Added private-rows-extensions Maven project

.gitignore

+/private-rows-extensions/nbproject/
+/private-rows-extensions/target/
+/private-rows-extensions/nb-configuration.xml

.gitmodules

+[submodule "vollt"]
+	path = vollt
+	url = git@git.ia2.inaf.it:zorba/vollt.git
+	branch = private_rows

database/01-init.sql

+CREATE SCHEMA demo;
+
+CREATE TABLE demo.private_rows (
+  value varchar(255),
+  policy varchar(255),
+  "group" varchar(255)
+);
+
+INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value1', 'FREE', '');
+INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value2', 'FREE', '');
+INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value3', 'PRIV', 'group1');
+INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value4', 'PRIV', 'group1');
+INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value5', 'PRIV', 'group2');
+INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value6', 'PRIV', 'group2');
+
+-- WARNING: always create a new role because Row Level Security doesn't work for table owner
+CREATE ROLE tap WITH LOGIN PASSWORD 'demo';
+
+GRANT USAGE ON SCHEMA demo TO tap;
+GRANT SELECT ON demo.private_rows TO tap;
+
+ALTER TABLE demo.private_rows ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY filter_rls_policy ON demo.private_rows FOR ALL TO PUBLIC USING (policy = 'FREE' OR "group" = ANY(current_setting('my.tap_groups', true)::varchar[]));

database/02-tap_schema.sql

+--
+-- PostgreSQL database dump
+--
+
+-- Dumped from database version 11.9 (Debian 11.9-1.pgdg90+1)
+-- Dumped by pg_dump version 12.6 (Ubuntu 12.6-0ubuntu0.20.04.1)
+
+SET statement_timeout = 0;
+SET lock_timeout = 0;
+SET idle_in_transaction_session_timeout = 0;
+SET client_encoding = 'UTF8';
+SET standard_conforming_strings = on;
+SELECT pg_catalog.set_config('search_path', '', false);
+SET check_function_bodies = false;
+SET xmloption = content;
+SET client_min_messages = warning;
+SET row_security = off;
+
+--
+-- Name: TAP_SCHEMA; Type: SCHEMA; Schema: -; Owner: postgres
+--
+
+CREATE SCHEMA "TAP_SCHEMA";
+
+
+ALTER SCHEMA "TAP_SCHEMA" OWNER TO postgres;
+
+SET default_tablespace = '';
+
+--
+-- Name: columns; Type: TABLE; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+CREATE TABLE "TAP_SCHEMA".columns (
+    table_name character varying(128) NOT NULL,
+    column_name character varying(64) NOT NULL,
+    datatype character varying(64),
+    size integer,
+    description text,
+    utype character varying,
+    unit character varying(64),
+    ucd character varying(64),
+    indexed boolean NOT NULL,
+    principal boolean NOT NULL,
+    std boolean NOT NULL,
+    arraysize character varying,
+    xtype character varying,
+    column_index integer
+);
+
+
+ALTER TABLE "TAP_SCHEMA".columns OWNER TO postgres;
+
+--
+-- Name: key_columns; Type: TABLE; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+CREATE TABLE "TAP_SCHEMA".key_columns (
+    key_id character varying(64),
+    from_column character varying(64),
+    target_column character varying(64)
+);
+
+
+ALTER TABLE "TAP_SCHEMA".key_columns OWNER TO postgres;
+
+--
+-- Name: keys; Type: TABLE; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+CREATE TABLE "TAP_SCHEMA".keys (
+    key_id character varying(64) NOT NULL,
+    from_table character varying(128),
+    target_table character varying(128),
+    description text,
+    utype character varying
+);
+
+
+ALTER TABLE "TAP_SCHEMA".keys OWNER TO postgres;
+
+--
+-- Name: schemas; Type: TABLE; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+CREATE TABLE "TAP_SCHEMA".schemas (
+    schema_name character varying(64) NOT NULL,
+    utype character varying,
+    description text
+);
+
+
+ALTER TABLE "TAP_SCHEMA".schemas OWNER TO postgres;
+
+--
+-- Name: tables; Type: TABLE; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+CREATE TABLE "TAP_SCHEMA".tables (
+    schema_name character varying(64) NOT NULL,
+    table_name character varying(128) NOT NULL,
+    table_type character varying(8),
+    utype character varying,
+    description text,
+    table_index integer
+);
+
+
+ALTER TABLE "TAP_SCHEMA".tables OWNER TO postgres;
+
+--
+-- Data for Name: columns; Type: TABLE DATA; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+COPY "TAP_SCHEMA".columns (table_name, column_name, datatype, size, description, utype, unit, ucd, indexed, principal, std, arraysize, xtype, column_index) FROM stdin;
+demo.private_rows	group	char	255	\N	\N	\N	\N	f	f	f	255*	\N	\N
+demo.private_rows	policy	char	255	\N	\N	\N	\N	f	f	f	255*	\N	\N
+demo.private_rows	value	char	255	\N	\N	\N	\N	f	f	f	255*	\N	\N
+TAP_SCHEMA.columns	arraysize	char	\N	\N	\N	\N	\N	f	f	t	*	\N	\N
+TAP_SCHEMA.columns	column_index	int	\N	\N	\N	\N	\N	f	f	t	\N	\N	\N
+TAP_SCHEMA.columns	column_name	char	64	the column name	\N	\N	\N	t	f	t	64*	\N	\N
+TAP_SCHEMA.columns	datatype	char	64	lists the ADQL datatype of columns in the tableset	\N	\N	\N	f	f	t	64*	\N	\N
+TAP_SCHEMA.columns	description	char	\N	describes the columns in the tableset	\N	\N	\N	f	f	t	*	\N	\N
+TAP_SCHEMA.columns	indexed	boolean	\N	an indexed column	\N	\N	\N	f	f	t	\N	\N	\N
+TAP_SCHEMA.columns	principal	boolean	\N	a principal column	\N	\N	\N	f	f	t	\N	\N	\N
+TAP_SCHEMA.columns	size	int	\N	lists the size of variable-length columns in the tableset	\N	\N	\N	f	f	t	\N	\N	\N
+TAP_SCHEMA.columns	std	boolean	\N	a standard column	\N	\N	\N	f	f	t	\N	\N	\N
+TAP_SCHEMA.columns	table_name	char	128	the table this column belongs to	\N	\N	\N	t	f	t	128*	\N	\N
+TAP_SCHEMA.columns	ucd	char	64	lists the UCDs of columns in the tableset	\N	\N	\N	f	f	t	64*	\N	\N
+TAP_SCHEMA.columns	unit	char	64	lists the unit used for column values in the tableset	\N	\N	\N	f	f	t	64*	\N	\N
+TAP_SCHEMA.columns	utype	char	\N	lists the utypes of columns in the tableset	\N	\N	\N	f	f	t	*	\N	\N
+TAP_SCHEMA.columns	xtype	char	\N	\N	\N	\N	\N	f	f	t	*	\N	\N
+TAP_SCHEMA.key_columns	from_column	char	64	column in the from_table	\N	\N	\N	f	f	t	64*	\N	\N
+TAP_SCHEMA.key_columns	key_id	char	64	key to join to TAP_SCHEMA.keys	\N	\N	\N	t	f	t	64*	\N	\N
+TAP_SCHEMA.key_columns	target_column	char	64	column in the target_table	\N	\N	\N	f	f	t	64*	\N	\N
