MCPcopy Index your code
hub / github.com/rilldata/rill / TestSecurityPolicyWithRef

Function TestSecurityPolicyWithRef

runtime/parser/parser_test.go:2250–2331  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

2248}
2249
2250func TestSecurityPolicyWithRef(t *testing.T) {
2251 ctx := context.Background()
2252 repo := makeRepo(t, map[string]string{
2253 `rill.yaml`: ``,
2254 `models/mappings.sql`: `
2255SELECT * FROM domain_mappings
2256`,
2257 `metrics/d1.yaml`: `
2258version: 1
2259type: metrics_view
2260table: t1
2261dimensions:
2262 - name: foo
2263 column: foo
2264measures:
2265 - name: a
2266 expression: count(*)
2267security:
2268 access: true
2269 row_filter: partner_id IN (SELECT partner_id FROM {{ ref "mappings" }} WHERE domain = '{{ .user.domain }}')
2270`,
2271 })
2272
2273 resources := []*Resource{
2274 {
2275 Name: ResourceName{Kind: ResourceKindModel, Name: "mappings"},
2276 Paths: []string{"/models/mappings.sql"},
2277 ModelSpec: &runtimev1.ModelSpec{
2278 RefreshSchedule: &runtimev1.Schedule{RefUpdate: true},
2279 InputConnector: "duckdb",
2280 InputProperties: must(structpb.NewStruct(map[string]any{"sql": "SELECT * FROM domain_mappings"})),
2281 OutputConnector: "duckdb",
2282 ChangeMode: runtimev1.ModelChangeMode_MODEL_CHANGE_MODE_RESET,
2283 },
2284 },
2285 {
2286 Name: ResourceName{Kind: ResourceKindMetricsView, Name: "d1"},
2287 Refs: []ResourceName{{Kind: ResourceKindModel, Name: "mappings"}},
2288 Paths: []string{"/metrics/d1.yaml"},
2289 MetricsViewSpec: &runtimev1.MetricsViewSpec{
2290 Connector: "duckdb",
2291 Table: "t1",
2292 DisplayName: "D1",
2293 Dimensions: []*runtimev1.MetricsViewSpec_Dimension{
2294 {Name: "foo", DisplayName: "Foo", Column: "foo"},
2295 },
2296 Measures: []*runtimev1.MetricsViewSpec_Measure{
2297 {Name: "a", DisplayName: "A", Expression: "count(*)", Type: runtimev1.MetricsViewSpec_MEASURE_TYPE_SIMPLE},
2298 },
2299 SecurityRules: []*runtimev1.SecurityRule{
2300 {Rule: &runtimev1.SecurityRule_Access{Access: &runtimev1.SecurityRuleAccess{
2301 ConditionExpression: "true",
2302 Allow: true,
2303 }}},
2304 {Rule: &runtimev1.SecurityRule_RowFilter{RowFilter: &runtimev1.SecurityRuleRowFilter{
2305 Sql: "partner_id IN (SELECT partner_id FROM {{ ref \"mappings\" }} WHERE domain = '{{ .user.domain }}')",
2306 }}},
2307 },

Callers

nothing calls this directly

Calls 7

makeRepoFunction · 0.85
putRepoFunction · 0.85
ReparseMethod · 0.80
ContainsMethod · 0.80
mustFunction · 0.70
ParseFunction · 0.70

Tested by

no test coverage detected