Always display permissions (#3083)
This commit is contained in:
Micha de Vries
GitHub
parent
af3132f7cd
commit
d658a0a3fb
8 changed files with 88 additions and 51 deletions
|
|
@ -76,15 +76,13 @@ impl Display for DefineFieldStatement {
|
||||||
if let Some(ref v) = self.comment {
|
if let Some(ref v) = self.comment {
|
||||||
write!(f, " COMMENT {v}")?
|
write!(f, " COMMENT {v}")?
|
||||||
}
|
}
|
||||||
if !self.permissions.is_full() {
|
let _indent = if is_pretty() {
|
||||||
let _indent = if is_pretty() {
|
Some(pretty_indent())
|
||||||
Some(pretty_indent())
|
} else {
|
||||||
} else {
|
f.write_char(' ')?;
|
||||||
f.write_char(' ')?;
|
None
|
||||||
None
|
};
|
||||||
};
|
write!(f, "{}", self.permissions)?;
|
||||||
write!(f, "{}", self.permissions)?;
|
|
||||||
}
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -61,15 +61,13 @@ impl fmt::Display for DefineFunctionStatement {
|
||||||
if let Some(ref v) = self.comment {
|
if let Some(ref v) = self.comment {
|
||||||
write!(f, " COMMENT {v}")?
|
write!(f, " COMMENT {v}")?
|
||||||
}
|
}
|
||||||
if !self.permissions.is_full() {
|
let _indent = if is_pretty() {
|
||||||
let _indent = if is_pretty() {
|
Some(pretty_indent())
|
||||||
Some(pretty_indent())
|
} else {
|
||||||
} else {
|
f.write_char(' ')?;
|
||||||
f.write_char(' ')?;
|
None
|
||||||
None
|
};
|
||||||
};
|
write!(f, "PERMISSIONS {}", self.permissions)?;
|
||||||
write!(f, "PERMISSIONS {}", self.permissions)?;
|
|
||||||
}
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -50,15 +50,13 @@ impl Display for DefineParamStatement {
|
||||||
if let Some(ref v) = self.comment {
|
if let Some(ref v) = self.comment {
|
||||||
write!(f, " COMMENT {v}")?
|
write!(f, " COMMENT {v}")?
|
||||||
}
|
}
|
||||||
if !self.permissions.is_full() {
|
let _indent = if is_pretty() {
|
||||||
let _indent = if is_pretty() {
|
Some(pretty_indent())
|
||||||
Some(pretty_indent())
|
} else {
|
||||||
} else {
|
f.write_char(' ')?;
|
||||||
f.write_char(' ')?;
|
None
|
||||||
None
|
};
|
||||||
};
|
write!(f, "PERMISSIONS {}", self.permissions)?;
|
||||||
write!(f, "PERMISSIONS {}", self.permissions)?;
|
|
||||||
}
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -115,15 +115,13 @@ impl Display for DefineTableStatement {
|
||||||
if let Some(ref v) = self.changefeed {
|
if let Some(ref v) = self.changefeed {
|
||||||
write!(f, " {v}")?;
|
write!(f, " {v}")?;
|
||||||
}
|
}
|
||||||
if !self.permissions.is_full() {
|
let _indent = if is_pretty() {
|
||||||
let _indent = if is_pretty() {
|
Some(pretty_indent())
|
||||||
Some(pretty_indent())
|
} else {
|
||||||
} else {
|
f.write_char(' ')?;
|
||||||
f.write_char(' ')?;
|
None
|
||||||
None
|
};
|
||||||
};
|
write!(f, "{}", self.permissions)?;
|
||||||
write!(f, "{}", self.permissions)?;
|
|
||||||
}
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -86,7 +86,7 @@ async fn define_statement_function() -> Result<(), Error> {
|
||||||
"{
|
"{
|
||||||
analyzers: {},
|
analyzers: {},
|
||||||
tokens: {},
|
tokens: {},
|
||||||
functions: { test: 'DEFINE FUNCTION fn::test($first: string, $last: string) { RETURN $first + $last; }' },
|
functions: { test: 'DEFINE FUNCTION fn::test($first: string, $last: string) { RETURN $first + $last; } PERMISSIONS FULL' },
|
||||||
params: {},
|
params: {},
|
||||||
scopes: {},
|
scopes: {},
|
||||||
params: {},
|
params: {},
|
||||||
|
|
