summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/policy.ur26
1 files changed, 25 insertions, 1 deletions
diff --git a/tests/policy.ur b/tests/policy.ur
index 642e4efc..db89fbe5 100644
--- a/tests/policy.ur
+++ b/tests/policy.ur
@@ -8,13 +8,31 @@ table order : { Id : order, Fruit : fruit, Qty : int, Code : int }
PRIMARY KEY Id,
CONSTRAINT Fruit FOREIGN KEY Fruit REFERENCES fruit(Id)
-policy query_policy (SELECT fruit.Id, fruit.Nam, fruit.Weight
+(* Everyone may knows IDs and names. *)
+policy query_policy (SELECT fruit.Id, fruit.Nam
FROM fruit)
+
+(* The weight is sensitive information; you must know the secret. *)
+policy query_policy (SELECT fruit.Weight
+ FROM fruit
+ WHERE known(fruit.Secret))
+
policy query_policy (SELECT order.Id, order.Fruit, order.Qty
FROM order, fruit
WHERE order.Fruit = fruit.Id
AND order.Qty = 13)
+fun fname r =
+ x <- queryX (SELECT fruit.Weight
+ FROM fruit
+ WHERE fruit.Nam = {[r.Nam]}
+ AND fruit.Secret = {[r.Secret]})
+ (fn r => <xml>Weight is {[r.Fruit.Weight]}</xml>);
+
+ return <xml><body>
+ {x}
+ </body></xml>
+
fun main () =
x1 <- queryX (SELECT fruit.Id, fruit.Nam
FROM fruit)
@@ -29,4 +47,10 @@ fun main () =
return <xml><body>
<ul>{x1}</ul>
<ul>{x2}</ul>
+
+ <form>
+ Fruit name: <textbox{#Nam}/><br/>
+ Secret: <textbox{#Secret}/><br/>
+ <submit action={fname}/>
+ </form>
</body></xml>