OmniSciDB  ca0c39ec8f
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
Catalog_Namespace::SysCatalog Class Reference

#include <SysCatalog.h>

+ Inheritance diagram for Catalog_Namespace::SysCatalog:
+ Collaboration diagram for Catalog_Namespace::SysCatalog:

Classes

struct  UpdateQuery
 

Public Member Functions

void init (const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)
 
std::shared_ptr< Cataloglogin (std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)
 
std::shared_ptr< CatalogswitchDatabase (std::string &dbname, const std::string &username)
 
UserMetadata createUser (std::string const &name, UserAlterations alts, bool is_temporary)
 
void dropUser (const std::string &name)
 
void dropUserUnchecked (const std::string &name, const UserMetadata &user)
 
UserMetadata alterUser (std::string const &name, UserAlterations alts)
 
void renameUser (std::string const &old_name, std::string const &new_name)
 
void createDatabase (const std::string &dbname, int owner)
 
void renameDatabase (std::string const &old_name, std::string const &new_name)
 
void changeDatabaseOwner (std::string const &dbname, const std::string &new_owner)
 
void dropDatabase (const DBMetadata &db)
 
std::optional< UserMetadatagetUser (std::string const &uname)
 
std::optional< UserMetadatagetUser (int32_t const uid)
 
std::optional< DBMetadatagetDB (std::string const &dbname)
 
std::optional< DBMetadatagetDB (int32_t const dbid)
 
bool getMetadataForUser (const std::string &name, UserMetadata &user)
 
bool getMetadataForUserById (const int32_t idIn, UserMetadata &user)
 
bool checkPasswordForUser (const std::string &passwd, std::string &name, UserMetadata &user)
 
bool getMetadataForDB (const std::string &name, DBMetadata &db)
 
bool getMetadataForDBById (const int32_t idIn, DBMetadata &db)
 
Data_Namespace::DataMgrgetDataMgr () const
 
CalcitegetCalciteMgr () const
 
const std::string & getCatalogBasePath () const
 
SqliteConnectorgetSqliteConnector ()
 
std::list< DBMetadatagetAllDBMetadata ()
 
std::list< UserMetadatagetAllUserMetadata ()
 
std::list< UserMetadatagetAllUserMetadata (const int64_t dbId)
 
DBSummaryList getDatabaseListForUser (const UserMetadata &user)
 
void createDBObject (const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)
 
void renameDBObject (const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)
 
void grantDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
 
void grantDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivilegesFromAll (DBObject object, Catalog *catalog)
 
void revokeDBObjectPrivilegesFromAll_unsafe (DBObject object, Catalog *catalog)
 
void revokeDBObjectPrivilegesFromAllBatch (std::vector< DBObject > &objects, Catalog *catalog)
 
void revokeDBObjectPrivilegesFromAllBatch_unsafe (std::vector< DBObject > &objects, Catalog *catalog)
 
void getDBObjectPrivileges (const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const
 
bool verifyDBObjectOwnership (const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)
 
void changeDBObjectOwnership (const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)
 
void createRole (const std::string &roleName, const bool user_private_role, const bool is_temporary=false)
 
void dropRole (const std::string &roleName, const bool is_temporary=false)
 
void grantRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void grantRole (const std::string &role, const std::string &grantee, const bool is_temporary=false)
 
void revokeRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void revokeRole (const std::string &role, const std::string &grantee, const bool is_temporary=false)
 
bool hasAnyPrivileges (const UserMetadata &user, std::vector< DBObject > &privObjects)
 
bool checkPrivileges (const UserMetadata &user, const std::vector< DBObject > &privObjects) const
 
bool checkPrivileges (const std::string &userName, const std::vector< DBObject > &privObjects) const
 
GranteegetGrantee (const std::string &name) const
 
RolegetRoleGrantee (const std::string &name) const
 
UsergetUserGrantee (const std::string &name) const
 
std::vector
< ObjectRoleDescriptor * > 
getMetadataForObject (int32_t dbId, int32_t dbType, int32_t objectId) const
 
std::vector< ObjectRoleDescriptorgetMetadataForAllObjects () const
 
bool isRoleGrantedToGrantee (const std::string &granteeName, const std::string &roleName, bool only_direct) const
 
std::vector< std::string > getRoles (const std::string &user_name, bool effective=true)
 
std::vector< std::string > getRoles (bool include_user_private_role, bool is_super, const std::string &user_name, bool ignore_deleted_user=false)
 
std::vector< std::string > getRoles (const std::string &userName, const int32_t dbId)
 
std::set< std::string > getCreatedRoles () const
 
bool isAggregator () const
 
void populateRoleDbObjects (const std::vector< DBObject > &objects)
 
std::string name () const
 
void renameObjectsInDescriptorMap (DBObject &object, const Catalog_Namespace::Catalog &cat)
 
void syncUserWithRemoteProvider (const std::string &user_name, std::vector< std::string > idp_roles, UserAlterations alts)
 
std::unordered_map
< std::string, std::vector
< std::string > > 
getGranteesOfSharedDashboards (const std::vector< std::string > &dashboard_ids)
 
void check_for_session_encryption (const std::string &pki_cert, std::string &session)
 
std::vector< Catalog * > getCatalogsForAllDbs ()
 
std::shared_ptr< CataloggetCatalog (const std::string &dbName)
 
std::shared_ptr< CataloggetCatalog (const int32_t db_id)
 
std::shared_ptr< CataloggetCatalog (const DBMetadata &curDB, bool is_new_db)
 
void removeCatalog (const std::string &dbName)
 
virtual ~SysCatalog ()
 
void reassignObjectOwners (const std::map< int32_t, std::vector< DBObject >> &old_owner_db_objects, int32_t new_owner_id, const Catalog_Namespace::Catalog &catalog)
 
bool hasExecutedMigration (const std::string &migration_name) const
 

Static Public Member Functions

static SysCataloginstance ()
 
static void destroy ()
 

Public Attributes

std::unique_ptr
< heavyai::DistributedSharedMutex
dcatalogMutex_
 
std::unique_ptr
< heavyai::DistributedSharedMutex
dsqliteMutex_
 
std::mutex sqliteMutex_
 
heavyai::shared_mutex sharedMutex_
 
std::atomic< std::thread::id > thread_holding_sqlite_lock
 
std::atomic< std::thread::id > thread_holding_write_lock
 
std::shared_ptr< CatalogdummyCatalog_
 
std::unordered_map
< std::string, std::shared_ptr
< UserMetadata > > 
temporary_users_by_name_
 
std::unordered_map< int32_t,
std::shared_ptr< UserMetadata > > 
temporary_users_by_id_
 
int32_t next_temporary_user_id_ {shared::kTempUserIdRange}
 

Static Public Attributes

static thread_local bool thread_holds_read_lock = false
 

Private Types

using GranteeMap = std::map< std::string, std::unique_ptr< Grantee >>
 
using ObjectRoleDescriptorMap = std::multimap< std::string, std::unique_ptr< ObjectRoleDescriptor >>
 
using UpdateQueries = std::list< UpdateQuery >
 
using dbid_to_cat_map = tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog >>
 

Private Member Functions

 SysCatalog ()
 
void initDB ()
 
void buildMaps (bool is_new_db=false)
 
void buildMapsUnlocked (bool is_new_db=false)
 
void buildRoleMapUnlocked ()
 
void buildUserRoleMapUnlocked ()
 
void buildObjectDescriptorMapUnlocked ()
 
void rebuildObjectMapsUnlocked ()
 
void checkAndExecuteMigrations ()
 
void importDataFromOldMapdDB ()
 
void createRoles ()
 
void fixRolesMigration ()
 
void addAdminUserRole ()
 
void migratePrivileges ()
 
void migratePrivileged_old ()
 
void updateUserSchema ()
 
void updatePasswordsToHashes ()
 
void updateBlankPasswordsToRandom ()
 
void updateSupportUserDeactivation ()
 
void migrateDBAccessPrivileges ()
 
void loginImpl (std::string &username, const std::string &password, UserMetadata &user_meta)
 
bool checkPasswordForUserImpl (const std::string &passwd, std::string &name, UserMetadata &user)
 
void runUpdateQueriesAndChangeOwnership (const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, const UpdateQueries &update_queries, bool revoke_privileges=true)
 
void grantDefaultPrivilegesToRole_unsafe (const std::string &name, bool issuper)
 
void createRole_unsafe (const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
 
void dropRole_unsafe (const std::string &roleName, const bool is_temporary)
 
void grantRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void grantRole_unsafe (const std::string &roleName, const std::string &granteeName, const bool is_temporary)
 
void revokeRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void revokeRole_unsafe (const std::string &roleName, const std::string &granteeName, const bool is_temporary)
 
void updateObjectDescriptorMap (const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
 
void deleteObjectDescriptorMap (const std::string &roleName)
 
void deleteObjectDescriptorMap (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &cat)
 
void grantDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void grantDBObjectPrivileges_unsafe (const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivileges_unsafe (const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
 
void grantAllOnDatabase_unsafe (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
 
void revokeAllOnDatabase_unsafe (const std::string &roleName, int32_t dbId, Grantee *grantee)
 
bool isDashboardSystemRole (const std::string &roleName) const
 
void updateUserRoleName (const std::string &roleName, const std::string &newName)
 
void getMetadataWithDefaultDB (std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
 
bool allowLocalLogin () const
 
template<typename F , typename... Args>
void execInTransaction (F &&f, Args &&...args)
 
void initializeInformationSchemaDb ()
 
void recordExecutedMigration (const std::string &migration_name) const
 
bool hasVersionHistoryTable () const
 
void createVersionHistoryTable () const
 
auto yieldTransactionStreamer ()
 
- Private Member Functions inherited from Catalog_Namespace::CommonFileOperations
 CommonFileOperations (std::string const &base_path)
 
void removeCatalogByFullPath (std::string const &full_path)
 
void removeCatalogByName (std::string const &name)
 
auto duplicateAndRenameCatalog (std::string const &current_name, std::string const &new_name)
 
auto assembleCatalogName (std::string const &name)
 

Private Attributes

std::string basePath_
 
GranteeMap granteeMap_
 
ObjectRoleDescriptorMap objectDescriptorMap_
 
std::unique_ptr< SqliteConnectorsqliteConnector_
 
std::shared_ptr
< Data_Namespace::DataMgr
dataMgr_
 
std::unique_ptr< PkiServerpki_server_
 
const AuthMetadataauthMetadata_
 
std::shared_ptr< CalcitecalciteMgr_
 
std::vector< LeafHostInfostring_dict_hosts_
 
bool aggregator_
 
dbid_to_cat_map cat_map_
 

Static Private Attributes

static std::mutex instance_mutex_
 
static std::unique_ptr
< SysCatalog
instance_
 

Detailed Description

Definition at line 166 of file SysCatalog.h.

Member Typedef Documentation

using Catalog_Namespace::SysCatalog::dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>
private

Definition at line 515 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::GranteeMap = std::map<std::string, std::unique_ptr<Grantee>>
private

Definition at line 392 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::ObjectRoleDescriptorMap = std::multimap<std::string, std::unique_ptr<ObjectRoleDescriptor>>
private

Definition at line 394 of file SysCatalog.h.

Definition at line 428 of file SysCatalog.h.

Constructor & Destructor Documentation

Catalog_Namespace::SysCatalog::~SysCatalog ( )
virtual

Definition at line 269 of file SysCatalog.cpp.

References cat_map_, granteeMap_, and objectDescriptorMap_.

269  {
270  // TODO(sy): Need to lock here to wait for other threads to complete before pulling out
271  // the rug from under them. Unfortunately this lock was seen to deadlock because the
272  // HeavyDB shutdown sequence needs cleanup. Do we even need these clear()'s anymore?
273  // sys_write_lock write_lock(this);
274  granteeMap_.clear();
275  objectDescriptorMap_.clear();
276  cat_map_.clear();
277 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:501
Catalog_Namespace::SysCatalog::SysCatalog ( )
private

Definition at line 261 of file SysCatalog.cpp.

References basePath_.

Referenced by instance().

263  , aggregator_{false}
264  , sqliteMutex_{}
265  , sharedMutex_{}
266  , thread_holding_sqlite_lock{std::thread::id()}
267  , thread_holding_write_lock{std::thread::id()} {}
std::atomic< std::thread::id > thread_holding_sqlite_lock
Definition: SysCatalog.h:526
heavyai::shared_mutex sharedMutex_
Definition: SysCatalog.h:525
CommonFileOperations(std::string const &base_path)
Definition: SysCatalog.h:149
std::atomic< std::thread::id > thread_holding_write_lock
Definition: SysCatalog.h:527

+ Here is the caller graph for this function:

Member Function Documentation

void Catalog_Namespace::SysCatalog::addAdminUserRole ( )
private

Definition at line 620 of file SysCatalog.cpp.

References createRole_unsafe(), shared::kRootUsername, and sqliteConnector_.

Referenced by checkAndExecuteMigrations().

620  {
621  sys_sqlite_lock sqlite_lock(this);
622  sqliteConnector_->query("BEGIN TRANSACTION");
623  try {
624  sqliteConnector_->query(
625  "SELECT roleName FROM mapd_object_permissions WHERE roleName = \'" +
626  shared::kRootUsername + "\'");
627  if (sqliteConnector_->getNumRows() != 0) {
628  // already done
629  sqliteConnector_->query("END TRANSACTION");
630  return;
631  }
632 
634  shared::kRootUsername, /*userPrivateRole=*/true, /*is_temporary=*/false);
635  } catch (const std::exception&) {
636  sqliteConnector_->query("ROLLBACK TRANSACTION");
637  throw;
638  }
639  sqliteConnector_->query("END TRANSACTION");
640 }
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
const std::string kRootUsername

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::allowLocalLogin ( ) const
private

For servers configured to use external authentication providers, determine whether users will be allowed to fallback to local login accounts. If no external providers are configured, returns true.

UserMetadata Catalog_Namespace::SysCatalog::alterUser ( std::string const &  name,
UserAlterations  alts 
)

Definition at line 1156 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::append_with_commas, Catalog_Namespace::UserMetadata::can_login, Catalog_Namespace::UserAlterations::can_login, CHECK, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::UserAlterations::default_db, Catalog_Namespace::UserMetadata::defaultDbId, Catalog_Namespace::g_log_user_id, getMetadataForDB(), getMetadataForUser(), getUser(), anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), Catalog_Namespace::UserAlterations::is_super, Catalog_Namespace::UserMetadata::is_temporary, Catalog_Namespace::UserMetadata::isSuper, name(), Catalog_Namespace::UserAlterations::passwd, Catalog_Namespace::UserMetadata::passwd_hash, sqliteConnector_, temporary_users_by_name_, to_string(), Catalog_Namespace::UserMetadata::userId, VLOG, and Catalog_Namespace::UserAlterations::wouldChange().

Referenced by syncUserWithRemoteProvider().

1156  {
1157  sys_write_lock write_lock(this);
1158  sys_sqlite_lock sqlite_lock(this);
1159 
1160  UserMetadata user;
1161  if (!getMetadataForUser(name, user)) {
1162  std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
1163  throw runtime_error("Cannot alter user. User " + loggable + "does not exist.");
1164  }
1165  if (!alts.wouldChange(user)) {
1166  return user;
1167  }
1168 
1169  // Temporary user.
1170  if (user.is_temporary) {
1171  if (alts.passwd) {
1172  user.passwd_hash = hash_with_bcrypt(*alts.passwd);
1173  }
1174  if (alts.is_super) {
1175  user.isSuper = *alts.is_super;
1176  }
1177  if (alts.default_db) {
1178  if (!alts.default_db->empty()) {
1179  DBMetadata db;
1180  if (!getMetadataForDB(*alts.default_db, db)) {
1181  throw runtime_error(string("DEFAULT_DB ") + *alts.default_db + " not found.");
1182  }
1183  user.defaultDbId = db.dbId;
1184  } else {
1185  user.defaultDbId = -1;
1186  }
1187  }
1188  if (alts.can_login) {
1189  user.can_login = *alts.can_login;
1190  }
1191  *temporary_users_by_name_[name] = user;
1192  return user;
1193  }
1194 
1195  // Normal user.
1196  sqliteConnector_->query("BEGIN TRANSACTION");
1197  try {
1198  string sql;
1199  std::vector<std::string> values;
1200  if (alts.passwd) {
1201  append_with_commas(sql, "passwd_hash = ?");
1202  values.push_back(hash_with_bcrypt(*alts.passwd));
1203  }
1204  if (alts.is_super) {
1205  append_with_commas(sql, "issuper = ?");
1206  values.push_back(std::to_string(*alts.is_super));
1207  }
1208  if (alts.default_db) {
1209  if (!alts.default_db->empty()) {
1210  append_with_commas(sql, "default_db = ?");
1211  DBMetadata db;
1212  if (!getMetadataForDB(*alts.default_db, db)) {
1213  throw runtime_error(string("DEFAULT_DB ") + *alts.default_db + " not found.");
1214  }
1215  values.push_back(std::to_string(db.dbId));
1216  } else {
1217  append_with_commas(sql, "default_db = NULL");
1218  }
1219  }
1220  if (alts.can_login) {
1221  append_with_commas(sql, "can_login = ?");
1222  values.push_back(std::to_string(*alts.can_login));
1223  }
1224 
1225  sql = "UPDATE mapd_users SET " + sql + " WHERE userid = ?";
1226  values.push_back(std::to_string(user.userId));
1227 
1228  sqliteConnector_->query_with_text_params(sql, values);
1229  } catch (const std::exception& e) {
1230  sqliteConnector_->query("ROLLBACK TRANSACTION");
1231  throw;
1232  }
1233  sqliteConnector_->query("END TRANSACTION");
1234  auto u = getUser(name);
1235  CHECK(u);
1236  VLOG(1) << "Altered user: " << u->userLoggable();
1237  return *u;
1238 }
std::optional< UserMetadata > getUser(std::string const &uname)
Definition: SysCatalog.h:201
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string name() const
Definition: SysCatalog.h:356
heavyai::unique_lock< heavyai::shared_mutex > write_lock
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unordered_map< std::string, std::shared_ptr< UserMetadata > > temporary_users_by_name_
Definition: SysCatalog.h:531
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:71
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
#define CHECK(condition)
Definition: Logger.h:222
#define VLOG(n)
Definition: Logger.h:316
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildMaps ( bool  is_new_db = false)
private

Definition at line 208 of file SysCatalog.cpp.

