主页 / user-1219755

alexanoid's questions

Martin Hope
alexanoid
Asked: 2025-02-11 17:29:45 +0800 CST
  • 5

我需要撤销 test.persons 表中 uid 列的 INSERT 和 UPDATE 权限。

以下是我目前所做的:

CREATE TABLE test.persons (
    uid UUID DEFAULT gen_random_uuid() PRIMARY KEY,
    name VARCHAR(255),
    description TEXT
);

REVOKE INSERT (uid) ON test.persons FROM hasura;
GRANT INSERT (name, description) ON test.persons TO hasura;
REVOKE UPDATE (uid) ON test.persons FROM hasura;
GRANT UPDATE (name, description) ON test.persons TO hasura;


INSERT INTO test.persons (uid, name, description) 
VALUES ('e7443661-f6c3-4448-8df7-c65e3f8243ca', 'John Doe', 'Some description');
//correct: ERROR: permission denied for table persons

INSERT INTO test.persons (uid) 
VALUES (gen_random_uuid());
//correct: ERROR: permission denied for table persons

INSERT INTO test.persons (name, description) 
VALUES ('John Doe', 'Some description');
//correct: Successfully inserted

INSERT INTO test.persons (name) 
VALUES ('John Doe1');
//correct: Successfully inserted

到目前为止,一切都很好。

但是当我尝试执行以下更新时:

UPDATE test.persons SET uid = gen_random_uuid() WHERE name = 'John Doe';

它已成功更新,但实际上不应该更新,因为我撤销了 uid 列上的 UPDATE 权限。

我做错了什么以及我应该如何正确地撤销 uid 列上的 UPDATE 权限?

postgresql
Martin Hope
alexanoid
Asked: 2024-12-03 18:49:24 +0800 CST
  • 5

我有以下 JPA Criteria API 方法:

public List<AggregationTask> findNonExpiredTasksBy(String entityName, Map<String, String> columnValues) {
        CriteriaBuilder cb = entityManager.getCriteriaBuilder();
        CriteriaQuery<AggregationTask> query = cb.createQuery(AggregationTask.class);
        Root<AggregationTask> root = query.from(AggregationTask.class);

        Predicate entityNamePredicate = cb.equal(root.get("edaEntityName"), entityName);

        Predicate columnPredicate = cb.conjunction();
        if (columnValues != null && !columnValues.isEmpty()) {
            List<Predicate> columnConditions = new ArrayList<>();

            for (Map.Entry<String, String> entry : columnValues.entrySet()) {
                Predicate condition = cb.and(
                        cb.equal(root.get("edaEntityColumnName"), entry.getKey()),
                        cb.equal(root.get("edaEntityColumnValue"), entry.getValue())
                );
                columnConditions.add(condition);
            }
            columnPredicate = cb.or(columnConditions.toArray(new Predicate[0]));
        }

        Predicate expiresAtPredicate = cb.greaterThan(root.get("expiresAt"), cb.currentTimestamp());

        query.where(cb.and(entityNamePredicate, columnPredicate, expiresAtPredicate));

        return entityManager.createQuery(query).getResultList();
    }

这将产生以下查询:

select
   * 
from
   aggregation_tasks at1_0 
where
   at1_0.eda_entity_name =? 
   and 
   (
      at1_0.eda_entity_column_name =? 
      and at1_0.eda_entity_column_value =? 
      or at1_0.eda_entity_column_name =? 
      and at1_0.eda_entity_column_value =? 
      or at1_0.eda_entity_column_name =? 
      and at1_0.eda_entity_column_value =? 
      or at1_0.eda_entity_column_name =? 
      and at1_0.eda_entity_column_value =? 
      or at1_0.eda_entity_column_name =? 
      and at1_0.eda_entity_column_value =? 
      or at1_0.eda_entity_column_name =? 
      and at1_0.eda_entity_column_value =? 
   )
   and at1_0.expires_at > localtimestamp

问题是我需要使用括号将以下条件对分组OR

and 
(
    (at1_0.eda_entity_column_name =? and at1_0.eda_entity_column_value =?) 
    or 
    (at1_0.eda_entity_column_name =? and at1_0.eda_entity_column_value =?) 
    or 
    (at1_0.eda_entity_column_name =? and at1_0.eda_entity_column_value =?) 
    or 
    (at1_0.eda_entity_column_name =? and at1_0.eda_entity_column_value =?) 
    or 
    (at1_0.eda_entity_column_name =? and at1_0.eda_entity_column_value =?) 
    or 
    (at1_0.eda_entity_column_name =? and at1_0.eda_entity_column_value =?)
)

我的代码中哪里做错了?我该如何解决?

更新

我使用基于字符串连接的 JPQA 查询重新实现了该方法:

public List<AggregationTask> findNonExpiredTasksBy(String entityName, Map<String, String> columnValues) {

        StringBuilder sql = new StringBuilder("SELECT * FROM aggregation_tasks WHERE eda_entity_name = :entityName ");

        sql.append("AND expires_at > CURRENT_TIMESTAMP ");

        if (MapUtils.isNotEmpty(columnValues)) {
            sql.append("AND (");
            int count = 0;
            for (Map.Entry<String, String> entry : columnValues.entrySet()) {
                if (count > 0) {
                    sql.append(" OR ");
                }
                sql.append("(")
                        .append("eda_entity_column_name = :columnName" + count)
                        .append(" AND eda_entity_column_value = :columnValue" + count)
                        .append(")");
                count++;
            }
            sql.append(") ");
        }

        Query query = entityManager.createNativeQuery(sql.toString(), AggregationTask.class);

        query.setParameter("entityName", entityName);

        if (columnValues != null && !columnValues.isEmpty()) {
            int count = 0;
            for (Map.Entry<String, String> entry : columnValues.entrySet()) {
                query.setParameter("columnName" + count, entry.getKey());
                query.setParameter("columnValue" + count, entry.getValue());
                count++;
            }
        }

        return query.getResultList();
    }

查询工作正常。所以我仍然不明白我在 JPA Criteria API 中对此逻辑的版本做错了什么...

sql
Martin Hope
alexanoid
Asked: 2024-11-13 07:02:58 +0800 CST
  • 5

让我们创建一个包含一些数据的用户和表:

CREATE ROLE admin;
CREATE TABLE employee (empno int, ename text, address text, salary int, account_number text);
INSERT INTO employee VALUES
  (1, 'john'  , '2 down str'   ,  20000, 'HDFC-22001')
, (2, 'clark' , '132 south avn',  80000, 'HDFC-23029')
, (3, 'soojie', 'Down st 17th' ,  60000, 'ICICI-19022')
;

现在,让我们创建列级权限:

postgres=> \c postgres edb
You are now connected to database "postgres" as user "edb".

postgres=# grant select (empno, ename, address) on employee to admin;
GRANT

postgres=# \c postgres admin
You are now connected to database "postgres" as user "admin".
postgres=> select empno, ename, address, salary from employee;
ERROR:  permission denied for table employee
postgres=> select empno, ename, address from employee;

 empno | ename  |    address    
-------+--------+---------------
     1 | john   | 2 down str
     2 | clark  | 132 south avn
     3 | soojie | Down st 17th

到目前为止一切进展顺利。

但是,在 PostgreSQL 中是否可以创建一个更复杂的规则——而不是完全限制admin用户查看salary列,例如,返回NULL所有行的值,而只在薪水列中显示实际值,例如ename = 'clark'

换句话说,不是像下面的例子一样返回错误:

postgres=> select empno, ename, address, salary from employee;
ERROR:  permission denied for table employee

返回以下结果:

 empno | ename  |    address    | salary 
-------+--------+---------------+--------
     1 | john   | 2 down str    |  NULL
     2 | clark  | 132 south avn |  80000 
     3 | soojie | Down st 17th  |  NULL

最有可能的是,这可以通过视图来完成,但我特别感兴趣的是使用如上所示的简单规则来实现这个结果。

如果可能的话,我希望能够举个例子。

postgresql
Martin Hope
alexanoid
Asked: 2024-09-02 16:26:56 +0800 CST
  • 3

在我的 Keycloak 设置中,StackOverflow 被配置为登录提供程序之一。最近,我注意到新用户无法通过 StackOverflow 在我的网站上注册,因为返回的电子邮件为空。这可能是什么原因?

keycloack.版本 18.0.2

2024-09-02 10:39:51,276 WARN  [org.keycloak.services] (executor-thread-11964) KC-SERVICES0020: Email is null. Reset flow and enforce showing reviewProfile page
2024-09-02 10:39:51,276 WARN  [org.keycloak.services] (executor-thread-11964) KC-SERVICES0013: Failed authentication: org.keycloak.authentication.AuthenticationFlowException
    at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:1038)
    at org.keycloak.services.resources.LoginActionsService$1.authenticateOnly(LoginActionsService.java:808)
    at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:892)
    at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:323)
    at org.keycloak.services.resources.LoginActionsService.brokerLoginFlow(LoginActionsService.java:838)
    at org.keycloak.services.resources.LoginActionsService.firstBrokerLoginGet(LoginActionsService.java:732)
    at jdk.internal.reflect.GeneratedMethodAccessor343.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:568)
    at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
    at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
    at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
    at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
    at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
    at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
    at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
    at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
    at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
    at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
    at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
    at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
    at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
    at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
    at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
    at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
    at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
    at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
    at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
    at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
    at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
    at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
    at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
    at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
    at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:67)
    at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:55)
    at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
    at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
    at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
    at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:380)
    at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:358)
    at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
    at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
    at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
    at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$1(QuarkusRequestFilter.java:71)
    at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
    at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
    at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
    at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:543)
    at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
    at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
    at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
    at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:833)

2024-09-02 10:39:51,277 WARN  [org.keycloak.events] (executor-thread-11964) type=IDENTITY_PROVIDER_FIRST_LOGIN_ERROR
keycloak
Martin Hope
alexanoid
Asked: 2024-01-14 00:28:37 +0800 CST
  • 5

我真的很高兴能够使用块存储格式尝试 Neo4j 中的新功能https://neo4j.com/developer-blog/neo4j-graph-native-store-format/

目前,我对我的自动化集成测试有疑问。我将 Docker 与 Docker Maven 插件一起使用。是否可以指示 Neo4j Docker 自动创建块格式(而不是记录格式)的数据库?如果是这样,您能否提供有关如何实现这一目标的指导?谢谢!

docker
Martin Hope
alexanoid
Asked: 2023-08-22 04:29:47 +0800 CST
  • 5

我需要将以下模式理解添加到我的 Cypher 查询的返回语句中:

[ (rc:Criterion) WHERE rc.id IN childD.replaceableCriterionIds | {entity: rc} ] AS decisionReplaceableCriteria

但它失败并出现以下异常:

Caused by: org.neo4j.driver.exceptions.ClientException: Invalid input 'WHERE': expected "-", "<", <ARROW_LEFT_HEAD> or <ARROW_LINE>

仅当我添加与另一个节点的冗余关系时它才有效

[ (rc:Criterion)-[:CREATED_BY]->(:User) WHERE rc.id IN childD.replaceableCriterionIds | {entity: rc} ] AS decisionReplaceableCriteria

以下部分对于我的需求来说绝对是多余的:

-[:CREATED_BY]->(:User)

是否可以重写我的模式理解以避免这种冗余语法?

neo4j