Mercurial > urweb

view tests/policy2.ur @ 1552:c3b5cf5c2f98

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Gentle handling of back-button returns to pages with stale message-passing credentials
author Adam Chlipala <adam@chlipala.net>
date Sun, 28 Aug 2011 17:16:54 -0400
parents d5ecceb7d1a1
children
line wrap: on
line source
type fruit = int
table fruit : { Id : fruit, Nam : string, Weight : float, Secret : string }
  PRIMARY KEY Id,
  CONSTRAINT Nam UNIQUE Nam

(* Everyone may knows IDs and names. *)
policy sendClient (SELECT fruit.Id, fruit.Nam
                   FROM fruit)

(* The weight is sensitive information; you must know the secret. *)
policy sendClient (SELECT fruit.Weight, fruit.Secret
                   FROM fruit
                   WHERE known(fruit.Secret))

fun main () =
    x1 <- queryX (SELECT fruit.Id, fruit.Nam
                  FROM fruit
                  WHERE fruit.Nam = "apple")
                 (fn x => <xml><li>{[x.Fruit.Id]}: {[x.Fruit.Nam]}</li></xml>);
    return <xml><body>
      <ul>{x1}</ul>
    </body></xml>