Default table permissions should be NONE
(#3074)
This commit is contained in:
parent
6f48c6fdfa
commit
aac8ec8a36
6 changed files with 65 additions and 60 deletions
|
@ -17,10 +17,10 @@ use nom::{
|
||||||
sequence::tuple,
|
sequence::tuple,
|
||||||
};
|
};
|
||||||
|
|
||||||
pub fn permissions(i: &str) -> IResult<&str, Permissions> {
|
pub fn permissions(i: &str, default: Permission) -> IResult<&str, Permissions> {
|
||||||
let (i, _) = tag_no_case("PERMISSIONS")(i)?;
|
let (i, _) = tag_no_case("PERMISSIONS")(i)?;
|
||||||
let (i, _) = shouldbespace(i)?;
|
let (i, _) = shouldbespace(i)?;
|
||||||
cut(alt((none, full, specific)))(i)
|
cut(alt((none, full, specific(default))))(i)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn none(i: &str) -> IResult<&str, Permissions> {
|
fn none(i: &str) -> IResult<&str, Permissions> {
|
||||||
|
@ -33,7 +33,8 @@ fn full(i: &str) -> IResult<&str, Permissions> {
|
||||||
Ok((i, Permissions::full()))
|
Ok((i, Permissions::full()))
|
||||||
}
|
}
|
||||||
|
|
||||||
fn specific(i: &str) -> IResult<&str, Permissions> {
|
fn specific(default: Permission) -> impl Fn(&str) -> IResult<&str, Permissions> {
|
||||||
|
move |i: &str| -> IResult<&str, Permissions> {
|
||||||
let (i, perms) = separated_list1(commasorspace, rule)(i)?;
|
let (i, perms) = separated_list1(commasorspace, rule)(i)?;
|
||||||
Ok((
|
Ok((
|
||||||
i,
|
i,
|
||||||
|
@ -46,7 +47,7 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
|
||||||
_ => None,
|
_ => None,
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
.unwrap_or_default(),
|
.unwrap_or(default.to_owned()),
|
||||||
create: perms
|
create: perms
|
||||||
.iter()
|
.iter()
|
||||||
.find_map(|x| {
|
.find_map(|x| {
|
||||||
|
@ -55,7 +56,7 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
|
||||||
_ => None,
|
_ => None,
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
.unwrap_or_default(),
|
.unwrap_or(default.to_owned()),
|
||||||
update: perms
|
update: perms
|
||||||
.iter()
|
.iter()
|
||||||
.find_map(|x| {
|
.find_map(|x| {
|
||||||
|
@ -64,7 +65,7 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
|
||||||
_ => None,
|
_ => None,
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
.unwrap_or_default(),
|
.unwrap_or(default.to_owned()),
|
||||||
delete: perms
|
delete: perms
|
||||||
.iter()
|
.iter()
|
||||||
.find_map(|x| {
|
.find_map(|x| {
|
||||||
|
@ -73,9 +74,10 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
|
||||||
_ => None,
|
_ => None,
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
.unwrap_or_default(),
|
.unwrap_or(default.to_owned()),
|
||||||
},
|
},
|
||||||
))
|
))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn permission(i: &str) -> IResult<&str, Permission> {
|
pub fn permission(i: &str) -> IResult<&str, Permission> {
|
||||||
|
@ -126,7 +128,7 @@ mod test {
|
||||||
#[test]
|
#[test]
|
||||||
fn permissions_none() {
|
fn permissions_none() {
|
||||||
let sql = "PERMISSIONS NONE";
|
let sql = "PERMISSIONS NONE";
|
||||||
let res = permissions(sql);
|
let res = permissions(sql, Permission::Full);
|
||||||
let out = res.unwrap().1;
|
let out = res.unwrap().1;
|
||||||
assert_eq!("PERMISSIONS NONE", format!("{}", out));
|
assert_eq!("PERMISSIONS NONE", format!("{}", out));
|
||||||
assert_eq!(out, Permissions::none());
|
assert_eq!(out, Permissions::none());
|
||||||
|
@ -135,7 +137,7 @@ mod test {
|
||||||
#[test]
|
#[test]
|
||||||
fn permissions_full() {
|
fn permissions_full() {
|
||||||
let sql = "PERMISSIONS FULL";
|
let sql = "PERMISSIONS FULL";
|
||||||
let res = permissions(sql);
|
let res = permissions(sql, Permission::None);
|
||||||
let out = res.unwrap().1;
|
let out = res.unwrap().1;
|
||||||
assert_eq!("PERMISSIONS FULL", format!("{}", out));
|
assert_eq!("PERMISSIONS FULL", format!("{}", out));
|
||||||
assert_eq!(out, Permissions::full());
|
assert_eq!(out, Permissions::full());
|
||||||
|
@ -145,7 +147,7 @@ mod test {
|
||||||
fn permissions_specific() {
|
fn permissions_specific() {
|
||||||
let sql =
|
let sql =
|
||||||
"PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE";
|
"PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE";
|
||||||
