Commit 810bc293 authored by Marcin's avatar Marcin
Browse files

describe and test method of sharing tables between applications

parent 1659f2a8
......@@ -19,7 +19,7 @@ The required ordering of the sql scripts is included in the cmake file [src/hive
Execute each script one-by-one with `psql` as in this example: `psql -d my_db_name -a -f context_rewind/data_schema.sql`
### Authorization
During its creation the extension introduces two new roles (groups): `hived_group` and `hive_application_group`. The maintainer of
During its creation the extension introduces two new roles (groups): `hived_group` and `hive_applications_group`. The maintainer of
the PostgreSQL cluster server needs to create roles ( users ) which inherits from one of these groups.
```
CREATE ROLE hived LOGIN PASSWORD 'hivedpass' INHERIT IN ROLE hived_group;
......@@ -75,6 +75,15 @@ It is expected that some applications will only want to process irreversible blo
In summary, a non-forking application is coded in much the same way as a forking application (making it relatively easy to change between these two modes), but a non-forking app does not register its tables with its context and it is only served up information about irreversible blocks.
### Sharing tables with other applications
If an application wants to expose some of its tables for reading by other applications, then it is enaugh to grant
SELECT privilege on the tables to hive_applications_group.
```
GRANT SELECT ON my_table TO hive_applications_group;
```
:warning: An application which uses tables exposed by other application must be written taking into account that applications
works at different speed, and they may contain data computed for different forks and blocks range.
### Important notice about irreversible data
:warning: **Although reversible and irreversible block tables are directly visible to aplications, these tables should not be queried directly. It is expected that the structure of the underlying tables may change in the future, but the structure of a context's views will likely stay constant. This means that the applications which directly read the tables instead of the views may need to be refactored in the future to use newer versions of the fork manager.**
......
......@@ -174,6 +174,7 @@ ADD_AUTHORIZATION_FUNCTIONAL_TESTS( authorization/alice_access_events_infrustruc
ADD_AUTHORIZATION_FUNCTIONAL_TESTS( authorization/hived_access_alice_context_data.sql )
ADD_AUTHORIZATION_FUNCTIONAL_TESTS( authorization/api_protection.sql )
ADD_AUTHORIZATION_FUNCTIONAL_TESTS( authorization/massive_sync_live_blocks_and_fork.sql )
ADD_AUTHORIZATION_FUNCTIONAL_TESTS( authorization/alice_grant_to_hive_applications_group.sql )
ADD_EXAMPLES_FUNCTIONAL_TESTS( examples/forking_application.py )
ADD_EXAMPLES_FUNCTIONAL_TESTS( examples/non_forking_application.py )
\ No newline at end of file
DROP FUNCTION IF EXISTS hived_test_given;
CREATE FUNCTION hived_test_given()
RETURNS void
LANGUAGE 'plpgsql'
VOLATILE
AS
$BODY$
BEGIN
-- PREPARE STATE AS HIVED
END;
$BODY$
;
DROP FUNCTION IF EXISTS hived_test_when;
CREATE FUNCTION hived_test_when()
RETURNS void
LANGUAGE 'plpgsql'
VOLATILE
AS
$BODY$
BEGIN
-- EXECUTE ACTION UDER TEST AS HIVED
END;
$BODY$
;
DROP FUNCTION IF EXISTS hived_test_then;
CREATE FUNCTION hived_test_then()
RETURNS void
LANGUAGE 'plpgsql'
VOLATILE
AS
$BODY$
BEGIN
-- CHECK EXPECTED STATE AS HIVED
END;
$BODY$
;
DROP FUNCTION IF EXISTS alice_test_given;
CREATE FUNCTION alice_test_given()
RETURNS void
LANGUAGE 'plpgsql'
VOLATILE
AS
$BODY$
BEGIN
CREATE TABLE alice_table( id INTEGER );
INSERT INTO alice_table VALUES( 1 );
INSERT INTO alice_table VALUES( 2 );
INSERT INTO alice_table VALUES( 3 );
END;
$BODY$
;
DROP FUNCTION IF EXISTS alice_test_when;
CREATE FUNCTION alice_test_when()
RETURNS void
LANGUAGE 'plpgsql'
VOLATILE
AS
$BODY$
BEGIN
GRANT SELECT ON alice_table TO hive_applications_group;
END;
$BODY$
;
DROP FUNCTION IF EXISTS alice_test_then;
CREATE FUNCTION alice_test_then()
RETURNS void
LANGUAGE 'plpgsql'
VOLATILE
AS
$BODY$
BEGIN
-- CHECK EXPECTED STATE AS ALICE
END;
$BODY$
;
DROP FUNCTION IF EXISTS bob_test_given;
CREATE FUNCTION bob_test_given()
RETURNS void
LANGUAGE 'plpgsql'
VOLATILE
AS
$BODY$
BEGIN
-- PREPARE STATE AS BOB
END;
$BODY$
;
DROP FUNCTION IF EXISTS bob_test_when;
CREATE FUNCTION bob_test_when()
RETURNS void
LANGUAGE 'plpgsql'
VOLATILE
AS
$BODY$
BEGIN
-- EXECUTE ACTION UDER TEST AS BOB
END;
$BODY$
;
DROP FUNCTION IF EXISTS bob_test_then;
CREATE FUNCTION bob_test_then()
RETURNS void
LANGUAGE 'plpgsql'
VOLATILE
AS
$BODY$
BEGIN
-- check if Bob has only SELECT acces to alice_table
ASSERT ( SELECT COUNT(*) FROM alice_table ) = 3 , 'Bob has no access to alice_table';
BEGIN
INSERT INTO alice_tables VALUES( 4 );
ASSERT FALSE, 'Bob can intert to alice_table';
EXCEPTION WHEN OTHERS THEN
END;
BEGIN
DELETE FROM alice_tables;
ASSERT FALSE, 'Bob can delete alice_table';
EXCEPTION WHEN OTHERS THEN
END;
BEGIN
UPDATE alice_tables SET id = 4;
ASSERT FALSE, 'Bob can update alice_table';
EXCEPTION WHEN OTHERS THEN
END;
END;
$BODY$
;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment