def security_policy_create(request, repo_base, repo, table):
'''
Creates a security policy for a table.
'''
username = request.user.get_username()
try:
policy = request.POST['security-policy']
policy_type = request.POST['policy-type']
grantee = request.POST['policy-grantee']
RowLevelSecurityManager.create_security_policy(policy=policy,
policy_type=policy_type,
grantee=grantee,
grantor=username,
repo_base=repo_base,
repo=repo,
table=table
)
except Exception as e:
return HttpResponse(
json.dumps(
{'error': str(e)}),
content_type="application/json")
return HttpResponseRedirect(
reverse('browse-security_policies', args=(repo_base, repo, table)))
def security_policy_create(request, repo_base, repo, table):
'''
Creates a security policy for a table.
'''
username = request.user.get_username()
try:
policy = request.POST['security-policy']
policy_type = request.POST['policy-type']
grantee = request.POST['policy-grantee']
RowLevelSecurityManager.create_security_policy(policy=policy,
policy_type=policy_type,
grantee=grantee,
grantor=username,
repo_base=repo_base,
repo=repo,
table=table
)
except Exception as e:
return HttpResponse(
json.dumps(
{'error': str(e)}),
content_type="application/json")
return HttpResponseRedirect(
reverse('browse-security_policies', args=(repo_base, repo, table)))
def test_create_security_policy(self):
create_pol = self.mock_connection.return_value.create_security_policy
mock_find_security_policies = self.create_patch(
'core.db.rlsmanager'
'.RowLevelSecurityManager.find_security_policies')
mock_find_security_policies.return_value = []
RowLevelSecurityManager.create_security_policy(
policy="policy='True'",
policy_type="select",
grantee="test_grantee",
grantor=self.username,
repo_base=self.repo_base,
repo=self.repo,
table=self.repo)
self.assertTrue(create_pol.called)
def process_permissions(self, permission):
'''
Takes in the SQL permissions statement, extracts all the necessary
components (permission type, grantee, repo_name, table_name, and
permission) and creates a security policy for it in the policy table.
'''
permission_type = self.extract_permission_type(permission)
access_type = self.extract_access_type(permission)
grantee = self.extract_grantee(permission)
extract_table_info = self.extract_table_info(permission)
policy = self.extract_policy(permission)
repo = extract_table_info[0]
table = extract_table_info[1]
if permission_type == "grant":
RowLevelSecurityManager.create_security_policy(
policy=policy,
policy_type=access_type,
grantee=grantee,
grantor=self.user,
repo_base=self.repo_base,
repo=repo,
table=table)
else:
# Need to remove policy if it is remove
policies = RowLevelSecurityManager.find_security_policies(
repo_base=self.repo_base,
repo=repo,
table=table,
policy=policy,
policy_type=access_type,
grantee=grantee,
grantor=self.user,
safe=False)
if len(policies) == 1:
RowLevelSecurityManager.remove_security_policy(
policy_id=policy[0][0],
username=self.user,
repo_base=self.repo_base)
else:
raise Exception('Error identifying security policy.')
def process_permissions(self, permission):
'''
Takes in the SQL permissions statement, extracts all the necessary
components (permission type, grantee, repo_name, table_name, and
permission) and creates a security policy for it in the policy table.
'''
permission_type = self.extract_permission_type(permission)
access_type = self.extract_access_type(permission)
grantee = self.extract_grantee(permission)
extract_table_info = self.extract_table_info(permission)
policy = self.extract_policy(permission)
repo = extract_table_info[0]
table = extract_table_info[1]
if permission_type == "grant":
RowLevelSecurityManager.create_security_policy(
policy=policy,
policy_type=access_type,
grantee=grantee,
grantor=self.user,
repo_base=self.repo_base,
repo=repo,
table=table)
else:
# Need to remove policy if it is remove
policies = RowLevelSecurityManager.find_security_policies(
repo_base=self.repo_base,
repo=repo,
table=table,
policy=policy,
policy_type=access_type,
grantee=grantee,
grantor=self.user,
safe=False)
if len(policies) == 1:
RowLevelSecurityManager.remove_security_policy(
policy_id=policy[0][0], username=self.user,
repo_base=self.repo_base)
else:
raise Exception('Error identifying security policy.')
def create_security_policy(
self, policy, policy_type, grantee, repo, table):
res = RowLevelSecurityManager.create_security_policy(
policy=policy,
policy_type=policy_type,
grantee=grantee,
grantor=self.username,
repo_base=self.username,
repo=repo,
table=table,
safe=True)
return res