topdog/supersonic
1
0
Fork 0
mirror of https://github.com/tencentmusic/supersonic.git synced 2026-04-26 18:24:20 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

(improvement)(auth) Make row permissions take effect during the translate sql phase and refactor the auth code (#1368)

Browse Source 
Co-authored-by: lxwcodemonkey
This commit is contained in:
LXW
2024-07-07 20:46:53 +08:00
committed by GitHub
parent 08ae27ab43
commit 9911e6772c
10 changed files with 163 additions and 456 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryBySqlTest.java
View File

@@ -101,18 +101,23 @@ public class QueryBySqlTest extends BaseTest {
@Test
public void testAuthorization_sensitive_metric() throws Exception {
User tom = DataUtils.getUserTom();
assertThrows(InvalidPermissionException.class,
() -> queryBySql("SELECT SUM(stay_hours) FROM 停留时长统计 WHERE department ='HR'", tom));
}
@Test
public void testAuthorization_sensitive_metric_jack() throws Exception {
User jack = DataUtils.getUserJack();
SemanticQueryResp semanticQueryResp =
queryBySql("SELECT SUM(stay_hours) FROM 停留时长统计 WHERE department ='HR'", tom);
Assertions.assertEquals(false, semanticQueryResp.getColumns().get(0).getAuthorized());
Assertions.assertEquals("******",
semanticQueryResp.getResultList().get(0).get("SUM(stay_hours)"));
queryBySql("SELECT SUM(stay_hours) FROM 停留时长统计", jack);
Assertions.assertTrue(semanticQueryResp.getResultList().size() > 0);
}
@Test
public void testAuthorization_row_permission() throws Exception {
User tom = DataUtils.getUserTom();
SemanticQueryResp semanticQueryResp =
queryBySql("SELECT SUM(stay_hours) FROM 停留时长统计 WHERE department ='HR'", tom);
queryBySql("SELECT SUM(pv) FROM 超音数PVUV统计 WHERE department ='HR'", tom);
Assertions.assertNotNull(semanticQueryResp.getQueryAuthorization().getMessage());
Assertions.assertTrue(semanticQueryResp.getSql().contains("user_name = 'tom'"));
}

11
launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryByStructTest.java
View File

@@ -111,15 +111,14 @@ public class QueryByStructTest extends BaseTest {
}
@Test
public void testAuthorization_sensitive_metric() throws Exception {
public void testAuthorization_sensitive_metric() {
User tom = DataUtils.getUserTom();
Aggregator aggregator = new Aggregator();
aggregator.setFunc(AggOperatorEnum.SUM);
aggregator.setColumn("stay_hours");
QueryStructReq queryStructReq1 = buildQueryStructReq(Arrays.asList("department"), aggregator);
SemanticQueryResp semanticQueryResp = semanticLayerService.queryByReq(queryStructReq1, tom);
Assertions.assertEquals(false, semanticQueryResp.getColumns().get(1).getAuthorized());
Assertions.assertEquals("******", semanticQueryResp.getResultList().get(0).get("stay_hours"));
QueryStructReq queryStructReq = buildQueryStructReq(Arrays.asList("department"), aggregator);
assertThrows(InvalidPermissionException.class,
() -> semanticLayerService.queryByReq(queryStructReq, tom));
}
@Test
@@ -127,7 +126,7 @@ public class QueryByStructTest extends BaseTest {
User tom = DataUtils.getUserTom();
Aggregator aggregator = new Aggregator();
aggregator.setFunc(AggOperatorEnum.SUM);
aggregator.setColumn("stay_hours");
aggregator.setColumn("pv");
QueryStructReq queryStructReq1 = buildQueryStructReq(Arrays.asList("department"), aggregator);
SemanticQueryResp semanticQueryResp = semanticLayerService.queryByReq(queryStructReq1, tom);
Assertions.assertNotNull(semanticQueryResp.getQueryAuthorization().getMessage());