OmniSciDB  0264ff685a
Catalog_Namespace::SysCatalog Class Reference

#include <SysCatalog.h>

+ Inheritance diagram for Catalog_Namespace::SysCatalog:
+ Collaboration diagram for Catalog_Namespace::SysCatalog:

Public Member Functions

void init (const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)
 
std::shared_ptr< Cataloglogin (std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)
 
std::shared_ptr< CatalogswitchDatabase (std::string &dbname, const std::string &username)
 
void createUser (const std::string &name, const std::string &passwd, bool issuper, const std::string &dbname, bool can_login)
 
void dropUser (const std::string &name)
 
void alterUser (const int32_t userid, const std::string *passwd, bool *issuper, const std::string *dbname, bool *can_login)
 
void renameUser (std::string const &old_name, std::string const &new_name)
 
void createDatabase (const std::string &dbname, int owner)
 
void renameDatabase (std::string const &old_name, std::string const &new_name)
 
void dropDatabase (const DBMetadata &db)
 
bool getMetadataForUser (const std::string &name, UserMetadata &user)
 
bool getMetadataForUserById (const int32_t idIn, UserMetadata &user)
 
bool checkPasswordForUser (const std::string &passwd, std::string &name, UserMetadata &user)
 
void getMetadataWithDefaultDB (std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
 
bool getMetadataForDB (const std::string &name, DBMetadata &db)
 
bool getMetadataForDBById (const int32_t idIn, DBMetadata &db)
 
Data_Namespace::DataMgrgetDataMgr () const
 
CalcitegetCalciteMgr () const
 
const std::string & getBasePath () const
 
SqliteConnectorgetSqliteConnector ()
 
std::list< DBMetadatagetAllDBMetadata ()
 
std::list< UserMetadatagetAllUserMetadata ()
 
std::list< UserMetadatagetAllUserMetadata (const int64_t dbId)
 
DBSummaryList getDatabaseListForUser (const UserMetadata &user)
 
void createDBObject (const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)
 
void renameDBObject (const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)
 
void grantDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
 
void grantDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivilegesFromAll (DBObject object, Catalog *catalog)
 
void revokeDBObjectPrivilegesFromAll_unsafe (DBObject object, Catalog *catalog)
 
void revokeDBObjectPrivilegesFromAllBatch (std::vector< DBObject > &objects, Catalog *catalog)
 
void revokeDBObjectPrivilegesFromAllBatch_unsafe (std::vector< DBObject > &objects, Catalog *catalog)
 
void getDBObjectPrivileges (const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const
 
bool verifyDBObjectOwnership (const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)
 
void changeDBObjectOwnership (const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)
 
void createRole (const std::string &roleName, const bool &userPrivateRole=false)
 
void dropRole (const std::string &roleName)
 
void grantRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void grantRole (const std::string &role, const std::string &grantee)
 
void revokeRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void revokeRole (const std::string &role, const std::string &grantee)
 
bool hasAnyPrivileges (const UserMetadata &user, std::vector< DBObject > &privObjects)
 
bool checkPrivileges (const UserMetadata &user, const std::vector< DBObject > &privObjects) const
 
bool checkPrivileges (const std::string &userName, const std::vector< DBObject > &privObjects) const
 
GranteegetGrantee (const std::string &name) const
 
RolegetRoleGrantee (const std::string &name) const
 
UsergetUserGrantee (const std::string &name) const
 
std::vector< ObjectRoleDescriptor * > getMetadataForObject (int32_t dbId, int32_t dbType, int32_t objectId) const
 
bool isRoleGrantedToGrantee (const std::string &granteeName, const std::string &roleName, bool only_direct) const
 
std::vector< std::string > getRoles (bool userPrivateRole, bool isSuper, const std::string &userName)
 
std::vector< std::string > getRoles (const std::string &userName, const int32_t dbId)
 
void revokeDashboardSystemRole (const std::string roleName, const std::vector< std::string > grantees)
 
bool isAggregator () const
 
void populateRoleDbObjects (const std::vector< DBObject > &objects)
 
std::string name () const
 
void renameObjectsInDescriptorMap (DBObject &object, const Catalog_Namespace::Catalog &cat)
 
void syncUserWithRemoteProvider (const std::string &user_name, std::vector< std::string > idp_roles, bool *issuper)
 
std::unordered_map< std::string, std::vector< std::string > > getGranteesOfSharedDashboards (const std::vector< std::string > &dashboard_ids)
 
void check_for_session_encryption (const std::string &pki_cert, std::string &session)
 
std::vector< std::shared_ptr< Catalog > > getCatalogsForAllDbs ()
 
std::shared_ptr< CataloggetDummyCatalog ()
 
std::shared_ptr< CataloggetCatalog (const std::string &dbName)
 
std::shared_ptr< CataloggetCatalog (const int32_t db_id)
 
std::shared_ptr< CataloggetCatalog (const std::string &basePath, const DBMetadata &curDB, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const std::vector< LeafHostInfo > &string_dict_hosts, std::shared_ptr< Calcite > calcite, bool is_new_db)
 
void removeCatalog (const std::string &dbName)
 

Static Public Member Functions

static SysCataloginstance ()
 

Public Attributes

std::mutex sqliteMutex_
 
mapd_shared_mutex sharedMutex_
 
std::atomic< std::thread::id > thread_holding_sqlite_lock
 
std::atomic< std::thread::id > thread_holding_write_lock
 
std::shared_ptr< CatalogdummyCatalog_
 

Static Public Attributes

static thread_local bool thread_holds_read_lock = false
 

Private Types

using GranteeMap = std::map< std::string, Grantee * >
 
using ObjectRoleDescriptorMap = std::multimap< std::string, ObjectRoleDescriptor * >
 
using dbid_to_cat_map = tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog > >
 

Private Member Functions

 SysCatalog ()
 
virtual ~SysCatalog ()
 
void initDB ()
 
void buildRoleMap ()
 
void buildUserRoleMap ()
 
void buildObjectDescriptorMap ()
 
void checkAndExecuteMigrations ()
 
void importDataFromOldMapdDB ()
 
void createUserRoles ()
 
void addAdminUserRole ()
 
void migratePrivileges ()
 
void migratePrivileged_old ()
 
void updateUserSchema ()
 
void updatePasswordsToHashes ()
 
void updateBlankPasswordsToRandom ()
 
void updateSupportUserDeactivation ()
 
void migrateDBAccessPrivileges ()
 
void loginImpl (std::string &username, const std::string &password, UserMetadata &user_meta)
 
bool checkPasswordForUserImpl (const std::string &passwd, std::string &name, UserMetadata &user)
 
void grantDefaultPrivilegesToRole_unsafe (const std::string &name, bool issuper)
 
void createRole_unsafe (const std::string &roleName, const bool userPrivateRole=false)
 
void dropRole_unsafe (const std::string &roleName)
 
void grantRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void grantRole_unsafe (const std::string &roleName, const std::string &granteeName)
 
void revokeRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void revokeRole_unsafe (const std::string &roleName, const std::string &granteeName)
 
void updateObjectDescriptorMap (const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
 
void deleteObjectDescriptorMap (const std::string &roleName)
 
void deleteObjectDescriptorMap (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &cat)
 
void grantDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void grantDBObjectPrivileges_unsafe (const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivileges_unsafe (const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
 
void grantAllOnDatabase_unsafe (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
 
void revokeAllOnDatabase_unsafe (const std::string &roleName, int32_t dbId, Grantee *grantee)
 
bool isDashboardSystemRole (const std::string &roleName)
 
void updateUserRoleName (const std::string &roleName, const std::string &newName)
 
bool allowLocalLogin () const
 
template<typename F , typename... Args>
void execInTransaction (F &&f, Args &&... args)
 
auto yieldTransactionStreamer ()
 
- Private Member Functions inherited from Catalog_Namespace::CommonFileOperations
 CommonFileOperations (std::string const &base_path)
 
void removeCatalogByFullPath (std::string const &full_path)
 
void removeCatalogByName (std::string const &name)
 
auto duplicateAndRenameCatalog (std::string const &current_name, std::string const &new_name)
 
auto assembleCatalogName (std::string const &name)
 

Private Attributes

std::string basePath_
 
GranteeMap granteeMap_
 
ObjectRoleDescriptorMap objectDescriptorMap_
 
std::unique_ptr< SqliteConnectorsqliteConnector_
 
std::shared_ptr< Data_Namespace::DataMgrdataMgr_
 
std::unique_ptr< PkiServerpki_server_
 
const AuthMetadataauthMetadata_
 
std::shared_ptr< CalcitecalciteMgr_
 
std::vector< LeafHostInfostring_dict_hosts_
 
bool aggregator_
 
dbid_to_cat_map cat_map_
 

Detailed Description

Definition at line 144 of file SysCatalog.h.

Member Typedef Documentation

◆ dbid_to_cat_map

using Catalog_Namespace::SysCatalog::dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog> >
private

Definition at line 422 of file SysCatalog.h.

◆ GranteeMap

using Catalog_Namespace::SysCatalog::GranteeMap = std::map<std::string, Grantee*>
private

Definition at line 322 of file SysCatalog.h.

◆ ObjectRoleDescriptorMap

Definition at line 323 of file SysCatalog.h.

Constructor & Destructor Documentation

◆ SysCatalog()

Catalog_Namespace::SysCatalog::SysCatalog ( )
inlineprivate

Definition at line 325 of file SysCatalog.h.

References run_benchmark_import::args.

327  , aggregator_(false)
328  , sqliteMutex_()
329  , sharedMutex_()
330  , thread_holding_sqlite_lock(std::thread::id())
331  , thread_holding_write_lock(std::thread::id())
332  , dummyCatalog_(std::make_shared<Catalog>()) {}
std::atomic< std::thread::id > thread_holding_sqlite_lock
Definition: SysCatalog.h:428
mapd_shared_mutex sharedMutex_
Definition: SysCatalog.h:427
CommonFileOperations(std::string const &base_path)
Definition: SysCatalog.h:127
std::shared_ptr< Catalog > dummyCatalog_
Definition: SysCatalog.h:432
std::atomic< std::thread::id > thread_holding_write_lock
Definition: SysCatalog.h:429

◆ ~SysCatalog()

Catalog_Namespace::SysCatalog::~SysCatalog ( )
privatevirtual

Definition at line 154 of file SysCatalog.cpp.

154  {
156  for (auto grantee = granteeMap_.begin(); grantee != granteeMap_.end(); ++grantee) {
157  delete grantee->second;
158  }
159  granteeMap_.clear();
160  for (ObjectRoleDescriptorMap::iterator objectIt = objectDescriptorMap_.begin();
161  objectIt != objectDescriptorMap_.end();) {
162  ObjectRoleDescriptorMap::iterator eraseIt = objectIt++;
163  delete eraseIt->second;
164  }
165  objectDescriptorMap_.clear();
166 
167  cat_map_.clear();
168 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:408
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
mapd_unique_lock< mapd_shared_mutex > write_lock

Member Function Documentation

◆ addAdminUserRole()

void Catalog_Namespace::SysCatalog::addAdminUserRole ( )
private

Definition at line 496 of file SysCatalog.cpp.

References OMNISCI_ROOT_USER.

496  {
497  sys_sqlite_lock sqlite_lock(this);
498  sqliteConnector_->query("BEGIN TRANSACTION");
499  try {
500  sqliteConnector_->query(
501  "SELECT roleName FROM mapd_object_permissions WHERE roleName = \'" +
502  OMNISCI_ROOT_USER + "\'");
503  if (sqliteConnector_->getNumRows() != 0) {
504  // already done
505  sqliteConnector_->query("END TRANSACTION");
506  return;
507  }
508 
510  } catch (const std::exception&) {
511  sqliteConnector_->query("ROLLBACK TRANSACTION");
512  throw;
513  }
514  sqliteConnector_->query("END TRANSACTION");
515 }
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole=false)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
const std::string OMNISCI_ROOT_USER
Definition: SysCatalog.h:59

◆ allowLocalLogin()

bool Catalog_Namespace::SysCatalog::allowLocalLogin ( ) const
private

For servers configured to use external authentication providers, determine whether users will be allowed to fallback to local login accounts. If no external providers are configured, returns true.

◆ alterUser()

void Catalog_Namespace::SysCatalog::alterUser ( const int32_t  userid,
const std::string *  passwd,
bool *  issuper,
const std::string *  dbname,
bool *  can_login 
)

Definition at line 905 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::append_with_commas, Catalog_Namespace::DBMetadata::dbId, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), and to_string().

909  {
910  sys_sqlite_lock sqlite_lock(this);
911  sqliteConnector_->query("BEGIN TRANSACTION");
912  try {
913  string sql;
914  std::vector<std::string> values;
915  if (passwd != nullptr) {
916  append_with_commas(sql, "passwd_hash = ?");
917  values.push_back(hash_with_bcrypt(*passwd));
918  }
919  if (issuper != nullptr) {
920  append_with_commas(sql, "issuper = ?");
921  values.push_back(std::to_string(*issuper));
922  }
923  if (dbname != nullptr) {
924  if (!dbname->empty()) {
925  append_with_commas(sql, "default_db = ?");
926  DBMetadata db;
927  if (!SysCatalog::instance().getMetadataForDB(*dbname, db)) {
928  throw runtime_error(string("DEFAULT_DB ") + *dbname + " not found.");
929  }
930  values.push_back(std::to_string(db.dbId));
931  } else {
932  append_with_commas(sql, "default_db = NULL");
933  }
934  }
935  if (can_login != nullptr) {
936  append_with_commas(sql, "can_login = ?");
937  values.push_back(std::to_string(*can_login));
938  }
939 
940  sql = "UPDATE mapd_users SET " + sql + " WHERE userid = ?";
941  values.push_back(std::to_string(userid));
942 
943  sqliteConnector_->query_with_text_params(sql, values);
944  } catch (const std::exception& e) {
945  sqliteConnector_->query("ROLLBACK TRANSACTION");
946  throw;
947  }
948  sqliteConnector_->query("END TRANSACTION");
949 }
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
static SysCatalog & instance()
Definition: SysCatalog.h:291
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:66
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
bool getMetadataForDB(const std::string &name, DBMetadata &db)
+ Here is the call graph for this function:

◆ buildObjectDescriptorMap()

void Catalog_Namespace::SysCatalog::buildObjectDescriptorMap ( )
private

Definition at line 2249 of file SysCatalog.cpp.

References ObjectRoleDescriptor::dbId, ObjectRoleDescriptor::objectId, ObjectRoleDescriptor::objectName, ObjectRoleDescriptor::objectOwnerId, ObjectRoleDescriptor::objectType, AccessPrivileges::privileges, ObjectRoleDescriptor::privs, ObjectRoleDescriptor::roleName, ObjectRoleDescriptor::roleType, and to_string().

2249  {
2250  sys_write_lock write_lock(this);
2251  sys_sqlite_lock sqlite_lock(this);
2252  string objectQuery(
2253  "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
2254  "objectPermissions, objectOwnerId, objectName "
2255  "from mapd_object_permissions");
2256  sqliteConnector_->query(objectQuery);
2257  size_t numRows = sqliteConnector_->getNumRows();
2258  for (size_t r = 0; r < numRows; ++r) {
2260  od->roleName = sqliteConnector_->getData<string>(r, 0);
2261  od->roleType = sqliteConnector_->getData<bool>(r, 1);
2262  od->objectType = sqliteConnector_->getData<int>(r, 2);
2263  od->dbId = sqliteConnector_->getData<int>(r, 3);
2264  od->objectId = sqliteConnector_->getData<int>(r, 4);
2265  od->privs.privileges = sqliteConnector_->getData<int>(r, 5);
2266  od->objectOwnerId = sqliteConnector_->getData<int>(r, 6);
2267  od->objectName = sqliteConnector_->getData<string>(r, 7);
2268  objectDescriptorMap_.insert(ObjectRoleDescriptorMap::value_type(
2269  std::to_string(od->dbId) + ":" + std::to_string(od->objectType) + ":" +
2270  std::to_string(od->objectId),
2271  od));
2272  }
2273 }
specifies the object_roles content in-memory of a row in mapd_object_permissions table ...
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:408
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
mapd_unique_lock< mapd_shared_mutex > write_lock
int64_t privileges
Definition: DBObject.h:134
+ Here is the call graph for this function:

◆ buildRoleMap()

void Catalog_Namespace::SysCatalog::buildRoleMap ( )
private

Definition at line 2131 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::fromString(), setup::name, AccessPrivileges::privileges, and to_upper().

