Commit f97f34b7 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Added private-rows-extensions Maven project

parents
/private-rows-extensions/nbproject/
/private-rows-extensions/target/
/private-rows-extensions/nb-configuration.xml
[submodule "vollt"]
path = vollt
url = git@git.ia2.inaf.it:zorba/vollt.git
branch = private_rows
CREATE SCHEMA demo;
CREATE TABLE demo.private_rows (
value varchar(255),
policy varchar(255),
"group" varchar(255)
);
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value1', 'FREE', '');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value2', 'FREE', '');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value3', 'PRIV', 'group1');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value4', 'PRIV', 'group1');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value5', 'PRIV', 'group2');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value6', 'PRIV', 'group2');
-- WARNING: always create a new role because Row Level Security doesn't work for table owner
CREATE ROLE tap WITH LOGIN PASSWORD 'demo';
GRANT USAGE ON SCHEMA demo TO tap;
GRANT SELECT ON demo.private_rows TO tap;
ALTER TABLE demo.private_rows ENABLE ROW LEVEL SECURITY;
CREATE POLICY filter_rls_policy ON demo.private_rows FOR ALL TO PUBLIC USING (policy = 'FREE' OR "group" = ANY(current_setting('my.tap_groups', true)::varchar[]));
--
-- PostgreSQL database dump
--
-- Dumped from database version 11.9 (Debian 11.9-1.pgdg90+1)
-- Dumped by pg_dump version 12.6 (Ubuntu 12.6-0ubuntu0.20.04.1)
SET statement_timeout = 0;
SET lock_timeout = 0;
SET idle_in_transaction_session_timeout = 0;
SET client_encoding = 'UTF8';
SET standard_conforming_strings = on;
SELECT pg_catalog.set_config('search_path', '', false);
SET check_function_bodies = false;
SET xmloption = content;
SET client_min_messages = warning;
SET row_security = off;
--
-- Name: TAP_SCHEMA; Type: SCHEMA; Schema: -; Owner: postgres
--
CREATE SCHEMA "TAP_SCHEMA";
ALTER SCHEMA "TAP_SCHEMA" OWNER TO postgres;
SET default_tablespace = '';
--
-- Name: columns; Type: TABLE; Schema: TAP_SCHEMA; Owner: postgres
--
CREATE TABLE "TAP_SCHEMA".columns (
table_name character varying(128) NOT NULL,
column_name character varying(64) NOT NULL,
datatype character varying(64),
size integer,
description text,
utype character varying,
unit character varying(64),
ucd character varying(64),
indexed boolean NOT NULL,
principal boolean NOT NULL,
std boolean NOT NULL,
arraysize character varying,
xtype character varying,
column_index integer
);
ALTER TABLE "TAP_SCHEMA".columns OWNER TO postgres;
--
-- Name: key_columns; Type: TABLE; Schema: TAP_SCHEMA; Owner: postgres
--
CREATE TABLE "TAP_SCHEMA".key_columns (
key_id character varying(64),
from_column character varying(64),
target_column character varying(64)
);
ALTER TABLE "TAP_SCHEMA".key_columns OWNER TO postgres;
--
-- Name: keys; Type: TABLE; Schema: TAP_SCHEMA; Owner: postgres
--
CREATE TABLE "TAP_SCHEMA".keys (
key_id character varying(64) NOT NULL,
from_table character varying(128),
target_table character varying(128),
description text,
utype character varying
);
ALTER TABLE "TAP_SCHEMA".keys OWNER TO postgres;
--
-- Name: schemas; Type: TABLE; Schema: TAP_SCHEMA; Owner: postgres
--
CREATE TABLE "TAP_SCHEMA".schemas (
schema_name character varying(64) NOT NULL,
utype character varying,
description text
);
ALTER TABLE "TAP_SCHEMA".schemas OWNER TO postgres;
--
-- Name: tables; Type: TABLE; Schema: TAP_SCHEMA; Owner: postgres
--
CREATE TABLE "TAP_SCHEMA".tables (
schema_name character varying(64) NOT NULL,
table_name character varying(128) NOT NULL,