let res = permissions(sql);
|
let res = permissions(sql, Permission::None);
|
||||||
let out = res.unwrap().1;
|
let out = res.unwrap().1;
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
"PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE",
|
"PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE",
|
||||||
|
|
|
@ -9,7 +9,7 @@ use super::super::super::{
|
||||||
value::value,
|
value::value,
|
||||||
IResult,
|
IResult,
|
||||||
};
|
};
|
||||||
use crate::sql::{statements::DefineFieldStatement, Kind, Permissions, Strand, Value};
|
use crate::sql::{statements::DefineFieldStatement, Kind, Permission, Permissions, Strand, Value};
|
||||||
use nom::{
|
use nom::{
|
||||||
branch::alt,
|
branch::alt,
|
||||||
bytes::complete::tag_no_case,
|
bytes::complete::tag_no_case,
|
||||||
|
@ -141,6 +141,6 @@ fn field_comment(i: &str) -> IResult<&str, DefineFieldOption> {
|
||||||
|
|
||||||
fn field_permissions(i: &str) -> IResult<&str, DefineFieldOption> {
|
fn field_permissions(i: &str) -> IResult<&str, DefineFieldOption> {
|
||||||
let (i, _) = shouldbespace(i)?;
|
let (i, _) = shouldbespace(i)?;
|
||||||
let (i, v) = permissions(i)?;
|
let (i, v) = permissions(i, Permission::Full)?;
|
||||||
Ok((i, DefineFieldOption::Permissions(v)))
|
Ok((i, DefineFieldOption::Permissions(v)))
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,9 @@ use super::super::super::{
|
||||||
part::{changefeed, permission::permissions, view},
|
part::{changefeed, permission::permissions, view},
|
||||||
IResult,
|
IResult,
|
||||||
};
|
};
|
||||||
use crate::sql::{statements::DefineTableStatement, ChangeFeed, Permissions, Strand, View};
|
use crate::sql::{
|
||||||
|
statements::DefineTableStatement, ChangeFeed, Permission, Permissions, Strand, View,
|
||||||
|
};
|
||||||
use nom::{branch::alt, bytes::complete::tag_no_case, combinator::cut, multi::many0};
|
use nom::{branch::alt, bytes::complete::tag_no_case, combinator::cut, multi::many0};
|
||||||
|
|
||||||
pub fn table(i: &str) -> IResult<&str, DefineTableStatement> {
|
pub fn table(i: &str) -> IResult<&str, DefineTableStatement> {
|
||||||
|
@ -21,6 +23,7 @@ pub fn table(i: &str) -> IResult<&str, DefineTableStatement> {
|
||||||
// Create the base statement
|
// Create the base statement
|
||||||
let mut res = DefineTableStatement {
|
let mut res = DefineTableStatement {
|
||||||
name,
|
name,
|
||||||
|
permissions: Permissions::none(),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
};
|
};
|
||||||
// Assign any defined options
|
// Assign any defined options
|
||||||
|
@ -116,7 +119,7 @@ fn table_comment(i: &str) -> IResult<&str, DefineTableOption> {
|
||||||
|
|
||||||
fn table_permissions(i: &str) -> IResult<&str, DefineTableOption> {
|
fn table_permissions(i: &str) -> IResult<&str, DefineTableOption> {
|
||||||
let (i, _) = shouldbespace(i)?;
|
let (i, _) = shouldbespace(i)?;
|
||||||
let (i, v) = permissions(i)?;
|
let (i, v) = permissions(i, Permission::None)?;
|
||||||
Ok((i, DefineTableOption::Permissions(v)))
|
Ok((i, DefineTableOption::Permissions(v)))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -127,7 +130,7 @@ mod tests {
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn define_table_with_changefeed() {
|
fn define_table_with_changefeed() {
|
||||||
let sql = "TABLE mytable SCHEMALESS CHANGEFEED 1h";
|
let sql = "TABLE mytable SCHEMALESS CHANGEFEED 1h PERMISSIONS NONE";
|
||||||
let res = table(sql);
|
let res = table(sql);
|
||||||
let out = res.unwrap().1;
|
let out = res.unwrap().1;
|
||||||
assert_eq!(format!("DEFINE {sql}"), format!("{}", out));
|
assert_eq!(format!("DEFINE {sql}"), format!("{}", out));
|
||||||
|
|
|
@ -122,7 +122,7 @@ async fn define_statement_table_drop() -> Result<(), Error> {
|
||||||
functions: {},
|
functions: {},
|
||||||
params: {},
|
params: {},
|
||||||
scopes: {},
|
scopes: {},
|
||||||
tables: { test: 'DEFINE TABLE test DROP SCHEMALESS' },
|
tables: { test: 'DEFINE TABLE test DROP SCHEMALESS PERMISSIONS NONE' },
|
||||||
users: {},
|
users: {},
|
||||||
}",
|
}",
|
||||||
);
|
);
|
||||||
|
@ -153,7 +153,7 @@ async fn define_statement_table_schemaless() -> Result<(), Error> {
|
||||||
functions: {},
|