2131  {
2132  sys_write_lock write_lock(this);
2133  sys_sqlite_lock sqlite_lock(this);
2134  string roleQuery(
2135  "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
2136  "objectPermissions, objectOwnerId, objectName "
2137  "from mapd_object_permissions");
2138  sqliteConnector_->query(roleQuery);
2139  size_t numRows = sqliteConnector_->getNumRows();
2140  std::vector<std::string> objectKeyStr(4);
2141  DBObjectKey objectKey;
2142  AccessPrivileges privs;
2143  bool userPrivateRole{false};
2144  for (size_t r = 0; r < numRows; ++r) {
2145  std::string roleName = sqliteConnector_->getData<string>(r, 0);
2146  userPrivateRole = sqliteConnector_->getData<bool>(r, 1);
2147  DBObjectType permissionType =
2148  static_cast<DBObjectType>(sqliteConnector_->getData<int>(r, 2));
2149  objectKeyStr[0] = sqliteConnector_->getData<string>(r, 2);
2150  objectKeyStr[1] = sqliteConnector_->getData<string>(r, 3);
2151  objectKeyStr[2] = sqliteConnector_->getData<string>(r, 4);
2152  objectKey = DBObjectKey::fromString(objectKeyStr, permissionType);
2153  privs.privileges = sqliteConnector_->getData<int>(r, 5);
2154  int32_t owner = sqliteConnector_->getData<int>(r, 6);
2155  std::string name = sqliteConnector_->getData<string>(r, 7);
2156 
2157  DBObject dbObject(objectKey, privs, owner);
2158  dbObject.setName(name);
2159  if (-1 == objectKey.objectId) {
2160  dbObject.setObjectType(DBObjectType::DatabaseDBObjectType);
2161  } else {
2162  dbObject.setObjectType(permissionType);
2163  }
2164 
2165  auto* rl = getGrantee(roleName);
2166  if (!rl) {
2167  if (userPrivateRole) {
2168  rl = new User(roleName);
2169  } else {
2170  rl = new Role(roleName);
2171  }
2172  granteeMap_[to_upper(roleName)] = rl;
2173  }
2174  rl->grantPrivileges(dbObject);
2175  }
2176 }
std::string name() const
Definition: SysCatalog.h:297
DBObjectType
Definition: DBObject.h:42
Definition: Grantee.h:70
Definition: Grantee.h:76
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
static DBObjectKey fromString(const std::vector< std::string > &key, const DBObjectType &type)
Definition: DBObject.cpp:259
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
std::string to_upper(const std::string &str)
mapd_unique_lock< mapd_shared_mutex > write_lock
int64_t privileges
Definition: DBObject.h:134
+ Here is the call graph for this function:

◆ buildUserRoleMap()

void Catalog_Namespace::SysCatalog::buildUserRoleMap ( )
private

Definition at line 2201 of file SysCatalog.cpp.

References OMNISCI_ROOT_USER.

2201  {
2202  sys_write_lock write_lock(this);
2203  sys_sqlite_lock sqlite_lock(this);
2204  std::vector<std::pair<std::string, std::string>> granteeRooles;
2205  string userRoleQuery("SELECT roleName, userName from mapd_roles");
2206  sqliteConnector_->query(userRoleQuery);
2207  size_t numRows = sqliteConnector_->getNumRows();
2208  for (size_t r = 0; r < numRows; ++r) {
2209  std::string roleName = sqliteConnector_->getData<string>(r, 0);
2210  std::string userName = sqliteConnector_->getData<string>(r, 1);
2211  // required for declared nomenclature before v4.0.0
2212  if ((boost::equals(roleName, "mapd_default_suser_role") &&
2213  boost::equals(userName, OMNISCI_ROOT_USER)) ||
2214  (boost::equals(roleName, "mapd_default_user_role") &&
2215  !boost::equals(userName, "mapd_default_user_role"))) {
2216  // grouprole already exists with roleName==userName in mapd_roles table
2217  // ignore duplicate instances of userRole which exists before v4.0.0
2218  continue;
2219  }
2220  auto* rl = getGrantee(roleName);
2221  if (!rl) {
2222  throw runtime_error("Data inconsistency when building role map. Role " + roleName +
2223  " from db not found in the map.");
2224  }
2225  std::pair<std::string, std::string> roleVecElem(roleName, userName);
2226  granteeRooles.push_back(roleVecElem);
2227  }
2228 
2229  for (size_t i = 0; i < granteeRooles.size(); i++) {
2230  std::string roleName = granteeRooles[i].first;
2231  std::string granteeName = granteeRooles[i].second;
2232  auto* grantee = getGrantee(granteeName);
2233  if (!grantee) {
2234  throw runtime_error("Data inconsistency when building role map. Grantee " +
2235  granteeName + " not found in the map.");
2236  }
2237  if (granteeName == roleName) {
2238  continue;
2239  }
2240  Role* rl = dynamic_cast<Role*>(getGrantee(roleName));
2241  if (!rl) {
2242  throw runtime_error("Data inconsistency when building role map. Role " + roleName +
2243  " not found in the map.");
2244  }
2245  grantee->grantRole(rl);
2246  }
2247 }
Definition: Grantee.h:76
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
const std::string OMNISCI_ROOT_USER
Definition: SysCatalog.h:59
mapd_unique_lock< mapd_shared_mutex > write_lock

◆ changeDBObjectOwnership()

void Catalog_Namespace::SysCatalog::changeDBObjectOwnership ( const UserMetadata new_owner,
const UserMetadata previous_owner,
DBObject  object,
const Catalog_Namespace::Catalog catalog,
bool  revoke_privileges = true 
)

Change ownership of a DBObject

Parameters
new_owner- new owner of DBObject
previous_owner- previous owner of DBObject
object- DBObject to change ownership of
catalog- Catalog instance object exists in
revoke_privileges- if true, revoke previous_owner's privileges

Definition at line 1695 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, Catalog_Namespace::UserMetadata::isSuper, ServerDBObjectType, TableDBObjectType, UNREACHABLE, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userName, and ViewDBObjectType.

1699  {
1700  sys_write_lock write_lock(this);
1701  sys_sqlite_lock sqlite_lock(this);
1702  object.loadKey(catalog);
1703  switch (object.getType()) {
1704  case TableDBObjectType:
1705  object.setPrivileges(AccessPrivileges::ALL_TABLE);
1706  break;
1707  case DashboardDBObjectType:
1708  object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
1709  break;
1710  case ServerDBObjectType:
1711  object.setPrivileges(AccessPrivileges::ALL_SERVER);
1712  break;
1713  case DatabaseDBObjectType:
1714  object.setPrivileges(AccessPrivileges::ALL_DATABASE);
1715  break;
1716  case ViewDBObjectType:
1717  object.setPrivileges(AccessPrivileges::ALL_VIEW);
1718  break;
1719  default:
1720  UNREACHABLE(); // unkown object type
1721  break;
1722  }
1723  sqliteConnector_->query("BEGIN TRANSACTION");
1724  try {
1725  if (!new_owner.isSuper) { // no need to grant to suser, has all privs by default
1726  grantDBObjectPrivileges_unsafe(new_owner.userName, object, catalog);
1727  }
1728  if (!previous_owner.isSuper && revoke_privileges) { // no need to revoke from suser
1729  revokeDBObjectPrivileges_unsafe(previous_owner.userName, object, catalog);
1730  }
1731  } catch (std::exception& e) {
1732  sqliteConnector_->query("ROLLBACK TRANSACTION");
1733  throw;
1734  }
1735  sqliteConnector_->query("END TRANSACTION");
1736  object.setOwner(new_owner.userId); // change owner if no exceptions happen
1737 }
static const AccessPrivileges ALL_DATABASE
Definition: DBObject.h:152
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
#define UNREACHABLE()
Definition: Logger.h:241
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
static const AccessPrivileges ALL_VIEW
Definition: DBObject.h:178
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
static const AccessPrivileges ALL_SERVER
Definition: DBObject.h:188
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:170
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:158
mapd_unique_lock< mapd_shared_mutex > write_lock

◆ check_for_session_encryption()

void Catalog_Namespace::SysCatalog::check_for_session_encryption ( const std::string &  pki_cert,
std::string &  session 
)

Definition at line 796 of file SysCatalog.cpp.

797  {
798  if (!pki_server_->inUse()) {
799  return;
800  }
801  pki_server_->encrypt_session(pki_cert, session);
802 }
std::unique_ptr< PkiServer > pki_server_
Definition: SysCatalog.h:412

◆ checkAndExecuteMigrations()

void Catalog_Namespace::SysCatalog::checkAndExecuteMigrations ( )
private

Definition at line 209 of file SysCatalog.cpp.

209  {
211  createUserRoles();
214  updateUserSchema(); // must come before updatePasswordsToHashes()
216  updateBlankPasswordsToRandom(); // must come after updatePasswordsToHashes()
219 }

◆ checkPasswordForUser()

bool Catalog_Namespace::SysCatalog::checkPasswordForUser ( const std::string &  passwd,
std::string &  name,
UserMetadata user 
)

Definition at line 1224 of file SysCatalog.cpp.

1226  {
1227  return checkPasswordForUserImpl(passwd, name, user);
1228 }
std::string name() const
Definition: SysCatalog.h:297
bool checkPasswordForUserImpl(const std::string &passwd, std::string &name, UserMetadata &user)

◆ checkPasswordForUserImpl()

bool Catalog_Namespace::SysCatalog::checkPasswordForUserImpl ( const std::string &  passwd,
std::string &  name,
UserMetadata user 
)
private

Definition at line 1230 of file SysCatalog.cpp.

References CHECK, LOG, Catalog_Namespace::UserMetadata::passwd_hash, and logger::WARNING.

1232  {
1233  if (!getMetadataForUser(name, user)) {
1234  // Check password against some fake hash just to waste time so that response times
1235  // for invalid password and invalid user are similar and a caller can't say the
1236  // difference
1237  char fake_hash[BCRYPT_HASHSIZE];
1238  CHECK(bcrypt_gensalt(-1, fake_hash) == 0);
1239  bcrypt_checkpw(passwd.c_str(), fake_hash);
1240  LOG(WARNING) << "Local login failed";
1241  return false;
1242  }
1243  int pwd_check_result = bcrypt_checkpw(passwd.c_str(), user.passwd_hash.c_str());
1244  // if the check fails there is a good chance that data on disc is broken
1245  CHECK(pwd_check_result >= 0);
1246  return pwd_check_result == 0;
1247 }
std::string name() const
Definition: SysCatalog.h:297
#define LOG(tag)
Definition: Logger.h:188
bool getMetadataForUser(const std::string &name, UserMetadata &user)
#define CHECK(condition)
Definition: Logger.h:197

◆ checkPrivileges() [1/2]

bool Catalog_Namespace::SysCatalog::checkPrivileges ( const UserMetadata user,
const std::vector< DBObject > &  privObjects 
) const

Definition at line 1990 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::SessionInfo::checkDBAccessPrivileges().

1991  {
1992  sys_read_lock read_lock(this);
1993  if (user.isSuper) {
1994  return true;
1995  }
1996 
1997  auto* user_rl = instance().getUserGrantee(user.userName);
1998  if (!user_rl) {
1999  throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
2000  " does not exist.");
2001  }
2002  for (auto& object : privObjects) {
2003  if (!user_rl->checkPrivileges(object)) {
2004  return false;
2005  }
2006  }
2007  return true;
2008 }
User * getUserGrantee(const std::string &name) const
static SysCatalog & instance()
Definition: SysCatalog.h:291
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:111
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkPrivileges() [2/2]

bool Catalog_Namespace::SysCatalog::checkPrivileges ( const std::string &  userName,
const std::vector< DBObject > &  privObjects 
) const

Definition at line 2010 of file SysCatalog.cpp.

References Catalog_Namespace::g_log_user_id.

2011  {
2012  UserMetadata user;
2013  if (!instance().getMetadataForUser(userName, user)) {
2014  std::string const loggable = g_log_user_id ? std::string("") : userName + ' ';
2015  throw runtime_error("Request to check privileges for user " + loggable +
2016  "failed because user with this name does not exist.");
2017  }
2018  return (checkPrivileges(user, privObjects));
2019 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
static SysCatalog & instance()
Definition: SysCatalog.h:291
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const

◆ createDatabase()

void Catalog_Namespace::SysCatalog::createDatabase ( const std::string &  dbname,
int  owner 
)

Definition at line 1065 of file SysCatalog.cpp.

References cat(), CHECK, DatabaseDBObjectType, g_enable_fsi, OMNISCI_ROOT_USER_ID, OMNISCI_SYSTEM_CATALOG, to_string(), to_upper(), and Catalog_Namespace::UserMetadata::userName.

1065  {
1066  sys_write_lock write_lock(this);
1067  sys_sqlite_lock sqlite_lock(this);
1068 
1069  DBMetadata db;
1070  if (getMetadataForDB(name, db)) {
1071  throw runtime_error("Database " + name + " already exists.");
1072  }
1074  throw runtime_error("Database name " + name + " is reserved.");
1075  }
1076 
1077  std::unique_ptr<SqliteConnector> dbConn(
1078  new SqliteConnector(name, basePath_ + "/mapd_catalogs/"));
1079  // NOTE(max): it's okay to run this in a separate transaction. If we fail later
1080  // we delete the database anyways.
1081  // If we run it in the same transaction as SysCatalog functions, then Catalog
1082  // constructor won't find the tables we have just created.
1083  dbConn->query("BEGIN TRANSACTION");
1084  try {
1085  dbConn->query(
1086  "CREATE TABLE mapd_tables (tableid integer primary key, name text unique, userid "
1087  "integer, ncolumns integer, "
1088  "isview boolean, "
1089  "fragments text, frag_type integer, max_frag_rows integer, max_chunk_size "
1090  "bigint, "
1091  "frag_page_size integer, "
1092  "max_rows bigint, partitions text, shard_column_id integer, shard integer, "
1093  "sort_column_id integer default 0, storage_type text default '', "
1094  "max_rollback_epochs integer default -1, "
1095  "num_shards integer, key_metainfo TEXT, version_num "
1096  "BIGINT DEFAULT 1) ");
1097  dbConn->query(
1098  "CREATE TABLE mapd_columns (tableid integer references mapd_tables, columnid "
1099  "integer, name text, coltype "
1100  "integer, colsubtype integer, coldim integer, colscale integer, is_notnull "
1101  "boolean, compression integer, "
1102  "comp_param integer, size integer, chunks text, is_systemcol boolean, "
1103  "is_virtualcol boolean, virtual_expr "
1104  "text, is_deletedcol boolean, version_num BIGINT, "
1105  "primary key(tableid, columnid), unique(tableid, name))");
1106  dbConn->query(
1107  "CREATE TABLE mapd_views (tableid integer references mapd_tables, sql text)");
1108  dbConn->query(
1109  "CREATE TABLE mapd_dashboards (id integer primary key autoincrement, name text , "
1110  "userid integer references mapd_users, state text, image_hash text, update_time "
1111  "timestamp, "
1112  "metadata text, UNIQUE(userid, name) )");
1113  dbConn->query(
1114  "CREATE TABLE mapd_links (linkid integer primary key, userid integer references "
1115  "mapd_users, "
1116  "link text unique, view_state text, update_time timestamp, view_metadata text)");
1117  dbConn->query(
1118  "CREATE TABLE mapd_dictionaries (dictid integer primary key, name text unique, "
1119  "nbits int, is_shared boolean, "
1120  "refcount int, version_num BIGINT DEFAULT 1)");
1121  dbConn->query(
1122  "CREATE TABLE mapd_logical_to_physical(logical_table_id integer, "
1123  "physical_table_id "
1124  "integer)");
1125  dbConn->query("CREATE TABLE mapd_record_ownership_marker (dummy integer)");
1126  dbConn->query_with_text_params(
1127  "INSERT INTO mapd_record_ownership_marker (dummy) VALUES (?1)",
1128  std::vector<std::string>{std::to_string(owner)});
1129 
1130  if (g_enable_fsi) {
1131  dbConn->query(Catalog::getForeignServerSchema());
1132  dbConn->query(Catalog::getForeignTableSchema());
1133  }
1134  } catch (const std::exception&) {
1135  dbConn->query("ROLLBACK TRANSACTION");
1136  boost::filesystem::remove(basePath_ + "/mapd_catalogs/" + name);
1137  throw;
1138  }
1139  dbConn->query("END TRANSACTION");
1140 
1141  std::shared_ptr<Catalog> cat;
1142  // Now update SysCatalog with privileges and the new database
1143  sqliteConnector_->query("BEGIN TRANSACTION");
1144  try {
1145  sqliteConnector_->query_with_text_param(
1146  "INSERT INTO mapd_databases (name, owner) VALUES (?, " + std::to_string(owner) +
1147  ")",
1148  name);
1149  CHECK(getMetadataForDB(name, db));
1150 
1152 
1153  if (owner != OMNISCI_ROOT_USER_ID) {
1155  object.loadKey(*cat);
1156  UserMetadata user;
1157  CHECK(getMetadataForUserById(owner, user));
1158  grantAllOnDatabase_unsafe(user.userName, object, *cat);
1159  }
1160  } catch (const std::exception&) {
1161  sqliteConnector_->query("ROLLBACK TRANSACTION");
1162  boost::filesystem::remove(basePath_ + "/mapd_catalogs/" + name);
1163  throw;
1164  }
1165  sqliteConnector_->query("END TRANSACTION");
1166 
1167  // force a migration on the new database
1170 
1171  if (g_enable_fsi) {
1172  try {
1173  cat->createDefaultServersIfNotExists();
1174  } catch (...) {
1175  boost::filesystem::remove(basePath_ + "/mapd_catalogs/" + name);
1176  throw;
1177  }
1178  }
1179 }
bool g_enable_fsi
Definition: Catalog.cpp:91
std::string name() const
Definition: SysCatalog.h:297
void removeCatalog(const std::string &dbName)
const std::string OMNISCI_SYSTEM_CATALOG
Definition: SysCatalog.h:57
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::string cat(Ts &&... args)
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
static const std::string getForeignTableSchema(bool if_not_exists=false)
Definition: Catalog.cpp:647
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:411
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
static const std::string getForeignServerSchema(bool if_not_exists=false)
Definition: Catalog.cpp:640
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
std::string to_upper(const std::string &str)
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
const int OMNISCI_ROOT_USER_ID
Definition: SysCatalog.h:60
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:415
#define CHECK(condition)
Definition: Logger.h:197
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:414
mapd_unique_lock< mapd_shared_mutex > write_lock
bool getMetadataForDB(const std::string &name, DBMetadata &db)
+ Here is the call graph for this function:

◆ createDBObject()

void Catalog_Namespace::SysCatalog::createDBObject ( const UserMetadata user,
const std::string &  objectName,
DBObjectType  type,
const Catalog_Namespace::Catalog catalog,
int32_t  objectId = -1 
)

Definition at line 1438 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, DashboardDBObjectType, Catalog_Namespace::UserMetadata::isSuper, ServerDBObjectType, TableDBObjectType, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by CreateForeignServerCommand::execute(), and CreateForeignTableCommand::execute().