table_type character varying(8),
utype character varying,
description text,
table_index integer
);
ALTER TABLE "TAP_SCHEMA".tables OWNER TO postgres;
--
-- Data for Name: columns; Type: TABLE DATA; Schema: TAP_SCHEMA; Owner: postgres
--
COPY "TAP_SCHEMA".columns (table_name, column_name, datatype, size, description, utype, unit, ucd, indexed, principal, std, arraysize, xtype, column_index) FROM stdin;
demo.private_rows group char 255 \N \N \N \N f f f 255* \N \N
demo.private_rows policy char 255 \N \N \N \N f f f 255* \N \N
demo.private_rows value char 255 \N \N \N \N f f f 255* \N \N
TAP_SCHEMA.columns arraysize char \N \N \N \N \N f f t * \N \N
TAP_SCHEMA.columns column_index int \N \N \N \N \N f f t \N \N \N
TAP_SCHEMA.columns column_name char 64 the column name \N \N \N t f t 64* \N \N
TAP_SCHEMA.columns datatype char 64 lists the ADQL datatype of columns in the tableset \N \N \N f f t 64* \N \N
TAP_SCHEMA.columns description char \N describes the columns in the tableset \N \N \N f f t * \N \N
TAP_SCHEMA.columns indexed boolean \N an indexed column \N \N \N f f t \N \N \N
TAP_SCHEMA.columns principal boolean \N a principal column \N \N \N f f t \N \N \N
TAP_SCHEMA.columns size int \N lists the size of variable-length columns in the tableset \N \N \N f f t \N \N \N
TAP_SCHEMA.columns std boolean \N a standard column \N \N \N f f t \N \N \N
TAP_SCHEMA.columns table_name char 128 the table this column belongs to \N \N \N t f t 128* \N \N
TAP_SCHEMA.columns ucd char 64 lists the UCDs of columns in the tableset \N \N \N f f t 64* \N \N
TAP_SCHEMA.columns unit char 64 lists the unit used for column values in the tableset \N \N \N f f t 64* \N \N
TAP_SCHEMA.columns utype char \N lists the utypes of columns in the tableset \N \N \N f f t * \N \N
TAP_SCHEMA.columns xtype char \N \N \N \N \N f f t * \N \N
TAP_SCHEMA.key_columns from_column char 64 column in the from_table \N \N \N f f t 64* \N \N
TAP_SCHEMA.key_columns key_id char 64 key to join to TAP_SCHEMA.keys \N \N \N t f t 64* \N \N
TAP_SCHEMA.key_columns target_column char 64 column in the target_table \N \N \N f f t 64* \N \N
TAP_SCHEMA.keys description char \N describes keys in the tableset \N \N \N f f t * \N \N
TAP_SCHEMA.keys from_table char 128 the table with the foreign key \N \N \N t f t 128* \N \N
TAP_SCHEMA.keys key_id char 64 unique key to join to TAP_SCHEMA.key_columns \N \N \N t f t 64* \N \N
TAP_SCHEMA.keys target_table char 128 the table with the primary key \N \N \N t f t 128* \N \N
TAP_SCHEMA.keys utype char \N lists the utype of keys in the tableset \N \N \N f f t * \N \N
TAP_SCHEMA.schemas description char \N describes schemas in the tableset \N \N \N f f t * \N \N
TAP_SCHEMA.schemas schema_name char 64 schema name for reference to TAP_SCHEMA.schemas \N \N \N t f t 64* \N \N
TAP_SCHEMA.schemas utype char \N lists the utypes of schemas in the tableset \N \N \N f f t * \N \N
TAP_SCHEMA.tables description char \N describes tables in the tableset \N \N \N f f t * \N \N
TAP_SCHEMA.tables schema_name char 64 the schema this table belongs to \N \N \N t f t 64* \N \N
TAP_SCHEMA.tables table_index int \N \N \N \N \N f f t \N \N \N
TAP_SCHEMA.tables table_name char 128 the fully qualified table name \N \N \N t f t 128* \N \N
TAP_SCHEMA.tables table_type char 8 one of: table view \N \N \N f f t 8* \N \N
TAP_SCHEMA.tables utype char \N lists the utype of tables in the tableset \N \N \N f f t * \N \N
\.
--
-- Data for Name: key_columns; Type: TABLE DATA; Schema: TAP_SCHEMA; Owner: postgres
--
COPY "TAP_SCHEMA".key_columns (key_id, from_column, target_column) FROM stdin;
\.
