[CALCITE-2194] Adding access configuration feature

.gitignore

@@ -29,8 +29,8 @@ settings.xml
 .checkstyle
 
 # netbeans
-nb-configuration.xml
-*/nb-configuration.xml
+**/nb-configuration.xml
+**/nbproject
 
 .mvn/wrapper/maven-wrapper.jar
 

core/pom.xml

@@ -197,6 +197,11 @@ limitations under the License.
       <artifactId>sqlline</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-core</artifactId>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
   <build>

core/src/main/java/org/apache/calcite/access/AlwaysPassAuthorization.java

@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.access;
+
+/**
+ * Dummy guard that ensures backward compatibility where all access is granted to schema
+ */
+public class AlwaysPassAuthorization implements Authorization {
+
+  public static final Authorization INSTANCE = new AlwaysPassAuthorization();
+
+  @Override public boolean accessGranted(AuthorizationRequest request) {
+    return true;
+  }
+
+}
+
+// End AlwaysPassAuthorization.java

core/src/main/java/org/apache/calcite/access/Authorization.java

@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.access;
+
+/**
+ * Guard for checking against access types of schema tables or other elements
+ */
+public interface Authorization {
+
+  boolean accessGranted(AuthorizationRequest request);
+
+}
+
+// End Authorization.java

core/src/main/java/org/apache/calcite/access/AuthorizationFactory.java

@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.access;
+
+import java.util.Map;
+
+/**
+ *
+ * Factory that creates AuthorisationGuard
+ */
+public interface AuthorizationFactory {
+
+  /**
+   * Populates this factory with configuration. It is assured that this method is called first,
+   * before any others on this factory.
+   */
+  void init(Map<String, String> operand);
+
+  /**
+   * Creates guard instancee for specific schema configuration
+   */
+  Authorization create(Map<String, String> operand);
+
+}
+
+// End AuthorizationFactory.java

core/src/main/java/org/apache/calcite/access/AuthorizationRequest.java

@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.access;
+
+import org.apache.calcite.sql.SqlAccessEnum;
+import org.apache.calcite.sql.SqlNode;
+import org.apache.calcite.sql.validate.SqlValidatorCatalogReader;
+import org.apache.calcite.sql.validate.SqlValidatorTable;
+
+import java.util.List;
+
+/**
+ * Wraps data needed for guard to decide whether access should be granted or not.
+ */
+public class AuthorizationRequest {
+
+  private final SqlAccessEnum requiredAccess;
+  private final SqlNode node;
+  private final SqlValidatorTable table;
+  private final List<String> objectPath;
+  private final SqlValidatorCatalogReader catalogReader;
+
+  public AuthorizationRequest(
+      SqlAccessEnum requiredAccess,
+      SqlNode node,
+      SqlValidatorTable table,
+      List<String> objectPath,
+      SqlValidatorCatalogReader catalogReader) {
+    this.requiredAccess = requiredAccess;
+    this.node = node;
+    this.table = table;
+    this.objectPath = objectPath;
+    this.catalogReader = catalogReader;
+  }
+
+  public SqlAccessEnum getRequiredAccess() {
+    return requiredAccess;
+  }
+
+  public SqlNode getNode() {
+    return node;
+  }
+
+  public SqlValidatorTable getTable() {
+    return table;
+  }
+
+  public List<String> getObjectPath() {
+    return objectPath;
+  }
+
+  public SqlValidatorCatalogReader getCatalogReader() {
+    return catalogReader;
+  }
+
+}
+
+// End AuthorizationRequest.java

core/src/main/java/org/apache/calcite/access/CalcitePrincipal.java

@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.access;
+
+/**
+ * Responsible handling principal and its access to schemas
+ */
+public interface CalcitePrincipal {
+
+  String getName();
+}
+
+// End CalcitePrincipal.java

core/src/main/java/org/apache/calcite/access/CalcitePrincipalFairy.java

@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.access;
+
+/**
+ * Simple placeholder for principal currently "logged in through connection"
+ */
+public class CalcitePrincipalFairy {
+
+  public static final CalcitePrincipalFairy INSTANCE = new CalcitePrincipalFairy();
+
+  private static final ThreadLocal<CalcitePrincipal> THREAD_LOCAL
+          = new ThreadLocal<CalcitePrincipal>();
+
+  public void register(CalcitePrincipal principal) {
+    THREAD_LOCAL.set(principal);
+  }
+
+  public CalcitePrincipal get() {
+    return THREAD_LOCAL.get();
+  }
+}
+
+// End CalcitePrincipalFairy.java

core/src/main/java/org/apache/calcite/access/CalcitePrincipalImpl.java

@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.access;
+
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ *
+ */
+public class CalcitePrincipalImpl implements CalcitePrincipal {
+
+  public static CalcitePrincipal fromName(String user) {
+    return StringUtils.isNotBlank(user) ? new CalcitePrincipalImpl(user) : null;
+  }
+
+  private final String name;
+
+  private CalcitePrincipalImpl(String name) {
+    this.name = name;
+  }
+
+  @Override public String getName() {
+    return name;
+  }
+
+}
+
+// End CalcitePrincipalImpl.java

core/src/main/java/org/apache/calcite/access/PrincipalBasedAuthFactory.java

@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.access;
+
+import org.apache.calcite.sql.SqlAccessType;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+/**
+ * Factory of principal based access
+ */
+public class PrincipalBasedAuthFactory implements AuthorizationFactory {
+
+  private static final Pattern OWNER_PATTERN = Pattern.compile("\\s*OWNER\\s*");
+
+  @Override public void init(Map<String, String> operand) {
+  }
+
+  @Override public Authorization create(Map<String, String> operand) {
+    Map<String, SqlAccessType> accessMap = new HashMap<>();
+    Set<String> owners = new HashSet<>();
+    convert(operand, accessMap, owners);
+    return new PrincipalBasedAuthorization(CalcitePrincipalFairy.INSTANCE, accessMap, owners);
+  }
+
+  private void convert(
+      Map<String, String> operand,
+      Map<String, SqlAccessType> accessMap,
+      Set<String> owners) {
+    for (Map.Entry<String, String> entry : operand.entrySet()) {
+      if (OWNER_PATTERN.matcher(entry.getValue()).matches()) {
+        owners.add(entry.getKey());
+      } else {
+        accessMap.put(entry.getKey(), SqlAccessType.create(entry.getValue()));
+      }
+    }
+  }
+
+}
+
+// End PrincipalBasedAuthFactory.java