1442  {
1443  sys_write_lock write_lock(this);
1444  sys_sqlite_lock sqlite_lock(this);
1445 
1446  DBObject object =
1447  objectId == -1 ? DBObject(objectName, type) : DBObject(objectId, type);
1448  object.loadKey(catalog);
1449  switch (type) {
1450  case TableDBObjectType:
1451  object.setPrivileges(AccessPrivileges::ALL_TABLE);
1452  break;
1453  case DashboardDBObjectType:
1454  object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
1455  break;
1456  case ServerDBObjectType:
1457  object.setPrivileges(AccessPrivileges::ALL_SERVER);
1458  break;
1459  default:
1460  object.setPrivileges(AccessPrivileges::ALL_DATABASE);
1461  break;
1462  }
1463  object.setOwner(user.userId);
1464  sqliteConnector_->query("BEGIN TRANSACTION");
1465  try {
1466  if (!user.isSuper) { // no need to grant to suser, has all privs by default
1467  grantDBObjectPrivileges_unsafe(user.userName, object, catalog);
1468  auto* grantee = instance().getUserGrantee(user.userName);
1469  if (!grantee) {
1470  throw runtime_error("Cannot create DBObject. User " + user.userLoggable() +
1471  " does not exist.");
1472  }
1473  grantee->grantPrivileges(object);
1474  }
1475  } catch (std::exception& e) {
1476  sqliteConnector_->query("ROLLBACK TRANSACTION");
1477  throw;
1478  }
1479  sqliteConnector_->query("END TRANSACTION");
1480 }
static const AccessPrivileges ALL_DATABASE
Definition: DBObject.h:152
virtual void grantPrivileges(const DBObject &object)
Definition: Grantee.cpp:92
User * getUserGrantee(const std::string &name) const
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
static SysCatalog & instance()
Definition: SysCatalog.h:291
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
static const AccessPrivileges ALL_SERVER
Definition: DBObject.h:188
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
void loadKey()
Definition: DBObject.cpp:179
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:170
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:158
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ createRole()

void Catalog_Namespace::SysCatalog::createRole ( const std::string &  roleName,
const bool &  userPrivateRole = false 
)

Definition at line 2289 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

2289  {
2290  execInTransaction(&SysCatalog::createRole_unsafe, roleName, userPrivateRole);
2291 }
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole=false)
void execInTransaction(F &&f, Args &&... args)
+ Here is the caller graph for this function:

◆ createRole_unsafe()

void Catalog_Namespace::SysCatalog::createRole_unsafe ( const std::string &  roleName,
const bool  userPrivateRole = false 
)
private

Definition at line 1761 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::dbId, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), OMNISCI_DEFAULT_DB, DBObjectKey::permissionType, DBObject::setObjectKey(), and to_upper().

1762  {
1763  sys_write_lock write_lock(this);
1764 
1765  auto* grantee = getGrantee(roleName);
1766  if (grantee) {
1767  throw std::runtime_error("CREATE ROLE " + roleName +
1768  " failed because grantee with this name already exists.");
1769  }
1770  if (userPrivateRole) {
1771  grantee = new User(roleName);
1772  } else {
1773  grantee = new Role(roleName);
1774  }
1775  granteeMap_[to_upper(roleName)] = grantee;
1776 
1777  // NOTE (max): Why create an empty privileges record for a role?
1778  /* grant none privileges to this role and add it to sqlite DB */
1780  DBObjectKey objKey;
1781  // 0 is an id that does not exist
1782  objKey.dbId = 0;
1784  dbObject.setObjectKey(objKey);
1785  grantee->grantPrivileges(dbObject);
1786 
1787  sys_sqlite_lock sqlite_lock(this);
1788  insertOrUpdateObjectPrivileges(sqliteConnector_, roleName, userPrivateRole, dbObject);
1789 }
Definition: Grantee.h:70
Definition: Grantee.h:76
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
std::string to_upper(const std::string &str)
int32_t dbId
Definition: DBObject.h:56
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:351
int32_t permissionType
Definition: DBObject.h:55
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:

◆ createUser()

void Catalog_Namespace::SysCatalog::createUser ( const std::string &  name,
const std::string &  passwd,
bool  issuper,
const std::string &  dbname,
bool  can_login 
)

Definition at line 804 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::g_log_user_id, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), setup::name, to_string(), and Catalog_Namespace::UserMetadata::userLoggable().

808  {
810  sys_sqlite_lock sqlite_lock(this);
811 
812  UserMetadata user;
813  if (getMetadataForUser(name, user)) {
814  throw runtime_error("User " + user.userLoggable() + " already exists.");
815  }
816  if (getGrantee(name)) {
817  std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
818  throw runtime_error(
819  "User " + loggable +
820  "is same as one of existing grantees. User and role names should be unique.");
821  }
822  sqliteConnector_->query("BEGIN TRANSACTION");
823  try {
824  std::vector<std::string> vals;
825  if (!dbname.empty()) {
826  DBMetadata db;
827  if (!SysCatalog::instance().getMetadataForDB(dbname, db)) {
828  throw runtime_error("DEFAULT_DB " + dbname + " not found.");
829  }
830  vals = {name,
831  hash_with_bcrypt(passwd),
832  std::to_string(issuper),
833  std::to_string(db.dbId),
834  std::to_string(can_login)};
835  sqliteConnector_->query_with_text_params(
836  "INSERT INTO mapd_users (name, passwd_hash, issuper, default_db, can_login) "
837  "VALUES (?, ?, ?, ?, ?)",
838  vals);
839  } else {
840  vals = {name,
841  hash_with_bcrypt(passwd),
842  std::to_string(issuper),
843  std::to_string(can_login)};
844  sqliteConnector_->query_with_text_params(
845  "INSERT INTO mapd_users (name, passwd_hash, issuper, can_login) "
846  "VALUES (?, ?, ?, ?)",
847  vals);
848  }
849  createRole_unsafe(name, true);
850  } catch (const std::exception& e) {
851  sqliteConnector_->query("ROLLBACK TRANSACTION");
852  throw;
853  }
854  sqliteConnector_->query("END TRANSACTION");
855 }
std::string name() const
Definition: SysCatalog.h:297
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole=false)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
static SysCatalog & instance()
Definition: SysCatalog.h:291
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:66
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
mapd_unique_lock< mapd_shared_mutex > write_lock
bool getMetadataForDB(const std::string &name, DBMetadata &db)
+ Here is the call graph for this function:

◆ createUserRoles()

void Catalog_Namespace::SysCatalog::createUserRoles ( )
private

Definition at line 294 of file SysCatalog.cpp.

References OMNISCI_ROOT_USER.

294  {
295  sys_sqlite_lock sqlite_lock(this);
296  sqliteConnector_->query("BEGIN TRANSACTION");
297  try {
298  sqliteConnector_->query(
299  "SELECT name FROM sqlite_master WHERE type='table' AND name='mapd_roles'");
300  if (sqliteConnector_->getNumRows() != 0) {
301  // already done
302  sqliteConnector_->query("END TRANSACTION");
303  return;
304  }
305  sqliteConnector_->query(
306  "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
307  "userName))");
308  // need to account for old conversions where we are building and moving
309  // from pre version 4.0 and 'mapd' was default superuser
310  sqliteConnector_->query("SELECT name FROM mapd_users WHERE name NOT IN ( \'" +
311  OMNISCI_ROOT_USER + "\', 'mapd')");
312  size_t numRows = sqliteConnector_->getNumRows();
313  vector<string> user_names;
314  for (size_t i = 0; i < numRows; ++i) {
315  user_names.push_back(sqliteConnector_->getData<string>(i, 0));
316  }
317  for (const auto& user_name : user_names) {
318  // for each user, create a fake role with the same name
319  sqliteConnector_->query_with_text_params(
320  "INSERT INTO mapd_roles(roleName, userName) VALUES (?, ?)",
321  vector<string>{user_name, user_name});
322  }
323  } catch (const std::exception&) {
324  sqliteConnector_->query("ROLLBACK TRANSACTION");
325  throw;
326  }
327  sqliteConnector_->query("END TRANSACTION");
328 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
const std::string OMNISCI_ROOT_USER
Definition: SysCatalog.h:59

◆ deleteObjectDescriptorMap() [1/2]

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap ( const std::string &  roleName)
private

Definition at line 1936 of file SysCatalog.cpp.

1936  {
1937  sys_write_lock write_lock(this);
1938 
1939  for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
1940  if (d->second->roleName == roleName) {
1941  delete d->second;
1942  d = objectDescriptorMap_.erase(d);
1943  } else {
1944  d++;
1945  }
1946  }
1947 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:408
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
mapd_unique_lock< mapd_shared_mutex > write_lock

◆ deleteObjectDescriptorMap() [2/2]

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap ( const std::string &  roleName,
DBObject object,
const Catalog_Namespace::Catalog cat 
)
private

Definition at line 1950 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), and to_string().

1952  {
1953  sys_write_lock write_lock(this);
1954  auto range = objectDescriptorMap_.equal_range(
1955  std::to_string(cat.getCurrentDB().dbId) + ":" +
1956  std::to_string(object.getObjectKey().permissionType) + ":" +
1957  std::to_string(object.getObjectKey().objectId));
1958  for (auto d = range.first; d != range.second;) {
1959  // remove the entry
1960  if (d->second->roleName == roleName) {
1961  delete d->second;
1962  d = objectDescriptorMap_.erase(d);
1963  } else {
1964  d++;
1965  }
1966  }
1967 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:408
std::string to_string(char const *&&v)
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
const DBMetadata & getCurrentDB() const
Definition: Catalog.h:221
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:

◆ dropDatabase()

void Catalog_Namespace::SysCatalog::dropDatabase ( const DBMetadata db)

Definition at line 1181 of file SysCatalog.cpp.

References cat(), DashboardDBObjectType, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, TableDBObjectType, run_benchmark_import::tables, and to_string().

1181  {
1182  sys_write_lock write_lock(this);
1183  sys_sqlite_lock sqlite_lock(this);
1185  sqliteConnector_->query("BEGIN TRANSACTION");
1186  try {
1187  // remove this database ID from any users that have it set as their default database
1188  sqliteConnector_->query_with_text_param(
1189  "UPDATE mapd_users SET default_db = NULL WHERE default_db = ?",
1190  std::to_string(db.dbId));
1191  /* revoke object privileges to all tables of the database being dropped */
1192  const auto tables = cat->getAllTableMetadata();
1193  for (const auto table : tables) {
1194  if (table->shard >= 0) {
1195  // skip shards, they're not standalone tables
1196  continue;
1197  }
1199  DBObject(table->tableName, TableDBObjectType), cat.get());
1200  }
1201  const auto dashboards = cat->getAllDashboardsMetadata();
1202  for (const auto dashboard : dashboards) {
1204  DBObject(dashboard->dashboardId, DashboardDBObjectType), cat.get());
1205  }
1206  /* revoke object privileges to the database being dropped */
1207  for (const auto& grantee : granteeMap_) {
1208  if (grantee.second->hasAnyPrivilegesOnDb(db.dbId, true)) {
1209  revokeAllOnDatabase_unsafe(grantee.second->getName(), db.dbId, grantee.second);
1210  }
1211  }
1212  sqliteConnector_->query_with_text_param("DELETE FROM mapd_databases WHERE dbid = ?",
1213  std::to_string(db.dbId));
1214  cat->eraseDBData();
1215  removeCatalog(db.dbName);
1216  } catch (const std::exception&) {
1217  sqliteConnector_->query("ROLLBACK TRANSACTION");
1218  throw;
1219  }
1220  sqliteConnector_->query("END TRANSACTION");
1221 }
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
void removeCatalog(const std::string &dbName)
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::string cat(Ts &&... args)
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:411
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:415
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:414
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:

◆ dropRole()

void Catalog_Namespace::SysCatalog::dropRole ( const std::string &  roleName)

Definition at line 2293 of file SysCatalog.cpp.

2293  {
2295 }
void execInTransaction(F &&f, Args &&... args)
void dropRole_unsafe(const std::string &roleName)

◆ dropRole_unsafe()

void Catalog_Namespace::SysCatalog::dropRole_unsafe ( const std::string &  roleName)
private

Definition at line 1791 of file SysCatalog.cpp.

References to_upper().

1791  {
1792  sys_write_lock write_lock(this);
1793 
1794  // it may very well be a user "role", so keep it generic
1795  auto* rl = getGrantee(roleName);
1796  if (rl) { // admin super user may not exist in roles
1797  delete rl;
1798  }
1799  granteeMap_.erase(to_upper(roleName));
1800 
1801  sys_sqlite_lock sqlite_lock(this);
1802  sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE roleName = ?",
1803  roleName);
1804  sqliteConnector_->query_with_text_param(
1805  "DELETE FROM mapd_object_permissions WHERE roleName = ?", roleName);
1806 }
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
std::string to_upper(const std::string &str)
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:

◆ dropUser()

void Catalog_Namespace::SysCatalog::dropUser ( const std::string &  name)

Definition at line 857 of file SysCatalog.cpp.

References Catalog_Namespace::g_log_user_id, to_string(), and Catalog_Namespace::UserMetadata::userId.

857  {
859  sys_sqlite_lock sqlite_lock(this);
860 
861  sqliteConnector_->query("BEGIN TRANSACTION");
862  try {
863  UserMetadata user;
864  if (!getMetadataForUser(name, user)) {
865  std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
866  throw runtime_error("Cannot drop user. User " + loggable + "does not exist.");
867  }
870  const std::string& roleName(name);
871  sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE userName = ?",
872  roleName);
873  sqliteConnector_->query("DELETE FROM mapd_users WHERE userid = " +
874  std::to_string(user.userId));
875  sqliteConnector_->query("DELETE FROM mapd_privileges WHERE userid = " +
876  std::to_string(user.userId));
877  } catch (const std::exception& e) {
878  sqliteConnector_->query("ROLLBACK TRANSACTION");
879  throw;
880  }
881  sqliteConnector_->query("END TRANSACTION");
882 }
std::string name() const
Definition: SysCatalog.h:297
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
void deleteObjectDescriptorMap(const std::string &roleName)
mapd_unique_lock< mapd_shared_mutex > write_lock
void dropRole_unsafe(const std::string &roleName)
+ Here is the call graph for this function:

◆ execInTransaction()

template<typename F , typename... Args>
void Catalog_Namespace::SysCatalog::execInTransaction ( F &&  f,
Args &&...  args 
)
private

Definition at line 2276 of file SysCatalog.cpp.

References run_benchmark_import::args.

2276  {
2277  sys_write_lock write_lock(this);
2278  sys_sqlite_lock sqlite_lock(this);
2279  sqliteConnector_->query("BEGIN TRANSACTION");
2280  try {
2281  (this->*f)(std::forward<Args>(args)...);
2282  } catch (std::exception&) {
2283  sqliteConnector_->query("ROLLBACK TRANSACTION");
2284  throw;
2285  }
2286  sqliteConnector_->query("END TRANSACTION");
2287 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
mapd_unique_lock< mapd_shared_mutex > write_lock

◆ getAllDBMetadata()

list< DBMetadata > Catalog_Namespace::SysCatalog::getAllDBMetadata ( )

Definition at line 1289 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, and Catalog_Namespace::DBMetadata::dbOwner.

1289  {
1290  sys_sqlite_lock sqlite_lock(this);
1291  sqliteConnector_->query("SELECT dbid, name, owner FROM mapd_databases");
1292  int numRows = sqliteConnector_->getNumRows();
1293  list<DBMetadata> db_list;
1294  for (int r = 0; r < numRows; ++r) {
1295  DBMetadata db;
1296  db.dbId = sqliteConnector_->getData<int>(r, 0);
1297  db.dbName = sqliteConnector_->getData<string>(r, 1);
1298  db.dbOwner = sqliteConnector_->getData<int>(r, 2);
1299  db_list.push_back(db);
1300  }
1301  return db_list;
1302 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409

◆ getAllUserMetadata() [1/2]

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( )

Definition at line 1345 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users().

1345  {
1346  sys_sqlite_lock sqlite_lock(this);
1347  return get_users(sqliteConnector_);
1348 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
auto get_users(std::unique_ptr< SqliteConnector > &sqliteConnector, const int32_t dbId=-1)
+ Here is the call graph for this function:

◆ getAllUserMetadata() [2/2]

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( const int64_t  dbId)

return the users associated with the given DB

Definition at line 1338 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users().

1338  {
1339  // this call is to return users that have some form of permissions to objects in the db
1340  // sadly mapd_object_permissions table is also misused to manage user roles.
1341  sys_sqlite_lock sqlite_lock(this);
1342  return get_users(sqliteConnector_, dbId);
1343 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
auto get_users(std::unique_ptr< SqliteConnector > &sqliteConnector, const int32_t dbId=-1)
+ Here is the call graph for this function:

◆ getBasePath()

const std::string& Catalog_Namespace::SysCatalog::getBasePath ( ) const
inline

Definition at line 194 of file SysCatalog.h.

194 { return basePath_; }

◆ getCalciteMgr()

Calcite& Catalog_Namespace::SysCatalog::getCalciteMgr ( ) const
inline

Definition at line 193 of file SysCatalog.h.

193 { return *calciteMgr_; }
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:414

◆ getCatalog() [1/3]

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const std::string &  dbName)

Definition at line 2445 of file SysCatalog.cpp.

