Mercurial > urweb

diff tests/policy.ur @ 1207:ae3036773768
Introduced the known() predicate
author: Adam Chlipala <adamc@hcoop.net>
date: Tue, 06 Apr 2010 09:51:36 -0400
parents: 772760df4c4c
children: 775357041e48
--- a/tests/policy.ur	Sun Apr 04 17:44:12 2010 -0400
+++ b/tests/policy.ur	Tue Apr 06 09:51:36 2010 -0400
@@ -8,13 +8,31 @@
   PRIMARY KEY Id,
   CONSTRAINT Fruit FOREIGN KEY Fruit REFERENCES fruit(Id)
 
-policy query_policy (SELECT fruit.Id, fruit.Nam, fruit.Weight
+(* Everyone may knows IDs and names. *)
+policy query_policy (SELECT fruit.Id, fruit.Nam
                      FROM fruit)
+
+(* The weight is sensitive information; you must know the secret. *)
+policy query_policy (SELECT fruit.Weight
+                     FROM fruit
+                     WHERE known(fruit.Secret))
+
 policy query_policy (SELECT order.Id, order.Fruit, order.Qty
                      FROM order, fruit
                      WHERE order.Fruit = fruit.Id
                        AND order.Qty = 13)
 
+fun fname r =
+    x <- queryX (SELECT fruit.Weight
+                 FROM fruit
+                 WHERE fruit.Nam = {[r.Nam]}
+                   AND fruit.Secret = {[r.Secret]})
+         (fn r => <xml>Weight is {[r.Fruit.Weight]}</xml>);
+
+    return <xml><body>
+      {x}
+    </body></xml>
+
 fun main () =
     x1 <- queryX (SELECT fruit.Id, fruit.Nam
                   FROM fruit)
@@ -29,4 +47,10 @@
     return <xml><body>
       <ul>{x1}</ul>
       <ul>{x2}</ul>
+
+      <form>
+        Fruit name: <textbox{#Nam}/><br/>
+        Secret: <textbox{#Secret}/><br/>
+        <submit action={fname}/>
+      </form>
     </body></xml>
author	Adam Chlipala <adamc@hcoop.net>
date	Tue, 06 Apr 2010 09:51:36 -0400
parents	772760df4c4c
children	775357041e48