208  {
210  sys_sqlite_lock sqlite_lock(this);
211 
212  buildMapsUnlocked(is_new_db);
213 }
heavyai::unique_lock< heavyai::shared_mutex > write_lock
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
void buildMapsUnlocked(bool is_new_db=false)
Definition: SysCatalog.cpp:215
void Catalog_Namespace::SysCatalog::buildMapsUnlocked ( bool  is_new_db = false)
private

Definition at line 215 of file SysCatalog.cpp.

References CHECK, shared::kSystemCatalogName, run_benchmark_import::result, to_upper(), Catalog_Namespace::UserMetadata::userName, and VLOG.

215  {
216  VLOG(2) << "reloading catalog caches for: " << shared::kSystemCatalogName;
217 
218  // Store permissions for temporary users.
219  std::map<std::string, std::vector<std::string>> tu_map;
220  for (auto& pair : temporary_users_by_name_) {
221  CHECK(pair.second);
222  UserMetadata& user = *pair.second;
223  auto it = granteeMap_.find(to_upper(user.userName));
224  CHECK(it != granteeMap_.end()) << to_upper(user.userName) << " not found";
225 
226  auto user_rl = dynamic_cast<User*>(it->second.get());
227  CHECK(user_rl);
228  std::vector<std::string> current_roles = user_rl->getRoles();
229  auto result = tu_map.emplace(user.userName, std::move(current_roles));
230  CHECK(result.second);
231  }
232 
233  // Forget permissions and reload them from file storage.
237  if (!is_new_db) {
238  // We don't want to create the information schema db during database initialization
239  // because we don't have the appropriate context to intialize the tables. For
240  // instance if the server is intended to run in distributed mode, initializing the
241  // table as part of initdb will be missing information such as the location of the
242  // string dictionary server.
244  }
245 
246  // Restore permissions for temporary users that were stored above.
247  for (auto& pair : temporary_users_by_name_) {
248  CHECK(pair.second);
249  UserMetadata& user = *pair.second;
250 
251  createRole_unsafe(user.userName, /*user_private_role*/ true, /*is_temporary*/ true);
252 
253  auto it = tu_map.find(user.userName);
254  CHECK(it != tu_map.end()) << user.userName << " not found";
255  for (const auto& r : it->second) {
256  grantRole_unsafe(r, user.userName, /*is_temporary*/ true);
257  }
258  }
259 }
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
const std::string kSystemCatalogName
Definition: Grantee.h:75
std::unordered_map< std::string, std::shared_ptr< UserMetadata > > temporary_users_by_name_
Definition: SysCatalog.h:531
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
std::string to_upper(const std::string &str)
#define CHECK(condition)
Definition: Logger.h:222
#define VLOG(n)
Definition: Logger.h:316

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::buildObjectDescriptorMapUnlocked ( )
private

Definition at line 2739 of file SysCatalog.cpp.

References objectDescriptorMap_, sqliteConnector_, and to_string().

Referenced by rebuildObjectMapsUnlocked().

2739  {
2740  objectDescriptorMap_.clear();
2741  string objectQuery(
2742  "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
2743  "objectPermissions, objectOwnerId, objectName "
2744  "from mapd_object_permissions");
2745  sqliteConnector_->query(objectQuery);
2746  size_t numRows = sqliteConnector_->getNumRows();
2747  for (size_t r = 0; r < numRows; ++r) {
2748  auto od = std::make_unique<ObjectRoleDescriptor>();
2749  od->roleName = sqliteConnector_->getData<string>(r, 0);
2750  od->roleType = sqliteConnector_->getData<bool>(r, 1);
2751  od->objectType = sqliteConnector_->getData<int>(r, 2);
2752  od->dbId = sqliteConnector_->getData<int>(r, 3);
2753  od->objectId = sqliteConnector_->getData<int>(r, 4);
2754  od->privs.privileges = sqliteConnector_->getData<int>(r, 5);
2755  od->objectOwnerId = sqliteConnector_->getData<int>(r, 6);
2756  od->objectName = sqliteConnector_->getData<string>(r, 7);
2757  objectDescriptorMap_.insert(ObjectRoleDescriptorMap::value_type(
2758  std::to_string(od->dbId) + ":" + std::to_string(od->objectType) + ":" +
2759  std::to_string(od->objectId),
2760  std::move(od)));
2761  }
2762 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:501
std::string to_string(char const *&&v)
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildRoleMapUnlocked ( )
private

Definition at line 2624 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::fromString(), getGrantee(), granteeMap_, name(), AccessPrivileges::privileges, sqliteConnector_, and to_upper().

Referenced by rebuildObjectMapsUnlocked().

2624  {
2625  granteeMap_.clear();
2626  string roleQuery(
2627  "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
2628  "objectPermissions, objectOwnerId, objectName "
2629  "from mapd_object_permissions");
2630  sqliteConnector_->query(roleQuery);
2631  size_t numRows = sqliteConnector_->getNumRows();
2632  std::vector<std::string> objectKeyStr(4);
2633  DBObjectKey objectKey;
2634  AccessPrivileges privs;
2635  bool userPrivateRole{false};
2636  for (size_t r = 0; r < numRows; ++r) {
2637  std::string roleName = sqliteConnector_->getData<string>(r, 0);
2638  userPrivateRole = sqliteConnector_->getData<bool>(r, 1);
2639  DBObjectType permissionType =
2640  static_cast<DBObjectType>(sqliteConnector_->getData<int>(r, 2));
2641  objectKeyStr[0] = sqliteConnector_->getData<string>(r, 2);
2642  objectKeyStr[1] = sqliteConnector_->getData<string>(r, 3);
2643  objectKeyStr[2] = sqliteConnector_->getData<string>(r, 4);
2644  objectKey = DBObjectKey::fromString(objectKeyStr, permissionType);
2645  privs.privileges = sqliteConnector_->getData<int>(r, 5);
2646  int32_t owner = sqliteConnector_->getData<int>(r, 6);
2647  std::string name = sqliteConnector_->getData<string>(r, 7);
2648 
2649  DBObject dbObject(objectKey, privs, owner);
2650  dbObject.setName(name);
2651  if (-1 == objectKey.objectId) {
2652  dbObject.setObjectType(DBObjectType::DatabaseDBObjectType);
2653  } else {
2654  dbObject.setObjectType(permissionType);
2655  }
2656 
2657  auto* rl = getGrantee(roleName);
2658  if (!rl) {
2659  std::unique_ptr<Grantee> g;
2660  if (userPrivateRole) {
2661  g.reset(new User(roleName));
2662  } else {
2663  g.reset(new Role(roleName));
2664  }
2665  rl = g.get();
2666  granteeMap_[to_upper(roleName)] = std::move(g);
2667  }
2668  rl->grantPrivileges(dbObject);
2669  }
2670 }
DBObjectType
Definition: DBObject.h:40
std::string name() const
Definition: SysCatalog.h:356
Definition: Grantee.h:75
Grantee * getGrantee(const std::string &name) const
Definition: Grantee.h:81
static DBObjectKey fromString(const std::vector< std::string > &key, const DBObjectType &type)
Definition: DBObject.cpp:270
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
std::string to_upper(const std::string &str)
int64_t privileges
Definition: DBObject.h:133

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildUserRoleMapUnlocked ( )
private

Definition at line 2695 of file SysCatalog.cpp.

References getGrantee(), shared::kRootUsername, and sqliteConnector_.

2695  {
2696  std::vector<std::pair<std::string, std::string>> granteeRoles;
2697  string userRoleQuery("SELECT roleName, userName from mapd_roles");
2698  sqliteConnector_->query(userRoleQuery);
2699  size_t numRows = sqliteConnector_->getNumRows();
2700  for (size_t r = 0; r < numRows; ++r) {
2701  std::string roleName = sqliteConnector_->getData<string>(r, 0);
2702  std::string userName = sqliteConnector_->getData<string>(r, 1);
2703  // required for declared nomenclature before v4.0.0
2704  if ((boost::equals(roleName, "mapd_default_suser_role") &&
2705  boost::equals(userName, shared::kRootUsername)) ||
2706  (boost::equals(roleName, "mapd_default_user_role") &&
2707  !boost::equals(userName, "mapd_default_user_role"))) {
2708  // grouprole already exists with roleName==userName in mapd_roles table
2709  // ignore duplicate instances of userRole which exists before v4.0.0
2710  continue;
2711  }
2712  auto* rl = getGrantee(roleName);
2713  if (!rl) {
2714  throw runtime_error("Data inconsistency when building role map. Role " + roleName +
2715  " from db not found in the map.");
2716  }
2717  std::pair<std::string, std::string> roleVecElem(roleName, userName);
2718  granteeRoles.push_back(roleVecElem);
2719  }
2720 
2721  for (const auto& [roleName, granteeName] : granteeRoles) {
2722  auto* grantee = getGrantee(granteeName);
2723  if (!grantee) {
2724  throw runtime_error("Data inconsistency when building role map. Grantee " +
2725  granteeName + " not found in the map.");
2726  }
2727  if (granteeName == roleName) {
2728  continue;
2729  }
2730  Role* rl = dynamic_cast<Role*>(getGrantee(roleName));
2731  if (!rl) {
2732  throw runtime_error("Data inconsistency when building role map. Role " + roleName +
2733  " not found in the map.");
2734  }
2735  grantee->grantRole(rl);
2736  }
2737 }
Grantee * getGrantee(const std::string &name) const
Definition: Grantee.h:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
const std::string kRootUsername

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::changeDatabaseOwner ( std::string const &  dbname,
const std::string &  new_owner 
)

Definition at line 1331 of file SysCatalog.cpp.

References cat(), DatabaseDBObjectType, getCatalog(), getMetadataForDB(), getMetadataForUser(), getMetadataForUserById(), runUpdateQueriesAndChangeOwnership(), and to_string().

1332  {
1333  using namespace std::string_literals;
1334  sys_write_lock write_lock(this);
1335  sys_sqlite_lock sqlite_lock(this);
1336 
1337  DBMetadata db;
1338  if (!getMetadataForDB(dbname, db)) {
1339  throw std::runtime_error("Database " + dbname + " does not exists.");
1340  }
1341 
1342  Catalog_Namespace::UserMetadata user, original_owner;
1343  if (!getMetadataForUser(new_owner, user)) {
1344  throw std::runtime_error("User with username \"" + new_owner + "\" does not exist. " +
1345  "Database with name \"" + dbname +
1346  "\" can not have owner changed.");
1347  }
1348 
1349  bool original_owner_exists = getMetadataForUserById(db.dbOwner, original_owner);
1350  auto cat = getCatalog(db, true);
1351  DBObject db_object(dbname, DBObjectType::DatabaseDBObjectType);
1353  user,
1354  original_owner,
1355  db_object,
1356  *cat,
1357  UpdateQueries{{"UPDATE mapd_databases SET owner=?1 WHERE name=?2;",
1358  {std::to_string(user.userId), dbname}}},
1359  original_owner_exists);
1360 }
std::string cat(Ts &&...args)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
heavyai::unique_lock< heavyai::shared_mutex > write_lock
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
std::list< UpdateQuery > UpdateQueries
Definition: SysCatalog.h:428
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
void runUpdateQueriesAndChangeOwnership(const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, const UpdateQueries &update_queries, bool revoke_privileges=true)
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::changeDBObjectOwnership ( const UserMetadata new_owner,
const UserMetadata previous_owner,
DBObject  object,
const Catalog_Namespace::Catalog catalog,
bool  revoke_privileges = true 
)

Change ownership of a DBObject

Parameters
new_owner- new owner of DBObject
previous_owner- previous owner of DBObject
object- DBObject to change ownership of
catalog- Catalog instance object exists in
revoke_privileges- if true, revoke previous_owner's privileges

Definition at line 2167 of file SysCatalog.cpp.

References runUpdateQueriesAndChangeOwnership().

2171  {
2173  new_owner, previous_owner, object, catalog, {}, revoke_privileges);
2174 }
void runUpdateQueriesAndChangeOwnership(const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, const UpdateQueries &update_queries, bool revoke_privileges=true)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::check_for_session_encryption ( const std::string &  pki_cert,
std::string &  session 
)

Definition at line 919 of file SysCatalog.cpp.

References pki_server_.

920  {
921  if (!pki_server_->inUse()) {
922  return;
923  }
924  pki_server_->encrypt_session(pki_cert, session);
925 }
std::unique_ptr< PkiServer > pki_server_
Definition: SysCatalog.h:505
void Catalog_Namespace::SysCatalog::checkAndExecuteMigrations ( )
private

Definition at line 322 of file SysCatalog.cpp.

References addAdminUserRole(), createRoles(), fixRolesMigration(), migrateDBAccessPrivileges(), migratePrivileged_old(), migratePrivileges(), updateBlankPasswordsToRandom(), updatePasswordsToHashes(), updateSupportUserDeactivation(), and updateUserSchema().

322  {
324  createRoles();
328  updateUserSchema(); // must come before updatePasswordsToHashes()
330  updateBlankPasswordsToRandom(); // must come after updatePasswordsToHashes()
333 }

+ Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::checkPasswordForUser ( const std::string &  passwd,
std::string &  name,
UserMetadata user 
)

Definition at line 1572 of file SysCatalog.cpp.

References checkPasswordForUserImpl().

Referenced by loginImpl().

1574  {
1575  return checkPasswordForUserImpl(passwd, name, user);
1576 }
std::string name() const
Definition: SysCatalog.h:356
bool checkPasswordForUserImpl(const std::string &passwd, std::string &name, UserMetadata &user)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPasswordForUserImpl ( const std::string &  passwd,
std::string &  name,
UserMetadata user 
)
private

Definition at line 1578 of file SysCatalog.cpp.

References CHECK, getMetadataForUser(), LOG, Catalog_Namespace::UserMetadata::passwd_hash, and logger::WARNING.

Referenced by checkPasswordForUser().

1580  {
1581  sys_read_lock read_lock(this);
1582  if (!getMetadataForUser(name, user)) {
1583  // Check password against some fake hash just to waste time so that response times
1584  // for invalid password and invalid user are similar and a caller can't say the
1585  // difference
1586  char fake_hash[BCRYPT_HASHSIZE];
1587  CHECK(bcrypt_gensalt(-1, fake_hash) == 0);
1588  bcrypt_checkpw(passwd.c_str(), fake_hash);
1589  LOG(WARNING) << "Local login failed";
1590  return false;
1591  }
1592  int pwd_check_result = bcrypt_checkpw(passwd.c_str(), user.passwd_hash.c_str());
1593  // if the check fails there is a good chance that data on disc is broken
1594  CHECK(pwd_check_result >= 0);
1595  return pwd_check_result == 0;
1596 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
#define LOG(tag)
Definition: Logger.h:216
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string name() const
Definition: SysCatalog.h:356
#define CHECK(condition)
Definition: Logger.h:222
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPrivileges ( const UserMetadata user,
const std::vector< DBObject > &  privObjects 
) const

Definition at line 2452 of file SysCatalog.cpp.

References getUserGrantee(), instance(), Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::SessionInfo::checkDBAccessPrivileges(), checkPrivileges(), getDatabaseListForUser(), and switchDatabase().

2453  {
2454  sys_read_lock read_lock(this);
2455  if (user.isSuper) {
2456  return true;
2457  }
2458 
2459  auto* user_rl = instance().getUserGrantee(user.userName);
2460  if (!user_rl) {
2461  throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
2462  " does not exist.");
2463  }
2464  for (auto& object : privObjects) {
2465  if (!user_rl->checkPrivileges(object)) {
2466  return false;
2467  }
2468  }
2469  return true;
2470 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
static SysCatalog & instance()
Definition: SysCatalog.h:341
User * getUserGrantee(const std::string &name) const
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPrivileges ( const std::string &  userName,
const std::vector< DBObject > &  privObjects 
) const

Definition at line 2472 of file SysCatalog.cpp.

References checkPrivileges(), Catalog_Namespace::g_log_user_id, getMetadataForUser(), and instance().

2473  {
2474  UserMetadata user;
2475  if (!instance().getMetadataForUser(userName, user)) {
2476  std::string const loggable = g_log_user_id ? std::string("") : userName + ' ';
2477  throw runtime_error("Request to check privileges for user " + loggable +
2478  "failed because user with this name does not exist.");
2479  }
2480  return (checkPrivileges(user, privObjects));
2481 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
static SysCatalog & instance()
Definition: SysCatalog.h:341

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createDatabase ( const std::string &  dbname,
int  owner 
)

Definition at line 1406 of file SysCatalog.cpp.

References basePath_, cat(), CHECK, DatabaseDBObjectType, g_enable_fsi, getCatalog(), Catalog_Namespace::Catalog::getCustomExpressionsSchema(), Catalog_Namespace::Catalog::getForeignServerSchema(), Catalog_Namespace::Catalog::getForeignTableSchema(), getMetadataForDB(), getMetadataForUserById(), grantAllOnDatabase_unsafe(), shared::kCatalogDirectoryName, shared::kRootUserId, shared::kSystemCatalogName, removeCatalog(), sqliteConnector_, to_string(), to_upper(), and Catalog_Namespace::UserMetadata::userName.

Referenced by initDB(), and initializeInformationSchemaDb().

1406  {
1407  sys_write_lock write_lock(this);
1408  sys_sqlite_lock sqlite_lock(this);
1409 
1410  DBMetadata db;
1411  if (getMetadataForDB(name, db)) {
1412  throw runtime_error("Database " + name + " already exists.");
1413  }
1415  throw runtime_error("Database name " + name + " is reserved.");
1416  }
1417 
1418  std::unique_ptr<SqliteConnector> dbConn(
1420  // NOTE(max): it's okay to run this in a separate transaction. If we fail later
1421  // we delete the database anyways.
1422  // If we run it in the same transaction as SysCatalog functions, then Catalog
1423  // constructor won't find the tables we have just created.
1424  dbConn->query("BEGIN TRANSACTION");
1425  try {
1426  dbConn->query(
1427  "CREATE TABLE mapd_tables (tableid integer primary key, name text unique, userid "
1428  "integer, ncolumns integer, "
1429  "isview boolean, "
1430  "fragments text, frag_type integer, max_frag_rows integer, max_chunk_size "
1431  "bigint, "
1432  "frag_page_size integer, "
1433  "max_rows bigint, partitions text, shard_column_id integer, shard integer, "
1434  "sort_column_id integer default 0, storage_type text default '', "
1435  "max_rollback_epochs integer default -1, "
1436  "is_system_table boolean default 0, "
1437  "num_shards integer, key_metainfo TEXT, version_num "
1438  "BIGINT DEFAULT 1) ");
1439  dbConn->query(
1440  "CREATE TABLE mapd_columns (tableid integer references mapd_tables, columnid "
1441  "integer, name text, coltype "
1442  "integer, colsubtype integer, coldim integer, colscale integer, is_notnull "
1443  "boolean, compression integer, "
1444  "comp_param integer, size integer, chunks text, is_systemcol boolean, "
1445  "is_virtualcol boolean, virtual_expr "
1446  "text, is_deletedcol boolean, version_num BIGINT, default_value text, "
1447  "primary key(tableid, columnid), unique(tableid, name))");
1448  dbConn->query(
1449  "CREATE TABLE mapd_views (tableid integer references mapd_tables, sql text)");
1450  dbConn->query(
1451  "CREATE TABLE mapd_dashboards (id integer primary key autoincrement, name text , "
1452  "userid integer references mapd_users, state text, image_hash text, update_time "
1453  "timestamp, "
1454  "metadata text, UNIQUE(userid, name) )");
1455  dbConn->query(
1456  "CREATE TABLE mapd_links (linkid integer primary key, userid integer references "
1457  "mapd_users, "
1458  "link text unique, view_state text, update_time timestamp, view_metadata text)");
1459  dbConn->query(
1460  "CREATE TABLE mapd_dictionaries (dictid integer primary key, name text unique, "
1461  "nbits int, is_shared boolean, "
1462  "refcount int, version_num BIGINT DEFAULT 1)");
1463  dbConn->query(
1464  "CREATE TABLE mapd_logical_to_physical(logical_table_id integer, "
1465  "physical_table_id "
1466  "integer)");
1467  dbConn->query("CREATE TABLE mapd_record_ownership_marker (dummy integer)");
1468  dbConn->query_with_text_params(
1469  "INSERT INTO mapd_record_ownership_marker (dummy) VALUES (?1)",
1470  std::vector<std::string>{std::to_string(owner)});
1471 
1472  if (g_enable_fsi) {
1473  dbConn->query(Catalog::getForeignServerSchema());
1474  dbConn->query(Catalog::getForeignTableSchema());
1475  }
1476  dbConn->query(Catalog::getCustomExpressionsSchema());
1477  } catch (const std::exception&) {
1478  dbConn->query("ROLLBACK TRANSACTION");
1479  boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
1480  name);
1481  throw;
1482  }
1483  dbConn->query("END TRANSACTION");
1484 
1485  std::shared_ptr<Catalog> cat;
1486  // Now update SysCatalog with privileges and the new database
1487  sqliteConnector_->query("BEGIN TRANSACTION");
1488  try {
1489  sqliteConnector_->query_with_text_param(
1490  "INSERT INTO mapd_databases (name, owner) VALUES (?, " + std::to_string(owner) +
1491  ")",
1492  name);
1493  CHECK(getMetadataForDB(name, db));
1494 
1495  cat = getCatalog(db, true);
1496 
1497  if (owner != shared::kRootUserId) {
1499  object.loadKey(*cat);
1500  UserMetadata user;
1501  CHECK(getMetadataForUserById(owner, user));
1502  grantAllOnDatabase_unsafe(user.userName, object, *cat);
1503  }
1504  } catch (const std::exception&) {
1505  sqliteConnector_->query("ROLLBACK TRANSACTION");
1506  boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
1507  name);
1508  throw;
1509  }
1510  sqliteConnector_->query("END TRANSACTION");
1511 
1512  // force a migration on the new database
1514  cat = getCatalog(db, false);
1515 
1516  if (g_enable_fsi) {
1517  try {
1518  cat->createDefaultServersIfNotExists();
1519  } catch (...) {
1520  boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
1521  name);
1522  throw;
1523  }
1524  }
1525 }
const int kRootUserId
std::string cat(Ts &&...args)
void removeCatalog(const std::string &dbName)
std::string name() const
Definition: SysCatalog.h:356
const std::string kSystemCatalogName
heavyai::unique_lock< heavyai::shared_mutex > write_lock
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
static const std::string getForeignTableSchema(bool if_not_exists=false)
Definition: Catalog.cpp:772
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
static const std::string getForeignServerSchema(bool if_not_exists=false)
Definition: Catalog.cpp:765
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
std::string to_upper(const std::string &str)
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
static const std::string getCustomExpressionsSchema(bool if_not_exists=false)
Definition: Catalog.cpp:780
const std::string kCatalogDirectoryName
#define CHECK(condition)
Definition: Logger.h:222
bool g_enable_fsi
Definition: Catalog.cpp:96
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createDBObject ( const UserMetadata user,
const std::string &  objectName,
DBObjectType  type,
const Catalog_Namespace::Catalog catalog,
int32_t  objectId = -1 
)

Definition at line 1820 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, DashboardDBObjectType, getUserGrantee(), grantDBObjectPrivileges_unsafe(), Grantee::grantPrivileges(), instance(), Catalog_Namespace::UserMetadata::isSuper, ServerDBObjectType, sqliteConnector_, TableDBObjectType, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by CreateForeignServerCommand::execute(), CreateForeignTableCommand::execute(), and EmbeddedDatabase::DBEngineImpl::importArrowTable().

1824  {
1825  sys_write_lock write_lock(this);
1826  sys_sqlite_lock sqlite_lock(this);
1827 
1828  DBObject object =
1829  objectId == -1 ? DBObject(objectName, type) : DBObject(objectId, type);
1830  object.loadKey(catalog);
1831  switch (type) {
1832  case TableDBObjectType:
1833  object.setPrivileges(AccessPrivileges::ALL_TABLE);
1834  break;
1835  case DashboardDBObjectType:
1836  object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
1837  break;
1838  case ServerDBObjectType:
1839  object.setPrivileges(AccessPrivileges::ALL_SERVER);
1840  break;
1841  default:
1842  object.setPrivileges(AccessPrivileges::ALL_DATABASE);
1843  break;
1844  }
1845  object.setOwner(user.userId);
1846  sqliteConnector_->query("BEGIN TRANSACTION");
1847  try {
1848  if (!user.isSuper) { // no need to grant to suser, has all privs by default
1849  grantDBObjectPrivileges_unsafe(user.userName, object, catalog);
1850  auto* grantee = instance().getUserGrantee(user.userName);
1851  if (!grantee) {
1852  throw runtime_error("Cannot create DBObject. User " + user.userLoggable() +
1853  " does not exist.");
1854  }
1855  grantee->grantPrivileges(object);
1856  }
1857  } catch (std::exception& e) {
1858  sqliteConnector_->query("ROLLBACK TRANSACTION");
1859  throw;
1860  }
1861  sqliteConnector_->query("END TRANSACTION");
1862 }
static const AccessPrivileges ALL_DATABASE
Definition: DBObject.h:151
virtual void grantPrivileges(const DBObject &object)
Definition: Grantee.cpp:105
heavyai::unique_lock< heavyai::shared_mutex > write_lock
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
static SysCatalog & instance()
Definition: SysCatalog.h:341
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
static const AccessPrivileges ALL_SERVER
Definition: DBObject.h:187
User * getUserGrantee(const std::string &name) const
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
void loadKey()
Definition: DBObject.cpp:190
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:169
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:157

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRole ( const std::string &  roleName,
const bool  user_private_role,
const bool  is_temporary = false 
)

Definition at line 2778 of file SysCatalog.cpp.

References createRole_unsafe(), and execInTransaction().

2780  {
2782  &SysCatalog::createRole_unsafe, roleName, user_private_role, is_temporary);
2783 }
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
void execInTransaction(F &&f, Args &&...args)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createRole_unsafe ( const std::string &  roleName,
const bool  userPrivateRole,
const bool  is_temporary 
)
private

Definition at line 2198 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::dbId, getGrantee(), granteeMap_, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kDefaultDbName, DBObjectKey::permissionType, DBObject::setObjectKey(), sqliteConnector_, and to_upper().

Referenced by addAdminUserRole(), createRole(), createUser(), and initDB().

2200  {
2201  sys_write_lock write_lock(this);
2202 
2203  auto* grantee = getGrantee(roleName);
2204  if (grantee) {
2205  throw std::runtime_error("CREATE ROLE " + roleName +
2206  " failed because grantee with this name already exists.");
2207  }
2208  std::unique_ptr<Grantee> g;
2209  if (user_private_role) {
2210  g.reset(new User(roleName));
2211  } else {
2212  g.reset(new Role(roleName));
2213  }
2214  grantee = g.get();
2215  granteeMap_[to_upper(roleName)] = std::move(g);
2216 
2217  // NOTE (max): Why create an empty privileges record for a role?
2218  /* grant none privileges to this role and add it to sqlite DB */
2220  DBObjectKey objKey;
2221  // 0 is an id that does not exist
2222  objKey.dbId = 0;
2224  dbObject.setObjectKey(objKey);
2225  grantee->grantPrivileges(dbObject);
2226 
2227  if (!is_temporary) {
2228  sys_sqlite_lock sqlite_lock(this);
2230  sqliteConnector_, roleName, user_private_role, dbObject);
2231  }
2232 }
Definition: Grantee.h:75
Grantee * getGrantee(const std::string &name) const
Definition: Grantee.h:81
heavyai::unique_lock< heavyai::shared_mutex > write_lock
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, const DBObject &object)
Definition: SysCatalog.cpp:477
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
const std::string kDefaultDbName
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
std::string to_upper(const std::string &str)
int32_t dbId
Definition: DBObject.h:54
int32_t permissionType
Definition: DBObject.h:53

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRoles ( )
private

Definition at line 408 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

408  {
409  sys_sqlite_lock sqlite_lock(this);
410  sqliteConnector_->query("BEGIN TRANSACTION");
411  try {
412  sqliteConnector_->query(
413  "SELECT name FROM sqlite_master WHERE type='table' AND name='mapd_roles'");
414  if (sqliteConnector_->getNumRows() != 0) {
415  // already done
416  sqliteConnector_->query("END TRANSACTION");
417  return;
418  }
419  sqliteConnector_->query(
420  "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
421  "userName))");
422  } catch (const std::exception&) {
423  sqliteConnector_->query("ROLLBACK TRANSACTION");
424  throw;
425  }
426  sqliteConnector_->query("END TRANSACTION");
427 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the caller graph for this function:

UserMetadata Catalog_Namespace::SysCatalog::createUser ( std::string const &  name,
UserAlterations  alts,
bool  is_temporary 
)

Definition at line 927 of file SysCatalog.cpp.

References Catalog_Namespace::UserAlterations::can_login, CHECK, createRole_unsafe(), Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::UserAlterations::default_db, Catalog_Namespace::g_log_user_id, g_read_only, getGrantee(), getMetadataForDB(), getMetadataForUser(), getUser(), anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), Catalog_Namespace::UserAlterations::is_super, name(), next_temporary_user_id_, Catalog_Namespace::UserAlterations::passwd, sqliteConnector_, temporary_users_by_id_, temporary_users_by_name_, to_string(), Catalog_Namespace::UserMetadata::userLoggable(), and VLOG.

Referenced by syncUserWithRemoteProvider().

929  {
931  sys_sqlite_lock sqlite_lock(this);
932 
933  if (!alts.passwd) {
934  alts.passwd = "";
935  }
936  if (!alts.is_super) {
937  alts.is_super = false;
938  }
939  if (!alts.default_db) {
940  alts.default_db = "";
941  }
942  if (!alts.can_login) {
943  alts.can_login = true;
944  }
945 
946  UserMetadata user;
947  if (getMetadataForUser(name, user)) {
948  throw runtime_error("User " + user.userLoggable() + " already exists.");
949  }
950  if (getGrantee(name)) {
951  std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
952  throw runtime_error(
953  "User " + loggable +
954  "is same as one of existing grantees. User and role names should be unique.");
955  }
956  DBMetadata db;
957  if (!alts.default_db->empty()) {
958  if (!getMetadataForDB(*alts.default_db, db)) {
959  throw runtime_error("DEFAULT_DB " + *alts.default_db + " not found.");
960  }
961  }
962 
963  // Temporary user.
964  if (is_temporary) {
965  if (!g_read_only) {
966  throw std::runtime_error("Temporary users require read-only mode.");
967  // NOTE(sy): We can remove this restriction when we're confident that
968  // nothing permanent can depend on a temporary user.
969  }
970  auto user2 = std::make_shared<UserMetadata>(next_temporary_user_id_++,
971  name,
972  hash_with_bcrypt(*alts.passwd),
973  *alts.is_super,
974  !alts.default_db->empty() ? db.dbId : -1,
975  *alts.can_login,
976  true);
978  temporary_users_by_id_[user2->userId] = user2;
979  createRole_unsafe(name, /*userPrivateRole=*/true, /*is_temporary=*/true);
980  VLOG(1) << "Created temporary user: " << user2->userLoggable();
981  return *user2;
982  }
983 
984  // Normal user.
985  sqliteConnector_->query("BEGIN TRANSACTION");
986  try {
987  std::vector<std::string> vals;
988  if (!alts.default_db->empty()) {
989  vals = {name,
990  hash_with_bcrypt(*alts.passwd),
991  std::to_string(*alts.is_super),
992  std::to_string(db.dbId),
993  std::to_string(*alts.can_login)};
994  sqliteConnector_->query_with_text_params(
995  "INSERT INTO mapd_users (name, passwd_hash, issuper, default_db, can_login) "
996  "VALUES (?, ?, ?, ?, ?)",
997  vals);
998  } else {
999  vals = {name,
1000  hash_with_bcrypt(*alts.passwd),
1001  std::to_string(*alts.is_super),
1002  std::to_string(*alts.can_login)};
1003  sqliteConnector_->query_with_text_params(
1004  "INSERT INTO mapd_users (name, passwd_hash, issuper, can_login) "
1005  "VALUES (?, ?, ?, ?)",
1006  vals);
1007  }
1008  createRole_unsafe(name, /*userPrivateRole=*/true, /*is_temporary=*/false);
1009  } catch (const std::exception& e) {
1010  sqliteConnector_->query("ROLLBACK TRANSACTION");
1011  throw;
1012  }
1013  sqliteConnector_->query("END TRANSACTION");
1014  auto u = getUser(name);
1015  CHECK(u);
1016  VLOG(1) << "Created user: " << u->userLoggable();
1017  return *u;
1018 }
std::optional< UserMetadata > getUser(std::string const &uname)
Definition: SysCatalog.h:201
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string name() const
Definition: SysCatalog.h:356
Grantee * getGrantee(const std::string &name) const
heavyai::unique_lock< heavyai::shared_mutex > write_lock
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unordered_map< std::string, std::shared_ptr< UserMetadata > > temporary_users_by_name_
Definition: SysCatalog.h:531
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:71
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
bool g_read_only
Definition: File.cpp:40
std::unordered_map< int32_t, std::shared_ptr< UserMetadata > > temporary_users_by_id_
Definition: SysCatalog.h:532
#define CHECK(condition)
Definition: Logger.h:222
#define VLOG(n)
Definition: Logger.h:316
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createVersionHistoryTable ( ) const
private

Definition at line 3111 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by recordExecutedMigration().

3111  {
3112  sys_sqlite_lock sqlite_lock(this);
3113  sqliteConnector_->query(
3114  "CREATE TABLE mapd_version_history(version integer, migration_history text "
3115  "unique)");
3116 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap ( const std::string &  roleName)
private

Definition at line 2400 of file SysCatalog.cpp.

References objectDescriptorMap_.

Referenced by dropUserUnchecked(), and revokeDBObjectPrivileges_unsafe().

2400  {
2401  sys_write_lock write_lock(this);
2402 
2403  for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
2404  if (d->second->roleName == roleName) {
2405  d = objectDescriptorMap_.erase(d);
2406  } else {
2407  d++;
2408  }
2409  }
2410 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:501
heavyai::unique_lock< heavyai::shared_mutex > write_lock
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap ( const std::string &  roleName,
DBObject object,
const Catalog_Namespace::Catalog cat 
)
private

Definition at line 2413 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), objectDescriptorMap_, and to_string().

2415  {
2416  sys_write_lock write_lock(this);
2417  auto range = objectDescriptorMap_.equal_range(
2418  std::to_string(cat.getCurrentDB().dbId) + ":" +
2419  std::to_string(object.getObjectKey().permissionType) + ":" +
2420  std::to_string(object.getObjectKey().objectId));
2421  for (auto d = range.first; d != range.second;) {
2422  // remove the entry
2423  if (d->second->roleName == roleName) {
2424  d = objectDescriptorMap_.erase(d);
2425  } else {
2426  d++;
2427  }
2428  }
2429 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:501
heavyai::unique_lock< heavyai::shared_mutex > write_lock
std::string to_string(char const *&&v)
const DBMetadata & getCurrentDB() const
Definition: Catalog.h:242
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123

+ Here is the call graph for this function:

static void Catalog_Namespace::SysCatalog::destroy ( )
inlinestatic

Definition at line 349 of file SysCatalog.h.

References migrations::MigrationMgr::destroy(), instance_, and instance_mutex_.

Referenced by main(), EmbeddedDatabase::DBEngineImpl::reset(), and DBHandler::shutdown().

349  {
351  instance_.reset();
353  }
static std::unique_ptr< SysCatalog > instance_
Definition: SysCatalog.h:519
static std::mutex instance_mutex_
Definition: SysCatalog.h:518
std::unique_lock< T > unique_lock

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropDatabase ( const DBMetadata db)

Definition at line 1527 of file SysCatalog.cpp.

References cat(), DashboardDBObjectType, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, getCatalog(), granteeMap_, removeCatalog(), revokeAllOnDatabase_unsafe(), revokeDBObjectPrivilegesFromAll_unsafe(), sqliteConnector_, TableDBObjectType, run_benchmark_import::tables, and to_string().

Referenced by initializeInformationSchemaDb().

1527  {
1528  auto cat = getCatalog(db, false);
1529  cat->eraseDbPhysicalData();
1530  sys_write_lock write_lock(this);
1531  sys_sqlite_lock sqlite_lock(this);
1532  sqliteConnector_->query("BEGIN TRANSACTION");
1533  try {
1534  // remove this database ID from any users that have it set as their default database
1535  sqliteConnector_->query_with_text_param(
1536  "UPDATE mapd_users SET default_db = NULL WHERE default_db = ?",
1537  std::to_string(db.dbId));
1538  /* revoke object privileges to all tables of the database being dropped */
1539  const auto tables = cat->getAllTableMetadata();
1540  for (const auto table : tables) {
1541  if (table->shard >= 0) {
1542  // skip shards, they're not standalone tables
1543  continue;
1544  }
1546  DBObject(table->tableName, TableDBObjectType), cat.get());
1547  }
1548  const auto dashboards = cat->getAllDashboardsMetadata();
1549  for (const auto dashboard : dashboards) {
1551  DBObject(dashboard->dashboardId, DashboardDBObjectType), cat.get());
1552  }
1553  /* revoke object privileges to the database being dropped */
1554  for (const auto& grantee : granteeMap_) {
1555  if (grantee.second->hasAnyPrivilegesOnDb(db.dbId, true)) {
1557  grantee.second->getName(), db.dbId, grantee.second.get());
1558  }
1559  }
1560  sqliteConnector_->query_with_text_param("DELETE FROM mapd_databases WHERE dbid = ?",
1561  std::to_string(db.dbId));
1562  cat->eraseDbMetadata();
1563  removeCatalog(db.dbName);
1564  } catch (const std::exception&) {
1565  sqliteConnector_->query("ROLLBACK TRANSACTION");
1566  throw;
1567  }
1568  sqliteConnector_->query("END TRANSACTION");
1569 }
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
std::string cat(Ts &&...args)
void removeCatalog(const std::string &dbName)
heavyai::unique_lock< heavyai::shared_mutex > write_lock
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropRole ( const std::string &  roleName,
const bool  is_temporary = false 
)

Definition at line 2785 of file SysCatalog.cpp.

References dropRole_unsafe(), and execInTransaction().

2785  {
2786  execInTransaction(&SysCatalog::dropRole_unsafe, roleName, is_temporary);
2787 }
void execInTransaction(F &&f, Args &&...args)
void dropRole_unsafe(const std::string &roleName, const bool is_temporary)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::dropRole_unsafe ( const std::string &  roleName,
const bool  is_temporary 
)
private

Definition at line 2234 of file SysCatalog.cpp.

References granteeMap_, objectDescriptorMap_, sqliteConnector_, and to_upper().

Referenced by dropRole(), and dropUserUnchecked().

2234  {
2235  sys_write_lock write_lock(this);
2236 
2237  for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
2238  if (d->second->roleName == roleName) {
2239  d = objectDescriptorMap_.erase(d);
2240  } else {
2241  d++;
2242  }
2243  }
2244  // it may very well be a user "role", so keep it generic
2245  granteeMap_.erase(to_upper(roleName));
2246 
2247  if (!is_temporary) {
2248  sys_sqlite_lock sqlite_lock(this);
2249  sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE roleName = ?",
2250  roleName);
2251  sqliteConnector_->query_with_text_param(
2252  "DELETE FROM mapd_object_permissions WHERE roleName = ?", roleName);
2253  }
2254 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:501
heavyai::unique_lock< heavyai::shared_mutex > write_lock
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
std::string to_upper(const std::string &str)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropUser ( const std::string &  name)

Definition at line 1058 of file SysCatalog.cpp.

References dropUserUnchecked(), Catalog_Namespace::g_log_user_id, getAllDBMetadata(), getMetadataForUser(), and Catalog_Namespace::UserMetadata::userId.

1058  {
1059  sys_write_lock write_lock(this);
1060  sys_sqlite_lock sqlite_lock(this);
1061 
1062  std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
1063 
1064  UserMetadata user;
1065  if (!getMetadataForUser(name, user)) {
1066  throw runtime_error("Cannot drop user. User " + loggable + "does not exist.");
1067  }
1068 
1069  auto dbs = getAllDBMetadata();
1070  for (const auto& db : dbs) {
1071  if (db.dbOwner == user.userId) {
1072  throw runtime_error("Cannot drop user. User " + loggable + "owns database " +
1073  db.dbName);
1074  }
1075  }
1076 
1077  dropUserUnchecked(name, user);
1078 }
void dropUserUnchecked(const std::string &name, const UserMetadata &user)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string name() const
Definition: SysCatalog.h:356
heavyai::unique_lock< heavyai::shared_mutex > write_lock
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::list< DBMetadata > getAllDBMetadata()

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::dropUserUnchecked ( const std::string &  name,
const UserMetadata user 
)

Definition at line 1021 of file SysCatalog.cpp.

References CHECK, deleteObjectDescriptorMap(), dropRole_unsafe(), Catalog_Namespace::UserMetadata::is_temporary, sqliteConnector_, temporary_users_by_id_, temporary_users_by_name_, to_string(), and Catalog_Namespace::UserMetadata::userId.

Referenced by dropUser().

1021  {
1022  sys_write_lock write_lock(this);
1023  sys_sqlite_lock sqlite_lock(this);
1024 
1025  // Temporary user.
1026  if (user.is_temporary) {
1027  auto it1 = temporary_users_by_name_.find(name);
1028  CHECK(it1 != temporary_users_by_name_.end());
1029  auto it2 = temporary_users_by_id_.find(it1->second->userId);
1030  CHECK(it2 != temporary_users_by_id_.end());
1031  dropRole_unsafe(name, /*is_temporary=*/true);
1033  temporary_users_by_name_.erase(it1);
1034  temporary_users_by_id_.erase(it2);
1035  return;
1036  }
1037 
1038  // Normal user.
1039 
1040  sqliteConnector_->query("BEGIN TRANSACTION");
1041  try {
1042  dropRole_unsafe(name, /*is_temporary=*/false);
1044  const std::string& roleName(name);
1045  sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE userName = ?",
1046  roleName);
1047  sqliteConnector_->query("DELETE FROM mapd_users WHERE userid = " +
1048  std::to_string(user.userId));
1049  sqliteConnector_->query("DELETE FROM mapd_privileges WHERE userid = " +
1050  std::to_string(user.userId));
1051  } catch (const std::exception& e) {
1052  sqliteConnector_->query("ROLLBACK TRANSACTION");
1053  throw;
1054  }
1055  sqliteConnector_->query("END TRANSACTION");
1056 }
std::string name() const
Definition: SysCatalog.h:356
heavyai::unique_lock< heavyai::shared_mutex > write_lock
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unordered_map< std::string, std::shared_ptr< UserMetadata > > temporary_users_by_name_
Definition: SysCatalog.h:531
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
void dropRole_unsafe(const std::string &roleName, const bool is_temporary)
void deleteObjectDescriptorMap(const std::string &roleName)
std::unordered_map< int32_t, std::shared_ptr< UserMetadata > > temporary_users_by_id_
Definition: SysCatalog.h:532
#define CHECK(condition)
Definition: Logger.h:222

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

template<typename F , typename... Args>
void Catalog_Namespace::SysCatalog::execInTransaction ( F &&  f,
Args &&...  args 
)
private

Definition at line 2765 of file SysCatalog.cpp.

References run_benchmark_import::args, anonymous_namespace{Utm.h}::f, and sqliteConnector_.

Referenced by createRole(), dropRole(), grantDBObjectPrivileges(), grantDBObjectPrivilegesBatch(), grantRole(), grantRoleBatch(), revokeDBObjectPrivileges(), revokeDBObjectPrivilegesBatch(), revokeDBObjectPrivilegesFromAll(), revokeDBObjectPrivilegesFromAllBatch(), revokeRole(), and revokeRoleBatch().

2765  {
2766  sys_write_lock write_lock(this);
2767  sys_sqlite_lock sqlite_lock(this);
2768  sqliteConnector_->query("BEGIN TRANSACTION");
2769  try {
2770  (this->*f)(std::forward<Args>(args)...);
2771  } catch (std::exception&) {
2772  sqliteConnector_->query("ROLLBACK TRANSACTION");
2773  throw;
2774  }
2775  sqliteConnector_->query("END TRANSACTION");
2776 }
heavyai::unique_lock< heavyai::shared_mutex > write_lock
constexpr double f
Definition: Utm.h:31
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::fixRolesMigration ( )
private

Definition at line 435 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

435  {
436  sys_sqlite_lock sqlite_lock(this);
437  sqliteConnector_->query("BEGIN TRANSACTION");
438  try {
439  sqliteConnector_->query("SELECT name FROM mapd_users");
440  auto num_rows = sqliteConnector_->getNumRows();
441  std::vector<std::string> user_names;
442  for (size_t i = 0; i < num_rows; ++i) {
443  user_names.push_back(sqliteConnector_->getData<std::string>(i, 0));
444  }
445  for (const auto& user_name : user_names) {
446  sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE roleName = ?",
447  user_name);
448  }
449  } catch (const std::exception&) {
450  sqliteConnector_->query("ROLLBACK TRANSACTION");
451  throw;
452  }
453  sqliteConnector_->query("END TRANSACTION");
454 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the caller graph for this function:

list< DBMetadata > Catalog_Namespace::SysCatalog::getAllDBMetadata ( )

Definition at line 1660 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and sqliteConnector_.

Referenced by dropUser(), getCatalogsForAllDbs(), and getDatabaseListForUser().

1660  {
1661  sys_sqlite_lock sqlite_lock(this);
1662  sqliteConnector_->query("SELECT dbid, name, owner FROM mapd_databases");
1663  int numRows = sqliteConnector_->getNumRows();
1664  list<DBMetadata> db_list;
1665  for (int r = 0; r < numRows; ++r) {
1666  DBMetadata db;
1667  db.dbId = sqliteConnector_->getData<int>(r, 0);
1668  db.dbName = sqliteConnector_->getData<string>(r, 1);
1669  db.dbOwner = sqliteConnector_->getData<int>(r, 2);
1670  db_list.push_back(db);
1671  }
1672  return db_list;
1673 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the caller graph for this function:

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( )

Definition at line 1720 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), and sqliteConnector_.

Referenced by Catalog_Namespace::anonymous_namespace{Catalog.cpp}::get_user_id_to_user_name_map(), and getDatabaseListForUser().

1720  {
1721  sys_sqlite_lock sqlite_lock(this);
1722  return get_users(*this, sqliteConnector_);
1723 }
auto get_users(SysCatalog &syscat, std::unique_ptr< SqliteConnector > &sqliteConnector, const int32_t dbId=-1)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( const int64_t  dbId)

return the users associated with the given DB

Definition at line 1713 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), and sqliteConnector_.

1713  {
1714  // this call is to return users that have some form of permissions to objects in the db
1715  // sadly mapd_object_permissions table is also misused to manage user roles.
1716  sys_sqlite_lock sqlite_lock(this);
1717  return get_users(*this, sqliteConnector_, dbId);
1718 }
auto get_users(SysCatalog &syscat, std::unique_ptr< SqliteConnector > &sqliteConnector, const int32_t dbId=-1)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the call graph for this function:

Calcite& Catalog_Namespace::SysCatalog::getCalciteMgr ( ) const
inline

Definition at line 233 of file SysCatalog.h.

References calciteMgr_.

233 { return *calciteMgr_; }
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:507
std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const std::string &  dbName)

Definition at line 2952 of file SysCatalog.cpp.

References cat_map_, and getMetadataForDB().

Referenced by foreign_storage::anonymous_namespace{LogFileBufferParser.cpp}::add_nonce_values(), foreign_storage::cache_blocks(), changeDatabaseOwner(), createDatabase(), foreign_storage::ForeignDataWrapperFactory::createForeignTableProxy(), foreign_storage::ParquetDataWrapper::createRenderGroupAnalyzers(), foreign_storage::AbstractTextFileDataWrapper::createRenderGroupAnalyzers(), dropDatabase(), foreign_storage::ParquetDataWrapper::fetchChunkMetadata(), foreign_storage::ForeignTableSchema::ForeignTableSchema(), foreign_storage::anonymous_namespace{InternalMemoryStatsDataWrapper.cpp}::get_column_name(), foreign_storage::get_foreign_table_for_key(), foreign_storage::anonymous_namespace{InternalCatalogDataWrapper.cpp}::get_table_ddl(), foreign_storage::get_table_name(), foreign_storage::ParseBufferRequest::getCatalog(), getCatalogsForAllDbs(), foreign_storage::ParquetImportBatchResult::getChunksAndDictionaries(), lockmgr::TableLockMgrImpl< TableDataLockMgr >::getClusterTableMutex(), foreign_storage::ParquetDataWrapper::getColumnsToInitialize(), foreign_storage::init_chunk_for_column(), foreign_storage::Csv::init_chunk_for_column(), PersistentStorageMgr::isForeignStorage(), foreign_storage::AbstractTextFileDataWrapper::iterativeFileScan(), foreign_storage::ParquetDataWrapper::loadBuffersUsingLazyParquetChunkLoader(), login(), foreign_storage::AbstractTextFileDataWrapper::populateChunkBuffers(), foreign_storage::AbstractTextFileDataWrapper::populateChunkMetadata(), switchDatabase(), and foreign_storage::AbstractTextFileDataWrapper::updateMetadata().

2952  {
2953  dbid_to_cat_map::const_accessor cata;
2954  if (cat_map_.find(cata, dbName)) {
2955  return cata->second;
2956  } else {
2958  if (getMetadataForDB(dbName, db_meta)) {
2959  return getCatalog(db_meta, false);
2960  } else {
2961  return nullptr;
2962  }
2963  }
2964 }
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const int32_t  db_id)

Definition at line 2966 of file SysCatalog.cpp.

References cat_map_.

2966  {
2967  dbid_to_cat_map::const_accessor cata;
2968  for (dbid_to_cat_map::iterator cat_it = cat_map_.begin(); cat_it != cat_map_.end();
2969  ++cat_it) {
2970  if (cat_it->second->getDatabaseId() == db_id) {
2971  return cat_it->second;
2972  }
2973  }
2974  return nullptr;
2975 }
std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const DBMetadata curDB,
bool  is_new_db 
)

Definition at line 2977 of file SysCatalog.cpp.

References basePath_, calciteMgr_, cat(), cat_map_, dataMgr_, Catalog_Namespace::DBMetadata::dbName, and string_dict_hosts_.

2977  {
2978  {
2979  dbid_to_cat_map::const_accessor cata;
2980  if (cat_map_.find(cata, curDB.dbName)) {
2981  return cata->second;
2982  }
2983  }
2984 
2985  // Catalog doesnt exist
2986  // has to be made outside of lock as migration uses cat
2987  auto cat = std::make_shared<Catalog>(
2988  basePath_, curDB, dataMgr_, string_dict_hosts_, calciteMgr_, is_new_db);
2989 
2990  dbid_to_cat_map::accessor cata;
2991 
2992  if (cat_map_.find(cata, curDB.dbName)) {
2993  return cata->second;
2994  }
2995 
2996  cat_map_.insert(cata, curDB.dbName);
2997  cata->second = cat;
2998 
2999  return cat;
3000 }
std::string cat(Ts &&...args)
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:504
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:508
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:507

+ Here is the call graph for this function:

const std::string& Catalog_Namespace::SysCatalog::getCatalogBasePath ( ) const
inline

Definition at line 234 of file SysCatalog.h.

References basePath_.

234 { return basePath_; }
std::vector< Catalog * > Catalog_Namespace::SysCatalog::getCatalogsForAllDbs ( )

Definition at line 1080 of file SysCatalog.cpp.

References getAllDBMetadata(), and getCatalog().

1080  {
1081  std::vector<Catalog*> catalogs{};
1082  const auto& db_metadata_list = getAllDBMetadata();
1083  for (const auto& db_metadata : db_metadata_list) {
1084  catalogs.emplace_back(getCatalog(db_metadata, false).get());
1085  }
1086  return catalogs;
1087 }
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
std::list< DBMetadata > getAllDBMetadata()

+ Here is the call graph for this function:

std::set< std::string > Catalog_Namespace::SysCatalog::getCreatedRoles ( ) const

Definition at line 2613 of file SysCatalog.cpp.

References granteeMap_, and isDashboardSystemRole().

2613  {
2614  sys_read_lock read_lock(this);
2615  std::set<std::string> roles; // Sorted for human readers.
2616  for (const auto& [key, grantee] : granteeMap_) {
2617  if (!grantee->isUser() && !isDashboardSystemRole(grantee->getName())) {
2618  roles.emplace(grantee->getName());
2619  }
2620  }
2621  return roles;
2622 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
bool isDashboardSystemRole(const std::string &roleName) const
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

DBSummaryList Catalog_Namespace::SysCatalog::getDatabaseListForUser ( const UserMetadata user)

Definition at line 1791 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, checkPrivileges(), DatabaseDBObjectType, Catalog_Namespace::DBSummary::dbName, getAllDBMetadata(), getAllUserMetadata(), DBObject::loadKey(), DBObject::setPrivileges(), Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

Referenced by ShowDatabasesCommand::execute().

1791  {
1792  DBSummaryList ret;
1793 
1794  std::list<Catalog_Namespace::DBMetadata> db_list = getAllDBMetadata();
1795  std::list<Catalog_Namespace::UserMetadata> user_list = getAllUserMetadata();
1796 
1797  std::map<int32_t, std::string> user_id_to_name_map;
1798  for (const auto& user : user_list) {
1799  user_id_to_name_map.emplace(user.userId, user.userName);
1800  }
1801 
1802  for (auto d : db_list) {
1803  DBObject dbObject(d.dbName, DatabaseDBObjectType);
1804  dbObject.loadKey();
1805  dbObject.setPrivileges(AccessPrivileges::ACCESS);
1806  if (!checkPrivileges(user, std::vector<DBObject>{dbObject})) {
1807  continue;
1808  }
1809 
1810  if (auto it = user_id_to_name_map.find(d.dbOwner); it != user_id_to_name_map.end()) {
1811  ret.emplace_back(DBSummary{d.dbName, it->second});
1812  } else {
1813  ret.emplace_back(DBSummary{d.dbName, "<DELETED>"});
1814  }
1815  }
1816 
1817  return ret;
1818 }
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
std::list< UserMetadata > getAllUserMetadata()
std::list< DBMetadata > getAllDBMetadata()
static const AccessPrivileges ACCESS
Definition: DBObject.h:153
std::list< DBSummary > DBSummaryList
Definition: SysCatalog.h:145

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Data_Namespace::DataMgr& Catalog_Namespace::SysCatalog::getDataMgr ( ) const
inline

Definition at line 232 of file SysCatalog.h.

References dataMgr_.

Referenced by Executor::clearMemory(), Executor::getExecutor(), foreign_storage::InternalMemoryStatsDataWrapper::initializeObjectsForTable(), and foreign_storage::InternalStorageStatsDataWrapper::initializeObjectsForTable().

232 { return *dataMgr_; }
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:504

+ Here is the caller graph for this function:

std::optional<DBMetadata> Catalog_Namespace::SysCatalog::getDB ( std::string const &  dbname)
inline

Definition at line 213 of file SysCatalog.h.

References getMetadataForDB().

213  {
214  if (DBMetadata db; getMetadataForDB(dbname, db)) {
215  return db;
216  }
217  return {};
218  }
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

std::optional<DBMetadata> Catalog_Namespace::SysCatalog::getDB ( int32_t const  dbid)
inline

Definition at line 219 of file SysCatalog.h.

References getMetadataForDBById().

219  {
220  if (DBMetadata db; getMetadataForDBById(dbid, db)) {
221  return db;
222  }
223  return {};
224  }
bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::getDBObjectPrivileges ( const std::string &  granteeName,
DBObject object,
const Catalog_Namespace::Catalog catalog 
) const

Definition at line 2176 of file SysCatalog.cpp.

References getGrantee(), getMetadataForUser(), instance(), and Catalog_Namespace::UserMetadata::isSuper.

2178  {
2179  sys_read_lock read_lock(this);
2180  UserMetadata user_meta;
2181 
2182  if (instance().getMetadataForUser(granteeName, user_meta)) {
2183  if (user_meta.isSuper) {
2184  throw runtime_error(
2185  "Request to show privileges from " + granteeName +
2186  " failed because user is super user and has all privileges by default.");
2187  }
2188  }
2189  auto* grantee = instance().getGrantee(granteeName);
2190  if (!grantee) {
2191  throw runtime_error("Request to show privileges for " + granteeName +
2192  " failed because role or user with this name does not exist.");
2193  }
2194  object.loadKey(catalog);
2195  grantee->getPrivileges(object, true);
2196 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
static SysCatalog & instance()
Definition: SysCatalog.h:341
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

Grantee * Catalog_Namespace::SysCatalog::getGrantee ( const std::string &  name) const

Definition at line 2483 of file SysCatalog.cpp.

References granteeMap_, and to_upper().

Referenced by buildRoleMapUnlocked(), buildUserRoleMapUnlocked(), createRole_unsafe(), createUser(), getDBObjectPrivileges(), getRoleGrantee(), getRoles(), getUserGrantee(), grantDBObjectPrivileges_unsafe(), grantRole_unsafe(), renameDBObject(), renameUser(), revokeDBObjectPrivileges_unsafe(), and revokeRole_unsafe().

2483  {
2484  sys_read_lock read_lock(this);
2485  auto grantee = granteeMap_.find(to_upper(name));
2486  if (grantee == granteeMap_.end()) { // check to make sure role exists
2487  return nullptr;
2488  }
2489  return grantee->second.get(); // returns pointer to role
2490 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
std::string name() const
Definition: SysCatalog.h:356
std::string to_upper(const std::string &str)
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

std::unordered_map< std::string, std::vector< std::string > > Catalog_Namespace::SysCatalog::getGranteesOfSharedDashboards ( const std::vector< std::string > &  dashboard_ids)

Definition at line 2921 of file SysCatalog.cpp.

References DashboardDBObjectType, sqliteConnector_, and to_string().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

2921  {
2922  sys_sqlite_lock sqlite_lock(this);
2923  std::unordered_map<std::string, std::vector<std::string>> active_grantees;
2924  sqliteConnector_->query("BEGIN TRANSACTION");
2925  try {
2926  for (auto dash : dashboard_ids) {
2927  std::vector<std::string> grantees = {};
2928  sqliteConnector_->query_with_text_params(
2929  "SELECT roleName FROM mapd_object_permissions WHERE objectPermissions NOT IN "
2930  "(0,1) AND objectPermissionsType = ? AND objectId = ?",
2931  std::vector<std::string>{
2932  std::to_string(static_cast<int32_t>(DashboardDBObjectType)), dash});
2933  int num_rows = sqliteConnector_->getNumRows();
2934  if (num_rows == 0) {
2935  // no grantees
2936  continue;
2937  } else {
2938  for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
2939  grantees.push_back(sqliteConnector_->getData<string>(i, 0));
2940  }
2941  active_grantees[dash] = grantees;
2942  }
2943  }
2944  } catch (const std::exception& e) {
2945  sqliteConnector_->query("ROLLBACK TRANSACTION");
2946  throw;
2947  }
2948  sqliteConnector_->query("END TRANSACTION");
2949  return active_grantees;
2950 }
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

std::vector< ObjectRoleDescriptor > Catalog_Namespace::SysCatalog::getMetadataForAllObjects ( ) const

Definition at line 2514 of file SysCatalog.cpp.

References isDashboardSystemRole(), and objectDescriptorMap_.

2514  {
2515  sys_read_lock read_lock(this);
2516  std::vector<ObjectRoleDescriptor> objects;
2517  for (const auto& entry : objectDescriptorMap_) {
2518  auto object_role = entry.second.get();
2519  if (object_role->dbId != 0 && !isDashboardSystemRole(object_role->roleName)) {
2520  objects.emplace_back(*object_role);
2521  }
2522  }
2523  return objects;
2524 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:501
bool isDashboardSystemRole(const std::string &roleName) const
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForDB ( const std::string &  name,
DBMetadata db 
)

Definition at line 1761 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and sqliteConnector_.

Referenced by alterUser(), changeDatabaseOwner(), createDatabase(), createUser(), getCatalog(), getDB(), getMetadataWithDefaultDB(), initializeInformationSchemaDb(), migrateDBAccessPrivileges(), renameDatabase(), and Catalog_Namespace::UserAlterations::wouldChange().

1761  {
1762  sys_read_lock read_lock(this);
1763  sys_sqlite_lock sqlite_lock(this);
1764  sqliteConnector_->query_with_text_param(
1765  "SELECT dbid, name, owner FROM mapd_databases WHERE name = ?", name);
1766  int numRows = sqliteConnector_->getNumRows();
1767  if (numRows == 0) {
1768  return false;
1769  }
1770  db.dbId = sqliteConnector_->getData<int>(0, 0);
1771  db.dbName = sqliteConnector_->getData<string>(0, 1);
1772  db.dbOwner = sqliteConnector_->getData<int>(0, 2);
1773  return true;
1774 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
std::string name() const
Definition: SysCatalog.h:356
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForDBById ( const int32_t  idIn,
DBMetadata db 
)

Definition at line 1776 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, sqliteConnector_, and to_string().

Referenced by getDB(), and getMetadataWithDefaultDB().

1776  {
1777  sys_sqlite_lock sqlite_lock(this);
1778  sqliteConnector_->query_with_text_param(
1779  "SELECT dbid, name, owner FROM mapd_databases WHERE dbid = ?",
1780  std::to_string(idIn));
1781  int numRows = sqliteConnector_->getNumRows();
1782  if (numRows == 0) {
1783  return false;
1784  }
1785  db.dbId = sqliteConnector_->getData<int>(0, 0);
1786  db.dbName = sqliteConnector_->getData<string>(0, 1);
1787  db.dbOwner = sqliteConnector_->getData<int>(0, 2);
1788  return true;
1789 }
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

std::vector< ObjectRoleDescriptor * > Catalog_Namespace::SysCatalog::getMetadataForObject ( int32_t  dbId,
int32_t  dbType,
int32_t  objectId 
) const

Definition at line 2501 of file SysCatalog.cpp.

References objectDescriptorMap_, and to_string().

Referenced by renameDBObject().

2501  {
2502  sys_read_lock read_lock(this);
2503  std::vector<ObjectRoleDescriptor*> objectsList;
2504 
2505  auto range = objectDescriptorMap_.equal_range(std::to_string(dbId) + ":" +
2506  std::to_string(dbType) + ":" +
2507  std::to_string(objectId));
2508  for (auto d = range.first; d != range.second; ++d) {
2509  objectsList.push_back(d->second.get());
2510  }
2511  return objectsList; // return pointers to objects
2512 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:501
std::string to_string(char const *&&v)
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUser ( const std::string &  name,
UserMetadata user 
)

Definition at line 1621 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite(), sqliteConnector_, and temporary_users_by_name_.

Referenced by alterUser(), changeDatabaseOwner(), checkPasswordForUserImpl(), checkPrivileges(), createUser(), dropUser(), getDBObjectPrivileges(), getMetadataWithDefaultDB(), getRoles(), getUser(), grantDBObjectPrivileges_unsafe(), grantRoleBatch_unsafe(), login(), renameUser(), revokeDBObjectPrivileges_unsafe(), and revokeRoleBatch_unsafe().

1621  {
1622  sys_read_lock read_lock(this);
1623  sys_sqlite_lock sqlite_lock(this);
1624  sqliteConnector_->query_with_text_param(
1625  "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
1626  "WHERE name = ?",
1627  name);
1628  int numRows = sqliteConnector_->getNumRows();
1629  if (numRows == 0) {
1630  auto userit = temporary_users_by_name_.find(name);
1631  if (userit != temporary_users_by_name_.end()) {
1632  user = *userit->second;
1633  return true;
1634  } else {
1635  return false;
1636  }
1637  }
1639 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
static bool parseUserMetadataFromSQLite(const std::unique_ptr< SqliteConnector > &conn, UserMetadata &user, int row)
std::string name() const
Definition: SysCatalog.h:356
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unordered_map< std::string, std::shared_ptr< UserMetadata > > temporary_users_by_name_
Definition: SysCatalog.h:531
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUserById ( const int32_t  idIn,
UserMetadata user 
)

Definition at line 1641 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite(), sqliteConnector_, temporary_users_by_id_, and to_string().

Referenced by changeDatabaseOwner(), createDatabase(), getUser(), populateRoleDbObjects(), and reassignObjectOwners().

1641  {
1642  sys_sqlite_lock sqlite_lock(this);
1643  sqliteConnector_->query_with_text_param(
1644  "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
1645  "WHERE userid = ?",
1646  std::to_string(idIn));
1647  int numRows = sqliteConnector_->getNumRows();
1648  if (numRows == 0) {
1649  auto userit = temporary_users_by_id_.find(idIn);
1650  if (userit != temporary_users_by_id_.end()) {
1651  user = *userit->second;
1652  return true;
1653  } else {
1654  return false;
1655  }
1656  }
1658 }
static bool parseUserMetadataFromSQLite(const std::unique_ptr< SqliteConnector > &conn, UserMetadata &user, int row)
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
std::unordered_map< int32_t, std::shared_ptr< UserMetadata > > temporary_users_by_id_
Definition: SysCatalog.h:532

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::getMetadataWithDefaultDB ( std::string &  dbname,
const std::string &  username,
Catalog_Namespace::DBMetadata db_meta,
UserMetadata user_meta 
)
private

Definition at line 1725 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::UserMetadata::defaultDbId, Catalog_Namespace::g_log_user_id, getMetadataForDB(), getMetadataForDBById(), getMetadataForUser(), shared::kDefaultDbName, to_string(), Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

Referenced by login(), and switchDatabase().

1728  {
1729  sys_read_lock read_lock(this);
1730  if (!getMetadataForUser(username, user_meta)) {
1731  throw std::runtime_error("Invalid credentials.");
1732  }
1733 
1734  if (!dbname.empty()) {
1735  if (!getMetadataForDB(dbname, db_meta)) {
1736  throw std::runtime_error("Database name " + dbname + " does not exist.");
1737  }
1738  // loaded the requested database
1739  } else {
1740  if (user_meta.defaultDbId != -1) {
1741  if (!getMetadataForDBById(user_meta.defaultDbId, db_meta)) {
1742  std::string loggable = g_log_user_id ? std::string("") : ' ' + user_meta.userName;
1743  throw std::runtime_error(
1744  "Server error: User #" + std::to_string(user_meta.userId) + loggable +
1745  " has invalid default_db #" + std::to_string(user_meta.defaultDbId) +
1746  " which does not exist.");
1747  }
1748  dbname = db_meta.dbName;
1749  // loaded the user's default database
1750  } else {
1751  if (!getMetadataForDB(shared::kDefaultDbName, db_meta)) {
1752  throw std::runtime_error(std::string("Database ") + shared::kDefaultDbName +
1753  " does not exist.");
1754  }
1755  dbname = shared::kDefaultDbName;
1756  // loaded the mapd database by default
1757  }
1758  }
1759 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string to_string(char const *&&v)
const std::string kDefaultDbName
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120
bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Role * Catalog_Namespace::SysCatalog::getRoleGrantee ( const std::string &  name) const

Definition at line 2492 of file SysCatalog.cpp.

References getGrantee().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles(), grantRole_unsafe(), isRoleGrantedToGrantee(), revokeRole_unsafe(), and syncUserWithRemoteProvider().

2492  {
2493  return dynamic_cast<Role*>(getGrantee(name));
2494 }
std::string name() const
Definition: SysCatalog.h:356
Grantee * getGrantee(const std::string &name) const
Definition: Grantee.h:81

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles ( const std::string &  user_name,
bool  effective = true 
)

Definition at line 2552 of file SysCatalog.cpp.

References getGrantee().

2553  {
2554  sys_read_lock read_lock(this);
2555  auto* grantee = getGrantee(user_name);
2556  if (!grantee) {
2557  throw std::runtime_error("user or role not found");
2558  }
2559  return grantee->getRoles(/*only_direct=*/!effective);
2560 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
Grantee * getGrantee(const std::string &name) const
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles ( bool  include_user_private_role,
bool  is_super,
const std::string &  user_name,
bool  ignore_deleted_user = false 
)

Definition at line 2583 of file SysCatalog.cpp.

References getMetadataForUser(), granteeMap_, isDashboardSystemRole(), and isRoleGrantedToGrantee().

2586  {
2587  sys_read_lock read_lock(this);
2588  if (ignore_deleted_user) {
2589  // In certain cases, it is possible to concurrently call this method while the user is
2590  // being dropped. In such a case, return an empty result.
2591  UserMetadata user;
2592  if (!getMetadataForUser(user_name, user)) {
2593  return {};
2594  }
2595  }
2596  std::vector<std::string> roles;
2597  for (auto& grantee : granteeMap_) {
2598  if (!include_user_private_role && grantee.second->isUser()) {
2599  continue;
2600  }
2601  if (!is_super &&
2602  !isRoleGrantedToGrantee(user_name, grantee.second->getName(), false)) {
2603  continue;
2604  }
2605  if (isDashboardSystemRole(grantee.second->getName())) {
2606  continue;
2607  }
2608  roles.push_back(grantee.second->getName());
2609  }
2610  return roles;
2611 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
bool getMetadataForUser(const std::string &name, UserMetadata &user)
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
bool isDashboardSystemRole(const std::string &roleName) const
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles ( const std::string &  userName,
const int32_t  dbId 
)

Definition at line 2562 of file SysCatalog.cpp.

References isDashboardSystemRole(), isRoleGrantedToGrantee(), sqliteConnector_, and to_string().

2563  {
2564  sys_sqlite_lock sqlite_lock(this);
2565  std::string sql =
2566  "SELECT DISTINCT roleName FROM mapd_object_permissions WHERE "
2567  "objectPermissions<>0 "
2568  "AND roleType=0 AND dbId=" +
2569  std::to_string(dbId);
2570  sqliteConnector_->query(sql);
2571  int numRows = sqliteConnector_->getNumRows();
2572  std::vector<std::string> roles(0);
2573  for (int r = 0; r < numRows; ++r) {
2574  auto roleName = sqliteConnector_->getData<string>(r, 0);
2575  if (isRoleGrantedToGrantee(userName, roleName, false) &&
2576  !isDashboardSystemRole(roleName)) {
2577  roles.push_back(roleName);
2578  }
2579  }
2580  return roles;
2581 }
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
bool isDashboardSystemRole(const std::string &roleName) const

+ Here is the call graph for this function:

SqliteConnector* Catalog_Namespace::SysCatalog::getSqliteConnector ( )
inline

Definition at line 235 of file SysCatalog.h.

References sqliteConnector_.

235 { return sqliteConnector_.get(); }
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
std::optional<UserMetadata> Catalog_Namespace::SysCatalog::getUser ( std::string const &  uname)
inline

Definition at line 201 of file SysCatalog.h.

References getMetadataForUser().

Referenced by alterUser(), createUser(), and syncUserWithRemoteProvider().

201  {
202  if (UserMetadata user; getMetadataForUser(uname, user)) {
203  return user;
204  }
205  return {};
206  }
bool getMetadataForUser(const std::string &name, UserMetadata &user)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

std::optional<UserMetadata> Catalog_Namespace::SysCatalog::getUser ( int32_t const  uid)
inline

Definition at line 207 of file SysCatalog.h.

References getMetadataForUserById().

207  {
208  if (UserMetadata user; getMetadataForUserById(uid, user)) {
209  return user;
210  }
211  return {};
212  }
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)

+ Here is the call graph for this function:

User * Catalog_Namespace::SysCatalog::getUserGrantee ( const std::string &  name) const

Definition at line 2496 of file SysCatalog.cpp.

References getGrantee().

Referenced by checkPrivileges(), createDBObject(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), hasAnyPrivileges(), isRoleGrantedToGrantee(), populateRoleDbObjects(), syncUserWithRemoteProvider(), and verifyDBObjectOwnership().

2496  {
2497  return dynamic_cast<User*>(getGrantee(name));
2498 }
std::string name() const
Definition: SysCatalog.h:356
Definition: Grantee.h:75
Grantee * getGrantee(const std::string &name) const

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantAllOnDatabase_unsafe ( const std::string &  roleName,
DBObject object,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1941 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, g_enable_fsi, grantDBObjectPrivileges_unsafe(), ServerDBObjectType, DBObject::setPermissionType(), DBObject::setPrivileges(), TableDBObjectType, AccessPrivileges::VIEW_SQL_EDITOR, and ViewDBObjectType.

Referenced by createDatabase(), and grantDBObjectPrivileges_unsafe().

1943  {
1944  // It's a separate use case because it's easier for implementation to convert ALL ON
1945  // DATABASE into ALL ON DASHBOARDS, ALL ON VIEWS and ALL ON TABLES
1946  // Add DB Access privileges
1947  DBObject tmp_object = object;
1950  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1953  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1956  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1958  tmp_object.setPermissionType(ViewDBObjectType);
1959  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1960 
1961  if (g_enable_fsi) {
1964  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1965  }
1966 
1969  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1970  return;
1971 }
static const AccessPrivileges VIEW_SQL_EDITOR
Definition: DBObject.h:152
void setPrivileges(const AccessPrivileges &privs)
Definition: DBObject.h:227
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
static const AccessPrivileges ALL_VIEW
Definition: DBObject.h:177
void setPermissionType(const DBObjectType &permissionType)
Definition: DBObject.cpp:160
static const AccessPrivileges ALL_SERVER
Definition: DBObject.h:187
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:169
static const AccessPrivileges ACCESS
Definition: DBObject.h:153
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:157
bool g_enable_fsi
Definition: Catalog.cpp:96

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges ( const std::string &  grantee,
const DBObject object,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 2811 of file SysCatalog.cpp.

References execInTransaction(), and grantDBObjectPrivileges_unsafe().

2813  {
2815  &SysCatalog::grantDBObjectPrivileges_unsafe, grantee, object, catalog);
2816 }
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges_unsafe ( const std::string &  granteeName,
const DBObject  object,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1899 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, CHECK, DatabaseDBObjectType, getGrantee(), getMetadataForUser(), grantAllOnDatabase_unsafe(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), instance(), Catalog_Namespace::UserMetadata::is_temporary, Catalog_Namespace::UserMetadata::isSuper, sqliteConnector_, and updateObjectDescriptorMap().

Referenced by createDBObject(), grantAllOnDatabase_unsafe(), grantDBObjectPrivileges(), grantDBObjectPrivilegesBatch_unsafe(), and runUpdateQueriesAndChangeOwnership().

1902  {
1903  object.loadKey(catalog);
1904  CHECK(object.valid());
1905  if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
1906  object.getObjectKey().permissionType == DatabaseDBObjectType) {
1907  return grantAllOnDatabase_unsafe(granteeName, object, catalog);
1908  }
1909 
1910  sys_write_lock write_lock(this);
1911 
1912  UserMetadata user_meta;
1913  bool is_temporary_user{false};
1914  if (instance().getMetadataForUser(granteeName, user_meta)) {
1915  if (user_meta.isSuper) {
1916  // super doesn't have explicit privileges so nothing to do
1917  return;
1918  }
1919  is_temporary_user = user_meta.is_temporary;
1920  }
1921  auto* grantee = instance().getGrantee(granteeName);
1922  if (!grantee) {
1923  throw runtime_error("Request to grant privileges to " + granteeName +
1924  " failed because role or user with this name does not exist.");
1925  }
1926  grantee->grantPrivileges(object);
1927 
1928  /* apply grant privileges statement to sqlite DB */
1929  std::vector<std::string> objectKey = object.toString();
1930  object.resetPrivileges();
1931  grantee->getPrivileges(object, true);
1932 
1933  if (!is_temporary_user) {
1934  sys_sqlite_lock sqlite_lock(this);
1936  sqliteConnector_, granteeName, grantee->isUser(), object);
1937  }
1938  updateObjectDescriptorMap(granteeName, object, grantee->isUser(), catalog);
1939 }
static const int32_t ALL
Definition: DBObject.h:77
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
heavyai::unique_lock< heavyai::shared_mutex > write_lock
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, const DBObject &object)
Definition: SysCatalog.cpp:477
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
static SysCatalog & instance()
Definition: SysCatalog.h:341
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
#define CHECK(condition)
Definition: Logger.h:222

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch ( const std::vector< std::string > &  grantees,
const std::vector< DBObject > &  objects,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 2818 of file SysCatalog.cpp.

References execInTransaction(), and grantDBObjectPrivilegesBatch_unsafe().

2820  {
2822  &SysCatalog::grantDBObjectPrivilegesBatch_unsafe, grantees, objects, catalog);
2823 }
void grantDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch_unsafe ( const std::vector< std::string > &  grantees,
const std::vector< DBObject > &  objects,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1887 of file SysCatalog.cpp.

References grantDBObjectPrivileges_unsafe().

Referenced by grantDBObjectPrivilegesBatch(), and reassignObjectOwners().

1890  {
1891  for (const auto& grantee : grantees) {
1892  for (const auto& object : objects) {
1893  grantDBObjectPrivileges_unsafe(grantee, object, catalog);
1894  }
1895  }
1896 }
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDefaultPrivilegesToRole_unsafe ( const std::string &  name,
bool  issuper 
)
private
void Catalog_Namespace::SysCatalog::grantRole ( const std::string &  role,
const std::string &  grantee,
const bool  is_temporary = false 
)

Definition at line 2794 of file SysCatalog.cpp.

References execInTransaction(), and grantRole_unsafe().

Referenced by syncUserWithRemoteProvider().

2796  {
2797  execInTransaction(&SysCatalog::grantRole_unsafe, role, grantee, is_temporary);
2798 }
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
void execInTransaction(F &&f, Args &&...args)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRole_unsafe ( const std::string &  roleName,
const std::string &  granteeName,
const bool  is_temporary 
)
private

Definition at line 2271 of file SysCatalog.cpp.

References getGrantee(), getRoleGrantee(), and sqliteConnector_.

Referenced by grantRole(), and grantRoleBatch_unsafe().

2273  {
2274  auto* rl = getRoleGrantee(roleName);
2275  if (!rl) {
2276  throw runtime_error("Request to grant role " + roleName +
2277  " failed because role with this name does not exist.");
2278  }
2279  auto* grantee = getGrantee(granteeName);
2280  if (!grantee) {
2281  throw runtime_error("Request to grant role " + roleName + " failed because grantee " +
2282  granteeName + " does not exist.");
2283  }
2284  sys_write_lock write_lock(this);
2285  if (!grantee->hasRole(rl, true)) {
2286  grantee->grantRole(rl);
2287  if (!is_temporary) {
2288  sys_sqlite_lock sqlite_lock(this);
2289  sqliteConnector_->query_with_text_params(
2290  "INSERT INTO mapd_roles(roleName, userName) VALUES (?, ?)",
2291  std::vector<std::string>{rl->getName(), grantee->getName()});
2292  }
2293  }
2294 }
Grantee * getGrantee(const std::string &name) const
heavyai::unique_lock< heavyai::shared_mutex > write_lock
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
Role * getRoleGrantee(const std::string &name) const
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRoleBatch ( const std::vector< std::string > &  roles,
const std::vector< std::string > &  grantees 
)

Definition at line 2789 of file SysCatalog.cpp.

References execInTransaction(), and grantRoleBatch_unsafe().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

2790  {
2792 }
void grantRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void execInTransaction(F &&f, Args &&...args)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRoleBatch_unsafe ( const std::vector< std::string > &  roles,
const std::vector< std::string > &  grantees 
)
private

Definition at line 2256 of file SysCatalog.cpp.

References getMetadataForUser(), grantRole_unsafe(), and Catalog_Namespace::UserMetadata::is_temporary.

Referenced by grantRoleBatch().

2257  {
2258  for (const auto& role : roles) {
2259  for (const auto& grantee : grantees) {
2260  bool is_temporary_user{false};
2261  UserMetadata user;
2262  if (getMetadataForUser(grantee, user)) {
2263  is_temporary_user = user.is_temporary;
2264  }
2265  grantRole_unsafe(role, grantee, is_temporary_user);
2266  }
2267  }
2268 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::hasAnyPrivileges ( const UserMetadata user,
std::vector< DBObject > &  privObjects 
)

Definition at line 2431 of file SysCatalog.cpp.

References getUserGrantee(), instance(), Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

2432  {
2433  sys_read_lock read_lock(this);
2434  if (user.isSuper) {
2435  return true;
2436  }
2437  auto* user_rl = instance().getUserGrantee(user.userName);
2438  if (!user_rl) {
2439  throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
2440  " does not exist.");
2441  }
2442  for (std::vector<DBObject>::iterator objectIt = privObjects.begin();
2443  objectIt != privObjects.end();
2444  ++objectIt) {
2445  if (!user_rl->hasAnyPrivileges(*objectIt, false)) {
2446  return false;
2447  }
2448  }
2449  return true;
2450 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
static SysCatalog & instance()
Definition: SysCatalog.h:341
User * getUserGrantee(const std::string &name) const
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::hasExecutedMigration ( const std::string &  migration_name) const

Definition at line 3082 of file SysCatalog.cpp.

References hasVersionHistoryTable(), and sqliteConnector_.

Referenced by initializeInformationSchemaDb().

3082  {
3083  if (hasVersionHistoryTable()) {
3084  sys_sqlite_lock sqlite_lock(this);
3085  sqliteConnector_->query_with_text_params(
3086  "SELECT migration_history FROM mapd_version_history WHERE migration_history = ?",
3087  std::vector<std::string>{migration_name});
3088  return (sqliteConnector_->getNumRows() > 0);
3089  }
3090  return false;
3091 }
bool hasVersionHistoryTable() const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::hasVersionHistoryTable ( ) const
private

Definition at line 3103 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by hasExecutedMigration(), and recordExecutedMigration().

3103  {
3104  sys_sqlite_lock sqlite_lock(this);
3105  sqliteConnector_->query(
3106  "select name from sqlite_master WHERE type='table' AND "
3107  "name='mapd_version_history'");
3108  return (sqliteConnector_->getNumRows() > 0);
3109 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::importDataFromOldMapdDB ( )
private

Definition at line 359 of file SysCatalog.cpp.

References basePath_, logger::ERROR, logger::INFO, shared::kCatalogDirectoryName, shared::kSystemCatalogName, LOG, and sqliteConnector_.

359  {
360  sys_sqlite_lock sqlite_lock(this);
361  std::string mapd_db_path = basePath_ + "/" + shared::kCatalogDirectoryName + "/mapd";
362  sqliteConnector_->query("ATTACH DATABASE `" + mapd_db_path + "` as old_cat");
363  sqliteConnector_->query("BEGIN TRANSACTION");
364  LOG(INFO) << "Moving global metadata into a separate catalog";
365  try {
366  auto moveTableIfExists = [conn = sqliteConnector_.get()](const std::string& tableName,
367  bool deleteOld = true) {
368  conn->query("SELECT sql FROM old_cat.sqlite_master WHERE type='table' AND name='" +
369  tableName + "'");
370  if (conn->getNumRows() != 0) {
371  conn->query(conn->getData<string>(0, 0));
372  conn->query("INSERT INTO " + tableName + " SELECT * FROM old_cat." + tableName);
373  if (deleteOld) {
374  conn->query("DROP TABLE old_cat." + tableName);
375  }
376  }
377  };
378  moveTableIfExists("mapd_users");
379  moveTableIfExists("mapd_databases");
380  moveTableIfExists("mapd_roles");
381  moveTableIfExists("mapd_object_permissions");
382  moveTableIfExists("mapd_privileges");
383  moveTableIfExists("mapd_version_history", false);
384  } catch (const std::exception& e) {
385  LOG(ERROR) << "Failed to move global metadata into a separate catalog: " << e.what();
386  sqliteConnector_->query("ROLLBACK TRANSACTION");
387  try {
388  sqliteConnector_->query("DETACH DATABASE old_cat");
389  } catch (const std::exception&) {
390  // nothing to do here
391  }
392  throw;
393  }
394  sqliteConnector_->query("END TRANSACTION");
395  const std::string sys_catalog_path =
396  basePath_ + "/" + shared::kCatalogDirectoryName + "/" + shared::kSystemCatalogName;
397  LOG(INFO) << "Global metadata has been successfully moved into a separate catalog: "
398  << sys_catalog_path
399  << ". Using this database with an older version of heavydb "
400  "is now impossible.";
401  try {
402  sqliteConnector_->query("DETACH DATABASE old_cat");
403  } catch (const std::exception&) {
404  // nothing to do here
405  }
406 }
#define LOG(tag)
Definition: Logger.h:216
const std::string kSystemCatalogName
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
const std::string kCatalogDirectoryName
void Catalog_Namespace::SysCatalog::init ( const std::string &  basePath,
std::shared_ptr< Data_Namespace::DataMgr dataMgr,
const AuthMetadata authMetadata,
std::shared_ptr< Calcite calcite,
bool  is_new_db,
bool  aggregator,
const std::vector< LeafHostInfo > &  string_dict_hosts 
)

Definition at line 161 of file SysCatalog.cpp.

References anonymous_namespace{SysCatalog.cpp}::copy_catalog_if_read_only(), Catalog_Namespace::dsqliteMutex_(), g_multi_instance, shared::kCatalogDirectoryName, shared::kLockfilesDirectoryName, shared::kSystemCatalogName, migrations::MigrationMgr::migrationEnabled(), migrations::MigrationMgr::relaxMigrationLock(), and migrations::MigrationMgr::takeMigrationLock().

167  {
168  basePath_ = !g_multi_instance ? copy_catalog_if_read_only(basePath).string() : basePath;
171  dcatalogMutex_ = std::make_unique<heavyai::DistributedSharedMutex>(
172  std::filesystem::path(basePath_) / shared::kLockfilesDirectoryName /
174  [this](size_t) {
176  *dsqliteMutex_);
178  });
179  dsqliteMutex_ = std::make_unique<heavyai::DistributedSharedMutex>(
180  std::filesystem::path(basePath_) / shared::kLockfilesDirectoryName /
183  sys_sqlite_lock sqlite_lock(this);
184  dataMgr_ = dataMgr;
185  authMetadata_ = &authMetadata;
186  pki_server_.reset(new PkiServer(*authMetadata_));
187  calciteMgr_ = calcite;
188  string_dict_hosts_ = string_dict_hosts;
189  aggregator_ = aggregator;
191  if (is_new_db) {
192  initDB();
193  } else {
194  bool db_exists =
195  boost::filesystem::exists(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
197  if (!db_exists) {
199  }
203  }
204  }
205  buildMaps(is_new_db);
206 }
void buildMaps(bool is_new_db=false)
Definition: SysCatalog.cpp:208
bool g_multi_instance
Definition: heavyai_locks.h:21
static void relaxMigrationLock()
const std::string kSystemCatalogName
heavyai::unique_lock< heavyai::shared_mutex > write_lock
std::unique_ptr< PkiServer > pki_server_
Definition: SysCatalog.h:505
const AuthMetadata * authMetadata_
Definition: SysCatalog.h:506
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
static bool migrationEnabled()
Definition: MigrationMgr.h:43
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:504
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_lock< T > unique_lock
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
std::unique_ptr< heavyai::DistributedSharedMutex > dsqliteMutex_
Definition: SysCatalog.h:523
static void takeMigrationLock(const std::string &base_path)
void buildMapsUnlocked(bool is_new_db=false)
Definition: SysCatalog.cpp:215
const std::string kCatalogDirectoryName
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:508
std::unique_ptr< heavyai::DistributedSharedMutex > dcatalogMutex_
Definition: SysCatalog.h:522
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:507
const std::string kLockfilesDirectoryName
std::filesystem::path copy_catalog_if_read_only(std::filesystem::path base_data_path)
Definition: SysCatalog.cpp:79

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::initDB ( )
private

Definition at line 279 of file SysCatalog.cpp.

References createDatabase(), createRole_unsafe(), g_read_only, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), shared::kDefaultDbName, shared::kDefaultRootPasswd, shared::kRootUserId, shared::kRootUserIdStr, shared::kRootUsername, and sqliteConnector_.

279  {
280  if (g_read_only) {
281  throw std::runtime_error("can't init a new database in read-only mode");
282  }
283  sys_sqlite_lock sqlite_lock(this);
284  sqliteConnector_->query("BEGIN TRANSACTION");
285  try {
286  sqliteConnector_->query(
287  "CREATE TABLE mapd_users (userid integer primary key, name text unique, "
288  "passwd_hash text, issuper boolean, default_db integer references "
289  "mapd_databases, can_login boolean)");
290  sqliteConnector_->query_with_text_params(
291  "INSERT INTO mapd_users VALUES (?, ?, ?, 1, NULL, 1)",
292  std::vector<std::string>{shared::kRootUserIdStr,
295  sqliteConnector_->query(
296  "CREATE TABLE mapd_databases (dbid integer primary key, name text unique, owner "
297  "integer references mapd_users)");
298  sqliteConnector_->query(
299  "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
300  "userName))");
301  sqliteConnector_->query(
302  "CREATE TABLE mapd_object_permissions ("
303  "roleName text, "
304  "roleType bool, "
305  "dbId integer references mapd_databases, "
306  "objectName text, "
307  "objectId integer, "
308  "objectPermissionsType integer, "
309  "objectPermissions integer, "
310  "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
311  "objectId))");
312  } catch (const std::exception&) {
313  sqliteConnector_->query("ROLLBACK TRANSACTION");
314  throw;
315  }
316  sqliteConnector_->query("END TRANSACTION");
319  shared::kRootUsername, /*userPrivateRole=*/true, /*is_temporary=*/false);
320 }
const int kRootUserId
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
const std::string kDefaultDbName
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:71
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
const std::string kRootUsername
bool g_read_only
Definition: File.cpp:40
const std::string kDefaultRootPasswd
const std::string kRootUserIdStr
void createDatabase(const std::string &dbname, int owner)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::initializeInformationSchemaDb ( )
private

Definition at line 3061 of file SysCatalog.cpp.