Referenced by foreign_storage::cache_blocks(), foreign_storage::ForeignStorageMgr::checkIfS3NeedsToBeEnabled(), foreign_storage::ForeignStorageMgr::createDataWrapperIfNotExists(), foreign_storage::CachingForeignStorageMgr::fetchBuffer(), foreign_storage::ForeignStorageMgr::fetchBuffer(), foreign_storage::ParquetDataWrapper::fetchChunkMetadata(), foreign_storage::ForeignTableSchema::ForeignTableSchema(), foreign_storage::get_keys_set_from_table(), foreign_storage::get_keys_vec_from_table(), foreign_storage::csv_file_buffer_parser::ParseBufferRequest::getCatalog(), foreign_storage::ParquetDataWrapper::getColumnsToInitialize(), PersistentStorageMgr::isForeignStorage(), foreign_storage::ParquetDataWrapper::loadBuffersUsingLazyParquetChunkLoader(), foreign_storage::CsvDataWrapper::populateChunkBuffers(), foreign_storage::CsvDataWrapper::populateChunkMetadata(), anonymous_namespace{RelAlgExecutor.cpp}::prepare_foreign_table_for_execution(), foreign_storage::CachingForeignStorageMgr::refreshTableInCache(), and foreign_storage::CsvDataWrapper::updateMetadata().

2445  {
2446  dbid_to_cat_map::const_accessor cata;
2447  if (cat_map_.find(cata, dbName)) {
2448  return cata->second;
2449  } else {
2450  return nullptr;
2451  }
2452 }
+ Here is the caller graph for this function:

◆ getCatalog() [2/3]

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const int32_t  db_id)

Definition at line 2454 of file SysCatalog.cpp.

References cat(), and Catalog_Namespace::DBMetadata::dbName.

2454  {
2455  dbid_to_cat_map::const_accessor cata;
2456  for (dbid_to_cat_map::iterator cat_it = cat_map_.begin(); cat_it != cat_map_.end();
2457  ++cat_it) {
2458  if (cat_it->second->getDatabaseId() == db_id) {
2459  return cat_it->second;
2460  }
2461  }
2462  return nullptr;
2463 }
+ Here is the call graph for this function:

◆ getCatalog() [3/3]

std::shared_ptr<Catalog> Catalog_Namespace::SysCatalog::getCatalog ( const std::string &  basePath,
const DBMetadata curDB,
std::shared_ptr< Data_Namespace::DataMgr dataMgr,
const std::vector< LeafHostInfo > &  string_dict_hosts,
std::shared_ptr< Calcite calcite,
bool  is_new_db 
)

◆ getCatalogsForAllDbs()

std::vector< std::shared_ptr< Catalog > > Catalog_Namespace::SysCatalog::getCatalogsForAllDbs ( )

Definition at line 884 of file SysCatalog.cpp.

884  {
885  std::vector<std::shared_ptr<Catalog>> catalogs{};
886  const auto& db_metadata_list = getAllDBMetadata();
887  for (const auto& db_metadata : db_metadata_list) {
888  catalogs.emplace_back(getCatalog(
889  basePath_, db_metadata, dataMgr_, string_dict_hosts_, calciteMgr_, false));
890  }
891  return catalogs;
892 }
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:411
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
std::list< DBMetadata > getAllDBMetadata()
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:415
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:414

◆ getDatabaseListForUser()

DBSummaryList Catalog_Namespace::SysCatalog::getDatabaseListForUser ( const UserMetadata user)

Definition at line 1414 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, DatabaseDBObjectType, Catalog_Namespace::DBSummary::dbName, DBObject::loadKey(), and DBObject::setPrivileges().

Referenced by ShowDatabasesCommand::execute().

1414  {
1415  DBSummaryList ret;
1416 
1417  std::list<Catalog_Namespace::DBMetadata> db_list = getAllDBMetadata();
1418  std::list<Catalog_Namespace::UserMetadata> user_list = getAllUserMetadata();
1419 
1420  for (auto d : db_list) {
1421  DBObject dbObject(d.dbName, DatabaseDBObjectType);
1422  dbObject.loadKey();
1423  dbObject.setPrivileges(AccessPrivileges::ACCESS);
1424  if (!checkPrivileges(user, std::vector<DBObject>{dbObject})) {
1425  continue;
1426  }
1427  for (auto u : user_list) {
1428  if (d.dbOwner == u.userId) {
1429  ret.emplace_back(DBSummary{d.dbName, u.userName});
1430  break;
1431  }
1432  }
1433  }
1434 
1435  return ret;
1436 }
std::list< UserMetadata > getAllUserMetadata()
std::list< DBMetadata > getAllDBMetadata()
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
static const AccessPrivileges ACCESS
Definition: DBObject.h:154
std::list< DBSummary > DBSummaryList
Definition: SysCatalog.h:123
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getDataMgr()

Data_Namespace::DataMgr& Catalog_Namespace::SysCatalog::getDataMgr ( ) const
inline

Definition at line 192 of file SysCatalog.h.

Referenced by Executor::clearMemory(), and Executor::interrupt().

192 { return *dataMgr_; }
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:411
+ Here is the caller graph for this function:

◆ getDBObjectPrivileges()

void Catalog_Namespace::SysCatalog::getDBObjectPrivileges ( const std::string &  granteeName,
DBObject object,
const Catalog_Namespace::Catalog catalog 
) const

Definition at line 1739 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::isSuper.

1741  {
1742  sys_read_lock read_lock(this);
1743  UserMetadata user_meta;
1744 
1745  if (instance().getMetadataForUser(granteeName, user_meta)) {
1746  if (user_meta.isSuper) {
1747  throw runtime_error(
1748  "Request to show privileges from " + granteeName +
1749  " failed because user is super user and has all privileges by default.");
1750  }
1751  }
1752  auto* grantee = instance().getGrantee(granteeName);
1753  if (!grantee) {
1754  throw runtime_error("Request to show privileges for " + granteeName +
1755  " failed because role or user with this name does not exist.");
1756  }
1757  object.loadKey(catalog);
1758  grantee->getPrivileges(object, true);
1759 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
static SysCatalog & instance()
Definition: SysCatalog.h:291
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:111

◆ getDummyCatalog()

std::shared_ptr<Catalog> Catalog_Namespace::SysCatalog::getDummyCatalog ( )
inline

Definition at line 308 of file SysCatalog.h.

Referenced by Catalog_Namespace::Catalog::getObjForLock().

308 { return dummyCatalog_; }
std::shared_ptr< Catalog > dummyCatalog_
Definition: SysCatalog.h:432
+ Here is the caller graph for this function:

◆ getGrantee()

Grantee * Catalog_Namespace::SysCatalog::getGrantee ( const std::string &  name) const

Definition at line 2021 of file SysCatalog.cpp.

References to_upper().

Referenced by Catalog_Namespace::Catalog::renameTable().

2021  {
2022  sys_read_lock read_lock(this);
2023  auto grantee = granteeMap_.find(to_upper(name));
2024  if (grantee == granteeMap_.end()) { // check to make sure role exists
2025  return nullptr;
2026  }
2027  return grantee->second; // returns pointer to role
2028 }
std::string name() const
Definition: SysCatalog.h:297
std::string to_upper(const std::string &str)
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:111
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getGranteesOfSharedDashboards()

std::unordered_map< std::string, std::vector< std::string > > Catalog_Namespace::SysCatalog::getGranteesOfSharedDashboards ( const std::vector< std::string > &  dashboard_ids)

Definition at line 2414 of file SysCatalog.cpp.

References DashboardDBObjectType, and to_string().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

2414  {
2415  sys_sqlite_lock sqlite_lock(this);
2416  std::unordered_map<std::string, std::vector<std::string>> active_grantees;
2417  sqliteConnector_->query("BEGIN TRANSACTION");
2418  try {
2419  for (auto dash : dashboard_ids) {
2420  std::vector<std::string> grantees = {};
2421  sqliteConnector_->query_with_text_params(
2422  "SELECT roleName FROM mapd_object_permissions WHERE objectPermissions NOT IN "
2423  "(0,1) AND objectPermissionsType = ? AND objectId = ?",
2424  std::vector<std::string>{
2425  std::to_string(static_cast<int32_t>(DashboardDBObjectType)), dash});
2426  int num_rows = sqliteConnector_->getNumRows();
2427  if (num_rows == 0) {
2428  // no grantees
2429  continue;
2430  } else {
2431  for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
2432  grantees.push_back(sqliteConnector_->getData<string>(i, 0));
2433  }
2434  active_grantees[dash] = grantees;
2435  }
2436  }
2437  } catch (const std::exception& e) {
2438  sqliteConnector_->query("ROLLBACK TRANSACTION");
2439  throw;
2440  }
2441  sqliteConnector_->query("END TRANSACTION");
2442  return active_grantees;
2443 }
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadataForDB()

bool Catalog_Namespace::SysCatalog::getMetadataForDB ( const std::string &  name,
DBMetadata db 
)

Definition at line 1385 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, and Catalog_Namespace::DBMetadata::dbOwner.

1385  {
1386  sys_sqlite_lock sqlite_lock(this);
1387  sqliteConnector_->query_with_text_param(
1388  "SELECT dbid, name, owner FROM mapd_databases WHERE name = ?", name);
1389  int numRows = sqliteConnector_->getNumRows();
1390  if (numRows == 0) {
1391  return false;
1392  }
1393  db.dbId = sqliteConnector_->getData<int>(0, 0);
1394  db.dbName = sqliteConnector_->getData<string>(0, 1);
1395  db.dbOwner = sqliteConnector_->getData<int>(0, 2);
1396  return true;
1397 }
std::string name() const
Definition: SysCatalog.h:297
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409

◆ getMetadataForDBById()

bool Catalog_Namespace::SysCatalog::getMetadataForDBById ( const int32_t  idIn,
DBMetadata db 
)

Definition at line 1399 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and to_string().

1399  {
1400  sys_sqlite_lock sqlite_lock(this);
1401  sqliteConnector_->query_with_text_param(
1402  "SELECT dbid, name, owner FROM mapd_databases WHERE dbid = ?",
1403  std::to_string(idIn));
1404  int numRows = sqliteConnector_->getNumRows();
1405  if (numRows == 0) {
1406  return false;
1407  }
1408  db.dbId = sqliteConnector_->getData<int>(0, 0);
1409  db.dbName = sqliteConnector_->getData<string>(0, 1);
1410  db.dbOwner = sqliteConnector_->getData<int>(0, 2);
1411  return true;
1412 }
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
+ Here is the call graph for this function:

◆ getMetadataForObject()

std::vector< ObjectRoleDescriptor * > Catalog_Namespace::SysCatalog::getMetadataForObject ( int32_t  dbId,
int32_t  dbType,
int32_t  objectId 
) const

Definition at line 2039 of file SysCatalog.cpp.

References to_string().

Referenced by Catalog_Namespace::Catalog::renameTable().

2039  {
2040  sys_read_lock read_lock(this);
2041  std::vector<ObjectRoleDescriptor*> objectsList;
2042 
2043  auto range = objectDescriptorMap_.equal_range(std::to_string(dbId) + ":" +
2044  std::to_string(dbType) + ":" +
2045  std::to_string(objectId));
2046  for (auto d = range.first; d != range.second; ++d) {
2047  objectsList.push_back(d->second);
2048  }
2049  return objectsList; // return pointers to objects
2050 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:408
std::string to_string(char const *&&v)
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:111
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getMetadataForUser()

bool Catalog_Namespace::SysCatalog::getMetadataForUser ( const std::string &  name,
UserMetadata user 
)

Definition at line 1271 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite().

1271  {
1272  sys_sqlite_lock sqlite_lock(this);
1273  sqliteConnector_->query_with_text_param(
1274  "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
1275  "WHERE name = ?",
1276  name);
1278 }
std::string name() const
Definition: SysCatalog.h:297
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
static bool parseUserMetadataFromSQLite(const std::unique_ptr< SqliteConnector > &conn, UserMetadata &user)
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
+ Here is the call graph for this function:

◆ getMetadataForUserById()

bool Catalog_Namespace::SysCatalog::getMetadataForUserById ( const int32_t  idIn,
UserMetadata user 
)

Definition at line 1280 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite(), and to_string().

1280  {
1281  sys_sqlite_lock sqlite_lock(this);
1282  sqliteConnector_->query_with_text_param(
1283  "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
1284  "WHERE userid = ?",
1285  std::to_string(idIn));
1287 }
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
static bool parseUserMetadataFromSQLite(const std::unique_ptr< SqliteConnector > &conn, UserMetadata &user)
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
+ Here is the call graph for this function:

◆ getMetadataWithDefaultDB()

void Catalog_Namespace::SysCatalog::getMetadataWithDefaultDB ( std::string &  dbname,
const std::string &  username,
Catalog_Namespace::DBMetadata db_meta,
UserMetadata user_meta 
)

Definition at line 1350 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::UserMetadata::defaultDbId, Catalog_Namespace::g_log_user_id, OMNISCI_DEFAULT_DB, to_string(), Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

1353  {
1354  if (!getMetadataForUser(username, user_meta)) {
1355  throw std::runtime_error("Invalid credentials.");
1356  }
1357 
1358  if (!dbname.empty()) {
1359  if (!getMetadataForDB(dbname, db_meta)) {
1360  throw std::runtime_error("Database name " + dbname + " does not exist.");
1361  }
1362  // loaded the requested database
1363  } else {
1364  if (user_meta.defaultDbId != -1) {
1365  if (!getMetadataForDBById(user_meta.defaultDbId, db_meta)) {
1366  std::string loggable = g_log_user_id ? std::string("") : ' ' + user_meta.userName;
1367  throw std::runtime_error(
1368  "Server error: User #" + std::to_string(user_meta.userId) + loggable +
1369  " has invalid default_db #" + std::to_string(user_meta.defaultDbId) +
1370  " which does not exist.");
1371  }
1372  dbname = db_meta.dbName;
1373  // loaded the user's default database
1374  } else {
1375  if (!getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta)) {
1376  throw std::runtime_error(std::string("Database ") + OMNISCI_DEFAULT_DB +
1377  " does not exist.");
1378  }
1379  dbname = OMNISCI_DEFAULT_DB;
1380  // loaded the mapd database by default
1381  }
1382  }
1383 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string to_string(char const *&&v)
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)
bool getMetadataForDB(const std::string &name, DBMetadata &db)
+ Here is the call graph for this function:

◆ getRoleGrantee()

Role * Catalog_Namespace::SysCatalog::getRoleGrantee ( const std::string &  name) const

Definition at line 2030 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles(), and Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

2030  {
2031  return dynamic_cast<Role*>(getGrantee(name));
2032 }
std::string name() const
Definition: SysCatalog.h:297
Definition: Grantee.h:76
Grantee * getGrantee(const std::string &name) const
+ Here is the caller graph for this function:

◆ getRoles() [1/2]

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles ( bool  userPrivateRole,
bool  isSuper,
const std::string &  userName 
)

Definition at line 2099 of file SysCatalog.cpp.

2101  {
2102  sys_read_lock read_lock(this);
2103  std::vector<std::string> roles;
2104  for (auto& grantee : granteeMap_) {
2105  if (!userPrivateRole && grantee.second->isUser()) {
2106  continue;
2107  }
2108  if (!isSuper && !isRoleGrantedToGrantee(userName, grantee.second->getName(), false)) {
2109  continue;
2110  }
2111  if (isDashboardSystemRole(grantee.second->getName())) {
2112  continue;
2113  }
2114  roles.push_back(grantee.second->getName());
2115  }
2116  return roles;
2117 }
bool isDashboardSystemRole(const std::string &roleName)
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:111

◆ getRoles() [2/2]

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles ( const std::string &  userName,
const int32_t  dbId 
)

Definition at line 2078 of file SysCatalog.cpp.

References to_string().

2079  {
2080  sys_sqlite_lock sqlite_lock(this);
2081  std::string sql =
2082  "SELECT DISTINCT roleName FROM mapd_object_permissions WHERE "
2083  "objectPermissions<>0 "
2084  "AND roleType=0 AND dbId=" +
2085  std::to_string(dbId);
2086  sqliteConnector_->query(sql);
2087  int numRows = sqliteConnector_->getNumRows();
2088  std::vector<std::string> roles(0);
2089  for (int r = 0; r < numRows; ++r) {
2090  auto roleName = sqliteConnector_->getData<string>(r, 0);
2091  if (isRoleGrantedToGrantee(userName, roleName, false) &&
2092  !isDashboardSystemRole(roleName)) {
2093  roles.push_back(roleName);
2094  }
2095  }
2096  return roles;
2097 }
bool isDashboardSystemRole(const std::string &roleName)
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
+ Here is the call graph for this function:

◆ getSqliteConnector()

SqliteConnector* Catalog_Namespace::SysCatalog::getSqliteConnector ( )
inline

Definition at line 195 of file SysCatalog.h.

References Catalog_Namespace::UserMetadata::isSuper, run_benchmark_import::type, and Catalog_Namespace::UserMetadata::userName.

195 { return sqliteConnector_.get(); }
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409

◆ getUserGrantee()

User * Catalog_Namespace::SysCatalog::getUserGrantee ( const std::string &  name) const

Definition at line 2034 of file SysCatalog.cpp.

2034  {
2035  return dynamic_cast<User*>(getGrantee(name));
2036 }
std::string name() const
Definition: SysCatalog.h:297
Definition: Grantee.h:70
Grantee * getGrantee(const std::string &name) const

◆ grantAllOnDatabase_unsafe()

void Catalog_Namespace::SysCatalog::grantAllOnDatabase_unsafe ( const std::string &  roleName,
DBObject object,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1554 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, g_enable_fsi, ServerDBObjectType, DBObject::setPermissionType(), DBObject::setPrivileges(), TableDBObjectType, AccessPrivileges::VIEW_SQL_EDITOR, and ViewDBObjectType.

1556  {
1557  // It's a separate use case because it's easier for implementation to convert ALL ON
1558  // DATABASE into ALL ON DASHBOARDS, ALL ON VIEWS and ALL ON TABLES
1559  // Add DB Access privileges
1560  DBObject tmp_object = object;
1563  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1566  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1569  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1571  tmp_object.setPermissionType(ViewDBObjectType);
1572  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1573 
1574  if (g_enable_fsi) {
1577  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1578  }
1579 
1582  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1583  return;
1584 }
static const AccessPrivileges VIEW_SQL_EDITOR
Definition: DBObject.h:153
bool g_enable_fsi
Definition: Catalog.cpp:91
void setPrivileges(const AccessPrivileges &privs)
Definition: DBObject.h:217
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
static const AccessPrivileges ALL_VIEW
Definition: DBObject.h:178
void setPermissionType(const DBObjectType &permissionType)
Definition: DBObject.cpp:149
static const AccessPrivileges ALL_SERVER
Definition: DBObject.h:188
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:170
static const AccessPrivileges ACCESS
Definition: DBObject.h:154
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:158
+ Here is the call graph for this function:

◆ grantDBObjectPrivileges()

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges ( const std::string &  grantee,
const DBObject object,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 2315 of file SysCatalog.cpp.

2317  {
2319  &SysCatalog::grantDBObjectPrivileges_unsafe, grantee, object, catalog);
2320 }
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&... args)

◆ grantDBObjectPrivileges_unsafe()

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges_unsafe ( const std::string &  granteeName,
const DBObject  object,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1517 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, DatabaseDBObjectType, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), and Catalog_Namespace::UserMetadata::isSuper.

1520  {
1521  object.loadKey(catalog);
1522  if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
1523  object.getObjectKey().permissionType == DatabaseDBObjectType) {
1524  return grantAllOnDatabase_unsafe(granteeName, object, catalog);
1525  }
1526 
1527  sys_write_lock write_lock(this);
1528 
1529  UserMetadata user_meta;
1530  if (instance().getMetadataForUser(granteeName, user_meta)) {
1531  if (user_meta.isSuper) {
1532  // super doesn't have explicit privileges so nothing to do
1533  return;
1534  }
1535  }
1536  auto* grantee = instance().getGrantee(granteeName);
1537  if (!grantee) {
1538  throw runtime_error("Request to grant privileges to " + granteeName +
1539  " failed because role or user with this name does not exist.");
1540  }
1541  grantee->grantPrivileges(object);
1542 
1543  /* apply grant privileges statement to sqlite DB */
1544  std::vector<std::string> objectKey = object.toString();
1545  object.resetPrivileges();
1546  grantee->getPrivileges(object, true);
1547 
1548  sys_sqlite_lock sqlite_lock(this);
1550  sqliteConnector_, granteeName, grantee->isUser(), object);
1551  updateObjectDescriptorMap(granteeName, object, grantee->isUser(), catalog);
1552 }
static const int32_t ALL
Definition: DBObject.h:79
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
static SysCatalog & instance()
Definition: SysCatalog.h:291
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:351
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:

◆ grantDBObjectPrivilegesBatch()

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch ( const std::vector< std::string > &  grantees,
const std::vector< DBObject > &  objects,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 2322 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

2324  {
2326  &SysCatalog::grantDBObjectPrivilegesBatch_unsafe, grantees, objects, catalog);
2327 }
void grantDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&... args)
+ Here is the caller graph for this function:

◆ grantDBObjectPrivilegesBatch_unsafe()

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch_unsafe ( const std::vector< std::string > &  grantees,
const std::vector< DBObject > &  objects,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1505 of file SysCatalog.cpp.

1508  {
1509  for (const auto& grantee : grantees) {
1510  for (const auto& object : objects) {
1511  grantDBObjectPrivileges_unsafe(grantee, object, catalog);
1512  }
1513  }
1514 }
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)

◆ grantDefaultPrivilegesToRole_unsafe()

void Catalog_Namespace::SysCatalog::grantDefaultPrivilegesToRole_unsafe ( const std::string &  name,
bool  issuper 
)
private

◆ grantRole()

void Catalog_Namespace::SysCatalog::grantRole ( const std::string &  role,
const std::string &  grantee 
)

Definition at line 2302 of file SysCatalog.cpp.

2302  {
2304 }
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName)
void execInTransaction(F &&f, Args &&... args)

◆ grantRole_unsafe()

void Catalog_Namespace::SysCatalog::grantRole_unsafe ( const std::string &  roleName,
const std::string &  granteeName 
)
private

Definition at line 1818 of file SysCatalog.cpp.

1819  {
1820  auto* rl = getRoleGrantee(roleName);
1821  if (!rl) {
1822  throw runtime_error("Request to grant role " + roleName +
1823  " failed because role with this name does not exist.");
1824  }
1825  auto* grantee = getGrantee(granteeName);
1826  if (!grantee) {
1827  throw runtime_error("Request to grant role " + roleName + " failed because grantee " +
1828  granteeName + " does not exist.");
1829  }
1830  sys_write_lock write_lock(this);
1831  if (!grantee->hasRole(rl, true)) {
1832  grantee->grantRole(rl);
1833  sys_sqlite_lock sqlite_lock(this);
1834  sqliteConnector_->query_with_text_params(
1835  "INSERT INTO mapd_roles(roleName, userName) VALUES (?, ?)",
1836  std::vector<std::string>{rl->getName(), grantee->getName()});
1837  }
1838 }
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
mapd_unique_lock< mapd_shared_mutex > write_lock
Role * getRoleGrantee(const std::string &name) const

◆ grantRoleBatch()

void Catalog_Namespace::SysCatalog::grantRoleBatch ( const std::vector< std::string > &  roles,
const std::vector< std::string > &  grantees 
)

Definition at line 2297 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

2298  {
2300 }
void grantRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void execInTransaction(F &&f, Args &&... args)
+ Here is the caller graph for this function:

◆ grantRoleBatch_unsafe()

void Catalog_Namespace::SysCatalog::grantRoleBatch_unsafe ( const std::vector< std::string > &  roles,
const std::vector< std::string > &  grantees 
)
private

Definition at line 1808 of file SysCatalog.cpp.

1809  {
1810  for (const auto& role : roles) {
1811  for (const auto& grantee : grantees) {
1812  grantRole_unsafe(role, grantee);
1813  }
1814  }
1815 }
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName)

◆ hasAnyPrivileges()

bool Catalog_Namespace::SysCatalog::hasAnyPrivileges ( const UserMetadata user,
std::vector< DBObject > &  privObjects 
)

Definition at line 1969 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

1970  {
1971  sys_read_lock read_lock(this);
1972  if (user.isSuper) {
1973  return true;
1974  }
1975  auto* user_rl = instance().getUserGrantee(user.userName);
1976  if (!user_rl) {
1977  throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
1978  " does not exist.");
1979  }
1980  for (std::vector<DBObject>::iterator objectIt = privObjects.begin();
1981  objectIt != privObjects.end();
1982  ++objectIt) {
1983  if (!user_rl->hasAnyPrivileges(*objectIt, false)) {
1984  return false;
1985  }
1986  }
1987  return true;
1988 }
User * getUserGrantee(const std::string &name) const
static SysCatalog & instance()
Definition: SysCatalog.h:291
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:111
+ Here is the call graph for this function:

◆ importDataFromOldMapdDB()

void Catalog_Namespace::SysCatalog::importDataFromOldMapdDB ( )
private

Definition at line 245 of file SysCatalog.cpp.

References logger::ERROR, logger::INFO, LOG, and OMNISCI_SYSTEM_CATALOG.

245  {
246  sys_sqlite_lock sqlite_lock(this);
247  std::string mapd_db_path = basePath_ + "/mapd_catalogs/mapd";
248  sqliteConnector_->query("ATTACH DATABASE `" + mapd_db_path + "` as old_cat");
249  sqliteConnector_->query("BEGIN TRANSACTION");
250  LOG(INFO) << "Moving global metadata into a separate catalog";
251  try {
252  auto moveTableIfExists = [conn = sqliteConnector_.get()](const std::string& tableName,
253  bool deleteOld = true) {
254  conn->query("SELECT sql FROM old_cat.sqlite_master WHERE type='table' AND name='" +
255  tableName + "'");
256  if (conn->getNumRows() != 0) {
257  conn->query(conn->getData<string>(0, 0));
258  conn->query("INSERT INTO " + tableName + " SELECT * FROM old_cat." + tableName);
259  if (deleteOld) {
260  conn->query("DROP TABLE old_cat." + tableName);
261  }
262  }
263  };
264  moveTableIfExists("mapd_users");
265  moveTableIfExists("mapd_databases");
266  moveTableIfExists("mapd_roles");
267  moveTableIfExists("mapd_object_permissions");
268  moveTableIfExists("mapd_privileges");
269  moveTableIfExists("mapd_version_history", false);
270  } catch (const std::exception& e) {
271  LOG(ERROR) << "Failed to move global metadata into a separate catalog: " << e.what();
272  sqliteConnector_->query("ROLLBACK TRANSACTION");
273  try {
274  sqliteConnector_->query("DETACH DATABASE old_cat");
275  } catch (const std::exception&) {
276  // nothing to do here
277  }
278  throw;
279  }
280  sqliteConnector_->query("END TRANSACTION");
281  const std::string sys_catalog_path =
282  basePath_ + "/mapd_catalogs/" + OMNISCI_SYSTEM_CATALOG;
283  LOG(INFO) << "Global metadata has been successfully moved into a separate catalog: "
284  << sys_catalog_path
285  << ". Using this database with an older version of omnisci_server "
286  "is now impossible.";
287  try {
288  sqliteConnector_->query("DETACH DATABASE old_cat");
289  } catch (const std::exception&) {
290  // nothing to do here
291  }
292 }
#define LOG(tag)
Definition: Logger.h:188
const std::string OMNISCI_SYSTEM_CATALOG
Definition: SysCatalog.h:57
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409

◆ init()

void Catalog_Namespace::SysCatalog::init ( const std::string &  basePath,
std::shared_ptr< Data_Namespace::DataMgr dataMgr,
const AuthMetadata authMetadata,
std::shared_ptr< Calcite calcite,
bool  is_new_db,
bool  aggregator,
const std::vector< LeafHostInfo > &  string_dict_hosts 
)

Definition at line 118 of file SysCatalog.cpp.

References OMNISCI_SYSTEM_CATALOG.

124  {
125  {
127  sys_sqlite_lock sqlite_lock(this);
128 
129  basePath_ = basePath;
130  dataMgr_ = dataMgr;
131  authMetadata_ = &authMetadata;
132  pki_server_.reset(new PkiServer(*authMetadata_));
133  calciteMgr_ = calcite;
134  string_dict_hosts_ = string_dict_hosts;
135  aggregator_ = aggregator;
136  bool db_exists =
137  boost::filesystem::exists(basePath_ + "/mapd_catalogs/" + OMNISCI_SYSTEM_CATALOG);
138  sqliteConnector_.reset(
139  new SqliteConnector(OMNISCI_SYSTEM_CATALOG, basePath_ + "/mapd_catalogs/"));
140  if (is_new_db) {
141  initDB();
142  } else {
143  if (!db_exists) {
145  }
147  }
148  buildRoleMap();
151  }
152 }
const std::string OMNISCI_SYSTEM_CATALOG
Definition: SysCatalog.h:57
std::unique_ptr< PkiServer > pki_server_
Definition: SysCatalog.h:412
const AuthMetadata * authMetadata_
Definition: SysCatalog.h:413
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:411
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:415
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:414
mapd_unique_lock< mapd_shared_mutex > write_lock

◆ initDB()

void Catalog_Namespace::SysCatalog::initDB ( )
private

Definition at line 170 of file SysCatalog.cpp.

References anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), OMNISCI_DEFAULT_DB, OMNISCI_ROOT_PASSWD_DEFAULT, OMNISCI_ROOT_USER, OMNISCI_ROOT_USER_ID, and OMNISCI_ROOT_USER_ID_STR.

170  {
171  sys_sqlite_lock sqlite_lock(this);
172  sqliteConnector_->query("BEGIN TRANSACTION");
173  try {
174  sqliteConnector_->query(
175  "CREATE TABLE mapd_users (userid integer primary key, name text unique, "
176  "passwd_hash text, issuper boolean, default_db integer references "
177  "mapd_databases, can_login boolean)");
178  sqliteConnector_->query_with_text_params(
179  "INSERT INTO mapd_users VALUES (?, ?, ?, 1, NULL, 1)",
180  std::vector<std::string>{OMNISCI_ROOT_USER_ID_STR,
183  sqliteConnector_->query(
184  "CREATE TABLE mapd_databases (dbid integer primary key, name text unique, owner "
185  "integer references mapd_users)");
186  sqliteConnector_->query(
187  "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
188  "userName))");
189  sqliteConnector_->query(
190  "CREATE TABLE mapd_object_permissions ("
191  "roleName text, "
192  "roleType bool, "
193  "dbId integer references mapd_databases, "
194  "objectName text, "
195  "objectId integer, "
196  "objectPermissionsType integer, "
197  "objectPermissions integer, "
198  "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
199  "objectId))");
200  } catch (const std::exception&) {
201  sqliteConnector_->query("ROLLBACK TRANSACTION");
202  throw;
203  }
204  sqliteConnector_->query("END TRANSACTION");
207 }
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole=false)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:66
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
const std::string OMNISCI_ROOT_USER
Definition: SysCatalog.h:59
const std::string OMNISCI_ROOT_PASSWD_DEFAULT
Definition: SysCatalog.h:62
const int OMNISCI_ROOT_USER_ID
Definition: SysCatalog.h:60
const std::string OMNISCI_ROOT_USER_ID_STR
Definition: SysCatalog.h:61
void createDatabase(const std::string &dbname, int owner)
+ Here is the call graph for this function:

◆ instance()

static SysCatalog& Catalog_Namespace::SysCatalog::instance ( )
inlinestatic

Definition at line 291 of file SysCatalog.h.

Referenced by foreign_storage::cache_blocks(), AlterForeignServerCommand::changeForeignServerOwner(), Catalog_Namespace::SessionInfo::checkDBAccessPrivileges(), foreign_storage::ForeignStorageMgr::checkIfS3NeedsToBeEnabled(), checkPermissionForTables(), QueryRunner::QueryRunner::clearCpuMemory(), QueryRunner::QueryRunner::clearGpuMemory(), Executor::clearMemory(), Catalog_Namespace::Catalog::createDashboardSystemRoles(), foreign_storage::ForeignStorageMgr::createDataWrapperIfNotExists(), Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole(), EmbeddedDatabase::DBEngineImpl::DBEngineImpl(), Catalog_Namespace::Catalog::deleteMetadataForDashboards(), Catalog_Namespace::Catalog::doTruncateTable(), Catalog_Namespace::Catalog::dropTable(), CreateForeignServerCommand::execute(), DropForeignServerCommand::execute(), CreateForeignTableCommand::execute(), ShowDatabasesCommand::execute(), RefreshForeignTablesCommand::execute(), foreign_storage::CachingForeignStorageMgr::fetchBuffer(), foreign_storage::ForeignStorageMgr::fetchBuffer(), foreign_storage::ParquetDataWrapper::fetchChunkMetadata(), Catalog_Namespace::Catalog::filterTableByTypeAndUser(), foreign_storage::ForeignTableSchema::ForeignTableSchema(), foreign_storage::get_keys_set_from_table(), foreign_storage::get_keys_vec_from_table(), foreign_storage::csv_file_buffer_parser::ParseBufferRequest::getCatalog(), foreign_storage::ParquetDataWrapper::getColumnsToInitialize(), QueryRunner::QueryRunner::getExecutor(), Catalog_Namespace::Catalog::getForeignServersForUser(), Catalog_Namespace::Catalog::getObjForLock(), QueryRunner::QueryRunner::getParsedQueryHint(), Catalog_Namespace::Catalog::getTableNamesForUser(), Catalog_Namespace::Catalog::getTablesMetadataForUser(), Catalog_Namespace::anonymous_namespace{Catalog.cpp}::getUserFromId(), Executor::interrupt(), PersistentStorageMgr::isForeignStorage(), foreign_storage::ParquetDataWrapper::loadBuffersUsingLazyParquetChunkLoader(), DBObject::loadKey(), main(), foreign_storage::CsvDataWrapper::populateChunkBuffers(), foreign_storage::CsvDataWrapper::populateChunkMetadata(), anonymous_namespace{RelAlgExecutor.cpp}::prepare_foreign_table_for_execution(), QueryRunner::QueryRunner::QueryRunner(), Catalog_Namespace::Catalog::recordOwnershipOfObjectsInObjectPermissions(), foreign_storage::CachingForeignStorageMgr::refreshTableInCache(), Catalog_Namespace::Catalog::removeTableFromMap(), AlterForeignServerCommand::renameForeignServer(), Catalog_Namespace::Catalog::renameTable(), QueryRunner::QueryRunner::runDDLStatement(), QueryRunner::QueryRunner::runSelectQuery(), QueryRunner::QueryRunner::runSQL(), QueryRunner::QueryRunner::runSQLWithAllowingInterrupt(), foreign_storage::ForeignTableRefreshScheduler::start(), and foreign_storage::CsvDataWrapper::updateMetadata().

291  {
292  static SysCatalog sys_cat{};
293  return sys_cat;
294  }

◆ isAggregator()

bool Catalog_Namespace::SysCatalog::isAggregator ( ) const
inline

Definition at line 290 of file SysCatalog.h.

290 { return aggregator_; }

◆ isDashboardSystemRole()

bool Catalog_Namespace::SysCatalog::isDashboardSystemRole ( const std::string &  roleName)
private

Definition at line 2074 of file SysCatalog.cpp.

