Skip to content

Commit

Permalink
Add more checks to TestAccessControl
Browse files Browse the repository at this point in the history
  • Loading branch information
@homar @findepi
homar authored and findepi committed Aug 1, 2023
1 parent d5b819a commit fa4a067
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions testing/trino-tests/src/test/java/io/trino/security/TestAccessControl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,11 +257,23 @@ public void testAccessControl()
assertAccessDenied("SELECT 1 FROM mock.default.test_materialized_view", "Cannot select from columns.*", privilege("test_materialized_view", SELECT_COLUMN));
assertAccessAllowed("SELECT * FROM mock.default.test_materialized_view");
assertAccessDenied("SELECT * FROM mock.default.test_materialized_view", "Cannot select from columns.*", privilege("test_materialized_view", SELECT_COLUMN));
// with current implementation this next block of checks is redundant, but it is not obvious unless details of how
assertAccessAllowed("SELECT 1 FROM mock.default.test_view_definer");
assertAccessDenied("SELECT 1 FROM mock.default.test_view_definer", "Cannot select from columns.*", privilege("test_view_definer", SELECT_COLUMN));
assertAccessAllowed("SELECT * FROM mock.default.test_view_definer");
assertAccessDenied("SELECT * FROM mock.default.test_view_definer", "Cannot select from columns.*", privilege("test_view_definer", SELECT_COLUMN));
assertAccessAllowed("SELECT 1 FROM mock.default.test_view_invoker");
assertAccessDenied("SELECT 1 FROM mock.default.test_view_invoker", "Cannot select from columns.*", privilege("test_view_invoker", SELECT_COLUMN));
assertAccessAllowed("SELECT * FROM mock.default.test_view_invoker");
assertAccessDenied("SELECT * FROM mock.default.test_view_invoker", "Cannot select from columns.*", privilege("test_view_invoker", SELECT_COLUMN));
// with current implementation this next block of checks is redundant to `SELECT 1 FROM ..`, but it is not obvious unless details of how
// semantics analyzer works are known
assertAccessAllowed("SELECT count(*) FROM mock.default.test_materialized_view");
assertAccessDenied("SELECT count(*) FROM mock.default.test_materialized_view", "Cannot select from columns.*", privilege("test_materialized_view", SELECT_COLUMN));

assertAccessAllowed("SELECT count(*) FROM mock.default.test_view_invoker");
assertAccessDenied("SELECT count(*) FROM mock.default.test_view_invoker", "Cannot select from columns.*", privilege("test_view_invoker", SELECT_COLUMN));
assertAccessAllowed("SELECT count(*) FROM mock.default.test_view_definer");
assertAccessDenied("SELECT count(*) FROM mock.default.test_view_definer", "Cannot select from columns.*", privilege("test_view_definer", SELECT_COLUMN));

assertAccessDenied(
"SELECT orders.custkey, lineitem.quantity FROM orders JOIN lineitem USING (orderkey)",
"Cannot select from columns \\[orderkey, custkey] in table .*",
Expand Down

0 comments on commit fa4a067

Please sign in to comment.