From 74ecd5a7a53d963f28fbbcbab36b259c169cf5f5 Mon Sep 17 00:00:00 2001
From: Adam Chlipala <adamc@hcoop.net>
Date: Tue, 6 Apr 2010 09:51:36 -0400
Subject: Introduced the known() predicate

---
 tests/policy.ur | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

(limited to 'tests/policy.ur')

diff --git a/tests/policy.ur b/tests/policy.ur
index 642e4efc..db89fbe5 100644
--- a/tests/policy.ur
+++ b/tests/policy.ur
@@ -8,13 +8,31 @@ table order : { Id : order, Fruit : fruit, Qty : int, Code : int }
   PRIMARY KEY Id,
   CONSTRAINT Fruit FOREIGN KEY Fruit REFERENCES fruit(Id)
 
-policy query_policy (SELECT fruit.Id, fruit.Nam, fruit.Weight
+(* Everyone may knows IDs and names. *)
+policy query_policy (SELECT fruit.Id, fruit.Nam
                      FROM fruit)
+
+(* The weight is sensitive information; you must know the secret. *)
+policy query_policy (SELECT fruit.Weight
+                     FROM fruit
+                     WHERE known(fruit.Secret))
+
 policy query_policy (SELECT order.Id, order.Fruit, order.Qty
                      FROM order, fruit
                      WHERE order.Fruit = fruit.Id
                        AND order.Qty = 13)
 
+fun fname r =
+    x <- queryX (SELECT fruit.Weight
+                 FROM fruit
+                 WHERE fruit.Nam = {[r.Nam]}
+                   AND fruit.Secret = {[r.Secret]})
+         (fn r => <xml>Weight is {[r.Fruit.Weight]}</xml>);
+
+    return <xml><body>
+      {x}
+    </body></xml>
+
 fun main () =
     x1 <- queryX (SELECT fruit.Id, fruit.Nam
                   FROM fruit)
@@ -29,4 +47,10 @@ fun main () =
     return <xml><body>
       <ul>{x1}</ul>
       <ul>{x2}</ul>
+
+      <form>
+        Fruit name: <textbox{#Nam}/><br/>
+        Secret: <textbox{#Secret}/><br/>
+        <submit action={fname}/>
+      </form>
     </body></xml>
-- 
cgit v1.2.3