References SYSTEM_ROLE_TAG().

2074  {
2075  return boost::algorithm::ends_with(roleName, SYSTEM_ROLE_TAG);
2076 }
static const std::string SYSTEM_ROLE_TAG("#dash_system_role")
specifies the content in-memory of a row in the dashboard
+ Here is the call graph for this function:

◆ isRoleGrantedToGrantee()

bool Catalog_Namespace::SysCatalog::isRoleGrantedToGrantee ( const std::string &  granteeName,
const std::string &  roleName,
bool  only_direct 
) const

Definition at line 2052 of file SysCatalog.cpp.

References CHECK.

2054  {
2055  sys_read_lock read_lock(this);
2056  if (roleName == granteeName) {
2057  return true;
2058  }
2059  bool is_role_granted = false;
2060  auto* target_role = instance().getRoleGrantee(roleName);
2061  auto has_role = [&](auto grantee_rl) {
2062  is_role_granted = target_role && grantee_rl->hasRole(target_role, only_direct);
2063  };
2064  if (auto* user_role = instance().getUserGrantee(granteeName); user_role) {
2065  has_role(user_role);
2066  } else if (auto* role = instance().getRoleGrantee(granteeName); role) {
2067  has_role(role);
2068  } else {
2069  CHECK(false);
2070  }
2071  return is_role_granted;
2072 }
bool hasRole(Role *role, bool only_direct) const
Definition: Grantee.cpp:42
User * getUserGrantee(const std::string &name) const
static SysCatalog & instance()
Definition: SysCatalog.h:291
mapd_shared_lock< mapd_shared_mutex > read_lock
#define CHECK(condition)
Definition: Logger.h:197
Role * getRoleGrantee(const std::string &name) const
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:111

◆ login()

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::login ( std::string &  db,
std::string &  username,
const std::string &  password,
UserMetadata user_meta,
bool  check_password = true 
)

logins (connects) a user against a database.

throws a std::exception in all error cases! (including wrong password)

Definition at line 738 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::can_login.

742  {
743  // NOTE(sy): The dbname isn't const because getMetadataWithDefaultDB()
744  // can reset it. The username isn't const because SamlServer's
745  // login()/authenticate_user() can reset it.
746 
748  if (check_password) {
749  loginImpl(username, password, user_meta);
750  } else { // not checking for password so user must exist
751  if (!getMetadataForUser(username, user_meta)) {
752  throw std::runtime_error("Invalid credentials.");
753  }
754  }
755  // we should have a user and user_meta by now
756  if (!user_meta.can_login) {
757  throw std::runtime_error("Unauthorized Access: User " + username + " is deactivated");
758  }
760  getMetadataWithDefaultDB(dbname, username, db_meta, user_meta);
761  return getCatalog(basePath_, db_meta, dataMgr_, string_dict_hosts_, calciteMgr_, false);
762 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
void loginImpl(std::string &username, const std::string &password, UserMetadata &user_meta)
Definition: SysCatalog.cpp:765
void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:411
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:415
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:414
mapd_unique_lock< mapd_shared_mutex > write_lock

◆ loginImpl()

void Catalog_Namespace::SysCatalog::loginImpl ( std::string &  username,
const std::string &  password,
UserMetadata user_meta 
)
private

Definition at line 765 of file SysCatalog.cpp.

767  {
768  if (!checkPasswordForUser(password, username, user_meta)) {
769  throw std::runtime_error("Authentication failure");
770  }
771 }
bool checkPasswordForUser(const std::string &passwd, std::string &name, UserMetadata &user)

◆ migrateDBAccessPrivileges()

void Catalog_Namespace::SysCatalog::migrateDBAccessPrivileges ( )
private

Definition at line 643 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, CHECK, DatabaseDBObjectType, DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, logger::ERROR, logger::INFO, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), LOG, MAPD_VERSION, OMNISCI_ROOT_USER_ID, DBObjectKey::permissionType, DBObject::setName(), DBObject::setObjectType(), to_string(), DBObject::updatePrivileges(), and AccessPrivileges::VIEW_SQL_EDITOR.

643  {
644  sys_sqlite_lock sqlite_lock(this);
645  sqliteConnector_->query("BEGIN TRANSACTION");
646  try {
647  sqliteConnector_->query(
648  "select name from sqlite_master WHERE type='table' AND "
649  "name='mapd_version_history'");
650  if (sqliteConnector_->getNumRows() == 0) {
651  sqliteConnector_->query(
652  "CREATE TABLE mapd_version_history(version integer, migration_history text "
653  "unique)");
654  } else {
655  sqliteConnector_->query(
656  "select * from mapd_version_history where migration_history = "
657  "'db_access_privileges'");
658  if (sqliteConnector_->getNumRows() != 0) {
659  // both privileges migrated
660  // no need for further execution
661  sqliteConnector_->query("END TRANSACTION");
662  return;
663  }
664  }
665  // Insert check for migration
666  sqliteConnector_->query_with_text_params(
667  "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
668  std::vector<std::string>{std::to_string(MAPD_VERSION), "db_access_privileges"});
669 
670  sqliteConnector_->query("select dbid, name from mapd_databases");
671  std::unordered_map<int, string> databases;
672  for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
673  databases[sqliteConnector_->getData<int>(i, 0)] =
674  sqliteConnector_->getData<string>(i, 1);
675  }
676 
677  sqliteConnector_->query("select userid, name from mapd_users");
678  std::unordered_map<int, string> users;
679  for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
680  users[sqliteConnector_->getData<int>(i, 0)] =
681  sqliteConnector_->getData<string>(i, 1);
682  }
683 
684  // All existing users by default will be granted DB Access permissions
685  // and view sql editor privileges
686  DBMetadata dbmeta;
687  for (auto db_ : databases) {
688  CHECK(SysCatalog::instance().getMetadataForDB(db_.second, dbmeta));
689  for (auto user : users) {
690  if (user.first != OMNISCI_ROOT_USER_ID) {
691  {
692  DBObjectKey key;
694  key.dbId = dbmeta.dbId;
695 
696  // access permission;
697  DBObject object_access(key, AccessPrivileges::ACCESS, dbmeta.dbOwner);
698  object_access.setObjectType(DBObjectType::DatabaseDBObjectType);
699  object_access.setName(dbmeta.dbName);
700  // sql_editor permission
701  DBObject object_editor(
702  key, AccessPrivileges::VIEW_SQL_EDITOR, dbmeta.dbOwner);
703  object_editor.setObjectType(DBObjectType::DatabaseDBObjectType);
704  object_editor.setName(dbmeta.dbName);
705  object_editor.updatePrivileges(object_access);
707  sqliteConnector_, user.second, true, object_editor);
708  }
709  }
710  }
711  }
712  } catch (const std::exception& e) {
713  LOG(ERROR) << "Failed to migrate db access privileges: " << e.what();
714  sqliteConnector_->query("ROLLBACK TRANSACTION");
715  throw;
716  }
717  sqliteConnector_->query("END TRANSACTION");
718  LOG(INFO) << "Successfully migrated db access privileges";
719 }
static const AccessPrivileges VIEW_SQL_EDITOR
Definition: DBObject.h:153
#define LOG(tag)
Definition: Logger.h:188
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
static SysCatalog & instance()
Definition: SysCatalog.h:291
static const int32_t MAPD_VERSION
Definition: release.h:33
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
const int OMNISCI_ROOT_USER_ID
Definition: SysCatalog.h:60
int32_t dbId
Definition: DBObject.h:56
static const AccessPrivileges ACCESS
Definition: DBObject.h:154
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:351
#define CHECK(condition)
Definition: Logger.h:197
int32_t permissionType
Definition: DBObject.h:55
bool getMetadataForDB(const std::string &name, DBMetadata &db)
+ Here is the call graph for this function:

◆ migratePrivileged_old()

void Catalog_Namespace::SysCatalog::migratePrivileged_old ( )
private

Definition at line 721 of file SysCatalog.cpp.

721  {
722  sys_sqlite_lock sqlite_lock(this);
723 
724  sqliteConnector_->query("BEGIN TRANSACTION");
725  try {
726  sqliteConnector_->query(
727  "CREATE TABLE IF NOT EXISTS mapd_privileges (userid integer references "
728  "mapd_users, dbid integer references "
729  "mapd_databases, select_priv boolean, insert_priv boolean, UNIQUE(userid, "
730  "dbid))");
731  } catch (const std::exception& e) {
732  sqliteConnector_->query("ROLLBACK TRANSACTION");
733  throw;
734  }
735  sqliteConnector_->query("END TRANSACTION");
736 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409

◆ migratePrivileges()

void Catalog_Namespace::SysCatalog::migratePrivileges ( )
private

Definition at line 383 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD_MIGRATE, AccessPrivileges::ALL_TABLE_MIGRATE, AccessPrivileges::ALL_VIEW_MIGRATE, DashboardDBObjectType, DatabaseDBObjectType, DBObjectKey::dbId, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), AccessPrivileges::NONE, OMNISCI_ROOT_USER_ID, DBObjectKey::permissionType, TableDBObjectType, and ViewDBObjectType.

383  {
384  sys_sqlite_lock sqlite_lock(this);
385  sqliteConnector_->query("BEGIN TRANSACTION");
386  try {
387  sqliteConnector_->query(
388  "SELECT name FROM sqlite_master WHERE type='table' AND "
389  "name='mapd_object_permissions'");
390  if (sqliteConnector_->getNumRows() != 0) {
391  // already done
392  sqliteConnector_->query("END TRANSACTION");
393  return;
394  }
395 
396  sqliteConnector_->query(
397  "CREATE TABLE IF NOT EXISTS mapd_object_permissions ("
398  "roleName text, "
399  "roleType bool, "
400  "dbId integer references mapd_databases, "
401  "objectName text, "
402  "objectId integer, "
403  "objectPermissionsType integer, "
404  "objectPermissions integer, "
405  "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
406  "objectId))");
407 
408  // get the list of databases and their grantees
409  sqliteConnector_->query(
410  "SELECT userid, dbid FROM mapd_privileges WHERE select_priv = 1 and insert_priv "
411  "= 1");
412  size_t numRows = sqliteConnector_->getNumRows();
413  vector<pair<int, int>> db_grantees(numRows);
414  for (size_t i = 0; i < numRows; ++i) {
415  db_grantees[i].first = sqliteConnector_->getData<int>(i, 0);
416  db_grantees[i].second = sqliteConnector_->getData<int>(i, 1);
417  }
418  // map user names to user ids
419  sqliteConnector_->query("select userid, name from mapd_users");
420  numRows = sqliteConnector_->getNumRows();
421  std::unordered_map<int, string> users_by_id;
422  std::unordered_map<int, bool> user_has_privs;
423  for (size_t i = 0; i < numRows; ++i) {
424  users_by_id[sqliteConnector_->getData<int>(i, 0)] =
425  sqliteConnector_->getData<string>(i, 1);
426  user_has_privs[sqliteConnector_->getData<int>(i, 0)] = false;
427  }
428  // map db names to db ids
429  sqliteConnector_->query("select dbid, name from mapd_databases");
430  numRows = sqliteConnector_->getNumRows();
431  std::unordered_map<int, string> dbs_by_id;
432  for (size_t i = 0; i < numRows; ++i) {
433  dbs_by_id[sqliteConnector_->getData<int>(i, 0)] =
434  sqliteConnector_->getData<string>(i, 1);
435  }
436  // migrate old privileges to new privileges: if user had insert access to database, he
437  // was a grantee
438  for (const auto& grantee : db_grantees) {
439  user_has_privs[grantee.first] = true;
440  auto dbName = dbs_by_id[grantee.second];
441  {
442  // table level permissions
443  DBObjectKey key;
445  key.dbId = grantee.second;
447  object.setName(dbName);
449  sqliteConnector_, users_by_id[grantee.first], true, object);
450  }
451 
452  {
453  // dashboard level permissions
454  DBObjectKey key;
456  key.dbId = grantee.second;
457  DBObject object(
459  object.setName(dbName);
461  sqliteConnector_, users_by_id[grantee.first], true, object);
462  }
463 
464  {
465  // view level permissions
466  DBObjectKey key;
468  key.dbId = grantee.second;
470  object.setName(dbName);
472  sqliteConnector_, users_by_id[grantee.first], true, object);
473  }
474  }
475  for (auto user : user_has_privs) {
476  auto dbName = dbs_by_id[0];
477  if (user.second == false && user.first != OMNISCI_ROOT_USER_ID) {
478  {
479  DBObjectKey key;
481  key.dbId = 0;
483  object.setName(dbName);
485  sqliteConnector_, users_by_id[user.first], true, object);
486  }
487  }
488  }
489  } catch (const std::exception&) {
490  sqliteConnector_->query("ROLLBACK TRANSACTION");
491  throw;
492  }
493  sqliteConnector_->query("END TRANSACTION");
494 }
static const AccessPrivileges ALL_TABLE_MIGRATE
Definition: DBObject.h:157
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
static const AccessPrivileges ALL_DASHBOARD_MIGRATE
Definition: DBObject.h:169
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
static const AccessPrivileges NONE
Definition: DBObject.h:149
static const AccessPrivileges ALL_VIEW_MIGRATE
Definition: DBObject.h:177
const int OMNISCI_ROOT_USER_ID
Definition: SysCatalog.h:60
int32_t dbId
Definition: DBObject.h:56
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:351
int32_t permissionType
Definition: DBObject.h:55
+ Here is the call graph for this function:

◆ name()

std::string Catalog_Namespace::SysCatalog::name ( ) const
inline

Definition at line 297 of file SysCatalog.h.

References cat(), and OMNISCI_DEFAULT_DB.

297 { return OMNISCI_DEFAULT_DB; }
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
+ Here is the call graph for this function:

◆ populateRoleDbObjects()

void Catalog_Namespace::SysCatalog::populateRoleDbObjects ( const std::vector< DBObject > &  objects)

Definition at line 2178 of file SysCatalog.cpp.

References CHECK, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::Catalog::recordOwnershipOfObjectsInObjectPermissions().

2178  {
2179  sys_write_lock write_lock(this);
2180  sys_sqlite_lock sqlite_lock(this);
2181  sqliteConnector_->query("BEGIN TRANSACTION");
2182  try {
2183  for (auto dbobject : objects) {
2184  UserMetadata user;
2185  CHECK(getMetadataForUserById(dbobject.getOwner(), user));
2186  auto* grantee = getUserGrantee(user.userName);
2187  if (grantee) {
2189  sqliteConnector_, grantee->getName(), true, dbobject);
2190  grantee->grantPrivileges(dbobject);
2191  }
2192  }
2193 
2194  } catch (const std::exception& e) {
2195  sqliteConnector_->query("ROLLBACK TRANSACTION");
2196  throw;
2197  }
2198  sqliteConnector_->query("END TRANSACTION");
2199 }
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
User * getUserGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:351
#define CHECK(condition)
Definition: Logger.h:197
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ removeCatalog()

void Catalog_Namespace::SysCatalog::removeCatalog ( const std::string &  dbName)

Definition at line 2494 of file SysCatalog.cpp.

2494  {
2495  cat_map_.erase(dbName);
2496 }

◆ renameDatabase()

void Catalog_Namespace::SysCatalog::renameDatabase ( std::string const &  old_name,
std::string const &  new_name 
)

Definition at line 1021 of file SysCatalog.cpp.

References DatabaseDBObjectType, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, OMNISCI_SYSTEM_CATALOG, to_string(), and to_upper().

1022  {
1023  using namespace std::string_literals;
1024  sys_write_lock write_lock(this);
1025  sys_sqlite_lock sqlite_lock(this);
1026 
1027  DBMetadata new_db;
1028  if (getMetadataForDB(new_name, new_db)) {
1029  throw std::runtime_error("Database " + new_name + " already exists.");
1030  }
1031  if (to_upper(new_name) == to_upper(OMNISCI_SYSTEM_CATALOG)) {
1032  throw std::runtime_error("Database name " + new_name + "is reserved.");
1033  }
1034 
1035  DBMetadata old_db;
1036  if (!getMetadataForDB(old_name, old_db)) {
1037  throw std::runtime_error("Database " + old_name + " does not exists.");
1038  }
1039 
1040  removeCatalog(old_db.dbName);
1041 
1042  std::string old_catalog_path, new_catalog_path;
1043  std::tie(old_catalog_path, new_catalog_path) =
1044  duplicateAndRenameCatalog(old_name, new_name);
1045 
1046  auto transaction_streamer = yieldTransactionStreamer();
1047  auto failure_handler = [this, new_catalog_path] {
1048  removeCatalogByFullPath(new_catalog_path);
1049  };
1050  auto success_handler = [this, old_catalog_path] {
1051  removeCatalogByFullPath(old_catalog_path);
1052  };
1053 
1054  auto q1 = {"UPDATE mapd_databases SET name=?1 WHERE name=?2;"s, new_name, old_name};
1055  auto q2 = {
1056  "UPDATE mapd_object_permissions SET objectName=?1 WHERE objectNAME=?2 and (objectPermissionsType=?3 or objectId = -1) and dbId=?4;"s,
1057  new_name,
1058  old_name,
1060  std::to_string(old_db.dbId)};
1061 
1062  transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2);
1063 }
auto duplicateAndRenameCatalog(std::string const &current_name, std::string const &new_name)
Definition: SysCatalog.cpp:101
void removeCatalog(const std::string &dbName)
const std::string OMNISCI_SYSTEM_CATALOG
Definition: SysCatalog.h:57
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
std::string to_upper(const std::string &str)
mapd_unique_lock< mapd_shared_mutex > write_lock
void removeCatalogByFullPath(std::string const &full_path)
Definition: SysCatalog.cpp:93
bool getMetadataForDB(const std::string &name, DBMetadata &db)
+ Here is the call graph for this function:

◆ renameDBObject()

void Catalog_Namespace::SysCatalog::renameDBObject ( const std::string &  objectName,
const std::string &  newName,
DBObjectType  type,
int32_t  objectId,
const Catalog_Namespace::Catalog catalog 
)

Renames an DBObject

Parameters
objectName- original DBObject name
newName- new name of DBObject
type- type of DBObject
objectId- original DBObject ID
catalog- Catalog instance object exists in

Definition at line 1482 of file SysCatalog.cpp.

References DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), DBObjectKey::objectId, DBObjectKey::permissionType, Grantee::renameDbObject(), DBObject::setObjectKey(), and run_benchmark_import::type.

1486  {
1487  sys_write_lock write_lock(this);
1488  DBObject new_object(newName, type);
1489  DBObjectKey key;
1490  key.dbId = catalog.getCurrentDB().dbId;
1491  key.objectId = objectId;
1492  key.permissionType = type;
1493  new_object.setObjectKey(key);
1494  auto objdescs =
1495  getMetadataForObject(key.dbId, static_cast<int32_t>(type), key.objectId);
1496  for (auto obj : objdescs) {
1497  Grantee* grnt = getGrantee(obj->roleName);
1498  if (grnt) {
1499  grnt->renameDbObject(new_object);
1500  }
1501  }
1502  renameObjectsInDescriptorMap(new_object, catalog);
1503 }
int32_t objectId
Definition: DBObject.h:57
Grantee * getGrantee(const std::string &name) const
void renameObjectsInDescriptorMap(DBObject &object, const Catalog_Namespace::Catalog &cat)
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
const DBMetadata & getCurrentDB() const
Definition: Catalog.h:221
std::vector< ObjectRoleDescriptor * > getMetadataForObject(int32_t dbId, int32_t dbType, int32_t objectId) const
int32_t dbId
Definition: DBObject.h:56
int32_t permissionType
Definition: DBObject.h:55
mapd_unique_lock< mapd_shared_mutex > write_lock
virtual void renameDbObject(const DBObject &object)
Definition: Grantee.cpp:108
+ Here is the call graph for this function:

◆ renameObjectsInDescriptorMap()

void Catalog_Namespace::SysCatalog::renameObjectsInDescriptorMap ( DBObject object,
const Catalog_Namespace::Catalog cat 
)

Definition at line 1907 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), and to_string().

Referenced by Catalog_Namespace::Catalog::renameTable().

1908  {
1909  sys_write_lock write_lock(this);
1910  sys_sqlite_lock sqlite_lock(this);
1911  auto range = objectDescriptorMap_.equal_range(
1912  std::to_string(cat.getCurrentDB().dbId) + ":" +
1913  std::to_string(object.getObjectKey().permissionType) + ":" +
1914  std::to_string(object.getObjectKey().objectId));
1915  for (auto d = range.first; d != range.second; ++d) {
1916  // rename object
1917  d->second->objectName = object.getName();
1918  }
1919 
1920  sqliteConnector_->query("BEGIN TRANSACTION");
1921  try {
1922  sqliteConnector_->query_with_text_params(
1923  "UPDATE mapd_object_permissions SET objectName = ?1 WHERE "
1924  "dbId = ?2 AND objectId = ?3",
1925  std::vector<std::string>{object.getName(),
1927  std::to_string(object.getObjectKey().objectId)});
1928  } catch (const std::exception& e) {
1929  sqliteConnector_->query("ROLLBACK TRANSACTION");
1930  throw;
1931  }
1932  sqliteConnector_->query("END TRANSACTION");
1933 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:408
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
const DBMetadata & getCurrentDB() const
Definition: Catalog.h:221
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ renameUser()

void Catalog_Namespace::SysCatalog::renameUser ( std::string const &  old_name,
std::string const &  new_name 
)

Definition at line 986 of file SysCatalog.cpp.

References Catalog_Namespace::g_log_user_id, and Catalog_Namespace::UserMetadata::userLoggable().

986  {
987  using namespace std::string_literals;
989  sys_sqlite_lock sqlite_lock(this);
990 
991  UserMetadata old_user;
992  if (!getMetadataForUser(old_name, old_user)) {
993  std::string const loggable = g_log_user_id ? std::string("") : old_name + ' ';
994  throw std::runtime_error("User " + loggable + "doesn't exist.");
995  }
996 
997  UserMetadata new_user;
998  if (getMetadataForUser(new_name, new_user)) {
999  throw std::runtime_error("User " + new_user.userLoggable() + " already exists.");
1000  }
1001 
1002  if (getGrantee(new_name)) {
1003  std::string const loggable = g_log_user_id ? std::string("") : new_name + ' ';
1004  throw runtime_error(
1005  "Username " + loggable +
1006  "is same as one of existing grantees. User and role names should be unique.");
1007  }
1008 
1009  auto transaction_streamer = yieldTransactionStreamer();
1010  auto failure_handler = [] {};
1011  auto success_handler = [this, &old_name, &new_name] {
1012  updateUserRoleName(old_name, new_name);
1013  };
1014  auto q1 = {"UPDATE mapd_users SET name=?1 where name=?2;"s, new_name, old_name};
1015  auto q2 = {"UPDATE mapd_object_permissions set roleName=?1 WHERE roleName=?2;"s,
1016  new_name,
1017  old_name};
1018  transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2);
1019 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
void updateUserRoleName(const std::string &roleName, const std::string &newName)
Definition: SysCatalog.cpp:974
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:

◆ revokeAllOnDatabase_unsafe()

void Catalog_Namespace::SysCatalog::revokeAllOnDatabase_unsafe ( const std::string &  roleName,
int32_t  dbId,
Grantee grantee 
)
private

Definition at line 1644 of file SysCatalog.cpp.

References Grantee::revokeAllOnDatabase(), and to_string().

1646  {
1647  sys_sqlite_lock sqlite_lock(this);
1648  sqliteConnector_->query_with_text_params(
1649  "DELETE FROM mapd_object_permissions WHERE roleName = ?1 and dbId = ?2",
1650  std::vector<std::string>{roleName, std::to_string(dbId)});
1651  grantee->revokeAllOnDatabase(dbId);
1652  for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
1653  if (d->second->roleName == roleName && d->second->dbId == dbId) {
1654  delete d->second;
1655  d = objectDescriptorMap_.erase(d);
1656  } else {
1657  d++;
1658  }
1659  }
1660 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:408
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
virtual void revokeAllOnDatabase(int32_t dbId)
Definition: Grantee.cpp:279
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
+ Here is the call graph for this function:

◆ revokeDashboardSystemRole()

void Catalog_Namespace::SysCatalog::revokeDashboardSystemRole ( const std::string  roleName,
const std::vector< std::string >  grantees 
)

Definition at line 2119 of file SysCatalog.cpp.

2120  {
2121  auto* rl = getRoleGrantee(roleName);
2122  for (auto granteeName : grantees) {
2123  const auto* grantee = SysCatalog::instance().getGrantee(granteeName);
2124  if (rl && grantee->hasRole(rl, true)) {
2125  // Grantees existence have been already validated
2126  SysCatalog::instance().revokeRole(roleName, granteeName);
2127  }
2128  }
2129 }
Grantee * getGrantee(const std::string &name) const
static SysCatalog & instance()
Definition: SysCatalog.h:291
void revokeRole(const std::string &role, const std::string &grantee)
Role * getRoleGrantee(const std::string &name) const

◆ revokeDBObjectPrivileges()

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivileges ( const std::string &  grantee,
const DBObject object,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 2329 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

2331  {
2333  &SysCatalog::revokeDBObjectPrivileges_unsafe, grantee, object, catalog);
2334 }
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&... args)
+ Here is the caller graph for this function:

◆ revokeDBObjectPrivileges_unsafe()

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivileges_unsafe ( const std::string &  granteeName,
DBObject  object,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1606 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, DatabaseDBObjectType, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::deleteObjectPrivileges(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), and Catalog_Namespace::UserMetadata::isSuper.

1609  {
1610  sys_write_lock write_lock(this);
1611 
1612  UserMetadata user_meta;
1613  if (instance().getMetadataForUser(granteeName, user_meta)) {
1614  if (user_meta.isSuper) {
1615  // super doesn't have explicit privileges so nothing to do
1616  return;
1617  }
1618  }
1619  auto* grantee = getGrantee(granteeName);
1620  if (!grantee) {
1621  throw runtime_error("Request to revoke privileges from " + granteeName +
1622  " failed because role or user with this name does not exist.");
1623  }
1624  object.loadKey(catalog);
1625 
1626  if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
1627  object.getObjectKey().permissionType == DatabaseDBObjectType) {
1628  return revokeAllOnDatabase_unsafe(granteeName, object.getObjectKey().dbId, grantee);
1629  }
1630 
1631  auto ret_object = grantee->revokePrivileges(object);
1632  if (ret_object) {
1633  sys_sqlite_lock sqlite_lock(this);
1635  sqliteConnector_, granteeName, grantee->isUser(), *ret_object);
1636  updateObjectDescriptorMap(granteeName, *ret_object, grantee->isUser(), catalog);
1637  } else {
1638  sys_sqlite_lock sqlite_lock(this);
1639  deleteObjectPrivileges(sqliteConnector_, granteeName, grantee->isUser(), object);
1640  deleteObjectDescriptorMap(granteeName, object, catalog);
1641  }
1642 }
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
static const int32_t ALL
Definition: DBObject.h:79
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
static SysCatalog & instance()
Definition: SysCatalog.h:291
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
void deleteObjectDescriptorMap(const std::string &roleName)
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:351
void deleteObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:332
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:

◆ revokeDBObjectPrivilegesBatch()

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesBatch ( const std::vector< std::string > &  grantees,
const std::vector< DBObject > &  objects,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 2336 of file SysCatalog.cpp.

2339  {
2341  &SysCatalog::revokeDBObjectPrivilegesBatch_unsafe, grantees, objects, catalog);
2342 }
void revokeDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&... args)

◆ revokeDBObjectPrivilegesBatch_unsafe()

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesBatch_unsafe ( const std::vector< std::string > &  grantees,
const std::vector< DBObject > &  objects,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1586 of file SysCatalog.cpp.

1589  {
1590  for (const auto& grantee : grantees) {
1591  for (const auto& object : objects) {
1592  revokeDBObjectPrivileges_unsafe(grantee, object, catalog);
1593  }
1594  }
1595 }
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)

◆ revokeDBObjectPrivilegesFromAll()

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAll ( DBObject  object,
Catalog catalog 
)

Definition at line 2344 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::dropTable(), and DropForeignServerCommand::execute().

2344  {
2346 }
void execInTransaction(F &&f, Args &&... args)
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)
+ Here is the caller graph for this function:

◆ revokeDBObjectPrivilegesFromAll_unsafe()

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAll_unsafe ( DBObject  object,
Catalog catalog 
)

Definition at line 1662 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_TABLE, DashboardDBObjectType, DBObject::getObjectKey(), DBObject::loadKey(), DBObjectKey::permissionType, DBObject::setPrivileges(), and TableDBObjectType.

1663  {
1664  sys_write_lock write_lock(this);
1665  dbObject.loadKey(*catalog);
1666  auto privs = (dbObject.getObjectKey().permissionType == TableDBObjectType)
1668  : (dbObject.getObjectKey().permissionType == DashboardDBObjectType)
1671  dbObject.setPrivileges(privs);
1672  for (const auto& grantee : granteeMap_) {
1673  if (grantee.second->findDbObject(dbObject.getObjectKey(), true)) {
1674  revokeDBObjectPrivileges_unsafe(grantee.second->getName(), dbObject, *catalog);
1675  }
1676  }
1677 }
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:170
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:158
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:

◆ revokeDBObjectPrivilegesFromAllBatch()

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAllBatch ( std::vector< DBObject > &  objects,
Catalog catalog 
)

Definition at line 2348 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::deleteMetadataForDashboards().

2349  {
2352 }
void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector< DBObject > &objects, Catalog *catalog)
void execInTransaction(F &&f, Args &&... args)
+ Here is the caller graph for this function:

◆ revokeDBObjectPrivilegesFromAllBatch_unsafe()

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAllBatch_unsafe ( std::vector< DBObject > &  objects,
Catalog catalog 
)

Definition at line 1597 of file SysCatalog.cpp.

1599  {
1600  for (const auto& object : objects) {
1601  revokeDBObjectPrivilegesFromAll_unsafe(object, catalog);
1602  }
1603 }
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)

◆ revokeRole()

void Catalog_Namespace::SysCatalog::revokeRole ( const std::string &  role,
const std::string &  grantee 
)

Definition at line 2311 of file SysCatalog.cpp.

2311  {
2313 }
void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName)
void execInTransaction(F &&f, Args &&... args)

◆ revokeRole_unsafe()

void Catalog_Namespace::SysCatalog::revokeRole_unsafe ( const std::string &  roleName,
const std::string &  granteeName 
)
private

Definition at line 1850 of file SysCatalog.cpp.

1851  {
1852  auto* rl = getRoleGrantee(roleName);
1853  if (!rl) {
1854  throw runtime_error("Request to revoke role " + roleName +
1855  " failed because role with this name does not exist.");
1856  }
1857  auto* grantee = getGrantee(granteeName);
1858  if (!grantee) {
1859  throw runtime_error("Request to revoke role from " + granteeName +
1860  " failed because grantee with this name does not exist.");
1861  }
1862  sys_write_lock write_lock(this);
1863  grantee->revokeRole(rl);
1864  sys_sqlite_lock sqlite_lock(this);
1865  sqliteConnector_->query_with_text_params(
1866  "DELETE FROM mapd_roles WHERE roleName = ? AND userName = ?",
1867  std::vector<std::string>{rl->getName(), grantee->getName()});
1868 }
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
mapd_unique_lock< mapd_shared_mutex > write_lock
Role * getRoleGrantee(const std::string &name) const

◆ revokeRoleBatch()

void Catalog_Namespace::SysCatalog::revokeRoleBatch ( const std::vector< std::string > &  roles,
const std::vector< std::string > &  grantees 
)

Definition at line 2306 of file SysCatalog.cpp.

2307  {
2309 }
void revokeRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void execInTransaction(F &&f, Args &&... args)

◆ revokeRoleBatch_unsafe()

void Catalog_Namespace::SysCatalog::revokeRoleBatch_unsafe ( const std::vector< std::string > &  roles,
const std::vector< std::string > &  grantees 
)
private

Definition at line 1840 of file SysCatalog.cpp.

1841  {
1842  for (const auto& role : roles) {
1843  for (const auto& grantee : grantees) {
1844  revokeRole_unsafe(role, grantee);
1845  }
1846  }
1847 }
void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName)

◆ switchDatabase()

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::switchDatabase ( std::string &  dbname,
const std::string &  username 
)

Definition at line 773 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, cat(), DatabaseDBObjectType, DBObject::loadKey(), DBObject::setPrivileges(), and Catalog_Namespace::UserMetadata::userLoggable().

774  {
775  DBMetadata db_meta;
776  UserMetadata user_meta;
777 
778  getMetadataWithDefaultDB(dbname, username, db_meta, user_meta);
779 
780  // NOTE(max): register database in Catalog that early to allow ldap
781  // and saml create default user and role privileges on databases
782  auto cat =
784 
785  DBObject dbObject(dbname, DatabaseDBObjectType);
786  dbObject.loadKey();
787  dbObject.setPrivileges(AccessPrivileges::ACCESS);
788  if (!checkPrivileges(user_meta, std::vector<DBObject>{dbObject})) {
789  throw std::runtime_error("Unauthorized Access: user " + user_meta.userLoggable() +
790  " is not allowed to access database " + dbname + ".");
791  }
792 
793  return cat;
794 }
std::string cat(Ts &&... args)
void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:411
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
static const AccessPrivileges ACCESS
Definition: DBObject.h:154
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:415
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:414
+ Here is the call graph for this function:

◆ syncUserWithRemoteProvider()

void Catalog_Namespace::SysCatalog::syncUserWithRemoteProvider ( const std::string &  user_name,
std::vector< std::string >  idp_roles,
bool *  issuper 
)

Definition at line 2354 of file SysCatalog.cpp.

References generate_random_string(), logger::INFO, Catalog_Namespace::UserMetadata::isSuper, join(), LOG, to_upper(), Catalog_Namespace::UserMetadata::userId, and logger::WARNING.

2356  {
2357  UserMetadata user_meta;
2358  bool is_super_user = is_super ? *is_super : false;
2359  if (!getMetadataForUser(user_name, user_meta)) {
2360  createUser(user_name, generate_random_string(72), is_super_user, "", true);
2361  LOG(INFO) << "User " << user_name << " has been created by remote identity provider"
2362  << " with IS_SUPER = " << (is_super_user ? "'TRUE'" : "'FALSE'");
2363  } else if (is_super && is_super_user != user_meta.isSuper) {
2364  alterUser(user_meta.userId, nullptr, is_super, nullptr, nullptr);
2365  LOG(INFO) << "IS_SUPER for user " << user_name << " has been changed to "
2366  << (is_super_user ? "TRUE" : "FALSE") << " by remote identity provider";
2367  }
2368  std::vector<std::string> current_roles = {};
2369  auto* user_rl = getUserGrantee(user_name);
2370  if (user_rl) {
2371  current_roles = user_rl->getRoles();
2372  }
2373  std::transform(
2374  current_roles.begin(), current_roles.end(), current_roles.begin(), to_upper);
2375  std::transform(idp_roles.begin(), idp_roles.end(), idp_roles.begin(), to_upper);
2376  std::list<std::string> roles_revoked, roles_granted;
2377  // first remove obsolete ones
2378  for (auto& current_role_name : current_roles) {
2379  if (std::find(idp_roles.begin(), idp_roles.end(), current_role_name) ==
2380  idp_roles.end()) {
2381  revokeRole(current_role_name, user_name);
2382  roles_revoked.push_back(current_role_name);
2383  }
2384  }
2385  for (auto& role_name : idp_roles) {
2386  if (std::find(current_roles.begin(), current_roles.end(), role_name) ==
2387  current_roles.end()) {
2388  auto* rl = getRoleGrantee(role_name);
2389  if (rl) {
2390  grantRole(role_name, user_name);
2391  roles_granted.push_back(role_name);
2392  } else {
2393  LOG(WARNING) << "Error synchronizing roles for user " << user_name << ": role "
2394  << role_name << " does not exist";
2395  }
2396  }
2397  }
2398  if (roles_granted.empty() && roles_revoked.empty()) {
2399  LOG(INFO) << "Roles for user " << user_name
2400  << " are up to date with remote identity provider";
2401  } else {
2402  if (!roles_revoked.empty()) {
2403  LOG(INFO) << "Roles revoked during synchronization with identity provider for user "
2404  << user_name << ": " << join(roles_revoked, " ");
2405  }
2406  if (!roles_granted.empty()) {
2407  LOG(INFO) << "Roles granted during synchronization with identity provider for user "
2408  << user_name << ": " << join(roles_granted, " ");
2409  }
2410  }
2411 }
#define LOG(tag)
Definition: Logger.h:188
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string join(T const &container, std::string const &delim)
void createUser(const std::string &name, const std::string &passwd, bool issuper, const std::string &dbname, bool can_login)
Definition: SysCatalog.cpp:804
User * getUserGrantee(const std::string &name) const
void alterUser(const int32_t userid, const std::string *passwd, bool *issuper, const std::string *dbname, bool *can_login)
Definition: SysCatalog.cpp:905
std::string generate_random_string(const size_t len)
std::string to_upper(const std::string &str)
void grantRole(const std::string &role, const std::string &grantee)
void revokeRole(const std::string &role, const std::string &grantee)
Role * getRoleGrantee(const std::string &name) const
+ Here is the call graph for this function:

◆ updateBlankPasswordsToRandom()

void Catalog_Namespace::SysCatalog::updateBlankPasswordsToRandom ( )
private

Definition at line 569 of file SysCatalog.cpp.

References CHECK, logger::ERROR, generate_random_string(), anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), LOG, MAPD_VERSION, to_string(), and logger::WARNING.

569  {
570  const std::string UPDATE_BLANK_PASSWORDS_TO_RANDOM = "update_blank_passwords_to_random";
571  sqliteConnector_->query_with_text_params(
572  "SELECT migration_history FROM mapd_version_history WHERE migration_history = ?",
573  std::vector<std::string>{UPDATE_BLANK_PASSWORDS_TO_RANDOM});
574  if (sqliteConnector_->getNumRows()) {
575  return;
576  }
577 
578  sys_sqlite_lock sqlite_lock(this);
579  sqliteConnector_->query("BEGIN TRANSACTION");
580  try {
581  sqliteConnector_->query(
582  "SELECT userid, passwd_hash, name FROM mapd_users WHERE name <> 'mapd'");
583  auto numRows = sqliteConnector_->getNumRows();
584  vector<std::string> users, passwords, names;
585  for (size_t i = 0; i < numRows; i++) {
586  users.push_back(sqliteConnector_->getData<std::string>(i, 0));
587  passwords.push_back(sqliteConnector_->getData<std::string>(i, 1));
588  names.push_back(sqliteConnector_->getData<std::string>(i, 2));
589  }
590  for (size_t i = 0; i < users.size(); ++i) {
591  int pwd_check_result = bcrypt_checkpw("", passwords[i].c_str());
592  // if the check fails there is a good chance that data on disc is broken
593  CHECK(pwd_check_result >= 0);
594  if (pwd_check_result != 0) {
595  continue;
596  }
597  LOG(WARNING) << "resetting blank password for user " << names[i] << " (" << users[i]
598  << ") to a random password";
599  sqliteConnector_->query_with_text_params(
600  "UPDATE mapd_users SET passwd_hash = ? WHERE userid = ?",
601  std::vector<std::string>{hash_with_bcrypt(generate_random_string(72)),
602  users[i]});
603  }
604  sqliteConnector_->query_with_text_params(
605  "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
606  std::vector<std::string>{std::to_string(MAPD_VERSION),
607  UPDATE_BLANK_PASSWORDS_TO_RANDOM});
608  } catch (const std::exception& e) {
609  LOG(ERROR) << "Failed to fix blank passwords: " << e.what();
610  sqliteConnector_->query("ROLLBACK TRANSACTION");
611  throw;
612  }
613  sqliteConnector_->query("END TRANSACTION");
614 }
#define LOG(tag)
Definition: Logger.h:188
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::string generate_random_string(const size_t len)
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:66
static const int32_t MAPD_VERSION
Definition: release.h:33
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
#define CHECK(condition)
Definition: Logger.h:197
+ Here is the call graph for this function:

◆ updateObjectDescriptorMap()

void Catalog_Namespace::SysCatalog::updateObjectDescriptorMap ( const std::string &  roleName,
DBObject object,
bool  roleType,
const Catalog_Namespace::Catalog cat 
)
private

Definition at line 1871 of file SysCatalog.cpp.

References ObjectRoleDescriptor::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), ObjectRoleDescriptor::objectId, ObjectRoleDescriptor::objectName, ObjectRoleDescriptor::objectOwnerId, ObjectRoleDescriptor::objectType, ObjectRoleDescriptor::privs, ObjectRoleDescriptor::roleName, ObjectRoleDescriptor::roleType, and to_string().

1874  {
1875  bool present = false;
1876  auto privs = object.getPrivileges();
1877  sys_write_lock write_lock(this);
1878  auto range = objectDescriptorMap_.equal_range(
1879  std::to_string(cat.getCurrentDB().dbId) + ":" +
1880  std::to_string(object.getObjectKey().permissionType) + ":" +
1881  std::to_string(object.getObjectKey().objectId));
1882  for (auto d = range.first; d != range.second; ++d) {
1883  if (d->second->roleName == roleName) {
1884  // overwrite permissions
1885  d->second->privs = privs;
1886  present = true;
1887  }
1888  }
1889  if (!present) {
1891  od->roleName = roleName;
1892  od->roleType = roleType;
1893  od->objectType = object.getObjectKey().permissionType;
1894  od->dbId = object.getObjectKey().dbId;
1895  od->objectId = object.getObjectKey().objectId;
1896  od->privs = object.getPrivileges();
1897  od->objectOwnerId = object.getOwner();
1898  od->objectName = object.getName();
1899  objectDescriptorMap_.insert(ObjectRoleDescriptorMap::value_type(
1900  std::to_string(od->dbId) + ":" + std::to_string(od->objectType) + ":" +
1901  std::to_string(od->objectId),
1902  od));
1903  }
1904 }
specifies the object_roles content in-memory of a row in mapd_object_permissions table ...
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:408
std::string to_string(char const *&&v)
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
const DBMetadata & getCurrentDB() const
Definition: Catalog.h:221
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:

◆ updatePasswordsToHashes()

void Catalog_Namespace::SysCatalog::updatePasswordsToHashes ( )
private

Definition at line 517 of file SysCatalog.cpp.

References logger::ERROR, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), logger::INFO, and LOG.

517  {
518  sys_sqlite_lock sqlite_lock(this);
519  sqliteConnector_->query("BEGIN TRANSACTION");
520  try {
521  sqliteConnector_->query(
522  "SELECT name FROM sqlite_master WHERE type='table' AND name='mapd_users'");
523  if (sqliteConnector_->getNumRows() == 0) {
524  // Nothing to update
525  sqliteConnector_->query("END TRANSACTION");
526  return;
527  }
528  sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
529  for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
530  const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
531  if (col_name == "passwd_hash") {
532  sqliteConnector_->query("END TRANSACTION");
533  return;
534  }
535  }
536  // Alas, SQLite can't drop columns so we have to recreate the table
537  // (or, optionally, add the new column and reset the old one to a bunch of nulls)
538  sqliteConnector_->query("SELECT userid, passwd FROM mapd_users");
539  auto numRows = sqliteConnector_->getNumRows();
540  vector<std::string> users, passwords;
541  for (size_t i = 0; i < numRows; i++) {
542  users.push_back(sqliteConnector_->getData<std::string>(i, 0));
543  passwords.push_back(sqliteConnector_->getData<std::string>(i, 1));
544  }
545  sqliteConnector_->query(
546  "CREATE TABLE mapd_users_tmp (userid integer primary key, name text unique, "
547  "passwd_hash text, issuper boolean, default_db integer references "
548  "mapd_databases)");
549  sqliteConnector_->query(
550  "INSERT INTO mapd_users_tmp(userid, name, passwd_hash, issuper, default_db) "
551  "SELECT userid, name, null, issuper, default_db FROM mapd_users");
552  for (size_t i = 0; i < users.size(); ++i) {
553  sqliteConnector_->query_with_text_params(
554  "UPDATE mapd_users_tmp SET passwd_hash = ? WHERE userid = ?",
555  std::vector<std::string>{hash_with_bcrypt(passwords[i]), users[i]});
556  }
557  sqliteConnector_->query("DROP TABLE mapd_users");
558  sqliteConnector_->query("ALTER TABLE mapd_users_tmp RENAME TO mapd_users");
559  } catch (const std::exception& e) {
560  LOG(ERROR) << "Failed to hash passwords: " << e.what();
561  sqliteConnector_->query("ROLLBACK TRANSACTION");
562  throw;
563  }
564  sqliteConnector_->query("END TRANSACTION");
565  sqliteConnector_->query("VACUUM"); // physically delete plain text passwords
566  LOG(INFO) << "Passwords were successfully hashed";
567 }
#define LOG(tag)
Definition: Logger.h:188
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:66
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
+ Here is the call graph for this function:

◆ updateSupportUserDeactivation()

void Catalog_Namespace::SysCatalog::updateSupportUserDeactivation ( )
private

Definition at line 616 of file SysCatalog.cpp.

References logger::ERROR, LOG, MAPD_VERSION, and to_string().

616  {
617  const std::string UPDATE_SUPPORT_USER_DEACTIVATION = "update_support_user_deactivation";
618  sys_sqlite_lock sqlite_lock(this);
619  // check to see if the new column already exists
620  sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
621  for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
622  const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
623  if (col_name == "can_login") {
624  return; // new column already exists
625  }
626  }
627  sqliteConnector_->query("BEGIN TRANSACTION");
628  try {
629  sqliteConnector_->query("ALTER TABLE mapd_users ADD COLUMN can_login BOOLEAN");
630  sqliteConnector_->query("UPDATE mapd_users SET can_login = true");
631  sqliteConnector_->query_with_text_params(
632  "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
633  std::vector<std::string>{std::to_string(MAPD_VERSION),
634  UPDATE_SUPPORT_USER_DEACTIVATION});
635  } catch (const std::exception& e) {
636  LOG(ERROR) << "Failed to add support for user deactivation: " << e.what();
637  sqliteConnector_->query("ROLLBACK TRANSACTION");
638  throw;
639  }
640  sqliteConnector_->query("END TRANSACTION");
641 }
#define LOG(tag)
Definition: Logger.h:188
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
static const int32_t MAPD_VERSION
Definition: release.h:33
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409
+ Here is the call graph for this function:

◆ updateUserRoleName()

void Catalog_Namespace::SysCatalog::updateUserRoleName ( const std::string &  roleName,
const std::string &  newName 
)
private

Definition at line 974 of file SysCatalog.cpp.

References gpu_enabled::swap(), and to_upper().

975  {
977 
978  auto it = granteeMap_.find(to_upper(roleName));
979  if (it != granteeMap_.end()) {
980  it->second->setName(newName);
981  std::swap(granteeMap_[to_upper(newName)], it->second);
982  granteeMap_.erase(it);
983  }
984 }
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:80
std::string to_upper(const std::string &str)
DEVICE void swap(ARGS &&... args)
Definition: gpu_enabled.h:114
mapd_unique_lock< mapd_shared_mutex > write_lock
+ Here is the call graph for this function:

◆ updateUserSchema()

void Catalog_Namespace::SysCatalog::updateUserSchema ( )
private

Definition at line 221 of file SysCatalog.cpp.

221  {
222  sys_sqlite_lock sqlite_lock(this);
223 
224  // check to see if the new column already exists
225  sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
226  for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
227  const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
228  if (col_name == "default_db") {
229  return; // new column already exists
230  }
231  }
232 
233  // create the new column
234  sqliteConnector_->query("BEGIN TRANSACTION");
235  try {
236  sqliteConnector_->query(
237  "ALTER TABLE mapd_users ADD COLUMN default_db INTEGER REFERENCES mapd_databases");
238  } catch (const std::exception& e) {
239  sqliteConnector_->query("ROLLBACK TRANSACTION");
240  throw;
241  }
242  sqliteConnector_->query("END TRANSACTION");
243 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:81
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:409

◆ verifyDBObjectOwnership()

bool Catalog_Namespace::SysCatalog::verifyDBObjectOwnership ( const UserMetadata user,
DBObject  object,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 1679 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

1681  {
1682  sys_read_lock read_lock(this);
1683 
1684  auto* grantee = instance().getUserGrantee(user.userName);
1685  if (grantee) {
1686  object.loadKey(catalog);
1687  auto* found_object = grantee->findDbObject(object.getObjectKey(), false);
1688  if (found_object && found_object->getOwner() == user.userId) {
1689  return true;
1690  }
1691  }
1692  return false;
1693 }
DBObject * findDbObject(const DBObjectKey &objectKey, bool only_direct) const
Definition: Grantee.cpp:72
User * getUserGrantee(const std::string &name) const
static SysCatalog & instance()
Definition: SysCatalog.h:291
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:111

◆ yieldTransactionStreamer()

auto Catalog_Namespace::SysCatalog::yieldTransactionStreamer ( )
private

Definition at line 951 of file SysCatalog.cpp.

951  {
952  return
953  [](auto& db_connector, auto on_success, auto on_failure, auto&&... query_requests) {
954  auto query_runner = [&db_connector](auto&&... query_reqs) {
955  [[gnu::unused]] int throw_away[] = {
956  (db_connector->query_with_text_params(
957  std::forward<decltype(query_reqs)>(query_reqs)),
958  0)...};
959  };
960 
961  db_connector->query("BEGIN TRANSACTION");
962  try {
963  query_runner(std::forward<decltype(query_requests)>(query_requests)...);
964  on_success();
965  } catch (std::exception&) {
966  db_connector->query("ROLLBACK TRANSACTION");
967  on_failure();
968  throw;
969  }
970  db_connector->query("END TRANSACTION");
971  };
972 }

Member Data Documentation

◆ aggregator_

bool Catalog_Namespace::SysCatalog::aggregator_
private

Definition at line 416 of file SysCatalog.h.

◆ authMetadata_

const AuthMetadata* Catalog_Namespace::SysCatalog::authMetadata_
private

Definition at line 413 of file SysCatalog.h.

◆ basePath_

std::string Catalog_Namespace::SysCatalog::basePath_
private

Definition at line 406 of file SysCatalog.h.

◆ calciteMgr_

std::shared_ptr<Calcite> Catalog_Namespace::SysCatalog::calciteMgr_
private

Definition at line 414 of file SysCatalog.h.

◆ cat_map_

dbid_to_cat_map Catalog_Namespace::SysCatalog::cat_map_
private

Definition at line 423 of file SysCatalog.h.

◆ dataMgr_

std::shared_ptr<Data_Namespace::DataMgr> Catalog_Namespace::SysCatalog::dataMgr_
private

Definition at line 411 of file SysCatalog.h.

◆ dummyCatalog_

std::shared_ptr<Catalog> Catalog_Namespace::SysCatalog::dummyCatalog_

Definition at line 432 of file SysCatalog.h.

◆ granteeMap_

GranteeMap Catalog_Namespace::SysCatalog::granteeMap_
private

Definition at line 407 of file SysCatalog.h.

◆ objectDescriptorMap_

ObjectRoleDescriptorMap Catalog_Namespace::SysCatalog::objectDescriptorMap_
private

Definition at line 408 of file SysCatalog.h.

◆ pki_server_

std::unique_ptr<PkiServer> Catalog_Namespace::SysCatalog::pki_server_
private

Definition at line 412 of file SysCatalog.h.

◆ sharedMutex_

mapd_shared_mutex Catalog_Namespace::SysCatalog::sharedMutex_
mutable

Definition at line 427 of file SysCatalog.h.

◆ sqliteConnector_

std::unique_ptr<SqliteConnector> Catalog_Namespace::SysCatalog::sqliteConnector_
private

Definition at line 409 of file SysCatalog.h.

◆ sqliteMutex_

std::mutex Catalog_Namespace::SysCatalog::sqliteMutex_
mutable

Definition at line 426 of file SysCatalog.h.

◆ string_dict_hosts_

std::vector<LeafHostInfo> Catalog_Namespace::SysCatalog::string_dict_hosts_
private

Definition at line 415 of file SysCatalog.h.

◆ thread_holding_sqlite_lock

std::atomic<std::thread::id> Catalog_Namespace::SysCatalog::thread_holding_sqlite_lock
mutable

Definition at line 428 of file SysCatalog.h.

◆ thread_holding_write_lock

std::atomic<std::thread::id> Catalog_Namespace::SysCatalog::thread_holding_write_lock
mutable

Definition at line 429 of file SysCatalog.h.

◆ thread_holds_read_lock

thread_local bool Catalog_Namespace::SysCatalog::thread_holds_read_lock = false
static

Definition at line 430 of file SysCatalog.h.


The documentation for this class was generated from the following files: