vitess.io/vitess@v0.16.2/go/vt/vttablet/tabletserver/planbuilder/permission_test.go

vitess.io/vitess@v0.16.2/go/vt/vttablet/tabletserver/planbuilder/permission_test.go (about)

     1  /*
     2  Copyright 2019 The Vitess Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package planbuilder
    18  
    19  import (
    20  	"reflect"
    21  	"testing"
    22  
    23  	"vitess.io/vitess/go/vt/sqlparser"
    24  	"vitess.io/vitess/go/vt/tableacl"
    25  )
    26  
    27  func TestBuildPermissions(t *testing.T) {
    28  	tcases := []struct {
    29  		input  string
    30  		output []Permission
    31  	}{{
    32  		input: "select * from t",
    33  		output: []Permission{{
    34  			TableName: "t",
    35  			Role:      tableacl.READER,
    36  		}},
    37  	}, {
    38  		input: "select * from t1 union select * from t2",
    39  		output: []Permission{{
    40  			TableName: "t1",
    41  			Role:      tableacl.READER,
    42  		}, {
    43  			TableName: "t2",
    44  			Role:      tableacl.READER,
    45  		}},
    46  	}, {
    47  		input: "insert into t values()",
    48  		output: []Permission{{
    49  			TableName: "t",
    50  			Role:      tableacl.WRITER,
    51  		}},
    52  	}, {
    53  		input: "update t set a=1",
    54  		output: []Permission{{
    55  			TableName: "t",
    56  			Role:      tableacl.WRITER,
    57  		}},
    58  	}, {
    59  		input: "delete from t",
    60  		output: []Permission{{
    61  			TableName: "t",
    62  			Role:      tableacl.WRITER,
    63  		}},
    64  	}, {
    65  		input:  "set a=1",
    66  		output: nil,
    67  	}, {
    68  		input:  "show variable like 'a%'",
    69  		output: nil,
    70  	}, {
    71  		input:  "describe select * from t",
    72  		output: nil,
    73  	}, {
    74  		input: "create table t",
    75  		output: []Permission{{
    76  			TableName: "t",
    77  			Role:      tableacl.ADMIN,
    78  		}},
    79  	}, {
    80  		input: "rename table t1 to t2",
    81  		output: []Permission{{
    82  			TableName: "t1",
    83  			Role:      tableacl.ADMIN,
    84  		}, {
    85  			TableName: "t2",
    86  			Role:      tableacl.ADMIN,
    87  		}},
    88  	}, {
    89  		input: "flush tables t1, t2",
    90  		output: []Permission{{
    91  			TableName: "t1",
    92  			Role:      tableacl.ADMIN,
    93  		}, {
    94  			TableName: "t2",
    95  			Role:      tableacl.ADMIN,
    96  		}},
    97  	}, {
    98  		input: "drop table t",
    99  		output: []Permission{{
   100  			TableName: "t",
   101  			Role:      tableacl.ADMIN,
   102  		}},
   103  	}, {
   104  		input:  "repair t",
   105  		output: nil,
   106  	}, {
   107  		input: "select (select a from t2) from t1",
   108  		output: []Permission{{
   109  			TableName: "t1",
   110  			Role:      tableacl.READER,
   111  		}, {
   112  			TableName: "t2",
   113  			Role:      tableacl.READER,
   114  		}},
   115  	}, {
   116  		input: "insert into t1 values((select a from t2), 1)",
   117  		output: []Permission{{
   118  			TableName: "t1",
   119  			Role:      tableacl.WRITER,
   120  		}, {
   121  			TableName: "t2",
   122  			Role:      tableacl.READER,
   123  		}},
   124  	}, {
   125  		input: "update t1 set a = (select b from t2)",
   126  		output: []Permission{{
   127  			TableName: "t1",
   128  			Role:      tableacl.WRITER,
   129  		}, {
   130  			TableName: "t2",
   131  			Role:      tableacl.READER,
   132  		}},
   133  	}, {
   134  		input: "delete from t1 where a = (select b from t2)",
   135  		output: []Permission{{
   136  			TableName: "t1",
   137  			Role:      tableacl.WRITER,
   138  		}, {
   139  			TableName: "t2",
   140  			Role:      tableacl.READER,
   141  		}},
   142  	}, {
   143  		input: "select * from t1, t2",
   144  		output: []Permission{{
   145  			TableName: "t1",
   146  			Role:      tableacl.READER,
   147  		}, {
   148  			TableName: "t2",
   149  			Role:      tableacl.READER,
   150  		}},
   151  	}, {
   152  		input: "select * from (t1, t2)",
   153  		output: []Permission{{
   154  			TableName: "t1",
   155  			Role:      tableacl.READER,
   156  		}, {
   157  			TableName: "t2",
   158  			Role:      tableacl.READER,
   159  		}},
   160  	}, {
   161  		input: "update t1 join t2 on a=b set c=d",
   162  		output: []Permission{{
   163  			TableName: "t1",
   164  			Role:      tableacl.WRITER,
   165  		}, {
   166  			TableName: "t2",
   167  			Role:      tableacl.WRITER,
   168  		}},
   169  	}, {
   170  		input: "update (select * from t1) as a join t2 on a=b set c=d",
   171  		output: []Permission{{
   172  			TableName: "t1",
   173  			Role:      tableacl.WRITER,
   174  		}, {
   175  			TableName: "t2",
   176  			Role:      tableacl.WRITER,
   177  		}},
   178  	}}
   179  
   180  	for _, tcase := range tcases {
   181  		stmt, err := sqlparser.Parse(tcase.input)
   182  		if err != nil {
   183  			t.Fatal(err)
   184  		}
   185  		got := BuildPermissions(stmt)
   186  		if !reflect.DeepEqual(got, tcase.output) {
   187  			t.Errorf("BuildPermissions(%s): %v, want %v", tcase.input, got, tcase.output)
   188  		}
   189  	}
   190  }