+TAP_SCHEMA.keys	description	char	\N	describes keys in the tableset	\N	\N	\N	f	f	t	*	\N	\N
+TAP_SCHEMA.keys	from_table	char	128	the table with the foreign key	\N	\N	\N	t	f	t	128*	\N	\N
+TAP_SCHEMA.keys	key_id	char	64	unique key to join to TAP_SCHEMA.key_columns	\N	\N	\N	t	f	t	64*	\N	\N
+TAP_SCHEMA.keys	target_table	char	128	the table with the primary key	\N	\N	\N	t	f	t	128*	\N	\N
+TAP_SCHEMA.keys	utype	char	\N	lists the utype of keys in the tableset	\N	\N	\N	f	f	t	*	\N	\N
+TAP_SCHEMA.schemas	description	char	\N	describes schemas in the tableset	\N	\N	\N	f	f	t	*	\N	\N
+TAP_SCHEMA.schemas	schema_name	char	64	schema name for reference to TAP_SCHEMA.schemas	\N	\N	\N	t	f	t	64*	\N	\N
+TAP_SCHEMA.schemas	utype	char	\N	lists the utypes of schemas in the tableset	\N	\N	\N	f	f	t	*	\N	\N
+TAP_SCHEMA.tables	description	char	\N	describes tables in the tableset	\N	\N	\N	f	f	t	*	\N	\N
+TAP_SCHEMA.tables	schema_name	char	64	the schema this table belongs to	\N	\N	\N	t	f	t	64*	\N	\N
+TAP_SCHEMA.tables	table_index	int	\N	\N	\N	\N	\N	f	f	t	\N	\N	\N
+TAP_SCHEMA.tables	table_name	char	128	the fully qualified table name	\N	\N	\N	t	f	t	128*	\N	\N
+TAP_SCHEMA.tables	table_type	char	8	one of: table view	\N	\N	\N	f	f	t	8*	\N	\N
+TAP_SCHEMA.tables	utype	char	\N	lists the utype of tables in the tableset	\N	\N	\N	f	f	t	*	\N	\N
+\.
+
+
+--
+-- Data for Name: key_columns; Type: TABLE DATA; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+COPY "TAP_SCHEMA".key_columns (key_id, from_column, target_column) FROM stdin;
+\.
+
+
+--
+-- Data for Name: keys; Type: TABLE DATA; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+COPY "TAP_SCHEMA".keys (key_id, from_table, target_table, description, utype) FROM stdin;
+\.
+
+
+--
+-- Data for Name: schemas; Type: TABLE DATA; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+COPY "TAP_SCHEMA".schemas (schema_name, utype, description) FROM stdin;
+demo	\N	\N
+TAP_SCHEMA	\N	a special schema to describe a TAP tableset
+\.
+
+
+--
+-- Data for Name: tables; Type: TABLE DATA; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+COPY "TAP_SCHEMA".tables (schema_name, table_name, table_type, utype, description, table_index) FROM stdin;
+demo	demo.private_rows	table	\N	\N	\N
+TAP_SCHEMA	TAP_SCHEMA.columns	table	\N	description of columns in this tableset	\N
+TAP_SCHEMA	TAP_SCHEMA.key_columns	table	\N	description of foreign key columns in this tableset	\N
+TAP_SCHEMA	TAP_SCHEMA.keys	table	\N	description of foreign keys in this tableset	\N
+TAP_SCHEMA	TAP_SCHEMA.schemas	table	\N	description of schemas in this tableset	\N
+TAP_SCHEMA	TAP_SCHEMA.tables	table	\N	description of tables in this tableset	\N
+\.
+
+
+--
+-- Name: columns columns_pkey; Type: CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+ALTER TABLE ONLY "TAP_SCHEMA".columns
+    ADD CONSTRAINT columns_pkey PRIMARY KEY (table_name, column_name);
+
+
+--
+-- Name: keys keys_pkey; Type: CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+ALTER TABLE ONLY "TAP_SCHEMA".keys
+    ADD CONSTRAINT keys_pkey PRIMARY KEY (key_id);
+
+
+--
+-- Name: schemas schemas_pkey; Type: CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+ALTER TABLE ONLY "TAP_SCHEMA".schemas
+    ADD CONSTRAINT schemas_pkey PRIMARY KEY (schema_name);
+
+
+--
+-- Name: tables tables_pkey; Type: CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+ALTER TABLE ONLY "TAP_SCHEMA".tables
+    ADD CONSTRAINT tables_pkey PRIMARY KEY (table_name);
+
+
+--
+-- Name: columns fk_columns_table_name; Type: FK CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+ALTER TABLE ONLY "TAP_SCHEMA".columns
+    ADD CONSTRAINT fk_columns_table_name FOREIGN KEY (table_name) REFERENCES "TAP_SCHEMA".tables(table_name);
+
+
+--
+-- Name: key_columns fk_key_columns_key_id; Type: FK CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+ALTER TABLE ONLY "TAP_SCHEMA".key_columns
+    ADD CONSTRAINT fk_key_columns_key_id FOREIGN KEY (key_id) REFERENCES "TAP_SCHEMA".keys(key_id);
+
+
+--
+-- Name: keys fk_keys_from_table; Type: FK CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+ALTER TABLE ONLY "TAP_SCHEMA".keys
+    ADD CONSTRAINT fk_keys_from_table FOREIGN KEY (from_table) REFERENCES "TAP_SCHEMA".tables(table_name);
+
+
+--
+-- Name: keys fk_keys_target_table; Type: FK CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+ALTER TABLE ONLY "TAP_SCHEMA".keys
+    ADD CONSTRAINT fk_keys_target_table FOREIGN KEY (target_table) REFERENCES "TAP_SCHEMA".tables(table_name);
+
+
+--
+-- Name: tables fk_tables_schema_name; Type: FK CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
+--
+
+ALTER TABLE ONLY "TAP_SCHEMA".tables
+    ADD CONSTRAINT fk_tables_schema_name FOREIGN KEY (schema_name) REFERENCES "TAP_SCHEMA".schemas(schema_name);
+
+
+--
+-- PostgreSQL database dump complete
+--
+

database/03-tap_schema-grants.sql

+GRANT USAGE ON SCHEMA "TAP_SCHEMA" TO tap;
+GRANT SELECT ON ALL TABLES IN SCHEMA "TAP_SCHEMA" TO tap;

database/Dockerfile

+FROM postgres:11
+
+ENV POSTGRES_HOST_AUTH_METHOD=trust
+
+ADD *.sql /docker-entrypoint-initdb.d/

private-rows-extensions/pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>it.inaf.ia2</groupId>
+    <artifactId>private-rows-extensions</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <maven.compiler.source>8</maven.compiler.source>
+        <maven.compiler.target>8</maven.compiler.target>
+    </properties>
+    <dependencies>
+        <dependency>
+            <artifactId>vollt</artifactId>
+            <groupId>vollt</groupId>
+            <version>1</version>
+            <scope>system</scope>
+            <systemPath>${basedir}/../vollt/build/libs/vollt.jar</systemPath>
+        </dependency>
+        <dependency>
+            <groupId>javax</groupId>
+            <artifactId>javaee-web-api</artifactId>
+            <version>7.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <version>5.6.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-params</artifactId>
+            <version>5.6.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-engine</artifactId>
+            <version>5.6.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <version>3.6.28</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.22.2</version>
+            </plugin>
+        </plugins>
+    </build>
+</project>
\ No newline at end of file

private-rows-extensions/src/main/java/it/inaf/ia2/vollt/CustomJobOwner.java

+package it.inaf.ia2.vollt;
+
+import java.util.List;
+import java.util.Map;
+import uws.job.JobList;
+import uws.job.UWSJob;
+import uws.job.user.JobOwner;
+
+public class CustomJobOwner implements JobOwner {
+
+    private final String id;
+
+    private final List<String> groups;
+
+    public CustomJobOwner(String id, List<String> groups) {
+        this.id = id;
+        this.groups = groups;
+    }
+
+    @Override
+    public String getID() {
+        return id;
+    }
+
+    public List<String> getGroups() {
+        return groups;
+    }
+
+    @Override
+    public String getPseudo() {
+        return null;
+    }
+
+    @Override
+    public boolean hasReadPermission(JobList jl) {
+        return false;
+    }
+
+    @Override
+    public boolean hasWritePermission(JobList jl) {
+        return false;
+    }
+
+    @Override
+    public boolean hasReadPermission(UWSJob job) {
+        return false;
+    }
+
+    @Override
+    public boolean hasWritePermission(UWSJob job) {
+        return false;
+    }
+
+    @Override
+    public boolean hasExecutePermission(UWSJob job) {
+        return false;
+    }
+
+    @Override
+    public Map<String, Object> getDataToSave() {
+        return null;
+    }
+
+    @Override
+    public void restoreData(Map<String, Object> data) {
+    }
+}

private-rows-extensions/src/main/java/it/inaf/ia2/vollt/CustomUserIdentifier.java

+package it.inaf.ia2.vollt;
+
+import java.util.Arrays;
+import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
+import uws.UWSException;
+import uws.job.user.JobOwner;
+import uws.service.UWSUrl;
+import uws.service.UserIdentifier;
+
+public class CustomUserIdentifier implements UserIdentifier {
+
+    @Override
+    public JobOwner extractUserId(UWSUrl urlInterpreter, HttpServletRequest request) throws UWSException {
+
+        String token = null;
+
+        String header = request.getHeader("Authorization");
+        if (header != null && !header.isEmpty()) {
+            if (header.startsWith("Bearer ")) {
+                token = header.substring("Bearer ".length());
+            }
+        }
+
+        return getFakeUser(token);
+    }
+
+    @Override
+    public JobOwner restoreUser(String id, String pseudo, Map<String, Object> otherData) throws UWSException {
+        throw new UnsupportedOperationException("Not supported yet.");
+    }
+
+    private CustomJobOwner getFakeUser(String token) {
+
+        if (token != null) {
+            switch (token) {
+                case "token1":
+                    return new CustomJobOwner("user1", Arrays.asList("group1", "group2"));
+                case "token2":
+                    return new CustomJobOwner("user2", Arrays.asList("group2"));
+            }
+        }
+
+        return new CustomJobOwner("anonymous", Arrays.asList());
+    }
+}

private-rows-extensions/src/main/java/it/inaf/ia2/vollt/PrivateRowsQueryExecutor.java

+package it.inaf.ia2.vollt;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.stream.Collectors;
+import tap.db.QueryExecutor;
+import uws.job.user.JobOwner;
+
+public class PrivateRowsQueryExecutor extends QueryExecutor {
+
+    @Override
+    public ResultSet executeQuery(Statement statement, String sql, JobOwner jobOwner) throws SQLException {
+
+        if (jobOwner instanceof CustomJobOwner) {
+            CustomJobOwner user = (CustomJobOwner) jobOwner;
+            statement.execute("SET my.tap_groups = \"{"
+                    + String.join(",", user.getGroups().stream()
+                            .map(g -> "'" + g.replace("'", "''") + "'")
+                            .collect(Collectors.toList()))
+                    + "}\"");
+        }
+
+        return super.executeQuery(statement, sql, jobOwner);
+    }
+}

private-rows-extensions/src/test/java/it/inaf/ia2/vollt/PrivateRowsQueryExecutorTest.java

+package it.inaf.ia2.vollt;
+
+import java.sql.Statement;
+import java.util.Arrays;
+import org.junit.jupiter.api.Test;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
+public class PrivateRowsQueryExecutorTest {
+
+    @Test
+    public void executeQueryTest() throws Exception {
+
+        PrivateRowsQueryExecutor queryExecutor = new PrivateRowsQueryExecutor();
+
+        CustomJobOwner user = new CustomJobOwner("user", Arrays.asList("group1", "group2"));
+
+        Statement mockedStatement = mock(Statement.class);
+        queryExecutor.executeQuery(mockedStatement, "", user);
+
+        verify(mockedStatement).execute(eq("SET my.tap_groups = \"{'group1','group2'}\""));
+
+        user = new CustomJobOwner("anonymous", Arrays.asList());
+        queryExecutor.executeQuery(mockedStatement, "", user);
+
+        verify(mockedStatement).execute(eq("SET my.tap_groups = \"{}\""));
+    }
+}

vollt @ 7ff003d9

+Subproject commit 7ff003d9fe33c84acafaa76644bfb58f6259c92a