--
-- Data for Name: keys; Type: TABLE DATA; Schema: TAP_SCHEMA; Owner: postgres
--
COPY "TAP_SCHEMA".keys (key_id, from_table, target_table, description, utype) FROM stdin;
\.
--
-- Data for Name: schemas; Type: TABLE DATA; Schema: TAP_SCHEMA; Owner: postgres
--
COPY "TAP_SCHEMA".schemas (schema_name, utype, description) FROM stdin;
demo \N \N
TAP_SCHEMA \N a special schema to describe a TAP tableset
\.
--
-- Data for Name: tables; Type: TABLE DATA; Schema: TAP_SCHEMA; Owner: postgres
--
COPY "TAP_SCHEMA".tables (schema_name, table_name, table_type, utype, description, table_index) FROM stdin;
demo demo.private_rows table \N \N \N
TAP_SCHEMA TAP_SCHEMA.columns table \N description of columns in this tableset \N
TAP_SCHEMA TAP_SCHEMA.key_columns table \N description of foreign key columns in this tableset \N
TAP_SCHEMA TAP_SCHEMA.keys table \N description of foreign keys in this tableset \N
TAP_SCHEMA TAP_SCHEMA.schemas table \N description of schemas in this tableset \N
TAP_SCHEMA TAP_SCHEMA.tables table \N description of tables in this tableset \N
\.
--
-- Name: columns columns_pkey; Type: CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
--
ALTER TABLE ONLY "TAP_SCHEMA".columns
ADD CONSTRAINT columns_pkey PRIMARY KEY (table_name, column_name);
--
-- Name: keys keys_pkey; Type: CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
--
ALTER TABLE ONLY "TAP_SCHEMA".keys
ADD CONSTRAINT keys_pkey PRIMARY KEY (key_id);
--
-- Name: schemas schemas_pkey; Type: CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
--
ALTER TABLE ONLY "TAP_SCHEMA".schemas
ADD CONSTRAINT schemas_pkey PRIMARY KEY (schema_name);
--
-- Name: tables tables_pkey; Type: CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
--
ALTER TABLE ONLY "TAP_SCHEMA".tables
ADD CONSTRAINT tables_pkey PRIMARY KEY (table_name);
--
-- Name: columns fk_columns_table_name; Type: FK CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
--
ALTER TABLE ONLY "TAP_SCHEMA".columns
ADD CONSTRAINT fk_columns_table_name FOREIGN KEY (table_name) REFERENCES "TAP_SCHEMA".tables(table_name);
--
-- Name: key_columns fk_key_columns_key_id; Type: FK CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
--
ALTER TABLE ONLY "TAP_SCHEMA".key_columns
ADD CONSTRAINT fk_key_columns_key_id FOREIGN KEY (key_id) REFERENCES "TAP_SCHEMA".keys(key_id);
--
-- Name: keys fk_keys_from_table; Type: FK CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
--
ALTER TABLE ONLY "TAP_SCHEMA".keys
ADD CONSTRAINT fk_keys_from_table FOREIGN KEY (from_table) REFERENCES "TAP_SCHEMA".tables(table_name);
--
-- Name: keys fk_keys_target_table; Type: FK CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
--
ALTER TABLE ONLY "TAP_SCHEMA".keys
ADD CONSTRAINT fk_keys_target_table FOREIGN KEY (target_table) REFERENCES "TAP_SCHEMA".tables(table_name);
--
-- Name: tables fk_tables_schema_name; Type: FK CONSTRAINT; Schema: TAP_SCHEMA; Owner: postgres
--
ALTER TABLE ONLY "TAP_SCHEMA".tables
ADD CONSTRAINT fk_tables_schema_name FOREIGN KEY (schema_name) REFERENCES "TAP_SCHEMA".schemas(schema_name);
--
-- PostgreSQL database dump complete
--
GRANT USAGE ON SCHEMA "TAP_SCHEMA" TO tap;
GRANT SELECT ON ALL TABLES IN SCHEMA "TAP_SCHEMA" TO tap;
FROM postgres:11
ENV POSTGRES_HOST_AUTH_METHOD=trust
ADD *.sql /docker-entrypoint-initdb.d/
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>it.inaf.ia2</groupId>
<artifactId>private-rows-extensions</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<artifactId>vollt</artifactId>
<groupId>vollt</groupId>
<version>1</version>
<scope>system</scope>
<systemPath>${basedir}/../vollt/build/libs/vollt.jar</systemPath>
</dependency>
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-web-api</artifactId>
<version>7.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-api</artifactId>
<version>5.6.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-params</artifactId>
<version>5.6.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-engine</artifactId>