References createDatabase(), dropDatabase(), g_enable_system_tables, getMetadataForDB(), hasExecutedMigration(), shared::kInfoSchemaDbName, shared::kInfoSchemaMigrationName, shared::kRootUserId, LOG, recordExecutedMigration(), and logger::WARNING.

3061  {
3063  sys_write_lock write_lock(this);
3064  DBMetadata db_metadata;
3065  if (getMetadataForDB(shared::kInfoSchemaDbName, db_metadata)) {
3066  LOG(WARNING) << "A database with name \"" << shared::kInfoSchemaDbName
3067  << "\" already exists. System table creation will be skipped. Rename "
3068  "this database in order to use system tables.";
3069  } else {
3071  try {
3073  } catch (...) {
3075  dropDatabase(db_metadata);
3076  throw;
3077  }
3078  }
3079  }
3080 }
void recordExecutedMigration(const std::string &migration_name) const
const int kRootUserId
#define LOG(tag)
Definition: Logger.h:216
void dropDatabase(const DBMetadata &db)
heavyai::unique_lock< heavyai::shared_mutex > write_lock
const std::string kInfoSchemaDbName
bool g_enable_system_tables
Definition: SysCatalog.cpp:64
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
bool hasExecutedMigration(const std::string &migration_name) const
void createDatabase(const std::string &dbname, int owner)
const std::string kInfoSchemaMigrationName
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

static SysCatalog& Catalog_Namespace::SysCatalog::instance ( )
inlinestatic

Definition at line 341 of file SysCatalog.h.

References instance_, instance_mutex_, and SysCatalog().

Referenced by foreign_storage::anonymous_namespace{LogFileBufferParser.cpp}::add_nonce_values(), foreign_storage::cache_blocks(), AlterForeignServerCommand::changeForeignServerOwner(), AlterDatabaseCommand::changeOwner(), Catalog_Namespace::SessionInfo::checkDBAccessPrivileges(), checkPermissionForTables(), checkPrivileges(), QueryRunner::QueryRunner::clearCpuMemory(), QueryRunner::QueryRunner::clearGpuMemory(), Executor::clearMemory(), Parser::create_stmt_for_query(), Catalog_Namespace::Catalog::createDashboardSystemRoles(), createDBObject(), foreign_storage::ForeignDataWrapperFactory::createForeignTableProxy(), foreign_storage::ParquetDataWrapper::createRenderGroupAnalyzers(), foreign_storage::AbstractTextFileDataWrapper::createRenderGroupAnalyzers(), QueryRunner::QueryRunner::createStatement(), CreateForeignServerCommand::execute(), DropForeignServerCommand::execute(), CreateForeignTableCommand::execute(), ShowCreateTableCommand::execute(), ShowDatabasesCommand::execute(), ShowUserDetailsCommand::execute(), ShowRolesCommand::execute(), RefreshForeignTablesCommand::execute(), AlterDatabaseCommand::execute(), foreign_storage::ParquetDataWrapper::fetchChunkMetadata(), foreign_storage::ForeignTableSchema::ForeignTableSchema(), foreign_storage::anonymous_namespace{InternalCatalogDataWrapper.cpp}::get_all_dashboards(), foreign_storage::anonymous_namespace{InternalCatalogDataWrapper.cpp}::get_all_role_assignments(), foreign_storage::anonymous_namespace{InternalCatalogDataWrapper.cpp}::get_all_tables(), foreign_storage::anonymous_namespace{InternalMemoryStatsDataWrapper.cpp}::get_column_name(), foreign_storage::get_db_name(), foreign_storage::get_foreign_table_for_key(), foreign_storage::anonymous_namespace{InternalCatalogDataWrapper.cpp}::get_table_ddl(), foreign_storage::get_table_name(), Catalog_Namespace::anonymous_namespace{Catalog.cpp}::get_user_id_to_user_name_map(), foreign_storage::anonymous_namespace{InternalCatalogDataWrapper.cpp}::get_user_name(), QueryRunner::QueryRunner::getBufferPoolStats(), QueryRunner::QueryRunner::getCalcitePlan(), foreign_storage::ParseBufferRequest::getCatalog(), foreign_storage::ParquetImportBatchResult::getChunksAndDictionaries(), lockmgr::TableLockMgrImpl< TableDataLockMgr >::getClusterTableMutex(), foreign_storage::ParquetDataWrapper::getColumnsToInitialize(), getDBObjectPrivileges(), QueryRunner::QueryRunner::getExecutor(), Executor::getExecutor(), QueryRunner::QueryRunner::getMemoryInfo(), Parser::LocalQueryConnector::getOuterFragmentCount(), QueryRunner::QueryRunner::getParsedGlobalQueryHints(), QueryRunner::QueryRunner::getParsedQueryHint(), QueryRunner::QueryRunner::getParsedQueryHints(), QueryRunner::QueryRunner::getQueryInfoForDataRecyclerTest(), QueryRunner::QueryRunner::getRaExecutionSequence(), QueryRunner::QueryRunner::getRelAlgTranslator(), QueryRunner::QueryRunner::getRootNodeFromParsedQuery(), grantDBObjectPrivileges_unsafe(), hasAnyPrivileges(), EmbeddedDatabase::DBEngineImpl::importArrowTable(), foreign_storage::init_chunk_for_column(), foreign_storage::Csv::init_chunk_for_column(), foreign_storage::InternalCatalogDataWrapper::initializeObjectsForTable(), foreign_storage::InternalMemoryStatsDataWrapper::initializeObjectsForTable(), foreign_storage::InternalStorageStatsDataWrapper::initializeObjectsForTable(), PersistentStorageMgr::isForeignStorage(), isRoleGrantedToGrantee(), foreign_storage::AbstractTextFileDataWrapper::iterativeFileScan(), foreign_storage::ParquetDataWrapper::loadBuffersUsingLazyParquetChunkLoader(), DBObject::loadKey(), main(), DBHandler::parse_to_ra(), foreign_storage::InternalSystemDataWrapper::populateChunkBuffers(), foreign_storage::AbstractTextFileDataWrapper::populateChunkBuffers(), foreign_storage::InternalSystemDataWrapper::populateChunkMetadata(), foreign_storage::AbstractTextFileDataWrapper::populateChunkMetadata(), QueryRunner::QueryRunner::QueryRunner(), Catalog_Namespace::Catalog::recordOwnershipOfObjectsInObjectPermissions(), AlterDatabaseCommand::rename(), AlterForeignServerCommand::renameForeignServer(), revokeDBObjectPrivileges_unsafe(), QueryRunner::QueryRunner::runDDLStatement(), QueryRunner::QueryRunner::runSelectQuery(), QueryRunner::QueryRunner::runSQL(), QueryRunner::QueryRunner::runSQLWithAllowingInterrupt(), EmbeddedDatabase::DBEngineImpl::setDatabase(), foreign_storage::ForeignTableRefreshScheduler::start(), foreign_storage::AbstractTextFileDataWrapper::updateMetadata(), verifyDBObjectOwnership(), and Catalog_Namespace::UserAlterations::wouldChange().

341  {
343  if (!instance_) {
344  instance_.reset(new SysCatalog());
345  }
346  return *instance_;
347  }
static std::unique_ptr< SysCatalog > instance_
Definition: SysCatalog.h:519
static std::mutex instance_mutex_
Definition: SysCatalog.h:518
std::unique_lock< T > unique_lock

+ Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::isAggregator ( ) const
inline

Definition at line 340 of file SysCatalog.h.

References aggregator_.

Referenced by Parser::create_stmt_for_query(), ShowCreateTableCommand::execute(), Parser::LocalQueryConnector::getOuterFragmentCount(), and DBHandler::parse_to_ra().

340 { return aggregator_; }

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::isDashboardSystemRole ( const std::string &  roleName) const
private

Definition at line 2548 of file SysCatalog.cpp.

References SYSTEM_ROLE_TAG().

Referenced by getCreatedRoles(), getMetadataForAllObjects(), and getRoles().

2548  {
2549  return boost::algorithm::ends_with(roleName, SYSTEM_ROLE_TAG);
2550 }
static const std::string SYSTEM_ROLE_TAG("#dash_system_role")
specifies the content in-memory of a row in the dashboard

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::isRoleGrantedToGrantee ( const std::string &  granteeName,
const std::string &  roleName,
bool  only_direct 
) const

Definition at line 2526 of file SysCatalog.cpp.

References CHECK, getRoleGrantee(), getUserGrantee(), Grantee::hasRole(), and instance().

Referenced by getRoles().

2528  {
2529  sys_read_lock read_lock(this);
2530  if (roleName == granteeName) {
2531  return true;
2532  }
2533  bool is_role_granted = false;
2534  auto* target_role = instance().getRoleGrantee(roleName);
2535  auto has_role = [&](auto grantee_rl) {
2536  is_role_granted = target_role && grantee_rl->hasRole(target_role, only_direct);
2537  };
2538  if (auto* user_role = instance().getUserGrantee(granteeName); user_role) {
2539  has_role(user_role);
2540  } else if (auto* role = instance().getRoleGrantee(granteeName); role) {
2541  has_role(role);
2542  } else {
2543  CHECK(false);
2544  }
2545  return is_role_granted;
2546 }
heavyai::shared_lock< heavyai::shared_mutex > read_lock
static SysCatalog & instance()
Definition: SysCatalog.h:341
Role * getRoleGrantee(const std::string &name) const
User * getUserGrantee(const std::string &name) const
bool hasRole(Role *role, bool only_direct) const
Definition: Grantee.cpp:55
#define CHECK(condition)
Definition: Logger.h:222
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:120

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::login ( std::string &  db,
std::string &  username,
const std::string &  password,
UserMetadata user_meta,
bool  check_password = true 
)

logins (connects) a user against a database.

throws a std::exception in all error cases! (including wrong password)

Definition at line 863 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::can_login, getCatalog(), getMetadataForUser(), getMetadataWithDefaultDB(), and loginImpl().

867  {
868  // NOTE(sy): The dbname isn't const because getMetadataWithDefaultDB()
869  // can reset it. The username isn't const because SamlServer's
870  // login()/authenticate_user() can reset it.
871 
872  if (check_password) {
873  loginImpl(username, password, user_meta);
874  } else { // not checking for password so user must exist
875  if (!getMetadataForUser(username, user_meta)) {
876  throw std::runtime_error("Invalid credentials.");
877  }
878  }
879  // we should have a user and user_meta by now
880  if (!user_meta.can_login) {
881  throw std::runtime_error("Unauthorized Access: User " + username + " is deactivated");
882  }
884  getMetadataWithDefaultDB(dbname, username, db_meta, user_meta);
885  return getCatalog(db_meta, false);
886 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
void loginImpl(std::string &username, const std::string &password, UserMetadata &user_meta)
Definition: SysCatalog.cpp:889
void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::loginImpl ( std::string &  username,
const std::string &  password,
UserMetadata user_meta 
)
private

Definition at line 889 of file SysCatalog.cpp.

References checkPasswordForUser().

Referenced by login().

891  {
892  if (!checkPasswordForUser(password, username, user_meta)) {
893  throw std::runtime_error("Authentication failure");
894  }
895 }
bool checkPasswordForUser(const std::string &passwd, std::string &name, UserMetadata &user)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migrateDBAccessPrivileges ( )
private

Definition at line 768 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, CHECK, DatabaseDBObjectType, DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, logger::ERROR, getMetadataForDB(), logger::INFO, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kRootUserId, LOG, MAPD_VERSION, DBObjectKey::permissionType, DBObject::setName(), DBObject::setObjectType(), sqliteConnector_, to_string(), DBObject::updatePrivileges(), and AccessPrivileges::VIEW_SQL_EDITOR.

Referenced by checkAndExecuteMigrations().

768  {
769  sys_sqlite_lock sqlite_lock(this);
770  sqliteConnector_->query("BEGIN TRANSACTION");
771  try {
772  sqliteConnector_->query(
773  "select name from sqlite_master WHERE type='table' AND "
774  "name='mapd_version_history'");
775  if (sqliteConnector_->getNumRows() == 0) {
776  sqliteConnector_->query(
777  "CREATE TABLE mapd_version_history(version integer, migration_history text "
778  "unique)");
779  } else {
780  sqliteConnector_->query(
781  "select * from mapd_version_history where migration_history = "
782  "'db_access_privileges'");
783  if (sqliteConnector_->getNumRows() != 0) {
784  // both privileges migrated
785  // no need for further execution
786  sqliteConnector_->query("END TRANSACTION");
787  return;
788  }
789  }
790  // Insert check for migration
791  sqliteConnector_->query_with_text_params(
792  "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
793  std::vector<std::string>{std::to_string(MAPD_VERSION), "db_access_privileges"});
794 
795  sqliteConnector_->query("select dbid, name from mapd_databases");
796  std::unordered_map<int, string> databases;
797  for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
798  databases[sqliteConnector_->getData<int>(i, 0)] =
799  sqliteConnector_->getData<string>(i, 1);
800  }
801 
802  sqliteConnector_->query("select userid, name from mapd_users");
803  std::unordered_map<int, string> users;
804  for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
805  users[sqliteConnector_->getData<int>(i, 0)] =
806  sqliteConnector_->getData<string>(i, 1);
807  }
808 
809  // All existing users by default will be granted DB Access permissions
810  // and view sql editor privileges
811  DBMetadata dbmeta;
812  for (auto db_ : databases) {
813  CHECK(getMetadataForDB(db_.second, dbmeta));
814  for (auto user : users) {
815  if (user.first != shared::kRootUserId) {
816  {
817  DBObjectKey key;
819  key.dbId = dbmeta.dbId;
820 
821  // access permission;
822  DBObject object_access(key, AccessPrivileges::ACCESS, dbmeta.dbOwner);
823  object_access.setObjectType(DBObjectType::DatabaseDBObjectType);
824  object_access.setName(dbmeta.dbName);
825  // sql_editor permission
826  DBObject object_editor(
827  key, AccessPrivileges::VIEW_SQL_EDITOR, dbmeta.dbOwner);
828  object_editor.setObjectType(DBObjectType::DatabaseDBObjectType);
829  object_editor.setName(dbmeta.dbName);
830  object_editor.updatePrivileges(object_access);
832  sqliteConnector_, user.second, true, object_editor);
833  }
834  }
835  }
836  }
837  } catch (const std::exception& e) {
838  LOG(ERROR) << "Failed to migrate db access privileges: " << e.what();
839  sqliteConnector_->query("ROLLBACK TRANSACTION");
840  throw;
841  }
842  sqliteConnector_->query("END TRANSACTION");
843  LOG(INFO) << "Successfully migrated db access privileges";
844 }
static const AccessPrivileges VIEW_SQL_EDITOR
Definition: DBObject.h:152
const int kRootUserId
#define LOG(tag)
Definition: Logger.h:216
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, const DBObject &object)
Definition: SysCatalog.cpp:477
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
static const int32_t MAPD_VERSION
Definition: release.h:32
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
int32_t dbId
Definition: DBObject.h:54
static const AccessPrivileges ACCESS
Definition: DBObject.h:153
#define CHECK(condition)
Definition: Logger.h:222
int32_t permissionType
Definition: DBObject.h:53
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migratePrivileged_old ( )
private

Definition at line 846 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

846  {
847  sys_sqlite_lock sqlite_lock(this);
848 
849  sqliteConnector_->query("BEGIN TRANSACTION");
850  try {
851  sqliteConnector_->query(
852  "CREATE TABLE IF NOT EXISTS mapd_privileges (userid integer references "
853  "mapd_users, dbid integer references "
854  "mapd_databases, select_priv boolean, insert_priv boolean, UNIQUE(userid, "
855  "dbid))");
856  } catch (const std::exception& e) {
857  sqliteConnector_->query("ROLLBACK TRANSACTION");
858  throw;
859  }
860  sqliteConnector_->query("END TRANSACTION");
861 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migratePrivileges ( )
private

Definition at line 510 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD_MIGRATE, AccessPrivileges::ALL_TABLE_MIGRATE, AccessPrivileges::ALL_VIEW_MIGRATE, DashboardDBObjectType, DatabaseDBObjectType, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kRootUserId, AccessPrivileges::NONE, sqliteConnector_, TableDBObjectType, run_benchmark_import::type, and ViewDBObjectType.

Referenced by checkAndExecuteMigrations().

510  {
511  sys_sqlite_lock sqlite_lock(this);
512  sqliteConnector_->query("BEGIN TRANSACTION");
513  try {
514  sqliteConnector_->query(
515  "SELECT name FROM sqlite_master WHERE type='table' AND "
516  "name='mapd_object_permissions'");
517  if (sqliteConnector_->getNumRows() != 0) {
518  // already done
519  sqliteConnector_->query("END TRANSACTION");
520  return;
521  }
522 
523  sqliteConnector_->query(
524  "CREATE TABLE IF NOT EXISTS mapd_object_permissions ("
525  "roleName text, "
526  "roleType bool, "
527  "dbId integer references mapd_databases, "
528  "objectName text, "
529  "objectId integer, "
530  "objectPermissionsType integer, "
531  "objectPermissions integer, "
532  "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
533  "objectId))");
534 
535  // get the list of databases and their grantees
536  sqliteConnector_->query(
537  "SELECT userid, dbid FROM mapd_privileges WHERE select_priv = 1 and insert_priv "
538  "= 1");
539  size_t numRows = sqliteConnector_->getNumRows();
540  vector<pair<int, int>> db_grantees(numRows);
541  for (size_t i = 0; i < numRows; ++i) {
542  db_grantees[i].first = sqliteConnector_->getData<int>(i, 0);
543  db_grantees[i].second = sqliteConnector_->getData<int>(i, 1);
544  }
545  // map user names to user ids
546  sqliteConnector_->query("select userid, name from mapd_users");
547  numRows = sqliteConnector_->getNumRows();
548  std::unordered_map<int, string> users_by_id;
549  std::unordered_map<int, bool> user_has_privs;
550  for (size_t i = 0; i < numRows; ++i) {
551  users_by_id[sqliteConnector_->getData<int>(i, 0)] =
552  sqliteConnector_->getData<string>(i, 1);
553  user_has_privs[sqliteConnector_->getData<int>(i, 0)] = false;
554  }
555  // map db names to db ids
556  sqliteConnector_->query("select dbid, name from mapd_databases");
557  numRows = sqliteConnector_->getNumRows();
558  std::unordered_map<int, string> dbs_by_id;
559  for (size_t i = 0; i < numRows; ++i) {
560  dbs_by_id[sqliteConnector_->getData<int>(i, 0)] =
561  sqliteConnector_->getData<string>(i, 1);
562  }
563  // migrate old privileges to new privileges: if user had insert access to database, he
564  // was a grantee
565  for (const auto& grantee : db_grantees) {
566  user_has_privs[grantee.first] = true;
567  auto dbName = dbs_by_id[grantee.second];
568  {
569  // table level permissions
571  DBObjectKey key{type, grantee.second};
572  DBObject object(
575  sqliteConnector_, users_by_id[grantee.first], true, object);
576  }
577 
578  {
579  // dashboard level permissions
581  DBObjectKey key{type, grantee.second};
582  DBObject object(dbName,
583  type,
584  key,
588  sqliteConnector_, users_by_id[grantee.first], true, object);
589  }
590 
591  {
592  // view level permissions
594  DBObjectKey key{type, grantee.second};
595  DBObject object(
598  sqliteConnector_, users_by_id[grantee.first], true, object);
599  }
600  }
601  for (auto user : user_has_privs) {
602  auto dbName = dbs_by_id[0];
603  if (user.second == false && user.first != shared::kRootUserId) {
604  {
606  DBObjectKey key{type, 0};
609  sqliteConnector_, users_by_id[user.first], true, object);
610  }
611  }
612  }
613  } catch (const std::exception&) {
614  sqliteConnector_->query("ROLLBACK TRANSACTION");
615  throw;
616  }
617  sqliteConnector_->query("END TRANSACTION");
618 }
const int kRootUserId
static const AccessPrivileges ALL_TABLE_MIGRATE
Definition: DBObject.h:156
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, const DBObject &object)
Definition: SysCatalog.cpp:477
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
static const AccessPrivileges ALL_DASHBOARD_MIGRATE
Definition: DBObject.h:168
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
static const AccessPrivileges NONE
Definition: DBObject.h:148
static const AccessPrivileges ALL_VIEW_MIGRATE
Definition: DBObject.h:176

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

std::string Catalog_Namespace::SysCatalog::name ( ) const
inline

Definition at line 356 of file SysCatalog.h.

References shared::kSystemCatalogName.

Referenced by alterUser(), buildRoleMapUnlocked(), createUser(), and Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users().

356 { return shared::kSystemCatalogName; }
const std::string kSystemCatalogName

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::populateRoleDbObjects ( const std::vector< DBObject > &  objects)

Definition at line 2672 of file SysCatalog.cpp.

References CHECK, getMetadataForUserById(), getUserGrantee(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), sqliteConnector_, and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::Catalog::recordOwnershipOfObjectsInObjectPermissions().

2672  {
2673  sys_write_lock write_lock(this);
2674  sys_sqlite_lock sqlite_lock(this);
2675  sqliteConnector_->query("BEGIN TRANSACTION");
2676  try {
2677  for (auto dbobject : objects) {
2678  UserMetadata user;
2679  CHECK(getMetadataForUserById(dbobject.getOwner(), user));
2680  auto* grantee = getUserGrantee(user.userName);
2681  if (grantee) {
2683  sqliteConnector_, grantee->getName(), true, dbobject);
2684  grantee->grantPrivileges(dbobject);
2685  }
2686  }
2687 
2688  } catch (const std::exception& e) {
2689  sqliteConnector_->query("ROLLBACK TRANSACTION");
2690  throw;
2691  }
2692  sqliteConnector_->query("END TRANSACTION");
2693 }
heavyai::unique_lock< heavyai::shared_mutex > write_lock
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, const DBObject &object)
Definition: SysCatalog.cpp:477
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
User * getUserGrantee(const std::string &name) const
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
#define CHECK(condition)
Definition: Logger.h:222

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::reassignObjectOwners ( const std::map< int32_t, std::vector< DBObject >> &  old_owner_db_objects,
int32_t  new_owner_id,
const Catalog_Namespace::Catalog catalog 
)

Reassigns database object ownership from a set of users (old owners) to another user (new owner).

Parameters
old_owner_db_objects- map of user ids and database objects whose ownership will be reassigned
new_owner_id- id of user who will own reassigned database objects
catalog- catalog for database where ownership reassignment occurred

Definition at line 3006 of file SysCatalog.cpp.

References CHECK, shared::contains(), Catalog_Namespace::Catalog::getDatabaseId(), getMetadataForUserById(), grantDBObjectPrivilegesBatch_unsafe(), granteeMap_, Catalog_Namespace::UserMetadata::isSuper, objectDescriptorMap_, rebuildObjectMapsUnlocked(), revokeDBObjectPrivilegesBatch_unsafe(), sqliteConnector_, to_string(), and Catalog_Namespace::UserMetadata::userName.

3009  {
3010  sys_write_lock write_lock(this);
3011  sys_sqlite_lock sqlite_lock(this);
3012 
3013  sqliteConnector_->query("BEGIN TRANSACTION");
3014  try {
3015  UserMetadata new_owner;
3016  CHECK(getMetadataForUserById(new_owner_id, new_owner));
3017  for (const auto& [old_owner_id, db_objects] : old_owner_db_objects) {
3018  UserMetadata old_owner;
3019  CHECK(getMetadataForUserById(old_owner_id, old_owner));
3020  if (!old_owner.isSuper) {
3021  revokeDBObjectPrivilegesBatch_unsafe({old_owner.userName}, db_objects, catalog);
3022  }
3023  if (!new_owner.isSuper) {
3024  grantDBObjectPrivilegesBatch_unsafe({new_owner.userName}, db_objects, catalog);
3025  }
3026  }
3027 
3028  std::set<int32_t> old_owner_ids;
3029  for (const auto& [old_owner_id, db_objects] : old_owner_db_objects) {
3030  old_owner_ids.emplace(old_owner_id);
3031  }
3032 
3033  auto db_id = catalog.getDatabaseId();
3034  for (const auto old_user_id : old_owner_ids) {
3035  sqliteConnector_->query_with_text_params(
3036  "UPDATE mapd_object_permissions SET objectOwnerId = ? WHERE objectOwnerId = ? "
3037  "AND dbId = ? AND objectId != -1",
3038  std::vector<std::string>{std::to_string(new_owner_id),
3039  std::to_string(old_user_id),
3040  std::to_string(db_id)});
3041  }
3042 
3043  for (const auto& [user_or_role, grantee] : granteeMap_) {
3044  grantee->reassignObjectOwners(old_owner_ids, new_owner_id, db_id);
3045  }
3046 
3047  for (const auto& [object_key, object_descriptor] : objectDescriptorMap_) {
3048  if (object_descriptor->objectId != -1 && object_descriptor->dbId == db_id &&
3049  shared::contains(old_owner_ids, object_descriptor->objectOwnerId)) {
3050  object_descriptor->objectOwnerId = new_owner_id;
3051  }
3052  }
3053  } catch (std::exception& e) {
3054  sqliteConnector_->query("ROLLBACK TRANSACTION");
3056  throw;
3057  }
3058  sqliteConnector_->query("END TRANSACTION");
3059 }
bool contains(const T &container, const U &element)
Definition: misc.h:195
void revokeDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:501
heavyai::unique_lock< heavyai::shared_mutex > write_lock
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
int getDatabaseId() const
Definition: Catalog.h:298
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
void grantDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
#define CHECK(condition)
Definition: Logger.h:222

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::rebuildObjectMapsUnlocked ( )
private

Definition at line 3118 of file SysCatalog.cpp.

References buildObjectDescriptorMapUnlocked(), buildRoleMapUnlocked(), granteeMap_, and objectDescriptorMap_.

Referenced by reassignObjectOwners(), and runUpdateQueriesAndChangeOwnership().

3118  {
3119  // Rebuild updated maps from storage
3120  granteeMap_.clear();
3122  objectDescriptorMap_.clear();
3124 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:501

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::recordExecutedMigration ( const std::string &  migration_name) const
private

Definition at line 3093 of file SysCatalog.cpp.

References createVersionHistoryTable(), hasVersionHistoryTable(), MAPD_VERSION, sqliteConnector_, and to_string().

Referenced by initializeInformationSchemaDb().

3093  {
3094  if (!hasVersionHistoryTable()) {
3096  }
3097  sys_sqlite_lock sqlite_lock(this);
3098  sqliteConnector_->query_with_text_params(
3099  "INSERT INTO mapd_version_history(version, migration_history) values(?, ?)",
3100  std::vector<std::string>{std::to_string(MAPD_VERSION), migration_name});
3101 }
std::string to_string(char const *&&v)
bool hasVersionHistoryTable() const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
static const int32_t MAPD_VERSION
Definition: release.h:32
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
void createVersionHistoryTable() const

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::removeCatalog ( const std::string &  dbName)

Definition at line 3002 of file SysCatalog.cpp.

References cat_map_.

Referenced by createDatabase(), dropDatabase(), and renameDatabase().

3002  {
3003  cat_map_.erase(dbName);
3004 }

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameDatabase ( std::string const &  old_name,
std::string const &  new_name 
)

Definition at line 1362 of file SysCatalog.cpp.

References DatabaseDBObjectType, Catalog_Namespace::CommonFileOperations::duplicateAndRenameCatalog(), getMetadataForDB(), shared::kSystemCatalogName, removeCatalog(), Catalog_Namespace::CommonFileOperations::removeCatalogByFullPath(), sqliteConnector_, to_string(), to_upper(), and yieldTransactionStreamer().

Referenced by AlterDatabaseCommand::rename().

1363  {
1364  using namespace std::string_literals;
1365  sys_write_lock write_lock(this);
1366  sys_sqlite_lock sqlite_lock(this);
1367 
1368  DBMetadata new_db;
1369  if (getMetadataForDB(new_name, new_db)) {
1370  throw std::runtime_error("Database " + new_name + " already exists.");
1371  }
1372  if (to_upper(new_name) == to_upper(shared::kSystemCatalogName)) {
1373  throw std::runtime_error("Database name " + new_name + "is reserved.");
1374  }
1375 
1376  DBMetadata old_db;
1377  if (!getMetadataForDB(old_name, old_db)) {
1378  throw std::runtime_error("Database " + old_name + " does not exists.");
1379  }
1380 
1381  removeCatalog(old_db.dbName);
1382 
1383  std::string old_catalog_path, new_catalog_path;
1384  std::tie(old_catalog_path, new_catalog_path) =
1385  duplicateAndRenameCatalog(old_name, new_name);
1386 
1387  auto transaction_streamer = yieldTransactionStreamer();
1388  auto failure_handler = [this, new_catalog_path] {
1389  removeCatalogByFullPath(new_catalog_path);
1390  };
1391  auto success_handler = [this, old_catalog_path] {
1392  removeCatalogByFullPath(old_catalog_path);
1393  };
1394 
1395  auto q1 = {"UPDATE mapd_databases SET name=?1 WHERE name=?2;"s, new_name, old_name};
1396  auto q2 = {
1397  "UPDATE mapd_object_permissions SET objectName=?1 WHERE objectNAME=?2 and (objectPermissionsType=?3 or objectId = -1) and dbId=?4;"s,
1398  new_name,
1399  old_name,
1401  std::to_string(old_db.dbId)};
1402 
1403  transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2);
1404 }
auto duplicateAndRenameCatalog(std::string const &current_name, std::string const &new_name)
Definition: SysCatalog.cpp:144
void removeCatalog(const std::string &dbName)
const std::string kSystemCatalogName
heavyai::unique_lock< heavyai::shared_mutex > write_lock
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
std::string to_upper(const std::string &str)
void removeCatalogByFullPath(std::string const &full_path)
Definition: SysCatalog.cpp:136
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameDBObject ( const std::string &  objectName,
const std::string &  newName,
DBObjectType  type,
int32_t  objectId,
const Catalog_Namespace::Catalog catalog 
)

Renames an DBObject

Parameters
objectName- original DBObject name
newName- new name of DBObject
type- type of DBObject
objectId- original DBObject ID
catalog- Catalog instance object exists in

Definition at line 1864 of file SysCatalog.cpp.

References DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), getGrantee(), getMetadataForObject(), DBObjectKey::objectId, DBObjectKey::permissionType, Grantee::renameDbObject(), renameObjectsInDescriptorMap(), DBObject::setObjectKey(), and run_benchmark_import::type.

1868  {
1869  sys_write_lock write_lock(this);
1870  DBObject new_object(newName, type);
1871  DBObjectKey key;
1872  key.dbId = catalog.getCurrentDB().dbId;
1873  key.objectId = objectId;
1874  key.permissionType = type;
1875  new_object.setObjectKey(key);
1876  auto objdescs =
1877  getMetadataForObject(key.dbId, static_cast<int32_t>(type), key.objectId);
1878  for (auto obj : objdescs) {
1879  Grantee* grnt = getGrantee(obj->roleName);
1880  if (grnt) {
1881  grnt->renameDbObject(new_object);
1882  }
1883  }
1884  renameObjectsInDescriptorMap(new_object, catalog);
1885 }
Grantee * getGrantee(const std::string &name) const
int32_t objectId
Definition: DBObject.h:55
heavyai::unique_lock< heavyai::shared_mutex > write_lock
const DBMetadata & getCurrentDB() const
Definition: Catalog.h:242
void renameObjectsInDescriptorMap(DBObject &object, const Catalog_Namespace::Catalog &cat)
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
int32_t dbId
Definition: DBObject.h:54
int32_t permissionType
Definition: DBObject.h:53
std::vector< ObjectRoleDescriptor * > getMetadataForObject(int32_t dbId, int32_t dbType, int32_t objectId) const
virtual void renameDbObject(const DBObject &object)
Definition: Grantee.cpp:121

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::renameObjectsInDescriptorMap ( DBObject object,
const Catalog_Namespace::Catalog cat 
)

Definition at line 2371 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), objectDescriptorMap_, sqliteConnector_, and to_string().

Referenced by renameDBObject().

2372  {
2373  sys_write_lock write_lock(this);
2374  sys_sqlite_lock sqlite_lock(this);
2375  auto range = objectDescriptorMap_.equal_range(
2376  std::to_string(cat.getCurrentDB().dbId) + ":" +
2377  std::to_string(object.getObjectKey().permissionType) + ":" +
2378  std::to_string(object.getObjectKey().objectId));
2379  for (auto d = range.first; d != range.second; ++d) {
2380  // rename object
2381  d->second->objectName = object.getName();
2382  }
2383 
2384  sqliteConnector_->query("BEGIN TRANSACTION");
2385  try {
2386  sqliteConnector_->query_with_text_params(
2387  "UPDATE mapd_object_permissions SET objectName = ?1 WHERE "
2388  "dbId = ?2 AND objectId = ?3",
2389  std::vector<std::string>{object.getName(),
2391  std::to_string(object.getObjectKey().objectId)});
2392  } catch (const std::exception& e) {
2393  sqliteConnector_->query("ROLLBACK TRANSACTION");
2394  throw;
2395  }
2396  sqliteConnector_->query("END TRANSACTION");
2397 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:501
heavyai::unique_lock< heavyai::shared_mutex > write_lock
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
const DBMetadata & getCurrentDB() const
Definition: Catalog.h:242
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameUser ( std::string const &  old_name,
std::string const &  new_name 
)

Definition at line 1282 of file SysCatalog.cpp.

References CHECK, Catalog_Namespace::g_log_user_id, getGrantee(), getMetadataForUser(), sqliteConnector_, temporary_users_by_name_, updateUserRoleName(), and yieldTransactionStreamer().

1282  {
1283  using namespace std::string_literals;
1284  sys_write_lock write_lock(this);
1285  sys_sqlite_lock sqlite_lock(this);
1286 
1287  UserMetadata old_user;
1288  if (!getMetadataForUser(old_name, old_user)) {
1289  std::string const loggable = g_log_user_id ? std::string("") : old_name + ' ';
1290  throw std::runtime_error("User " + loggable + "doesn't exist.");
1291  }
1292 
1293  UserMetadata new_user;
1294  if (getMetadataForUser(new_name, new_user)) {
1295  throw std::runtime_error("User " + new_user.userLoggable() + " already exists.");
1296  }
1297 
1298  if (getGrantee(new_name)) {
1299  std::string const loggable = g_log_user_id ? std::string("") : new_name + ' ';
1300  throw runtime_error(
1301  "Username " + loggable +
1302  "is same as one of existing grantees. User and role names should be unique.");
1303  }
1304 
1305  // Temporary user.
1306  if (old_user.is_temporary) {
1307  auto userit = temporary_users_by_name_.find(old_name);
1308  CHECK(userit != temporary_users_by_name_.end());
1309  auto node = temporary_users_by_name_.extract(userit);
1310  node.key() = new_name;
1311  temporary_users_by_name_.insert(std::move(node));
1312  userit->second->userName = new_name;
1313  updateUserRoleName(old_name, new_name);
1314  return;
1315  }
1316 
1317  // Normal user.
1318  auto transaction_streamer = yieldTransactionStreamer();
1319  auto failure_handler = [] {};
1320  auto success_handler = [this, &old_name, &new_name] {
1321  updateUserRoleName(old_name, new_name);
1322  };
1323  auto q1 = {"UPDATE mapd_users SET name=?1 where name=?2;"s, new_name, old_name};
1324  auto q2 = {"UPDATE mapd_object_permissions set roleName=?1 WHERE roleName=?2;"s,
1325  new_name,
1326  old_name};
1327  auto q3 = {"UPDATE mapd_roles set userName=?1 WHERE userName=?2;"s, new_name, old_name};
1328  transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2, q3);
1329 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
heavyai::unique_lock< heavyai::shared_mutex > write_lock
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:124
std::unordered_map< std::string, std::shared_ptr< UserMetadata > > temporary_users_by_name_
Definition: SysCatalog.h:531
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:123
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
void updateUserRoleName(const std::string &roleName, const std::string &newName)
#define CHECK(condition)
Definition: Logger.h:222
bool g_log_user_id
Definition: