Default table permissions should be NONE (#3074)
This commit is contained in:
Micha de Vries
GitHub
parent
6f48c6fdfa
commit
aac8ec8a36
6 changed files with 65 additions and 60 deletions
|
|
@ -17,10 +17,10 @@ use nom::{
|
|||
sequence::tuple,
|
||||
};
|
||||
|
||||
pub fn permissions(i: &str) -> IResult<&str, Permissions> {
|
||||
pub fn permissions(i: &str, default: Permission) -> IResult<&str, Permissions> {
|
||||
let (i, _) = tag_no_case("PERMISSIONS")(i)?;
|
||||
let (i, _) = shouldbespace(i)?;
|
||||
cut(alt((none, full, specific)))(i)
|
||||
cut(alt((none, full, specific(default))))(i)
|
||||
}
|
||||
|
||||
fn none(i: &str) -> IResult<&str, Permissions> {
|
||||
|
|
@ -33,7 +33,8 @@ fn full(i: &str) -> IResult<&str, Permissions> {
|
|||
Ok((i, Permissions::full()))
|
||||
}
|
||||
|
||||
fn specific(i: &str) -> IResult<&str, Permissions> {
|
||||
fn specific(default: Permission) -> impl Fn(&str) -> IResult<&str, Permissions> {
|
||||
move |i: &str| -> IResult<&str, Permissions> {
|
||||
let (i, perms) = separated_list1(commasorspace, rule)(i)?;
|
||||
Ok((
|
||||
i,
|
||||
|
|
@ -46,7 +47,7 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
|
|||
_ => None,
|
||||
})
|
||||
})
|
||||
.unwrap_or_default(),
|
||||
.unwrap_or(default.to_owned()),
|
||||
create: perms
|
||||
.iter()
|
||||
.find_map(|x| {
|
||||
|
|
@ -55,7 +56,7 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
|
|||
_ => None,
|
||||
})
|
||||
})
|
||||
.unwrap_or_default(),
|
||||
.unwrap_or(default.to_owned()),
|
||||
update: perms
|
||||
.iter()
|
||||
.find_map(|x| {
|
||||
|
|
@ -64,7 +65,7 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
|
|||
_ => None,
|
||||
})
|
||||
})
|
||||
.unwrap_or_default(),
|
||||
.unwrap_or(default.to_owned()),
|
||||
delete: perms
|
||||
.iter()
|
||||
.find_map(|x| {
|
||||
|
|
@ -73,10 +74,11 @@ fn specific(i: &str) -> IResult<&str, Permissions> {
|
|||
_ => None,
|
||||
})
|
||||
})
|
||||
.unwrap_or_default(),
|
||||
.unwrap_or(default.to_owned()),
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
pub fn permission(i: &str) -> IResult<&str, Permission> {
|
||||
expected(
|
||||
|
|
@ -126,7 +128,7 @@ mod test {
|
|||
#[test]
|
||||
fn permissions_none() {
|
||||
let sql = "PERMISSIONS NONE";
|
||||
let res = permissions(sql);
|
||||
let res = permissions(sql, Permission::Full);
|
||||
let out = res.unwrap().1;
|
||||
assert_eq!("PERMISSIONS NONE", format!("{}", out));
|
||||
assert_eq!(out, Permissions::none());
|
||||
|
|
@ -135,7 +137,7 @@ mod test {
|
|||
#[test]
|
||||
fn permissions_full() {
|
||||
let sql = "PERMISSIONS FULL";
|
||||
let res = permissions(sql);
|
||||
let res = permissions(sql, Permission::None);
|
||||
let out = res.unwrap().1;
|
||||
assert_eq!("PERMISSIONS FULL", format!("{}", out));
|
||||
assert_eq!(out, Permissions::full());
|
||||
|
|
@ -145,7 +147,7 @@ mod test {
|
|||
fn permissions_specific() {
|
||||
let sql =
|
||||
"PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE";
|
||||
let res = permissions(sql);
|
||||
let res = permissions(sql, Permission::None);
|
||||
let out = res.unwrap().1;
|
||||
assert_eq!(
|
||||
"PERMISSIONS FOR select FULL, FOR create, update WHERE public = true, FOR delete NONE",
