Skip to content
This repository was archived by the owner on Jun 11, 2024. It is now read-only.

Row Level Security: GUI for constructing CREATE POLICY commands #209

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Row Level Security: GUI for constructing CREATE POLICY commands #209

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
1c874e3
Copy Query Builder to be modified into "Policy Builder"
robsoto May 22, 2017
2659213
DataQ modal accessible from Security Policies page
robsoto May 23, 2017
4ea3e18
Build CREATE POLICY string from DataQ.Policy object.
robsoto May 25, 2017
a85aea5
Renamed dq-security-policy-builder.js -> dq-rls-policy-builder.js
robsoto May 25, 2017
9e7796c
Remove "user_list"
robsoto May 25, 2017
0ef4d7d
Define DataQ.Policy object.
robsoto May 25, 2017
2dbaf59
Basic CREATE POLICY builder modal accessible on security policies page.
robsoto May 26, 2017
69214b4
Basic front end done
robsoto May 27, 2017
b7f9cbf
collecting DataQ.Policy fields, still need to submit command to DB
robsoto May 30, 2017
7d91a47
More UI - backend connections
robsoto Jun 1, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
More UI - backend connections
  • Loading branch information
@robsoto
robsoto committed Jun 1, 2017
commit 7d91a4736b6e4524fdf5d3d222b5ee56b627b870
37 changes: 32 additions & 5 deletions src/apps/dataq/client_src/js/dataq.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@
* @param cb - The callback to trigger when the query is built.
*/
DataQ.DQ_rls_policy = function(repo_name, table_name, cb) {
console.log(repo_name);
console.log(table_name);

// Set the callback.
callback = cb;

Expand Down Expand Up @@ -203,11 +206,31 @@
callback(DataQ.build_query(query));
});

// Handle DataQ run policy.
$(document).on("click", ".dq-btn-run-policy", function() {
// Handle DataQ create policy.
$(document).on("click", ".dq-btn-create-policy", function() {
// Build policy object
policy.name($("#dq-policy-name").val());
policy.table

policy.command($("#dq-policy-command-selected").text());

roles = $("#dq-policy-role-list").val().split(",").map(function(r) {
return r.trim();
});
policy.roles(roles);

using_expr_obj = {
"filter1": $("#dq-policy-using-expr-filter-1").val(),
"op" : $("#dq-policy-using-expr-op").val(),
"filter2": $("#dq-policy-using-expr-filter-2").val()
};
policy.using_expression(using_expr_obj);

check_expr_obj = {
"filter1": $("#dq-policy-check-expr-filter-1").val(),
"op" : $("#dq-policy-check-expr-op").val(),
"filter2": $("#dq-policy-check-expr-filter-2").val()
};
policy.using_expression(check_expr_obj);

// Close DataQ
$(".dq-black-background").remove();
Expand All @@ -217,9 +240,13 @@
callback(DataQ.build_policy(policy));
});

// Handle policy command dropdown selection
$(document).on("click", "#dq-policy-dropdown-menu a", function() {
$('#dq-policy-command-selected').text($(this).text());
});

// Handle DataQ close
$(document).con("click", ".dq-btn-cancel-create-policy", function() {
console.log('click');
$(document).on("click", ".dq-btn-cancel-create-policy", function() {
$(".dq-black-background").remove();
$(".dataq").remove();
callback(null);
Expand Down
24 changes: 19 additions & 5 deletions src/apps/dataq/client_src/js/dq-rls-policy-builder.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
var policy_name = policy.name();

// Name of table to which the policy applies.
var table_name = policy.repo() + "." + policy.name();
var table_name = policy.repo() + "." + policy.table();

// Command to which the policy applies.
var command = policy.command();
Expand Down Expand Up @@ -56,13 +56,27 @@
policy_string += " TO " + role_list.join(", ");

// USING clause
policy_string += " USING " + using_expr;
if (command !== "INSERT") {
policy_string += " USING " + using_expr;
} else if (using_expr !== null) {
var err_msg = "An INSERT policy cannot have a USING expression, as USING is"
+ " used for reading existing records, not adding new ones.";
alert(err_msg);
return null;
}

// WITH CHECK clause
if (command !== "SELECT") {
// A SELECT policy cannot have a WITH CHECK expression, as it only applies
// in cases where records are being retrieved from the relation.
if (command !== "SELECT" && command !== "DELETE") {
// Neither a SELECT or DELETE policy can have a WITH CHECK expression,
// as this expression is used for validating new records, not reading or
// deleting existing ones.
policy_string += " WITH CHECK " + check_expr;
} else if (check_expr !== null) {
var err_msg = "Neither a SELECT or DELETE policy can have a WITH CHECK expression"
+ ", as this expression is used for validating new records, not"
+ " reading or deleting existing ones.";
alert(err_msg);
return null;
}

// Remove leading and trailing spaces and then append semicolon.
Expand Down
26 changes: 14 additions & 12 deletions src/apps/dataq/client_src/js/dq-rls-policy.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 +63,11 @@
};

/**
* Get or set the command { ALL | SELECT | INSERT| UPDATE | DELETE } to which
* Get or set the command { ALL | SELECT | INSERT | UPDATE | DELETE } to which
* this policy will apply.
*
* @param cmd - If this argument is omitted (or undefined), this function acts as a
* getter. Otherwise, it acts as a setter, setting the repo name.
* getter. Otherwise, it acts as a setter, setting the allowed command.
*
* @return The name of the command.
*/
Expand All @@ -82,7 +82,7 @@
* Get or set the Roles to which this policy will apply.
*
* @param role_list - If this argument is omitted (or undefined), this function acts as a
* getter. Otherwise, it acts as a setter, setting the repo name.
* getter. Otherwise, it acts as a setter, setting the list of roles.
*
* @return The list of Roles.
*/
Expand All @@ -100,13 +100,14 @@
* Get or set the policy's using_expression.
*
* @param expr - If this argument is omitted (or undefined), this function acts as a
* getter. Otherwise, it acts as a setter, setting the repo name.
* getter. Otherwise, it acts as a setter, setting the USING expression.
*
* @return The full using_expression.
* @return The full USING expression.
*/
that.using_expression = function(expr) {
if (expr !== undefined) {
that._using_expr = expr;
that.using_expression = function(expr_obj) {
if (expr_obj !== undefined) {
using_expression = expr_obj.filter1 + " " + expr_obj.op + " " + expr_obj.filter2;
that._using_expr = using_expression;
}
return that._using_expr;
};
Expand All @@ -115,12 +116,13 @@
* Get or set the policy's check_expression.
*
* @param expr - If this argument is omitted (or undefined), this function acts as a
* getter. Otherwise, it acts as a setter, setting the repo name.
* getter. Otherwise, it acts as a setter, setting the WITH CHECK expression.
*
* @return The full check_expression.
* @return The full WITH CHECK expression.
*/
that.check_expression = function(expr) {
if (expr !== undefined) {
that.check_expression = function(expr_obj) {
if (expr_obj !== undefined) {
check_expression = expr_obj.filter1 + " " + expr_obj.op + " " + expr_obj.filter2;
that._check_expr = expr;
}
return that._check_expr;
Expand Down
24 changes: 13 additions & 11 deletions src/apps/dataq/client_src/templates/dataq-container-rls-policy.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
</div>
<div id="collapseOne" class="panel-collapse collapse in">
<div class="panel-body">
<input id="dq-policy-name" type="text" class="form-control" placeholder="Policy Name" />
<input id="dq-policy-name" type="text" placeholder="Policy Name" />
</div>
</div>

Expand All @@ -35,9 +35,11 @@
<div id="collapseTwo" class="panel-collapse collapse in">
<div class="panel-body">
<div class="dropdown" id="dq-policy-commands-dropdown">
<button class="btn btn-primary dropdown-toggle" type="button" data-toggle="dropdown">Choose command
<span class="caret"></span></button>
<ul class="dropdown-menu">
<button class="btn btn-primary dropdown-toggle dq-modal-dropdown-btn" type="button" data-toggle="dropdown">
<span id="dq-policy-command-selected">Choose command</span>
<span class="caret"></span>
</button>
<ul id="dq-policy-dropdown-menu" class="dropdown-menu">
<li><a href="#">SELECT</a></li>
<li><a href="#">INSERT</a></li>
<li><a href="#">UPDATE</a></li>
Expand All @@ -57,7 +59,7 @@
</div>
<div id="collapseThree" class="panel-collapse collapse in">
<div class="panel-body">
<input id="dq-policy-role-list" type="text" class="form-control" placeholder="Comma separated role names. e.g. CURRENT_USER, admin, myGroupRole" />
<input id="dq-policy-role-list" type="text" placeholder="Comma separated role names. e.g. CURRENT_USER, admin, myGroupRole" />
</div>
</div>

Expand All @@ -73,7 +75,7 @@
<!-- The first dropdown where the user can specify <val1> in the filter <val1> <operation> <val2> -->
<div class="input-group col-xs-4">
<!-- Text box for entering the filter text -->
<input type="text" class="form-control dq-filter-1-text" placeholder="table1.col1 * 3">
<input type="text" id="dq-policy-using-expr-filter-1" class="dq-filter-1-text" placeholder="table1.col1 * 3">
<!-- Dropdown for selecting a column to add to filter -->
<div class="input-group-btn">
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-expanded="false"><span class="caret"></span></button>
Expand All @@ -88,7 +90,7 @@
<!-- The first dropdown where the user can specify <operation> in the filter <val1> <operation> <val2> -->
<div class="input-group col-xs-3">
<!-- Text box for entering the operation text -->
<input type="text" class="form-control dq-filter-op-text" value="=">
<input type="text" id="dq-policy-using-expr-op" class="dq-filter-op-text" value="=">
<!-- The possible operations are <, <=, >, >=, =, LIKE, IN, and NOT IN -->
<div class="input-group-btn">
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-expanded="false"><span class="caret"></span></button>
Expand All @@ -108,7 +110,7 @@
<!-- The second dropdown where the user can specify <val2> in the filter <val1> <operation> <val2> -->
<div class="input-group col-xs-4">
<!-- Text box for entering the filter text -->
<input type="text" class="form-control dq-filter-2-text" placeholder="table2.col2+3">
<input type="text" id="dq-policy-using-expr-filter-2" class="dq-filter-2-text" placeholder="table2.col2+3">
<!-- Dropdown for selecting a column to add to filter -->
<div class="input-group-btn">
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-expanded="false"><span class="caret"></span></button>
Expand All @@ -134,7 +136,7 @@
<!-- The first dropdown where the user can specify <val1> in the filter <val1> <operation> <val2> -->
<div class="input-group col-xs-4">
<!-- Text box for entering the filter text -->
<input type="text" class="form-control dq-filter-1-text" placeholder="table1.col1 * 3">
<input type="text" id="dq-policy-check-expr-filter-1" class="dq-filter-1-text" placeholder="table1.col1 * 3">
<!-- Dropdown for selecting a column to add to filter -->
<div class="input-group-btn">
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-expanded="false"><span class="caret"></span></button>
Expand All @@ -149,7 +151,7 @@
<!-- The first dropdown where the user can specify <operation> in the filter <val1> <operation> <val2> -->
<div class="input-group col-xs-3">
<!-- Text box for entering the operation text -->
<input type="text" class="form-control dq-filter-op-text" value="=">
<input type="text" id="dq-policy-check-expr-op" class="dq-filter-op-text" value="=">
<!-- The possible operations are <, <=, >, >=, =, LIKE, IN, and NOT IN -->
<div class="input-group-btn">
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-expanded="false"><span class="caret"></span></button>
Expand All @@ -169,7 +171,7 @@
<!-- The first dropdown where the user can specify <val2> in the filter <val1> <operation> <val2> -->
<div class="input-group col-xs-4">
<!-- Text box for entering the filter text -->
<input type="text" class="form-control dq-filter-2-text" placeholder="table2.col2+3">
<input type="text" id="dq-policy-check-expr-filter-2" class="dq-filter-2-text" placeholder="table2.col2+3">
<!-- Dropdown for selecting a column to add to filter -->
<div class="input-group-btn">
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-expanded="false"><span class="caret"></span></button>
Expand Down
2 changes: 1 addition & 1 deletion src/browser/templates/security-policies.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@ <h4 class="modal-title" id="confirm-modal-title">Update Security Policy</h4>
<script>
$(document).on("click", "#btn-dataq-rls-policy", function(e) {
e.preventDefault();
DataQ.DQ_rls_policy("{{repo}}", function(query) {
DataQ.DQ_rls_policy("{{repo}}", "{{table}}", function(query) {
$("#txt-sql").val(query);
});
});
Expand Down