<version>5.6.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>3.6.28</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.22.2</version>
</plugin>
</plugins>
</build>
</project>
\ No newline at end of file
package it.inaf.ia2.vollt;
import java.util.List;
import java.util.Map;
import uws.job.JobList;
import uws.job.UWSJob;
import uws.job.user.JobOwner;
public class CustomJobOwner implements JobOwner {
private final String id;
private final List<String> groups;
public CustomJobOwner(String id, List<String> groups) {
this.id = id;
this.groups = groups;
}
@Override
public String getID() {
return id;
}
public List<String> getGroups() {
return groups;
}
@Override
public String getPseudo() {
return null;
}
@Override
public boolean hasReadPermission(JobList jl) {
return false;
}
@Override
public boolean hasWritePermission(JobList jl) {
return false;
}
@Override
public boolean hasReadPermission(UWSJob job) {
return false;
}
@Override
public boolean hasWritePermission(UWSJob job) {
return false;
}
@Override
public boolean hasExecutePermission(UWSJob job) {
return false;
}
@Override
public Map<String, Object> getDataToSave() {
return null;
}
@Override
public void restoreData(Map<String, Object> data) {
}
}
package it.inaf.ia2.vollt;
import java.util.Arrays;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import uws.UWSException;
import uws.job.user.JobOwner;
import uws.service.UWSUrl;
import uws.service.UserIdentifier;
public class CustomUserIdentifier implements UserIdentifier {
@Override
public JobOwner extractUserId(UWSUrl urlInterpreter, HttpServletRequest request) throws UWSException {
String token = null;
String header = request.getHeader("Authorization");
if (header != null && !header.isEmpty()) {
if (header.startsWith("Bearer ")) {
token = header.substring("Bearer ".length());
}
}
return getFakeUser(token);
}
@Override
public JobOwner restoreUser(String id, String pseudo, Map<String, Object> otherData) throws UWSException {
throw new UnsupportedOperationException("Not supported yet.");
}
private CustomJobOwner getFakeUser(String token) {
if (token != null) {
switch (token) {
case "token1":
return new CustomJobOwner("user1", Arrays.asList("group1", "group2"));
case "token2":
return new CustomJobOwner("user2", Arrays.asList("group2"));
}
}
return new CustomJobOwner("anonymous", Arrays.asList());
}
}
package it.inaf.ia2.vollt;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.stream.Collectors;
import tap.db.QueryExecutor;
import uws.job.user.JobOwner;
public class PrivateRowsQueryExecutor extends QueryExecutor {
@Override
public ResultSet executeQuery(Statement statement, String sql, JobOwner jobOwner) throws SQLException {
if (jobOwner instanceof CustomJobOwner) {
CustomJobOwner user = (CustomJobOwner) jobOwner;
statement.execute("SET my.tap_groups = \"{"
+ String.join(",", user.getGroups().stream()
.map(g -> "'" + g.replace("'", "''") + "'")
.collect(Collectors.toList()))
+ "}\"");
}
return super.executeQuery(statement, sql, jobOwner);
}
}
package it.inaf.ia2.vollt;
import java.sql.Statement;
import java.util.Arrays;
import org.junit.jupiter.api.Test;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
public class PrivateRowsQueryExecutorTest {
@Test
public void executeQueryTest() throws Exception {
PrivateRowsQueryExecutor queryExecutor = new PrivateRowsQueryExecutor();
CustomJobOwner user = new CustomJobOwner("user", Arrays.asList("group1", "group2"));
Statement mockedStatement = mock(Statement.class);
queryExecutor.executeQuery(mockedStatement, "", user);
verify(mockedStatement).execute(eq("SET my.tap_groups = \"{'group1','group2'}\""));
user = new CustomJobOwner("anonymous", Arrays.asList());
queryExecutor.executeQuery(mockedStatement, "", user);
verify(mockedStatement).execute(eq("SET my.tap_groups = \"{}\""));
}
}
Subproject commit 7ff003d9fe33c84acafaa76644bfb58f6259c92a
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment