noth/surrealpatch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Default table permissions should be NONE (#3074)

Browse source
This commit is contained in:
Micha de Vries 2023-12-06 01:06:53 +01:00 committed by GitHub
parent 6f48c6fdfa
commit aac8ec8a36
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 65 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

90
lib/src/syn/v1/part/permission.rs
View file

@ -17,10 +17,10 @@ use nom::{
sequence::tuple, sequence::tuple,
}; };
pub fn permissions(i: &str) -> IResult<&str, Permissions> { pub fn permissions(i: &str, default: Permission) -> IResult<&str, Permissions> {
let (i, _) = tag_no_case("PERMISSIONS")(i)?; let (i, _) = tag_no_case("PERMISSIONS")(i)?;
let (i, _) = shouldbespace(i)?; let (i, _) = shouldbespace(i)?;
cut(alt((none, full, specific)))(i) cut(alt((none, full, specific(default))))(i)
} }
fn none(i: &str) -> IResult<&str, Permissions> { fn none(i: &str) -> IResult<&str, Permissions> {
@ -33,49 +33,51 @@ fn full(i: &str) -> IResult<&str, Permissions> {
Ok((i, Permissions::full())) Ok((i, Permissions::full()))
} }
fn specific(i: &str) -> IResult<&str, Permissions> { fn specific(default: Permission) -> impl Fn(&str) -> IResult<&str, Permissions> {
let (i, perms) = separated_list1(commasorspace, rule)(i)?; move |i: &str| -> IResult<&str, Permissions> {
Ok(( let (i, perms) = separated_list1(commasorspace, rule)(i)?;
i, Ok((
Permissions { i,
select: perms Permissions {
.iter() select: perms
.find_map(|x| { .iter()
x.iter().find_map(|y| match y { .find_map(|x| {
(PermissionKind::Select, ref v) => Some(v.to_owned()), x.iter().find_map(|y| match y {
_ => None, (PermissionKind::Select, ref v) => Some(v.to_owned()),
_ => None,
})
}) })
}) .unwrap_or(default.to_owned()),
.unwrap_or_default(), create: perms
create: perms .iter()
.iter() .find_map(|x| {
.find_map(|x| { x.iter().find_map(|y| match y {
x.iter().find_map(|y| match y { (PermissionKind::Create, ref v) => Some(v.to_owned()),
(PermissionKind::Create, ref v) => Some(v.to_owned()), _ => None,
_ => None, })
}) })
}) .unwrap_or(default.to_owned()),
.unwrap_or_default(), update: perms
update: perms .iter()
.iter() .find_map(|x| {
.find_map(|x| { x.iter().find_map(|y| match y {
x.iter().find_map(|y| match y { (PermissionKind::Update, ref v) => Some(v.to_owned()),
(PermissionKind::Update, ref v) => Some(v.to_owned()), _ => None,
_ => None, })
}) })
}) .unwrap_or(default.to_owned()),
.unwrap_or_default(), delete: perms
delete: perms .iter()
.iter() .find_map(|x| {
.find_map(|x| { x.iter().find_map(|y| match y {
x.iter().find_map(|y| match y { (PermissionKind::Delete, ref v) => Some(v.to_owned()),
(PermissionKind::Delete, ref v) => Some(v.to_owned()), _ => None,
_ => None, })
}) })
}) .unwrap_or(default.to_owned()),
.unwrap_or_default(), },
}, ))
)) }
} }
pub fn permission(i: &str) -> IResult<&str, Permission> { pub fn permission(i: &str) -> IResult<&str, Permission> {
@ -126,7 +128,7 @@ mod test {
#[test] #[test]
fn permissions_none() { fn permissions_none() {
let sql = "PERMISSIONS NONE"; let sql = "PERMISSIONS NONE";
let res = permissions(sql); let res = permissions(sql, Permission::Full);
let out = res.unwrap().1; let out = res.unwrap().1;
assert_eq!("PERMISSIONS NONE", format!("{}", out)); assert_eq!("PERMISSIONS NONE", format!("{}", out));
assert_eq!(out, Permissions::none()); assert_eq!(out, Permissions::none());
@ -135,7 +137,7 @@ mod test {
#[test] #[test]
fn permissions_full() { fn permissions_full() {
let sql = "PERMISSIONS FULL"; let sql = "PERMISSIONS FULL";
let res = permissions(sql); let res = permissions(sql, Permission::None);
let out = res.unwrap().1; let out = res.unwrap().1;
assert_eq!("PERMISSIONS FULL", format!("{}", out)); assert_eq!("PERMISSIONS FULL", format!("{}", out));
assert_eq!(out, Permissions::full()); assert_eq!(out, Permissions::full());
@ -145,7 +147,7 @@ mod test {
fn permissions_specific() { fn permissions_specific() {
let sql = let sql =
"PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE"; "PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE";
let res = permissions(sql); let res = permissions(sql, Permission::None);
let out = res.unwrap().1; let out = res.unwrap().1;
assert_eq!( assert_eq!(
"PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE", "PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE",

