def test_find_security_policies(self): find_policies = self.mock_connection.return_value\ .find_security_policies RowLevelSecurityManager.find_security_policies( repo_base=self.repo_base, repo=self.repo, table=self.table, policy="visible='True", policy_type="insert", grantee="test", grantor="test_grantor") self.assertTrue(find_policies.called)
def find_table_policies(self, table, repo, policytype, repo_base): ''' Look up policies associated with the table and repo and returns a list of all the policies defined for the user. ''' if repo_base is None: repo_base = self.repo_base # policies that are meant to apply to specific users user_policies = RowLevelSecurityManager.find_security_policies( repo_base=repo_base, repo=repo, table=table, policy_type=policytype, grantee=self.user, safe=False) # policies that are meant to apply to all users all_policies = RowLevelSecurityManager.find_security_policies( repo_base=repo_base, repo=repo, table=table, policy_type=policytype, grantee=settings.RLS_ALL, safe=False) # People collaborating on this repo collaborators = Collaborator.objects.filter(repo_base=repo_base, repo_name=repo) # If the user is not explicitly granted access, also load the # public_policies public_policies = [] if self.user not in collaborators: public_policies = RowLevelSecurityManager.find_security_policies( repo_base=repo_base, repo=repo, table=table, policy_type=policytype, grantee=settings.RLS_PUBLIC, safe=False) security_policies = user_policies + all_policies + public_policies result = [] for policy_tuple in security_policies: result.append(policy_tuple.policy) return result
def security_policies(request, repo_base, repo, table): ''' Shows the security policies defined for a table. ''' username = request.user.get_username() # get the security policies on a given repo.table try: policies = RowLevelSecurityManager.find_security_policies( repo_base=repo_base, repo=repo, table=table, grantor=username, safe=True) except LookupError: policies = [] # repack the named tuples. This is a bit of a hack, (since we could just # get the view to display named tuples) # but is happening for expediency policies = [(p.id, p.policy, p.policy_type, p.grantee, p.grantor) for p in policies] res = { 'login': username, 'repo_base': repo_base, 'repo': repo, 'table': table, 'policies': policies } res.update(csrf(request)) return render_to_response("security-policies.html", res)
def security_policies(request, repo_base, repo, table): ''' Shows the security policies defined for a table. ''' username = request.user.get_username() # get the security policies on a given repo.table try: policies = RowLevelSecurityManager.find_security_policies( repo_base=repo_base, repo=repo, table=table, grantor=username, safe=True) except LookupError: policies = [] # repack the named tuples. This is a bit of a hack, (since we could just # get the view to display named tuples) # but is happening for expediency policies = [(p.id, p.policy, p.policy_type, p.grantee, p.grantor) for p in policies] res = { 'login': username, 'repo_base': repo_base, 'repo': repo, 'table': table, 'policies': policies} res.update(csrf(request)) return render_to_response("security-policies.html", res)
def find_security_policies( self, repo=None, table=None, policy_id=None, policy=None, policy_type=None, grantee=None): res = RowLevelSecurityManager.find_security_policies( repo_base=self.username, repo=repo, table=table, policy_id=policy_id, policy=policy, policy_type=policy_type, grantee=grantee, grantor=self.username, safe=True) policies = [p._asdict() for p in res] return policies
def process_permissions(self, permission): ''' Takes in the SQL permissions statement, extracts all the necessary components (permission type, grantee, repo_name, table_name, and permission) and creates a security policy for it in the policy table. ''' permission_type = self.extract_permission_type(permission) access_type = self.extract_access_type(permission) grantee = self.extract_grantee(permission) extract_table_info = self.extract_table_info(permission) policy = self.extract_policy(permission) repo = extract_table_info[0] table = extract_table_info[1] if permission_type == "grant": RowLevelSecurityManager.create_security_policy( policy=policy, policy_type=access_type, grantee=grantee, grantor=self.user, repo_base=self.repo_base, repo=repo, table=table) else: # Need to remove policy if it is remove policies = RowLevelSecurityManager.find_security_policies( repo_base=self.repo_base, repo=repo, table=table, policy=policy, policy_type=access_type, grantee=grantee, grantor=self.user, safe=False) if len(policies) == 1: RowLevelSecurityManager.remove_security_policy( policy_id=policy[0][0], username=self.user, repo_base=self.repo_base) else: raise Exception('Error identifying security policy.')