@ -509,7 +509,7 @@ async fn define_statement_field() -> Result<(), Error> {
|
||||||
let val = Value::parse(
|
let val = Value::parse(
|
||||||
"{
|
"{
|
||||||
events: {},
|
events: {},
|
||||||
fields: { test: 'DEFINE FIELD test ON user' },
|
fields: { test: 'DEFINE FIELD test ON user PERMISSIONS FULL' },
|
||||||
tables: {},
|
tables: {},
|
||||||
indexes: {},
|
indexes: {},
|
||||||
lives: {},
|
lives: {},
|
||||||
|
|
@ -542,7 +542,7 @@ async fn define_statement_field_type() -> Result<(), Error> {
|
||||||
let val = Value::parse(
|
let val = Value::parse(
|
||||||
"{
|
"{
|
||||||
events: {},
|
events: {},
|
||||||
fields: { test: 'DEFINE FIELD test ON user TYPE string' },
|
fields: { test: 'DEFINE FIELD test ON user TYPE string PERMISSIONS FULL' },
|
||||||
tables: {},
|
tables: {},
|
||||||
indexes: {},
|
indexes: {},
|
||||||
lives: {},
|
lives: {},
|
||||||
|
|
@ -575,7 +575,7 @@ async fn define_statement_field_value() -> Result<(), Error> {
|
||||||
let val = Value::parse(
|
let val = Value::parse(
|
||||||
r#"{
|
r#"{
|
||||||
events: {},
|
events: {},
|
||||||
fields: { test: "DEFINE FIELD test ON user VALUE $value OR 'GBR'" },
|
fields: { test: "DEFINE FIELD test ON user VALUE $value OR 'GBR' PERMISSIONS FULL" },
|
||||||
tables: {},
|
tables: {},
|
||||||
indexes: {},
|
indexes: {},
|
||||||
lives: {},
|
lives: {},
|
||||||
|
|
@ -608,7 +608,7 @@ async fn define_statement_field_assert() -> Result<(), Error> {
|
||||||
let val = Value::parse(
|
let val = Value::parse(
|
||||||
"{
|
"{
|
||||||
events: {},
|
events: {},
|
||||||
fields: { test: 'DEFINE FIELD test ON user ASSERT $value != NONE AND $value = /[A-Z]{3}/' },
|
fields: { test: 'DEFINE FIELD test ON user ASSERT $value != NONE AND $value = /[A-Z]{3}/ PERMISSIONS FULL' },
|
||||||
tables: {},
|
tables: {},
|
||||||
indexes: {},
|
indexes: {},
|
||||||
lives: {},
|
lives: {},
|
||||||
|
|
@ -641,7 +641,7 @@ async fn define_statement_field_type_value_assert() -> Result<(), Error> {
|
||||||
let val = Value::parse(
|
let val = Value::parse(
|
||||||
r#"{
|
r#"{
|
||||||
events: {},
|
events: {},
|
||||||
fields: { test: "DEFINE FIELD test ON user TYPE string VALUE $value OR 'GBR' ASSERT $value != NONE AND $value = /[A-Z]{3}/" },
|
fields: { test: "DEFINE FIELD test ON user TYPE string VALUE $value OR 'GBR' ASSERT $value != NONE AND $value = /[A-Z]{3}/ PERMISSIONS FULL" },
|
||||||
tables: {},
|
tables: {},
|
||||||
indexes: {},
|
indexes: {},
|
||||||
lives: {},
|
lives: {},
|
||||||
|
|
@ -1175,7 +1175,7 @@ async fn define_statement_analyzer() -> Result<(), Error> {
|
||||||
},
|
},
|
||||||
tokens: {},
|
tokens: {},
|
||||||
functions: {
|
functions: {
|
||||||
stripHtml: "DEFINE FUNCTION fn::stripHtml($html: string) { RETURN string::replace($html, /<[^>]*>/, ''); }"
|
stripHtml: "DEFINE FUNCTION fn::stripHtml($html: string) { RETURN string::replace($html, /<[^>]*>/, ''); } PERMISSIONS FULL"
|
||||||
},
|
},
|
||||||
params: {},
|
params: {},
|
||||||
scopes: {},
|
scopes: {},
|
||||||
|
|
@ -1496,7 +1496,7 @@ async fn permissions_checks_define_function() {
|
||||||
|
|
||||||
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
||||||
let check_results = [
|
let check_results = [
|
||||||
vec!["{ analyzers: { }, functions: { greet: \"DEFINE FUNCTION fn::greet() { RETURN 'Hello'; }\" }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
