20 using std::runtime_error;
27 role->removeGrantee(
this);
35 std::vector<std::string> roles;
36 for (
const auto role :
roles_) {
37 roles.push_back(role->getName());
46 std::stack<const Grantee*> roles;
48 while (!roles.empty()) {
54 for (
auto granted_role :
r->roles_) {
55 roles.push(granted_role);
64 auto dbObject =
findDbObject(
object.getObjectKey(), only_direct);
66 throw runtime_error(
"Can not get privileges because " +
getName() +
67 " has no privileges to " +
object.
getName());
69 object.grantPrivileges(*dbObject);
75 auto dbObjectIt = privs.find(objectKey);
76 if (dbObjectIt != privs.end()) {
77 dbObject = dbObjectIt->second.get();
84 for (
const auto& priv : privs) {
85 if (priv.second->getObjectKey().dbId == dbId) {
93 auto* dbObject =
findDbObject(
object.getObjectKey(),
false);
97 dbObject->grantPrivileges(
object);
103 dbObject->grantPrivileges(
object);
112 directIt->second->setName(
object.
getName());
117 effectiveIt->second->setName(
object.
getName());
124 auto dbObject =
findDbObject(
object.getObjectKey(),
true);
126 !dbObject->getPrivileges().hasAny()) {
127 throw runtime_error(
"Can not revoke privileges because " +
getName() +
128 " has no privileges to " +
object.
getName());
130 bool object_removed =
false;
131 dbObject->revokePrivileges(
object);
132 if (!dbObject->getPrivileges().hasAny()) {
134 object_removed =
true;
137 auto* cachedDbObject =
findDbObject(
object.getObjectKey(),
false);
138 if (cachedDbObject && cachedDbObject->getPrivileges().hasAny()) {
139 cachedDbObject->revokePrivileges(
object);
140 if (!cachedDbObject->getPrivileges().hasAny()) {
147 return object_removed ?
nullptr : dbObject;
152 for (
const auto* granted_role :
roles_) {
153 if (role == granted_role) {
159 throw runtime_error(
"Role " + role->
getName() +
" have been granted to " +
name_ +
180 return req == (base & req);
209 if (objectKey.
dbId != -1) {
233 if (objectKey.
dbId != -1) {
244 auto dbObject =
findDbObject(roleDbObject.first,
false);
246 dbObject->updatePrivileges(*roleDbObject.second);
249 boost::make_unique<DBObject>(*roleDbObject.second.get());
257 dbObject.second->resetPrivileges();
260 if (effectivePrivileges_.find(it->first) != effectivePrivileges_.end()) {
261 effectivePrivileges_[it->first]->updatePrivileges(*it->second);
264 for (
auto role :
roles_) {
265 if (role->getDbObjects(
false)->size() > 0) {
269 for (
auto dbObjectIt = effectivePrivileges_.begin();
270 dbObjectIt != effectivePrivileges_.end();) {
271 if (!dbObjectIt->second->getPrivileges().hasAny()) {
272 dbObjectIt = effectivePrivileges_.erase(dbObjectIt);
281 for (
auto privs : sources) {
282 for (
auto iter = privs->begin(); iter != privs->end();) {
283 if (iter->first.dbId == dbId) {
284 iter = privs->erase(iter);
294 std::stack<Grantee*> grantees;
296 while (!grantees.empty()) {
297 auto* grantee = grantees.top();
299 if (!grantee->isUser()) {
303 throw runtime_error(
"Granting role " + newRole->
getName() +
" to " +
getName() +
304 " creates cycle in grantee graph.");
315 auto current_grantee = *it;
317 current_grantee->revokeRole(
this);
326 throw runtime_error(
"Role " +
getName() +
" have been granted to " +
327 grantee->
getName() +
" already.");
335 throw runtime_error(
"Role " +
getName() +
" have not been granted to " +
341 std::vector<Grantee*> grantees;
343 grantees.push_back(grantee);
351 grantee->revokeAllOnDatabase(dbId);
359 grantee->updatePrivileges();
366 grantee->renameDbObject(
object);
DBObjectMap effectivePrivileges_
bool hasAnyPrivilegesOnDb(int32_t dbId, bool only_direct) const
void revokeAllOnDatabase(int32_t dbId) override
DBObjectKey getObjectKey() const
void renameDbObject(const DBObject &object) override
virtual void updatePrivileges()
virtual void grantPrivileges(const DBObject &object)
virtual DBObject * revokePrivileges(const DBObject &object)
virtual void addGrantee(Grantee *grantee)
static bool hasEnoughPrivs(const DBObject *real, const DBObject *requested)
static bool hasAnyPrivs(const DBObject *real, const DBObject *)
const std::string & getName() const
DBObject * findDbObject(const DBObjectKey &objectKey, bool only_direct) const
void updatePrivileges() override
virtual bool hasAnyPrivileges(const DBObject &objectRequested, bool only_direct) const
virtual void revokeAllOnDatabase(int32_t dbId)
Grantee(const std::string &name)
virtual void revokeRole(Role *role)
std::vector< Grantee * > getGrantees() const
std::map< DBObjectKey, std::unique_ptr< DBObject >> DBObjectMap
const DBObjectMap * getDbObjects(bool only_direct) const
const AccessPrivileges & getPrivileges() const
virtual void removeGrantee(Grantee *grantee)
std::unordered_set< Role * > roles_
void checkCycles(Role *newRole)
std::vector< std::string > getRoles() const
virtual void grantRole(Role *role)
bool hasRole(Role *role, bool only_direct) const
std::unordered_set< Grantee * > grantees_
DBObjectMap directPrivileges_
void getPrivileges(DBObject &object, bool only_direct)
virtual void renameDbObject(const DBObject &object)
virtual bool checkPrivileges(const DBObject &objectRequested) const