CREATE_DASHBOARD
Definition: DBObject.h:163
TEST(UserRoles, InvalidGrantsRevokesTest)
#define BASE_PATH
void setPrivileges(const AccessPrivileges &privs)
Definition: DBObject.h:202
Catalog_Namespace::DBMetadata db_meta
std::unique_ptr< QR > get_qr_for_user(const std::string &user_name, const Catalog_Namespace::UserMetadata &user_metadata)
static const AccessPrivileges SELECT_FROM_TABLE
Definition: DBObject.h:153
std::string to_string(char const *&&v)
DashboardDescriptor vd1
static QueryRunner * init(const char *db_path, const std::string &udf_filename="", const size_t max_gpu_mem=0, const int reserved_gpu_mem=256<< 20)
Definition: QueryRunner.h:70
void drop_views(std::string prefix, int max)
static const AccessPrivileges ALL_VIEW
Definition: DBObject.h:170
void remove(AccessPrivileges newprivs)
Definition: DBObject.h:139
void add(AccessPrivileges newprivs)
Definition: DBObject.h:138
static SysCatalog & instance()
Definition: SysCatalog.h:240
T v(const TargetValue &r)
void drop_dashboards(std::string prefix, int max)
void setPermissionType(const DBObjectType &permissionType)
Definition: DBObject.cpp:136
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
static const AccessPrivileges DROP_TABLE
Definition: DBObject.h:152
Catalog_Namespace::UserMetadata user_meta
void resetPrivileges()
Definition: DBObject.h:203
virtual void runDDLStatement(const std::string &)
static const AccessPrivileges DELETE_FROM_TABLE
Definition: DBObject.h:156
void create_dashboards(std::string prefix, int max)
void drop_tables(std::string prefix, int max)
static const int32_t EDIT_DASHBOARD
Definition: DBObject.h:105
static const AccessPrivileges CREATE_TABLE
Definition: DBObject.h:151
std::shared_ptr< Catalog_Namespace::Catalog > getCatalog() const
static QueryRunner * get()
Definition: QueryRunner.h:115
void loadKey()
Definition: DBObject.cpp:165
const AccessPrivileges & getPrivileges() const
Definition: DBObject.h:201
static const AccessPrivileges SELECT_FROM_VIEW
Definition: DBObject.h:173
virtual ~Users()
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:162
static const AccessPrivileges ACCESS
Definition: DBObject.h:146
static const int32_t VIEW_DASHBOARD
Definition: DBObject.h:104
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:150
static const AccessPrivileges DROP_VIEW
Definition: DBObject.h:172
#define CHECK(condition)
Definition: Logger.h:187
static const AccessPrivileges CREATE_VIEW
Definition: DBObject.h:171
void init_logger_stderr_only(int argc, char const *const *argv)
Definition: TestHelpers.h:194
void assert_grants(std::string prefix, int i, bool expected)
boost::variant< ScalarTargetValue, ArrayTargetValue, GeoTargetValue, GeoTargetValuePtr > TargetValue
Definition: TargetValue.h:167
bool hasPermission(int permission) const
Definition: DBObject.h:134
static const AccessPrivileges DELETE_DASHBOARD
Definition: DBObject.h:166
static const int32_t SELECT_FROM_TABLE
Definition: DBObject.h:89
void run_concurrency_test(std::string prefix, int max)
static const AccessPrivileges EDIT_DASHBOARD
Definition: DBObject.h:165
static const AccessPrivileges UPDATE_IN_TABLE
Definition: DBObject.h:155
TSessionId session
Catalog_Namespace::SessionInfo * getSession() const
Definition: QueryRunner.h:124
void run_ddl_statement(std::string ddl)
void create_views(std::string prefix, int max)
void testViewPermissions(std::string user, std::string roleToGrant)