vec!["{ analyzers: { }, functions: { greet: \"DEFINE FUNCTION fn::greet() { RETURN 'Hello'; } PERMISSIONS FULL\" }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
||||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"]
|
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"]
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
@ -1832,7 +1832,7 @@ async fn permissions_checks_define_param() {
|
||||||
|
|
||||||
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
||||||
let check_results = [
|
let check_results = [
|
||||||
vec!["{ analyzers: { }, functions: { }, params: { param: \"DEFINE PARAM $param VALUE 'foo'\" }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
vec!["{ analyzers: { }, functions: { }, params: { param: \"DEFINE PARAM $param VALUE 'foo' PERMISSIONS FULL\" }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
||||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"]
|
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"]
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
@ -1955,7 +1955,7 @@ async fn permissions_checks_define_field() {
|
||||||
|
|
||||||
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
||||||
let check_results = [
|
let check_results = [
|
||||||
vec!["{ events: { }, fields: { field: 'DEFINE FIELD field ON TB' }, indexes: { }, lives: { }, tables: { } }"],
|
vec!["{ events: { }, fields: { field: 'DEFINE FIELD field ON TB PERMISSIONS FULL' }, indexes: { }, lives: { }, tables: { } }"],
|
||||||
vec!["{ events: { }, fields: { }, indexes: { }, lives: { }, tables: { } }"]
|
vec!["{ events: { }, fields: { }, indexes: { }, lives: { }, tables: { } }"]
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
@ -2028,3 +2028,48 @@ async fn permissions_checks_define_index() {
|
||||||
let res = iam_check_cases(test_cases.iter(), &scenario, check_results).await;
|
let res = iam_check_cases(test_cases.iter(), &scenario, check_results).await;
|
||||||
assert!(res.is_ok(), "{}", res.unwrap_err());
|
assert!(res.is_ok(), "{}", res.unwrap_err());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn define_statement_table_permissions() -> Result<(), Error> {
|
||||||
|
// Permissions for tables, unlike other resources, are restrictive (NONE) by default.
|
||||||
|
// This test ensures that behaviour
|
||||||
|
let sql = "
|
||||||
|
DEFINE TABLE default;
|
||||||
|
DEFINE TABLE select_full PERMISSIONS FOR select FULL;
|
||||||
|
DEFINE TABLE full PERMISSIONS FULL;
|
||||||
|
INFO FOR DB;
|
||||||
|
";
|
||||||
|
let dbs = new_ds().await?;
|
||||||
|
let ses = Session::owner().with_ns("test").with_db("test");
|
||||||
|
let res = &mut dbs.execute(sql, &ses, None).await?;
|
||||||
|
assert_eq!(res.len(), 4);
|
||||||
|
//
|
||||||
|
let tmp = res.remove(0).result;
|
||||||
|
assert!(tmp.is_ok());
|
||||||
|
//
|
||||||
|
let tmp = res.remove(0).result;
|
||||||
|
assert!(tmp.is_ok());
|
||||||
|
//
|
||||||
|
let tmp = res.remove(0).result;
|
||||||
|
assert!(tmp.is_ok());
|
||||||
|
//
|
||||||
|
let tmp = res.remove(0).result?;
|
||||||
|
let val = Value::parse(
|
||||||
|
"{
|
||||||
|
analyzers: {},
|
||||||
|
functions: {},
|
||||||
|
params: {},
|
||||||
|
scopes: {},
|
||||||
|
tables: {
|
||||||
|
default: 'DEFINE TABLE default SCHEMALESS PERMISSIONS NONE',
|
||||||
|
full: 'DEFINE TABLE full SCHEMALESS PERMISSIONS FULL',
|
||||||
|
select_full: 'DEFINE TABLE select_full SCHEMALESS PERMISSIONS FOR select FULL, FOR create, update, delete NONE'
