~egtann/sum

ca60f18d7345de489877c313e262d209bb702f36 — Evan Tann 5 months ago 198ee83 validate
wip
1 files changed, 55 insertions(+), 6 deletions(-)

M parser.go
M parser.go => parser.go +55 -6
@@ 49,6 49,10 @@ func compile(
	allStatements []string,
	a *ast,
) (map[string]*permissions, error) {
	if len(allStatements) == 0 {
		return nil, errors.New("no statements")
	}

	// First collect a list of all users
	//
	// TODO(egtann) this can be done during parsing...


@@ 199,12 203,6 @@ func (p *permissions) grants(user string) []string {
func (p *permissions) apply(vars map[string][]string, l *line) error {
	deny := l.verb == "deny"

	// Make the appropriate variable substitutions
	l.databases = substituteVars(l.databases, vars)
	l.statements = substituteVars(l.statements, vars)
	l.tables = substituteVars(l.tables, vars)
	l.columns = substituteVars(l.columns, vars)

	// Iterate through all maps and set the permission toggles accordingly.
	// Track the number of toggles to toggle the parent-level Deny flag if
	// all children are set.


@@ 289,6 287,57 @@ func permsForLines(
) (*permissions, error) {
	perms := permsForSchema(schema, allStatements)
	for _, l := range ls {
		// Make the appropriate variable substitutions
		l.databases = substituteVars(l.databases, vars)
		l.statements = substituteVars(l.statements, vars)
		l.tables = substituteVars(l.tables, vars)
		l.columns = substituteVars(l.columns, vars)

		// Validate that all referenced statements, databases, tables
		// and columns exist in the schema to prevent silent failures
		// in the case of typos.
		for _, s := range l.statements {
			if !in(allStatements, s) {
				return nil, fmt.Errorf("unknown statement: %s", s)
			}
		}
		/*
			* TODO
			for _, d := range l.databases {
				var dbs []map[string]Table
				if d == "all" {
					for _, db := range schema.Databases {
						dbs = append(dbs, db)
					}
				} else {
					db, ok := schema.Databases[d]
					if !ok {
						return nil, fmt.Errorf("unknown db: %s", d)
					}
					dbs = []map[string]Table{db}
				}
				for _, db := range dbs {
					for _, t := range l.tables {
						var tables []map[string]struct{}
						if t == "all" {
							for _, table := range db {
								tables = append(tables, table)
							}
						} else {
							table, ok := db[t]
							if !ok {
								return nil, fmt.Errorf("unknown db: %s", d)
							}
							tables = []map[string]struct{}{table}
						}
						for _, table := range tables {

						}
					}
				}
			}
		*/

		if err := perms.apply(vars, l); err != nil {
			return nil, fmt.Errorf("apply: %w", err)
		}