Default table permissions should be NONE (#3074)

This commit is contained in:
Micha de Vries 2023-12-06 01:06:53 +01:00 committed by GitHub
parent 6f48c6fdfa
commit aac8ec8a36
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 65 additions and 60 deletions

View file

@ -17,10 +17,10 @@ use nom::{
sequence::tuple, sequence::tuple,
}; };
pub fn permissions(i: &str) -> IResult<&str, Permissions> { pub fn permissions(i: &str, default: Permission) -> IResult<&str, Permissions> {
let (i, _) = tag_no_case("PERMISSIONS")(i)?; let (i, _) = tag_no_case("PERMISSIONS")(i)?;
let (i, _) = shouldbespace(i)?; let (i, _) = shouldbespace(i)?;
cut(alt((none, full, specific)))(i) cut(alt((none, full, specific(default))))(i)
} }
fn none(i: &str) -> IResult<&str, Permissions> { fn none(i: &str) -> IResult<&str, Permissions> {
@ -33,7 +33,8 @@ fn full(i: &str) -> IResult<&str, Permissions> {
Ok((i, Permissions::full())) Ok((i, Permissions::full()))
} }
fn specific(i: &str) -> IResult<&str, Permissions> { fn specific(default: Permission) -> impl Fn(&str) -> IResult<&str, Permissions> {
move |i: &str| -> IResult<&str, Permissions> {
let (i, perms) = separated_list1(commasorspace, rule)(i)?; let (i, perms) = separated_list1(commasorspace, rule)(i)?;
Ok(( Ok((
i, i,
@ -46,7 +47,7 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
_ => None, _ => None,
}) })
}) })
.unwrap_or_default(), .unwrap_or(default.to_owned()),
create: perms create: perms
.iter() .iter()
.find_map(|x| { .find_map(|x| {
@ -55,7 +56,7 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
_ => None, _ => None,
}) })
}) })
.unwrap_or_default(), .unwrap_or(default.to_owned()),
update: perms update: perms
.iter() .iter()
.find_map(|x| { .find_map(|x| {
@ -64,7 +65,7 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
_ => None, _ => None,
}) })
}) })
.unwrap_or_default(), .unwrap_or(default.to_owned()),
delete: perms delete: perms
.iter() .iter()
.find_map(|x| { .find_map(|x| {
@ -73,9 +74,10 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
_ => None, _ => None,
}) })
}) })
.unwrap_or_default(), .unwrap_or(default.to_owned()),
}, },
)) ))
}
} }
pub fn permission(i: &str) -> IResult<&str, Permission> { pub fn permission(i: &str) -> IResult<&str, Permission> {
@ -126,7 +128,7 @@ mod test {
#[test] #[test]
fn permissions_none() { fn permissions_none() {
let sql = "PERMISSIONS NONE"; let sql = "PERMISSIONS NONE";
let res = permissions(sql); let res = permissions(sql, Permission::Full);
let out = res.unwrap().1; let out = res.unwrap().1;
assert_eq!("PERMISSIONS NONE", format!("{}", out)); assert_eq!("PERMISSIONS NONE", format!("{}", out));
assert_eq!(out, Permissions::none()); assert_eq!(out, Permissions::none());
@ -135,7 +137,7 @@ mod test {
#[test] #[test]
fn permissions_full() { fn permissions_full() {
let sql = "PERMISSIONS FULL"; let sql = "PERMISSIONS FULL";
let res = permissions(sql); let res = permissions(sql, Permission::None);
let out = res.unwrap().1; let out = res.unwrap().1;
assert_eq!("PERMISSIONS FULL", format!("{}", out)); assert_eq!("PERMISSIONS FULL", format!("{}", out));
assert_eq!(out, Permissions::full()); assert_eq!(out, Permissions::full());
@ -145,7 +147,7 @@ mod test {
fn permissions_specific() { fn permissions_specific() {
let sql = let sql =
"PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE"; "PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE";
let res = permissions(sql); let res = permissions(sql, Permission::None);
let out = res.unwrap().1; let out = res.unwrap().1;
assert_eq!( assert_eq!(
"PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE", "PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE",

View file

@ -9,7 +9,7 @@ use super::super::super::{
value::value, value::value,
IResult, IResult,
}; };
use crate::sql::{statements::DefineFieldStatement, Kind, Permissions, Strand, Value}; use crate::sql::{statements::DefineFieldStatement, Kind, Permission, Permissions, Strand, Value};
use nom::{ use nom::{
branch::alt, branch::alt,
bytes::complete::tag_no_case, bytes::complete::tag_no_case,
@ -141,6 +141,6 @@ fn field_comment(i: &str) -> IResult<&str, DefineFieldOption> {
fn field_permissions(i: &str) -> IResult<&str, DefineFieldOption> { fn field_permissions(i: &str) -> IResult<&str, DefineFieldOption> {
let (i, _) = shouldbespace(i)?; let (i, _) = shouldbespace(i)?;
let (i, v) = permissions(i)?; let (i, v) = permissions(i, Permission::Full)?;
Ok((i, DefineFieldOption::Permissions(v))) Ok((i, DefineFieldOption::Permissions(v)))
} }

View file

@ -6,7 +6,9 @@ use super::super::super::{
part::{changefeed, permission::permissions, view}, part::{changefeed, permission::permissions, view},
IResult, IResult,
}; };
use crate::sql::{statements::DefineTableStatement, ChangeFeed, Permissions, Strand, View}; use crate::sql::{
statements::DefineTableStatement, ChangeFeed, Permission, Permissions, Strand, View,
};
use nom::{branch::alt, bytes::complete::tag_no_case, combinator::cut, multi::many0}; use nom::{branch::alt, bytes::complete::tag_no_case, combinator::cut, multi::many0};
pub fn table(i: &str) -> IResult<&str, DefineTableStatement> { pub fn table(i: &str) -> IResult<&str, DefineTableStatement> {
@ -21,6 +23,7 @@ pub fn table(i: &str) -> IResult<&str, DefineTableStatement> {
// Create the base statement // Create the base statement
let mut res = DefineTableStatement { let mut res = DefineTableStatement {
name, name,
permissions: Permissions::none(),
..Default::default() ..Default::default()
}; };
// Assign any defined options // Assign any defined options
@ -116,7 +119,7 @@ fn table_comment(i: &str) -> IResult<&str, DefineTableOption> {
fn table_permissions(i: &str) -> IResult<&str, DefineTableOption> { fn table_permissions(i: &str) -> IResult<&str, DefineTableOption> {
let (i, _) = shouldbespace(i)?; let (i, _) = shouldbespace(i)?;
let (i, v) = permissions(i)?; let (i, v) = permissions(i, Permission::None)?;
Ok((i, DefineTableOption::Permissions(v))) Ok((i, DefineTableOption::Permissions(v)))
} }
@ -127,7 +130,7 @@ mod tests {
#[test] #[test]
fn define_table_with_changefeed() { fn define_table_with_changefeed() {
let sql = "TABLE mytable SCHEMALESS CHANGEFEED 1h"; let sql = "TABLE mytable SCHEMALESS CHANGEFEED 1h PERMISSIONS NONE";
let res = table(sql); let res = table(sql);
let out = res.unwrap().1; let out = res.unwrap().1;
assert_eq!(format!("DEFINE {sql}"), format!("{}", out)); assert_eq!(format!("DEFINE {sql}"), format!("{}", out));

View file

@ -122,7 +122,7 @@ async fn define_statement_table_drop() -> Result<(), Error> {
functions: {}, functions: {},
params: {}, params: {},
scopes: {}, scopes: {},
tables: { test: 'DEFINE TABLE test DROP SCHEMALESS' }, tables: { test: 'DEFINE TABLE test DROP SCHEMALESS PERMISSIONS NONE' },
users: {}, users: {},
}", }",
); );
@ -153,7 +153,7 @@ async fn define_statement_table_schemaless() -> Result<(), Error> {
functions: {}, functions: {},
params: {}, params: {},
scopes: {}, scopes: {},
tables: { test: 'DEFINE TABLE test SCHEMALESS' }, tables: { test: 'DEFINE TABLE test SCHEMALESS PERMISSIONS NONE' },
users: {}, users: {},
}", }",
); );
@ -188,7 +188,7 @@ async fn define_statement_table_schemafull() -> Result<(), Error> {
functions: {}, functions: {},
params: {}, params: {},
scopes: {}, scopes: {},
tables: { test: 'DEFINE TABLE test SCHEMAFULL' }, tables: { test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE' },
users: {}, users: {},
}", }",
); );
@ -219,7 +219,7 @@ async fn define_statement_table_schemaful() -> Result<(), Error> {
functions: {}, functions: {},
params: {}, params: {},
scopes: {}, scopes: {},
tables: { test: 'DEFINE TABLE test SCHEMAFULL' }, tables: { test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE' },
users: {}, users: {},
}", }",
); );
@ -259,8 +259,8 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
params: {}, params: {},
scopes: {}, scopes: {},
tables: { tables: {
test: 'DEFINE TABLE test SCHEMAFULL', test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE',
view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL', view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL PERMISSIONS NONE',
}, },
users: {}, users: {},
}", }",
@ -272,7 +272,7 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
"{ "{
events: {}, events: {},
fields: {}, fields: {},
tables: { view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL' }, tables: { view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL PERMISSIONS NONE' },
indexes: {}, indexes: {},
lives: {}, lives: {},
}", }",
@ -291,7 +291,7 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
params: {}, params: {},
scopes: {}, scopes: {},
tables: { tables: {
test: 'DEFINE TABLE test SCHEMAFULL', test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE',
}, },
users: {}, users: {},
}", }",
@ -1871,7 +1871,7 @@ async fn permissions_checks_define_table() {
// Define the expected results for the check statement when the test statement succeeded and when it failed // Define the expected results for the check statement when the test statement succeeded and when it failed
let check_results = [ let check_results = [
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS' }, tokens: { }, users: { } }"], vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS PERMISSIONS NONE' }, tokens: { }, users: { } }"],
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"] vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"]
]; ];

View file

@ -601,7 +601,7 @@ async fn permissions_checks_remove_table() {
// Define the expected results for the check statement when the test statement succeeded and when it failed // Define the expected results for the check statement when the test statement succeeded and when it failed
let check_results = [ let check_results = [
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"], vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS' }, tokens: { }, users: { } }"], vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS PERMISSIONS NONE' }, tokens: { }, users: { } }"],
]; ];
let test_cases = [ let test_cases = [

View file

@ -43,7 +43,7 @@ async fn define_foreign_table() -> Result<(), Error> {
"{ "{
events: {}, events: {},
fields: {}, fields: {},
tables: { person_by_age: 'DEFINE TABLE person_by_age SCHEMALESS AS SELECT count(), age, math::sum(age) AS total, math::mean(score) AS average FROM person GROUP BY age' }, tables: { person_by_age: 'DEFINE TABLE person_by_age SCHEMALESS AS SELECT count(), age, math::sum(age) AS total, math::mean(score) AS average FROM person GROUP BY age PERMISSIONS NONE' },
indexes: {}, indexes: {},
lives: {}, lives: {},
}", }",