view tests/policy2.ur @ 2213:365727ff68f4

Complete overhaul: cache queries based on immediate query result, not eventual HTML output.
author Ziv Scully <ziv@mit.edu>
date Tue, 14 Oct 2014 18:05:09 -0400
parents d5ecceb7d1a1
children
line wrap: on
line source
type fruit = int
table fruit : { Id : fruit, Nam : string, Weight : float, Secret : string }
  PRIMARY KEY Id,
  CONSTRAINT Nam UNIQUE Nam

(* Everyone may knows IDs and names. *)
policy sendClient (SELECT fruit.Id, fruit.Nam
                   FROM fruit)

(* The weight is sensitive information; you must know the secret. *)
policy sendClient (SELECT fruit.Weight, fruit.Secret
                   FROM fruit
                   WHERE known(fruit.Secret))

fun main () =
    x1 <- queryX (SELECT fruit.Id, fruit.Nam
                  FROM fruit
                  WHERE fruit.Nam = "apple")
                 (fn x => <xml><li>{[x.Fruit.Id]}: {[x.Fruit.Nam]}</li></xml>);
    return <xml><body>
      <ul>{x1}</ul>
    </body></xml>