4
lib/src/syn/v1/stmt/define/field.rs
View file

@ -9,7 +9,7 @@ use super::super::super::{
value::value, value::value,
IResult, IResult,
}; };
use crate::sql::{statements::DefineFieldStatement, Kind, Permissions, Strand, Value}; use crate::sql::{statements::DefineFieldStatement, Kind, Permission, Permissions, Strand, Value};
use nom::{ use nom::{
branch::alt, branch::alt,
bytes::complete::tag_no_case, bytes::complete::tag_no_case,
@ -141,6 +141,6 @@ fn field_comment(i: &str) -> IResult<&str, DefineFieldOption> {
fn field_permissions(i: &str) -> IResult<&str, DefineFieldOption> { fn field_permissions(i: &str) -> IResult<&str, DefineFieldOption> {
let (i, _) = shouldbespace(i)?; let (i, _) = shouldbespace(i)?;
let (i, v) = permissions(i)?; let (i, v) = permissions(i, Permission::Full)?;
Ok((i, DefineFieldOption::Permissions(v))) Ok((i, DefineFieldOption::Permissions(v)))
} }

9
lib/src/syn/v1/stmt/define/table.rs
View file

@ -6,7 +6,9 @@ use super::super::super::{
part::{changefeed, permission::permissions, view}, part::{changefeed, permission::permissions, view},
IResult, IResult,
}; };
use crate::sql::{statements::DefineTableStatement, ChangeFeed, Permissions, Strand, View}; use crate::sql::{
statements::DefineTableStatement, ChangeFeed, Permission, Permissions, Strand, View,
};
use nom::{branch::alt, bytes::complete::tag_no_case, combinator::cut, multi::many0}; use nom::{branch::alt, bytes::complete::tag_no_case, combinator::cut, multi::many0};
pub fn table(i: &str) -> IResult<&str, DefineTableStatement> { pub fn table(i: &str) -> IResult<&str, DefineTableStatement> {
@ -21,6 +23,7 @@ pub fn table(i: &str) -> IResult<&str, DefineTableStatement> {
// Create the base statement // Create the base statement
let mut res = DefineTableStatement { let mut res = DefineTableStatement {
name, name,
permissions: Permissions::none(),
..Default::default() ..Default::default()
}; };
// Assign any defined options // Assign any defined options
@ -116,7 +119,7 @@ fn table_comment(i: &str) -> IResult<&str, DefineTableOption> {
fn table_permissions(i: &str) -> IResult<&str, DefineTableOption> { fn table_permissions(i: &str) -> IResult<&str, DefineTableOption> {
let (i, _) = shouldbespace(i)?; let (i, _) = shouldbespace(i)?;
let (i, v) = permissions(i)?; let (i, v) = permissions(i, Permission::None)?;
Ok((i, DefineTableOption::Permissions(v))) Ok((i, DefineTableOption::Permissions(v)))
} }
@ -127,7 +130,7 @@ mod tests {
#[test] #[test]
fn define_table_with_changefeed() { fn define_table_with_changefeed() {
let sql = "TABLE mytable SCHEMALESS CHANGEFEED 1h"; let sql = "TABLE mytable SCHEMALESS CHANGEFEED 1h PERMISSIONS NONE";
let res = table(sql); let res = table(sql);
let out = res.unwrap().1; let out = res.unwrap().1;
assert_eq!(format!("DEFINE {sql}"), format!("{}", out)); assert_eq!(format!("DEFINE {sql}"), format!("{}", out));

18
lib/tests/define.rs
View file

@ -122,7 +122,7 @@ async fn define_statement_table_drop() -> Result<(), Error> {
functions: {}, functions: {},
params: {}, params: {},
scopes: {}, scopes: {},
tables: { test: 'DEFINE TABLE test DROP SCHEMALESS' }, tables: { test: 'DEFINE TABLE test DROP SCHEMALESS PERMISSIONS NONE' },
users: {}, users: {},
}", }",
); );
@ -153,7 +153,7 @@ async fn define_statement_table_schemaless() -> Result<(), Error> {
functions: {}, functions: {},
params: {}, params: {},
scopes: {}, scopes: {},
tables: { test: 'DEFINE TABLE test SCHEMALESS' }, tables: { test: 'DEFINE TABLE test SCHEMALESS PERMISSIONS NONE' },
users: {}, users: {},
}", }",
); );
@ -188,7 +188,7 @@ async fn define_statement_table_schemafull() -> Result<(), Error> {
functions: {}, functions: {},
params: {}, params: {},
scopes: {}, scopes: {},
tables: { test: 'DEFINE TABLE test SCHEMAFULL' }, tables: { test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE' },
users: {}, users: {},
}", }",
); );
@ -219,7 +219,7 @@ async fn define_statement_table_schemaful() -> Result<(), Error> {
functions: {}, functions: {},
params: {}, params: {},
scopes: {}, scopes: {},
tables: { test: 'DEFINE TABLE test SCHEMAFULL' }, tables: { test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE' },
users: {}, users: {},
}", }",
); );
@ -259,8 +259,8 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
params: {}, params: {},
scopes: {}, scopes: {},
tables: { tables: {
test: 'DEFINE TABLE test SCHEMAFULL', test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE',
view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL', view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL PERMISSIONS NONE',
}, },
users: {}, users: {},
}", }",
@ -272,7 +272,7 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
"{ "{
events: {}, events: {},
fields: {}, fields: {},
tables: { view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL' }, tables: { view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL PERMISSIONS NONE' },
indexes: {}, indexes: {},
lives: {}, lives: {},
}", }",
@ -291,7 +291,7 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
params: {}, params: {},
scopes: {}, scopes: {},
tables: { tables: {
test: 'DEFINE TABLE test SCHEMAFULL', test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE',
}, },
users: {}, users: {},
}", }",
@ -1871,7 +1871,7 @@ async fn permissions_checks_define_table() {
// Define the expected results for the check statement when the test statement succeeded and when it failed // Define the expected results for the check statement when the test statement succeeded and when it failed
let check_results = [ let check_results = [
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS' }, tokens: { }, users: { } }"], vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS PERMISSIONS NONE' }, tokens: { }, users: { } }"],
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"] vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"]
]; ];

2
lib/tests/remove.rs
View file

@ -601,7 +601,7 @@ async fn permissions_checks_remove_table() {
// Define the expected results for the check statement when the test statement succeeded and when it failed // Define the expected results for the check statement when the test statement succeeded and when it failed
let check_results = [ let check_results = [
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"], vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS' }, tokens: { }, users: { } }"], vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS PERMISSIONS NONE' }, tokens: { }, users: { } }"],
]; ];
let test_cases = [ let test_cases = [

2
lib/tests/table.rs
View file

@ -43,7 +43,7 @@ async fn define_foreign_table() -> Result<(), Error> {
"{ "{
events: {}, events: {},
fields: {}, fields: {},
tables: { person_by_age: 'DEFINE TABLE person_by_age SCHEMALESS AS SELECT count(), age, math::sum(age) AS total, math::mean(score) AS average FROM person GROUP BY age' }, tables: { person_by_age: 'DEFINE TABLE person_by_age SCHEMALESS AS SELECT count(), age, math::sum(age) AS total, math::mean(score) AS average FROM person GROUP BY age PERMISSIONS NONE' },
indexes: {}, indexes: {},
lives: {}, lives: {},
}", }",