/* This file is part of VoltDB.
* Copyright (C) 2008-2017 VoltDB Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*/
package org.voltdb;
import static junit.framework.Assert.assertEquals;
import org.junit.Test;
import org.voltdb.catalog.Procedure;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import org.voltdb.InvocationPermissionPolicy.PolicyResult;
import org.voltdb.common.Permission;
public class TestInvocationAcceptancePolicy {
private AuthSystem.AuthUser createUser(boolean adhoc, boolean crud, boolean sysproc,
Procedure userProc, boolean readonly, boolean readonlysql, boolean allprocs)
{
AuthSystem.AuthUser user = mock(AuthSystem.AuthUser.class);
when(user.hasPermission(Permission.SQL)).thenReturn(adhoc);
when(user.hasPermission(Permission.SQLREAD)).thenReturn(readonlysql);
when(user.hasPermission(Permission.ADMIN)).thenReturn(sysproc);
when(user.hasPermission(Permission.DEFAULTPROC)).thenReturn(crud);
when(user.hasPermission(Permission.DEFAULTPROCREAD)).thenReturn(readonly);
if (userProc != null) {
when(user.hasUserDefinedProcedurePermission(userProc)).thenReturn(allprocs);
}
return user;
}
@Test
public void testSysprocUserPermission()
{
AuthSystem.AuthUser user = createUser(false, false, true, null, true, false, false);
StoredProcedureInvocation invocation = new StoredProcedureInvocation();
invocation.setProcName("@Pause");
Procedure proc = SystemProcedureCatalog.listing.get("@Pause").asCatalogProcedure();
InvocationPermissionPolicy policy = new InvocationSysprocPermissionPolicy();
assertEquals(policy.shouldAccept(user, invocation, proc), PolicyResult.ALLOW);
// A user that doesn't have admin permission
user = createUser(false, false, false, null, true, false, false);
assertEquals(policy.shouldAccept(user, invocation, proc), PolicyResult.DENY);
}
@Test
public void testAdHocUserPermission()
{
AuthSystem.AuthUser user = createUser(true, false, false, null, true, false, false);
StoredProcedureInvocation invocation = new StoredProcedureInvocation();
invocation.setProcName("@AdHoc_RW_MP");
invocation.setParams("insert into T values (1);");
Procedure proc = SystemProcedureCatalog.listing.get("@AdHoc_RW_MP").asCatalogProcedure();
InvocationPermissionPolicy policy = new InvocationSqlPermissionPolicy();
assertEquals(policy.shouldAccept(user, invocation, proc), PolicyResult.ALLOW);
// A user that doesn't have adhoc permission
user = createUser(false, false, false, null, true, true, true);
assertEquals(policy.shouldAccept(user, invocation, proc), PolicyResult.DENY);
}
@Test
public void testAdHocReadUserPermission()
{
AuthSystem.AuthUser user = createUser(false, false, false, null, true, true, true);
StoredProcedureInvocation invocation = new StoredProcedureInvocation();
invocation.setProcName("@AdHoc_RO_MP");
invocation.setParams("select * from T;");
Procedure proc = SystemProcedureCatalog.listing.get("@AdHoc_RO_MP").asCatalogProcedure();
InvocationPermissionPolicy policy = new InvocationSqlPermissionPolicy();
assertEquals(policy.shouldAccept(user, invocation, proc), PolicyResult.ALLOW);
// A user that doesn't have adhoc permission
user = createUser(false, false, false, null, true, false, false);
assertEquals(policy.shouldAccept(user, invocation, proc), PolicyResult.DENY);
}
@Test
public void testUserDefinedProcPermission()
{
Procedure proc = new Procedure();
StoredProcedureInvocation invocation = new StoredProcedureInvocation();
invocation.setProcName("MyProc");
invocation.setParams("test");
InvocationPermissionPolicy policy = new InvocationUserDefinedProcedurePermissionPolicy();
//WITH allproc access
AuthSystem.AuthUser user2 = createUser(false, false, false, proc, true, true, true);
assertEquals(policy.shouldAccept(user2, invocation, proc), PolicyResult.ALLOW);
//Without allproc
AuthSystem.AuthUser user3 = createUser(false, false, false, proc, false, false, false);
assertEquals(policy.shouldAccept(user3, invocation, proc), PolicyResult.DENY);
//We cant test individual authorized proc here.
}
@Test
public void testUserPermission()
{
Procedure proc = new Procedure();
proc.setDefaultproc(true);
AuthSystem.AuthUser user = createUser(false, true, false, proc, true, false, false);
StoredProcedureInvocation invocation = new StoredProcedureInvocation();
invocation.setProcName("A.insert");
invocation.setParams("test");
InvocationPermissionPolicy policy = new InvocationDefaultProcPermissionPolicy();
assertEquals(policy.shouldAccept(user, invocation, proc), PolicyResult.ALLOW);
// A user that doesn't have crud permission
user = createUser(false, false, false, null, true, false, false);
assertEquals(policy.shouldAccept(user, invocation, proc), PolicyResult.DENY);
}
@Test
public void testUserPermissionReadOnly()
{
Procedure proc = new Procedure();
proc.setDefaultproc(true);
proc.setReadonly(true);
AuthSystem.AuthUser user = createUser(false, false, false, proc, true, false, false);
StoredProcedureInvocation invocation = new StoredProcedureInvocation();
invocation.setProcName("X.select");
invocation.setParams("test");
InvocationPermissionPolicy policy = new InvocationDefaultProcPermissionPolicy();
assertEquals(policy.shouldAccept(user, invocation, proc), PolicyResult.ALLOW);
// A user that doesn't have crud permission
Procedure procw = new Procedure();
procw.setDefaultproc(true);
procw.setReadonly(false);
user = createUser(false, false, false, null, false, false, false);
assertEquals(policy.shouldAccept(user, invocation, proc), PolicyResult.DENY);
}
}