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ use super::super::super::{
|
|||
value::value,
|
||||
IResult,
|
||||
};
|
||||
use crate::sql::{statements::DefineFieldStatement, Kind, Permissions, Strand, Value};
|
||||
use crate::sql::{statements::DefineFieldStatement, Kind, Permission, Permissions, Strand, Value};
|
||||
use nom::{
|
||||
branch::alt,
|
||||
bytes::complete::tag_no_case,
|
||||
|
|
@ -141,6 +141,6 @@ fn field_comment(i: &str) -> IResult<&str, DefineFieldOption> {
|
|||
|
||||
fn field_permissions(i: &str) -> IResult<&str, DefineFieldOption> {
|
||||
let (i, _) = shouldbespace(i)?;
|
||||
let (i, v) = permissions(i)?;
|
||||
let (i, v) = permissions(i, Permission::Full)?;
|
||||
Ok((i, DefineFieldOption::Permissions(v)))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,9 @@ use super::super::super::{
|
|||
part::{changefeed, permission::permissions, view},
|
||||
IResult,
|
||||
};
|
||||
use crate::sql::{statements::DefineTableStatement, ChangeFeed, Permissions, Strand, View};
|
||||
use crate::sql::{
|
||||
statements::DefineTableStatement, ChangeFeed, Permission, Permissions, Strand, View,
|
||||
};
|
||||
use nom::{branch::alt, bytes::complete::tag_no_case, combinator::cut, multi::many0};
|
||||
|
||||
pub fn table(i: &str) -> IResult<&str, DefineTableStatement> {
|
||||
|
|
@ -21,6 +23,7 @@ pub fn table(i: &str) -> IResult<&str, DefineTableStatement> {
|
|||
// Create the base statement
|
||||
let mut res = DefineTableStatement {
|
||||
name,
|
||||
permissions: Permissions::none(),
|
||||
..Default::default()
|
||||
};
|
||||
// Assign any defined options
|
||||
|
|
@ -116,7 +119,7 @@ fn table_comment(i: &str) -> IResult<&str, DefineTableOption> {
|
|||
|
||||
fn table_permissions(i: &str) -> IResult<&str, DefineTableOption> {
|
||||
let (i, _) = shouldbespace(i)?;
|
||||
let (i, v) = permissions(i)?;
|
||||
let (i, v) = permissions(i, Permission::None)?;
|
||||
Ok((i, DefineTableOption::Permissions(v)))
|
||||
}
|
||||
|
||||
|
|
@ -127,7 +130,7 @@ mod tests {
|
|||
|
||||
#[test]
|
||||
fn define_table_with_changefeed() {
|
||||
let sql = "TABLE mytable SCHEMALESS CHANGEFEED 1h";
|
||||
let sql = "TABLE mytable SCHEMALESS CHANGEFEED 1h PERMISSIONS NONE";
|
||||
let res = table(sql);
|
||||
let out = res.unwrap().1;
|
||||
assert_eq!(format!("DEFINE {sql}"), format!("{}", out));
|
||||
|
|
|
|||
|
|
@ -122,7 +122,7 @@ async fn define_statement_table_drop() -> Result<(), Error> {
|
|||
functions: {},
|
||||
params: {},
|
||||
scopes: {},
|
||||
tables: { test: 'DEFINE TABLE test DROP SCHEMALESS' },
|
||||
tables: { test: 'DEFINE TABLE test DROP SCHEMALESS PERMISSIONS NONE' },
|
||||
users: {},
|
||||
}",
|
||||
);
|
||||
|
|
@ -153,7 +153,7 @@ async fn define_statement_table_schemaless() -> Result<(), Error> {
|
|||
functions: {},
|
||||
params: {},
|
||||
scopes: {},
|
||||
tables: { test: 'DEFINE TABLE test SCHEMALESS' },
|
||||
tables: { test: 'DEFINE TABLE test SCHEMALESS PERMISSIONS NONE' },
|
||||
users: {},
|
||||
}",
|
||||
);
|
||||
|
|
@ -188,7 +188,7 @@ async fn define_statement_table_schemafull() -> Result<(), Error> {
|
|||
functions: {},
|
||||
params: {},
|
||||
scopes: {},
|
||||
tables: { test: 'DEFINE TABLE test SCHEMAFULL' },
|
||||
tables: { test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE' },
|
||||
users: {},
|
||||
}",
|
||||
);
|
||||
|
|
@ -219,7 +219,7 @@ async fn define_statement_table_schemaful() -> Result<(), Error> {
|
|||
functions: {},
|
||||
params: {},
|
||||
scopes: {},
|
||||
tables: { test: 'DEFINE TABLE test SCHEMAFULL' },
|
||||
tables: { test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE' },
|
||||
users: {},
|
||||
}",
|
||||
);
|
||||
|
|
@ -259,8 +259,8 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
|
|||
params: {},
|
||||
scopes: {},
|
||||
tables: {
|
||||
test: 'DEFINE TABLE test SCHEMAFULL',
|
||||
view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL',
|
||||
test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE',
|
||||
view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL PERMISSIONS NONE',
|
||||
},
|
||||
users: {},
|
||||
}",
|
||||
|
|
@ -272,7 +272,7 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
|
|||
"{
|
||||
events: {},
|
||||
fields: {},
|
||||
tables: { view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL' },
|
||||
tables: { view: 'DEFINE TABLE view SCHEMALESS AS SELECT count() FROM test GROUP ALL PERMISSIONS NONE' },
|
||||
indexes: {},
|
||||
lives: {},
|
||||
}",
|
||||
|
|
@ -291,7 +291,7 @@ async fn define_statement_table_foreigntable() -> Result<(), Error> {
|
|||
params: {},
|
||||
scopes: {},
|
||||
tables: {
|
||||
test: 'DEFINE TABLE test SCHEMAFULL',
|
||||
test: 'DEFINE TABLE test SCHEMAFULL PERMISSIONS NONE',
|
||||
},
|
||||
users: {},
|
||||
}",
|
||||
|
|
@ -1871,7 +1871,7 @@ async fn permissions_checks_define_table() {
|
|||
|
||||
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
||||
let check_results = [
|
||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS' }, tokens: { }, users: { } }"],
|
||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS PERMISSIONS NONE' }, tokens: { }, users: { } }"],
|
||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"]
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -601,7 +601,7 @@ async fn permissions_checks_remove_table() {
|
|||
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
||||
let check_results = [
|
||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS' }, tokens: { }, users: { } }"],
|
||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { TB: 'DEFINE TABLE TB SCHEMALESS PERMISSIONS NONE' }, tokens: { }, users: { } }"],
|
||||
];
|
||||
|
||||
let test_cases = [
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ async fn define_foreign_table() -> Result<(), Error> {
|
|||
"{
|
||||
events: {},
|
||||
fields: {},
|
||||
tables: { person_by_age: 'DEFINE TABLE person_by_age SCHEMALESS AS SELECT count(), age, math::sum(age) AS total, math::mean(score) AS average FROM person GROUP BY age' },
|
||||
tables: { person_by_age: 'DEFINE TABLE person_by_age SCHEMALESS AS SELECT count(), age, math::sum(age) AS total, math::mean(score) AS average FROM person GROUP BY age PERMISSIONS NONE' },
|
||||
indexes: {},
|
||||
lives: {},
|
||||
}",
|
||||
|
|
|
|||
Loading…
Reference in a new issue