From e7d2072813659ab425a189bfe5c7c11a8e9e97b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emmanuel=20Beno=C3=AEt?= <tseeker@legacyworlds.com>
Date: Tue, 3 Jan 2012 09:35:57 +0100
Subject: [PATCH] SQL privileges fix and unit tests

* Fixed privileges on both variants of defs.uoc_natural_resource()

* Added user unit tests which check execution privileges on all (new)
stored procedures and INSERT/UPDATE/SELECT/DELETE privileges on all
(new) tables
---
 .../functions/025-resources-functions.sql     |  4 +--
 .../defs => data}/07500-resources.sql         |  0
 .../defs => data}/07501-natural-resources.sql |  0
 .../10003-resource-providers.sql              |  0
 .../defs => data}/11001-empire-resources.sql  |  0
 .../11002-empire-mining-settings.sql          |  0
 .../11003-empire-planet-mining-settings.sql   |  0
 .../user/priv/data/07500-defs-resources.sql   | 32 +++++++++++++++++++
 .../data/07501-defs-natural-resources.sql     | 28 ++++++++++++++++
 .../data/10003-verse-resource-providers.sql   | 28 ++++++++++++++++
 .../user/priv/data/11001-empire-resources.sql | 28 ++++++++++++++++
 .../data/11002-empire-mining-settings.sql     | 28 ++++++++++++++++
 .../11003-empire-planet-mining-settings.sql   | 28 ++++++++++++++++
 .../functions/02500-uoc-resource-internal.sql | 14 ++++++++
 .../priv/functions/02501-uoc-resource.sql     | 14 ++++++++
 .../functions/02502-uoc-natres-internal.sql   | 16 ++++++++++
 .../functions/02503-uoc-natural-resource.sql  | 18 +++++++++++
 .../14500-compute-provider-regeneration.sql   | 11 +++++++
 ...10500-process-planet-res-regen-updates.sql | 11 +++++++
 19 files changed, 258 insertions(+), 2 deletions(-)
 rename legacyworlds-server-data/db-structure/tests/admin/{constraints/defs => data}/07500-resources.sql (100%)
 rename legacyworlds-server-data/db-structure/tests/admin/{constraints/defs => data}/07501-natural-resources.sql (100%)
 rename legacyworlds-server-data/db-structure/tests/admin/{constraints/defs => data}/10003-resource-providers.sql (100%)
 rename legacyworlds-server-data/db-structure/tests/admin/{constraints/defs => data}/11001-empire-resources.sql (100%)
 rename legacyworlds-server-data/db-structure/tests/admin/{constraints/defs => data}/11002-empire-mining-settings.sql (100%)
 rename legacyworlds-server-data/db-structure/tests/admin/{constraints/defs => data}/11003-empire-planet-mining-settings.sql (100%)
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/data/07500-defs-resources.sql
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/data/07501-defs-natural-resources.sql
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/data/10003-verse-resource-providers.sql
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/data/11001-empire-resources.sql
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/data/11002-empire-mining-settings.sql
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/data/11003-empire-planet-mining-settings.sql
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/functions/02500-uoc-resource-internal.sql
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/functions/02501-uoc-resource.sql
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/functions/02502-uoc-natres-internal.sql
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/functions/02503-uoc-natural-resource.sql
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/functions/14500-compute-provider-regeneration.sql
 create mode 100644 legacyworlds-server-data/db-structure/tests/user/priv/updates/10500-process-planet-res-regen-updates.sql

diff --git a/legacyworlds-server-data/db-structure/parts/functions/025-resources-functions.sql b/legacyworlds-server-data/db-structure/parts/functions/025-resources-functions.sql
index b401eb0..053f1f1 100644
--- a/legacyworlds-server-data/db-structure/parts/functions/025-resources-functions.sql
+++ b/legacyworlds-server-data/db-structure/parts/functions/025-resources-functions.sql
@@ -393,7 +393,7 @@ CREATE OR REPLACE FUNCTION defs.uoc_natural_resource(
 			_recovery_dev DOUBLE PRECISION )
 	RETURNS defs.resource_update_result
 	STRICT VOLATILE
-	SECURITY INVOKER
+	SECURITY DEFINER
 AS $$
 	SELECT defs.uoc_natres_internal( $1 , $2 , NULL , $3 , $4 , $5 , $6 , $7 ,
 		$8 , $9 , $10 );
@@ -447,7 +447,7 @@ CREATE OR REPLACE FUNCTION defs.uoc_natural_resource(
 			_recovery_dev DOUBLE PRECISION )
 	RETURNS defs.resource_update_result
 	STRICT VOLATILE
-	SECURITY INVOKER
+	SECURITY DEFINER
 AS $$
 	SELECT defs.uoc_natres_internal( $1 , $2 , $3 , $4 , $5 , $6 , $7 , $8 ,
 		$9 , $10 , $11 );
diff --git a/legacyworlds-server-data/db-structure/tests/admin/constraints/defs/07500-resources.sql b/legacyworlds-server-data/db-structure/tests/admin/data/07500-resources.sql
similarity index 100%
rename from legacyworlds-server-data/db-structure/tests/admin/constraints/defs/07500-resources.sql
rename to legacyworlds-server-data/db-structure/tests/admin/data/07500-resources.sql
diff --git a/legacyworlds-server-data/db-structure/tests/admin/constraints/defs/07501-natural-resources.sql b/legacyworlds-server-data/db-structure/tests/admin/data/07501-natural-resources.sql
similarity index 100%
rename from legacyworlds-server-data/db-structure/tests/admin/constraints/defs/07501-natural-resources.sql
rename to legacyworlds-server-data/db-structure/tests/admin/data/07501-natural-resources.sql
diff --git a/legacyworlds-server-data/db-structure/tests/admin/constraints/defs/10003-resource-providers.sql b/legacyworlds-server-data/db-structure/tests/admin/data/10003-resource-providers.sql
similarity index 100%
rename from legacyworlds-server-data/db-structure/tests/admin/constraints/defs/10003-resource-providers.sql
rename to legacyworlds-server-data/db-structure/tests/admin/data/10003-resource-providers.sql
diff --git a/legacyworlds-server-data/db-structure/tests/admin/constraints/defs/11001-empire-resources.sql b/legacyworlds-server-data/db-structure/tests/admin/data/11001-empire-resources.sql
similarity index 100%
rename from legacyworlds-server-data/db-structure/tests/admin/constraints/defs/11001-empire-resources.sql
rename to legacyworlds-server-data/db-structure/tests/admin/data/11001-empire-resources.sql
diff --git a/legacyworlds-server-data/db-structure/tests/admin/constraints/defs/11002-empire-mining-settings.sql b/legacyworlds-server-data/db-structure/tests/admin/data/11002-empire-mining-settings.sql
similarity index 100%
rename from legacyworlds-server-data/db-structure/tests/admin/constraints/defs/11002-empire-mining-settings.sql
rename to legacyworlds-server-data/db-structure/tests/admin/data/11002-empire-mining-settings.sql
diff --git a/legacyworlds-server-data/db-structure/tests/admin/constraints/defs/11003-empire-planet-mining-settings.sql b/legacyworlds-server-data/db-structure/tests/admin/data/11003-empire-planet-mining-settings.sql
similarity index 100%
rename from legacyworlds-server-data/db-structure/tests/admin/constraints/defs/11003-empire-planet-mining-settings.sql
rename to legacyworlds-server-data/db-structure/tests/admin/data/11003-empire-planet-mining-settings.sql
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/data/07500-defs-resources.sql b/legacyworlds-server-data/db-structure/tests/user/priv/data/07500-defs-resources.sql
new file mode 100644
index 0000000..c04c7eb
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/data/07500-defs-resources.sql
@@ -0,0 +1,32 @@
+/*
+ * Test privileges on defs.resources
+ */
+BEGIN;
+	SELECT plan( 4 );
+	
+	SELECT diag_test_name( 'defs.resources - INSERT privileges' );
+	SELECT throws_ok(
+		$$ INSERT INTO defs.resources(
+			resource_name_id , resource_description_id , resource_weight
+		) VALUES (
+			1 , 2 , 1
+		); $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'defs.resources - UPDATE privileges' );
+	SELECT throws_ok(
+		$$ UPDATE defs.resources SET resource_weight = 10; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'defs.resources - SELECT privileges' );
+	SELECT throws_ok(
+		$$ SELECT * FROM defs.resources; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'defs.resources - DELETE privileges' );
+	SELECT throws_ok(
+		$$ DELETE FROM defs.resources; $$ ,
+		42501 );
+
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/data/07501-defs-natural-resources.sql b/legacyworlds-server-data/db-structure/tests/user/priv/data/07501-defs-natural-resources.sql
new file mode 100644
index 0000000..40894ba
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/data/07501-defs-natural-resources.sql
@@ -0,0 +1,28 @@
+/*
+ * Test privileges on defs.natural_resources
+ */
+BEGIN;
+	SELECT plan( 4 );
+	
+	SELECT diag_test_name( 'defs.natural_resources - INSERT privileges' );
+	SELECT throws_ok(
+		$$ INSERT INTO defs.natural_resources( resource_name_id ) VALUES ( 1 ); $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'defs.natural_resources - UPDATE privileges' );
+	SELECT throws_ok(
+		$$ UPDATE defs.natural_resources SET natres_p_presence = 0.5; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'defs.natural_resources - SELECT privileges' );
+	SELECT throws_ok(
+		$$ SELECT * FROM defs.natural_resources; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'defs.natural_resources - DELETE privileges' );
+	SELECT throws_ok(
+		$$ DELETE FROM defs.natural_resources; $$ ,
+		42501 );
+
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/data/10003-verse-resource-providers.sql b/legacyworlds-server-data/db-structure/tests/user/priv/data/10003-verse-resource-providers.sql
new file mode 100644
index 0000000..227789b
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/data/10003-verse-resource-providers.sql
@@ -0,0 +1,28 @@
+/*
+ * Test privileges on verse.resource_providers
+ */
+BEGIN;
+	SELECT plan( 4 );
+	
+	SELECT diag_test_name( 'verse.resource_providers - INSERT privileges' );
+	SELECT throws_ok(
+		$$ INSERT INTO verse.resource_providers( resource_name_id ) VALUES ( 1 ); $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'verse.resource_providers - UPDATE privileges' );
+	SELECT throws_ok(
+		$$ UPDATE verse.resource_providers SET resprov_quantity = 42; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'verse.resource_providers - SELECT privileges' );
+	SELECT throws_ok(
+		$$ SELECT * FROM verse.resource_providers; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'verse.resource_providers - DELETE privileges' );
+	SELECT throws_ok(
+		$$ DELETE FROM verse.resource_providers; $$ ,
+		42501 );
+
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/data/11001-empire-resources.sql b/legacyworlds-server-data/db-structure/tests/user/priv/data/11001-empire-resources.sql
new file mode 100644
index 0000000..b565b91
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/data/11001-empire-resources.sql
@@ -0,0 +1,28 @@
+/*
+ * Test privileges on emp.resources
+ */
+BEGIN;
+	SELECT plan( 4 );
+	
+	SELECT diag_test_name( 'emp.resources - INSERT privileges' );
+	SELECT throws_ok(
+		$$ INSERT INTO emp.resources( resource_name_id ) VALUES ( 1 ); $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'emp.resources - UPDATE privileges' );
+	SELECT throws_ok(
+		$$ UPDATE emp.resources SET empres_possessed = 42; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'emp.resources - SELECT privileges' );
+	SELECT throws_ok(
+		$$ SELECT * FROM emp.resources; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'emp.resources - DELETE privileges' );
+	SELECT throws_ok(
+		$$ DELETE FROM emp.resources; $$ ,
+		42501 );
+
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/data/11002-empire-mining-settings.sql b/legacyworlds-server-data/db-structure/tests/user/priv/data/11002-empire-mining-settings.sql
new file mode 100644
index 0000000..040d66b
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/data/11002-empire-mining-settings.sql
@@ -0,0 +1,28 @@
+/*
+ * Test privileges on emp.mining_settings
+ */
+BEGIN;
+	SELECT plan( 4 );
+	
+	SELECT diag_test_name( 'emp.mining_settings - INSERT privileges' );
+	SELECT throws_ok(
+		$$ INSERT INTO emp.mining_settings( resource_name_id ) VALUES ( 1 ); $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'emp.mining_settings - UPDATE privileges' );
+	SELECT throws_ok(
+		$$ UPDATE emp.mining_settings SET empmset_weight = 42; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'emp.mining_settings - SELECT privileges' );
+	SELECT throws_ok(
+		$$ SELECT * FROM emp.mining_settings; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'emp.mining_settings - DELETE privileges' );
+	SELECT throws_ok(
+		$$ DELETE FROM emp.mining_settings; $$ ,
+		42501 );
+
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/data/11003-empire-planet-mining-settings.sql b/legacyworlds-server-data/db-structure/tests/user/priv/data/11003-empire-planet-mining-settings.sql
new file mode 100644
index 0000000..34d1e27
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/data/11003-empire-planet-mining-settings.sql
@@ -0,0 +1,28 @@
+/*
+ * Test privileges on emp.planet_mining_settings
+ */
+BEGIN;
+	SELECT plan( 4 );
+	
+	SELECT diag_test_name( 'emp.planet_mining_settings - INSERT privileges' );
+	SELECT throws_ok(
+		$$ INSERT INTO emp.planet_mining_settings( resource_name_id ) VALUES ( 1 ); $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'emp.planet_mining_settings - UPDATE privileges' );
+	SELECT throws_ok(
+		$$ UPDATE emp.planet_mining_settings SET emppmset_weight = 42; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'emp.planet_mining_settings - SELECT privileges' );
+	SELECT throws_ok(
+		$$ SELECT * FROM emp.planet_mining_settings; $$ ,
+		42501 );
+
+	SELECT diag_test_name( 'emp.planet_mining_settings - DELETE privileges' );
+	SELECT throws_ok(
+		$$ DELETE FROM emp.planet_mining_settings; $$ ,
+		42501 );
+
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/functions/02500-uoc-resource-internal.sql b/legacyworlds-server-data/db-structure/tests/user/priv/functions/02500-uoc-resource-internal.sql
new file mode 100644
index 0000000..c66b9dc
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/functions/02500-uoc-resource-internal.sql
@@ -0,0 +1,14 @@
+/*
+ * Test privileges on defs.uoc_resource_internal()
+ */
+BEGIN;
+
+	SELECT plan( 1 );
+	
+	SELECT diag_test_name( 'defs.uoc_resource_internal() - Privileges' );
+	PREPARE _test_this AS
+		SELECT defs.uoc_resource_internal( 'test1' , 'test2' , NULL , 1 );
+	SELECT throws_ok( '_test_this' , 42501 );
+	
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/functions/02501-uoc-resource.sql b/legacyworlds-server-data/db-structure/tests/user/priv/functions/02501-uoc-resource.sql
new file mode 100644
index 0000000..56053d4
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/functions/02501-uoc-resource.sql
@@ -0,0 +1,14 @@
+/*
+ * Test privileges on defs.uoc_resource()
+ */
+BEGIN;
+	SELECT plan( 2 );
+	
+	SELECT diag_test_name( 'defs.uoc_resource() - Privileges (without category)' );
+	SELECT is( defs.uoc_resource( 'test1' , 'test2' , 1 ) , 'BAD_STRINGS' );
+	
+	SELECT diag_test_name( 'defs.uoc_resource() - Privileges (with category)' );
+	SELECT is( defs.uoc_resource( 'test1' , 'test2' , 'test3' , 1 ) , 'BAD_STRINGS' );
+	
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/functions/02502-uoc-natres-internal.sql b/legacyworlds-server-data/db-structure/tests/user/priv/functions/02502-uoc-natres-internal.sql
new file mode 100644
index 0000000..1a321e5
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/functions/02502-uoc-natres-internal.sql
@@ -0,0 +1,16 @@
+/*
+ * Test privileges on defs.uoc_natres_internal()
+ */
+BEGIN;
+
+	SELECT plan( 1 );
+	
+	SELECT diag_test_name( 'defs.uoc_natres_internal() - Privileges' );
+	PREPARE _test_this AS
+		SELECT defs.uoc_natres_internal( 'test1' , 'test2' , NULL , 1 ,
+				0.5 , 100 , 50 , 0.5 , 0.1 , 0.5 , 0.1
+			);
+	SELECT throws_ok( '_test_this' , 42501 );
+	
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/functions/02503-uoc-natural-resource.sql b/legacyworlds-server-data/db-structure/tests/user/priv/functions/02503-uoc-natural-resource.sql
new file mode 100644
index 0000000..dee7b74
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/functions/02503-uoc-natural-resource.sql
@@ -0,0 +1,18 @@
+/*
+ * Test privileges on defs.uoc_natural_resource()
+ */
+BEGIN;
+	SELECT plan( 2 );
+	
+	SELECT diag_test_name( 'defs.uoc_natural_resource() - Privileges (without category)' );
+	SELECT is( defs.uoc_natural_resource( 'test1' , 'test2' , 1 ,
+			0.5 , 100 , 50 , 0.5 , 0.1 , 0.5 , 0.1
+		) , 'BAD_STRINGS' );
+	
+	SELECT diag_test_name( 'defs.uoc_natural_resource() - Privileges (with category)' );
+	SELECT is( defs.uoc_natural_resource( 'test1' , 'test2' , 'test3' , 1 ,
+			0.5 , 100 , 50 , 0.5 , 0.1 , 0.5 , 0.1
+		) , 'BAD_STRINGS' );
+	
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/functions/14500-compute-provider-regeneration.sql b/legacyworlds-server-data/db-structure/tests/user/priv/functions/14500-compute-provider-regeneration.sql
new file mode 100644
index 0000000..cce7c93
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/functions/14500-compute-provider-regeneration.sql
@@ -0,0 +1,11 @@
+/*
+ * Test privileges on verse.compute_provider_regeneration()
+ */
+BEGIN;
+	SELECT plan( 1 );
+
+	SELECT diag_test_name( 'verse.compute_provider_regeneration() - Privileges' );
+	SELECT throws_ok( 'SELECT verse.compute_provider_regeneration( 100.0 , 100.0 , 0.5 )' , 42501 );
+	
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file
diff --git a/legacyworlds-server-data/db-structure/tests/user/priv/updates/10500-process-planet-res-regen-updates.sql b/legacyworlds-server-data/db-structure/tests/user/priv/updates/10500-process-planet-res-regen-updates.sql
new file mode 100644
index 0000000..b08eb50
--- /dev/null
+++ b/legacyworlds-server-data/db-structure/tests/user/priv/updates/10500-process-planet-res-regen-updates.sql
@@ -0,0 +1,11 @@
+/*
+ * Test privileges on sys.process_planet_res_regen_updates()
+ */
+BEGIN;
+	SELECT plan( 1 );
+
+	SELECT diag_test_name( 'sys.process_planet_res_regen_updates() - Privileges' );
+	SELECT throws_ok( 'SELECT sys.process_planet_res_regen_updates( 1 )' , 42501 );
+	
+	SELECT * FROM finish( );
+ROLLBACK;
\ No newline at end of file