view tests/policy2.ur @ 2086:3d22f761a4b7

In checking signature subsumption, be sure to try constraints last.
author Adam Chlipala <adam@chlipala.net>
date Thu, 04 Dec 2014 20:22:39 -0500
parents d5ecceb7d1a1
children
line wrap: on
line source
type fruit = int
table fruit : { Id : fruit, Nam : string, Weight : float, Secret : string }
  PRIMARY KEY Id,
  CONSTRAINT Nam UNIQUE Nam

(* Everyone may knows IDs and names. *)
policy sendClient (SELECT fruit.Id, fruit.Nam
                   FROM fruit)

(* The weight is sensitive information; you must know the secret. *)
policy sendClient (SELECT fruit.Weight, fruit.Secret
                   FROM fruit
                   WHERE known(fruit.Secret))

fun main () =
    x1 <- queryX (SELECT fruit.Id, fruit.Nam
                  FROM fruit
                  WHERE fruit.Nam = "apple")
                 (fn x => <xml><li>{[x.Fruit.Id]}: {[x.Fruit.Nam]}</li></xml>);
    return <xml><body>
      <ul>{x1}</ul>
    </body></xml>