|
||||||
|
},
|
||||||
|
tokens: {},
|
||||||
|
users: {}
|
||||||
|
}",
|
||||||
|
);
|
||||||
|
assert_eq!(tmp, val);
|
||||||
|
//
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ async fn define_global_param() -> Result<(), Error> {
|
||||||
analyzers: {},
|
analyzers: {},
|
||||||
tokens: {},
|
tokens: {},
|
||||||
functions: {},
|
functions: {},
|
||||||
params: { test: 'DEFINE PARAM $test VALUE 12345' },
|
params: { test: 'DEFINE PARAM $test VALUE 12345 PERMISSIONS FULL' },
|
||||||
scopes: {},
|
scopes: {},
|
||||||
tables: {},
|
tables: {},
|
||||||
users: {},
|
users: {},
|
||||||
|
|
|
||||||
|
|
@ -223,7 +223,7 @@ async fn permissions_checks_remove_function() {
|
||||||
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
||||||
let check_results = [
|
let check_results = [
|
||||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
||||||
vec!["{ analyzers: { }, functions: { greet: \"DEFINE FUNCTION fn::greet() { RETURN 'Hello'; }\" }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
vec!["{ analyzers: { }, functions: { greet: \"DEFINE FUNCTION fn::greet() { RETURN 'Hello'; } PERMISSIONS FULL\" }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
||||||
];
|
];
|
||||||
|
|
||||||
let test_cases = [
|
let test_cases = [
|
||||||
|
|
@ -559,7 +559,7 @@ async fn permissions_checks_remove_param() {
|
||||||
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
||||||
let check_results = [
|
let check_results = [
|
||||||
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
vec!["{ analyzers: { }, functions: { }, params: { }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
||||||
vec!["{ analyzers: { }, functions: { }, params: { param: \"DEFINE PARAM $param VALUE 'foo'\" }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
vec!["{ analyzers: { }, functions: { }, params: { param: \"DEFINE PARAM $param VALUE 'foo' PERMISSIONS FULL\" }, scopes: { }, tables: { }, tokens: { }, users: { } }"],
|
||||||
];
|
];
|
||||||
|
|
||||||
let test_cases = [
|
let test_cases = [
|
||||||
|
|
@ -685,7 +685,7 @@ async fn permissions_checks_remove_field() {
|
||||||
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
// Define the expected results for the check statement when the test statement succeeded and when it failed
|
||||||
let check_results = [
|
let check_results = [
|
||||||
vec!["{ events: { }, fields: { }, indexes: { }, lives: { }, tables: { } }"],
|
vec!["{ events: { }, fields: { }, indexes: { }, lives: { }, tables: { } }"],
|
||||||
vec!["{ events: { }, fields: { field: 'DEFINE FIELD field ON TB' }, indexes: { }, lives: { }, tables: { } }"],
|
vec!["{ events: { }, fields: { field: 'DEFINE FIELD field ON TB PERMISSIONS FULL' }, indexes: { }, lives: { }, tables: { } }"],
|
||||||
];
|
];
|
||||||
|
|
||||||
let test_cases = [
|
let test_cases = [
|
||||||
|
|
|
||||||
|
|
@ -267,7 +267,7 @@ async fn loose_mode_all_ok() -> Result<(), Error> {
|
||||||
let val = Value::parse(
|
let val = Value::parse(
|
||||||
"{
|
"{
|
||||||
events: {},
|
events: {},
|
||||||
fields: { extra: 'DEFINE FIELD extra ON test VALUE true' },
|
fields: { extra: 'DEFINE FIELD extra ON test VALUE true PERMISSIONS FULL' },
|
||||||
tables: {},
|
tables: {},
|
||||||
indexes: {},
|
indexes: {},
|
||||||
lives: {},
|
lives: {},
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue