add support for create/drop role, grant, revoke

2015-08-15 21:01:48 +03:00 · 2015-08-15 21:01:48 +03:00 · 3c0788af6e
commit 3c0788af6e
parent 91875b7e7e
7 changed files with 405 additions and 27 deletions
--- a/tools/Language/SQL/SimpleSQL/SQL2011AccessControl.lhs
+++ b/tools/Language/SQL/SimpleSQL/SQL2011AccessControl.lhs
@ -7,9 +7,10 @@ grant, etc
 > module Language.SQL.SimpleSQL.SQL2011AccessControl (sql2011AccessControlTests) where

 > import Language.SQL.SimpleSQL.TestTypes
+> import Language.SQL.SimpleSQL.Syntax

 > sql2011AccessControlTests :: TestItem
-> sql2011AccessControlTests = Group "sql 2011 access control tests" []
+> sql2011AccessControlTests = Group "sql 2011 access control tests" [

 12 Access control

@ -72,11 +73,155 @@ grant, etc
    CURRENT_USER
  | CURRENT_ROLE

+>      (TestStatement SQL2011
+>       "grant all privileges on tbl1 to role1"
+>      $ GrantPrivilege [PrivAll]
+>        (PrivTable [Name "tbl1"])
+>        [Name "role1"] WithoutGrantOption)
+
+
+>     ,(TestStatement SQL2011
+>       "grant all privileges on tbl1 to role1,role2"
+>      $ GrantPrivilege [PrivAll]
+>        (PrivTable [Name "tbl1"])
+>        [Name "role1",Name "role2"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant all privileges on tbl1 to role1 with grant option"
+>      $ GrantPrivilege [PrivAll]
+>        (PrivTable [Name "tbl1"])
+>        [Name "role1"] WithGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant all privileges on table tbl1 to role1"
+>      $ GrantPrivilege [PrivAll]
+>        (PrivTable [Name "tbl1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant all privileges on domain mydom to role1"
+>      $ GrantPrivilege [PrivAll]
+>        (PrivDomain [Name "mydom"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant all privileges on type t1 to role1"
+>      $ GrantPrivilege [PrivAll]
+>        (PrivType [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant all privileges on sequence s1 to role1"
+>      $ GrantPrivilege [PrivAll]
+>        (PrivSequence [Name "s1"])
+>        [Name "role1"] WithoutGrantOption)
+
+
+>     ,(TestStatement SQL2011
+>       "grant select on table t1 to role1"
+>      $ GrantPrivilege [PrivSelect []]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant select(a,b) on table t1 to role1"
+>      $ GrantPrivilege [PrivSelect [Name "a", Name "b"]]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant delete on table t1 to role1"
+>      $ GrantPrivilege [PrivDelete]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant insert on table t1 to role1"
+>      $ GrantPrivilege [PrivInsert []]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant insert(a,b) on table t1 to role1"
+>      $ GrantPrivilege [PrivInsert [Name "a", Name "b"]]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant update on table t1 to role1"
+>      $ GrantPrivilege [PrivUpdate []]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant update(a,b) on table t1 to role1"
+>      $ GrantPrivilege [PrivUpdate [Name "a", Name "b"]]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant references on table t1 to role1"
+>      $ GrantPrivilege [PrivReferences []]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant references(a,b) on table t1 to role1"
+>      $ GrantPrivilege [PrivReferences [Name "a", Name "b"]]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant usage on table t1 to role1"
+>      $ GrantPrivilege [PrivUsage]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant trigger on table t1 to role1"
+>      $ GrantPrivilege [PrivTrigger]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+
+>     ,(TestStatement SQL2011
+>       "grant execute on specific function f to role1"
+>      $ GrantPrivilege [PrivExecute]
+>        (PrivFunction [Name "f"])
+>        [Name "role1"] WithoutGrantOption)
+
+>     ,(TestStatement SQL2011
+>       "grant select,delete on table t1 to role1"
+>      $ GrantPrivilege [PrivSelect [], PrivDelete]
+>        (PrivTable [Name "t1"])
+>        [Name "role1"] WithoutGrantOption)
+
+skipping for now:
+
+what is 'under' action?
+
+collation, character set, translation, member thing, methods
+
+for review
+
+some pretty big things missing in the standard:
+
+schema, database
+
+functions, etc., by argument types since they can be overloaded
+
+
+
 12.4 <role definition>

 <role definition> ::=
  CREATE ROLE <role name> [ WITH ADMIN <grantor> ]

+>     ,(TestStatement SQL2011
+>       "create role rolee"
+>      $ CreateRole (Name "rolee"))
+
+
 12.5 <grant role statement>

 <grant role statement> ::=
@ -88,11 +233,30 @@ grant, etc
 <role granted> ::=
  <role name>

+>     ,(TestStatement SQL2011
+>       "grant role1 to public"
+>      $ GrantRole [Name "role1"] [Name "public"] WithoutAdminOption)
+
+>     ,(TestStatement SQL2011
+>       "grant role1,role2 to role3,role4"
+>      $ GrantRole [Name "role1",Name "role2"]
+>                  [Name "role3", Name "role4"] WithoutAdminOption)
+
+>     ,(TestStatement SQL2011
+>       "grant role1 to role3 with admin option"
+>      $ GrantRole [Name "role1"] [Name "role3"] WithAdminOption)
+
+
 12.6 <drop role statement>

 <drop role statement> ::=
  DROP ROLE <role name>

+>     ,(TestStatement SQL2011
+>       "drop role rolee"
+>      $ DropRole (Name "rolee"))
+
+
 12.7 <revoke statement>

 <revoke statement> ::=
@ -109,6 +273,20 @@ grant, etc
    GRANT OPTION FOR
  | HIERARCHY OPTION FOR

+
+>     ,(TestStatement SQL2011
+>       "revoke select on t1 from role1"
+>      $ RevokePrivilege NoGrantOptionFor [PrivSelect []]
+>               (PrivTable [Name "t1"])
+>               [Name "role1"] DefaultDropBehaviour)
+
+>     ,(TestStatement SQL2011
+>       "revoke grant option for select on t1 from role1,role2 cascade"
+>      $ RevokePrivilege GrantOptionFor [PrivSelect []]
+>                        (PrivTable [Name "t1"])
+>               [Name "role1",Name "role2"] Cascade)
+
+
 <revoke role statement> ::=
  REVOKE [ ADMIN OPTION FOR ] <role revoked> [ { <comma> <role revoked> }... ]
      FROM <grantee> [ { <comma> <grantee> }... ]
@ -117,3 +295,21 @@ grant, etc

 <role revoked> ::=
  <role name>
+
+>     ,(TestStatement SQL2011
+>       "revoke role1 from role2"
+>      $ RevokeRole NoAdminOptionFor [Name "role1"]
+>                   [Name "role2"] DefaultDropBehaviour)
+
+>     ,(TestStatement SQL2011
+>       "revoke role1,role2 from role3,role4"
+>      $ RevokeRole NoAdminOptionFor [Name "role1",Name "role2"]
+>                   [Name "role3",Name "role4"] DefaultDropBehaviour)
+
+
+>     ,(TestStatement SQL2011
+>       "revoke admin option for role1 from role2 cascade"
+>      $ RevokeRole AdminOptionFor [Name "role1"] [Name "role2"] Cascade)
+
+
+>    ]