[teiid-commits] teiid SVN: r3098 - in trunk/engine/src: test/java/org/teiid/dqp/internal/process and 1 other directory.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Fri Apr 15 17:22:51 EDT 2011
Author: shawkins
Date: 2011-04-15 17:22:51 -0400 (Fri, 15 Apr 2011)
New Revision: 3098
Modified:
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java
Log:
TEIID-1550 adding support for permission checks against functions
Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java
===================================================================
--- trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java 2011-04-15 21:19:47 UTC (rev 3097)
+++ trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java 2011-04-15 21:22:51 UTC (rev 3098)
@@ -187,7 +187,7 @@
}
} else if (!allowFunctionCallsByDefault) {
String schema = obj.getFunctionDescriptor().getSchema();
- if (schema != null && !CoreConstants.SYSTEM_MODEL.equals(schema)) {
+ if (schema != null && !isSystemSchema(schema)) {
Map<String, Function> map = new HashMap<String, Function>();
map.put(schema + '.' + obj.getFunctionDescriptor().getName(), obj);
validateEntitlements(PermissionType.READ, Context.FUNCTION, map);
@@ -309,7 +309,7 @@
fullName = getMetadata().getFullName(metadataID);
Object modelId = getMetadata().getModelID(metadataID);
String modelName = getMetadata().getFullName(modelId);
- if (CoreConstants.SYSTEM_MODEL.equals(modelName) || CoreConstants.ODBC_MODEL.equals(modelName)) {
+ if (isSystemSchema(modelName)) {
continue;
}
nameToSymbolMap.put(fullName, symbol);
@@ -323,6 +323,10 @@
validateEntitlements(actionCode, auditContext, nameToSymbolMap);
}
+ private boolean isSystemSchema(String modelName) {
+ return CoreConstants.SYSTEM_MODEL.equalsIgnoreCase(modelName) || CoreConstants.ODBC_MODEL.equalsIgnoreCase(modelName);
+ }
+
private void validateEntitlements(DataPolicy.PermissionType actionCode,
Context auditContext, Map<String, ? extends LanguageObject> nameToSymbolMap) {
if (nameToSymbolMap.isEmpty()) {
Modified: trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java
===================================================================
--- trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java 2011-04-15 21:19:47 UTC (rev 3097)
+++ trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java 2011-04-15 21:22:51 UTC (rev 3098)
@@ -193,8 +193,8 @@
@Test public void testFunction() throws Exception {
FunctionLibrary funcLibrary = new FunctionLibrary(FakeMetadataFactory.SFM.getSystemFunctions(), new FunctionTree("foo", new FakeFunctionMetadataSource()));
FakeMetadataFacade metadata = new FakeMetadataFacade(FakeMetadataFactory.example1Cached().getStore(), funcLibrary);
- //helpTest(exampleAuthSvc1(), "SELECT e1 FROM pm1.g1 where xyz() > 0", metadata, new String[] {}, FakeMetadataFactory.example1VDB()); //$NON-NLS-1$
- helpTest(exampleAuthSvc2(), "SELECT e1 FROM pm1.g2 where xyz() > 0", metadata, new String[] {"xyz()"}, FakeMetadataFactory.example1VDB()); //$NON-NLS-1$
+ helpTest(exampleAuthSvc1(), "SELECT e1 FROM pm1.g1 where xyz() > 0", metadata, new String[] {}, FakeMetadataFactory.example1VDB()); //$NON-NLS-1$
+ helpTest(exampleAuthSvc2(), "SELECT e1, curdate() FROM pm1.g2 where xyz() > 0", metadata, new String[] {"xyz()"}, FakeMetadataFactory.example1VDB()); //$NON-NLS-1$
}
@Test public void testEverythingAccessible() throws Exception {
More information about the teiid-commits
mailing list