Mercurial > urweb

view tests/policy2.ur @ 2238:7f92d70a326e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Only use string (rather than numeric, etc.) primitives in parsed SQL statements.
author Ziv Scully <ziv@mit.edu>
date Mon, 06 Jul 2015 01:31:04 -0700
parents d5ecceb7d1a1
children
line wrap: on
line source
type fruit = int
table fruit : { Id : fruit, Nam : string, Weight : float, Secret : string }
  PRIMARY KEY Id,
  CONSTRAINT Nam UNIQUE Nam

(* Everyone may knows IDs and names. *)
policy sendClient (SELECT fruit.Id, fruit.Nam
                   FROM fruit)

(* The weight is sensitive information; you must know the secret. *)
policy sendClient (SELECT fruit.Weight, fruit.Secret
                   FROM fruit
                   WHERE known(fruit.Secret))

fun main () =
    x1 <- queryX (SELECT fruit.Id, fruit.Nam
                  FROM fruit
                  WHERE fruit.Nam = "apple")
                 (fn x => <xml><li>{[x.Fruit.Id]}: {[x.Fruit.Nam]}</li></xml>);
    return <xml><body>
      <ul>{x1}</ul>
    </body></xml>