functions: {},
|
||||||
params: {},
|
params: {},
|
||||||
scopes: {},
|
scopes: {},
|
||||||
tables: { test: 'DEFINE TABLE test SCHEMALESS' },
|
tables: { test: 'DEFINE TABLE test SCHEMALESS PERMISSIONS NONE' },
|
||||||
users: {},
|
users: {},
|
||||||
}",
|
}",
|
||||||
);
|
);
|
||||||
|
@ -188,7 +188,7 @@ async fn define_statement_table_schemafull() -> Result<(), Error> {
|
||||||
functions: {},
|
functions: {},
|
||||||
params: {},
|
params: {},
|
||||||
scopes: {},
|
scopes: {},
|
||||||
tables: { test: 'DEFINE TABLE test SCHEMAFULL' },
|
tables: { test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE' },
|
||||||
users: {},
|
users: {},
|
||||||
}",
|
}",
|
||||||
);
|
);
|
||||||
|
@ -219,7 +219,7 @@ async fn define_statement_table_schemaful() -> Result<(), Error> {
|
||||||
functions: {},
|
functions: {},
|
||||||
params: {},
|
params: {},
|
||||||
scopes: {},
|
scopes: {},
|
||||||
tables: { test: 'DEFINE TABLE test SCHEMAFULL' },
|
tables: { test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE' },
|
||||||
users: {},
|
users: {},
|
||||||
}",
|
}",
|
||||||
);
|
);
|
||||||
|
@ -259,8 +259,8 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
|
||||||
params: {},
|
params: {},
|
||||||
scopes: {},
|
scopes: {},
|
||||||
tables: {
|
tables: {
|
||||||
test: 'DEFINE TABLE test SCHEMAFULL',
|
test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE',
|
||||||
view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL',
|
view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL PERMISSIONS NONE',
|
||||||
},
|
},
|
||||||
users: {},
|
users: {},
|
||||||
}",
|
}",
|
||||||
|
@ -272,7 +272,7 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
|
||||||
"{
|
"{
|
||||||
events: {},
|
events: {},
|
||||||
fields: {},
|
fields: {},
|
||||||
tables: { view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL' },
|
tables: { view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL PERMISSIONS NONE' },
|
||||||
indexes: {},
|
indexes: {},
|
||||||
lives: {},
|
lives: {},
|
||||||
}",
|
}",
|
||||||
|
@ -291,7 +291,7 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
|
||||||
params: {},
|
params: {},
|
||||||
scopes: {},
|
scopes: {},
|
||||||
tables: {
|
tables: {
|
||||||
test: 'DEFINE TABLE test SCHEMAFULL',
|
test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE',
|
||||||
},
|
},
|
||||||
users: {},
|
users: {},
|
||||||
}",
|
}",
|
||||||
|
@ -1871,7 +1871,7 @@ async fn permissions_checks_define_table() {
|
||||||
|
|
||||||
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
||||||
let check_results = [
|
let check_results = [
|
||||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS' }, tokens: { }, users: { } }"],
|
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS PERMISSIONS NONE' }, tokens: { }, users: { } }"],
|
||||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"]
|
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"]
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -601,7 +601,7 @@ async fn permissions_checks_remove_table() {
|
||||||
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
||||||
let check_results = [
|
let check_results = [
|
||||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
||||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS' }, tokens: { }, users: { } }"],
|
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS PERMISSIONS NONE' }, tokens: { }, users: { } }"],
|
||||||
];
|
];
|
||||||
|
|
||||||
let test_cases = [
|
let test_cases = [
|
||||||
|
|
|
@ -43,7 +43,7 @@ async fn define_foreign_table() -> Result<(), Error> {
|
||||||
"{
|
"{
|
||||||
events: {},
|
events: {},
|
||||||
fields: {},
|
fields: {},
|
||||||
tables: { person_by_age: 'DEFINE TABLE person_by_age SCHEMALESS AS SELECT count(), age, math::sum(age) AS total, math::mean(score) AS average FROM person GROUP BY age' },
|
tables: { person_by_age: 'DEFINE TABLE person_by_age SCHEMALESS AS SELECT count(), age, math::sum(age) AS total, math::mean(score) AS average FROM person GROUP BY age PERMISSIONS NONE' },
|
||||||
indexes: {},
|
indexes: {},
|
||||||
lives: {},
|
lives: {},
|
||||||
}",
|
}",
|
||||||
|
|
Loading…
Reference in a new issue