OmniSciDB  85c2d10cdc
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
Catalog_Namespace::SysCatalog Class Reference

#include <SysCatalog.h>

+ Inheritance diagram for Catalog_Namespace::SysCatalog:
+ Collaboration diagram for Catalog_Namespace::SysCatalog:

Public Member Functions

void init (const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)
 
std::shared_ptr< Cataloglogin (std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)
 
std::shared_ptr< CatalogswitchDatabase (std::string &dbname, const std::string &username)
 
void createUser (const std::string &name, const std::string &passwd, bool issuper, const std::string &dbname, bool can_login)
 
void dropUser (const std::string &name)
 
void alterUser (const int32_t userid, const std::string *passwd, bool *issuper, const std::string *dbname, bool *can_login)
 
void renameUser (std::string const &old_name, std::string const &new_name)
 
void createDatabase (const std::string &dbname, int owner)
 
void renameDatabase (std::string const &old_name, std::string const &new_name)
 
void dropDatabase (const DBMetadata &db)
 
bool getMetadataForUser (const std::string &name, UserMetadata &user)
 
bool getMetadataForUserById (const int32_t idIn, UserMetadata &user)
 
bool checkPasswordForUser (const std::string &passwd, std::string &name, UserMetadata &user)
 
bool getMetadataForDB (const std::string &name, DBMetadata &db)
 
Data_Namespace::DataMgrgetDataMgr () const
 
CalcitegetCalciteMgr () const
 
const std::string & getCatalogBasePath () const
 
SqliteConnectorgetSqliteConnector ()
 
std::list< DBMetadatagetAllDBMetadata ()
 
std::list< UserMetadatagetAllUserMetadata ()
 
std::list< UserMetadatagetAllUserMetadata (const int64_t dbId)
 
DBSummaryList getDatabaseListForUser (const UserMetadata &user)
 
void createDBObject (const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)
 
void renameDBObject (const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)
 
void grantDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
 
void grantDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivilegesFromAll (DBObject object, Catalog *catalog)
 
void revokeDBObjectPrivilegesFromAll_unsafe (DBObject object, Catalog *catalog)
 
void revokeDBObjectPrivilegesFromAllBatch (std::vector< DBObject > &objects, Catalog *catalog)
 
void revokeDBObjectPrivilegesFromAllBatch_unsafe (std::vector< DBObject > &objects, Catalog *catalog)
 
void getDBObjectPrivileges (const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const
 
bool verifyDBObjectOwnership (const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)
 
void changeDBObjectOwnership (const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)
 
void createRole (const std::string &roleName, const bool &userPrivateRole=false)
 
void dropRole (const std::string &roleName)
 
void grantRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void grantRole (const std::string &role, const std::string &grantee)
 
void revokeRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void revokeRole (const std::string &role, const std::string &grantee)
 
bool hasAnyPrivileges (const UserMetadata &user, std::vector< DBObject > &privObjects)
 
bool checkPrivileges (const UserMetadata &user, const std::vector< DBObject > &privObjects) const
 
bool checkPrivileges (const std::string &userName, const std::vector< DBObject > &privObjects) const
 
GranteegetGrantee (const std::string &name) const
 
RolegetRoleGrantee (const std::string &name) const
 
UsergetUserGrantee (const std::string &name) const
 
std::vector
< ObjectRoleDescriptor * > 
getMetadataForObject (int32_t dbId, int32_t dbType, int32_t objectId) const
 
bool isRoleGrantedToGrantee (const std::string &granteeName, const std::string &roleName, bool only_direct) const
 
std::vector< std::string > getRoles (bool userPrivateRole, bool isSuper, const std::string &userName)
 
std::vector< std::string > getRoles (const std::string &userName, const int32_t dbId)
 
void revokeDashboardSystemRole (const std::string roleName, const std::vector< std::string > grantees)
 
bool isAggregator () const
 
void populateRoleDbObjects (const std::vector< DBObject > &objects)
 
std::string name () const
 
void renameObjectsInDescriptorMap (DBObject &object, const Catalog_Namespace::Catalog &cat)
 
void syncUserWithRemoteProvider (const std::string &user_name, std::vector< std::string > idp_roles, bool *issuper)
 
std::unordered_map
< std::string, std::vector
< std::string > > 
getGranteesOfSharedDashboards (const std::vector< std::string > &dashboard_ids)
 
void check_for_session_encryption (const std::string &pki_cert, std::string &session)
 
std::vector< std::shared_ptr
< Catalog > > 
getCatalogsForAllDbs ()
 
std::shared_ptr< CataloggetDummyCatalog ()
 
std::shared_ptr< CataloggetCatalog (const std::string &dbName)
 
std::shared_ptr< CataloggetCatalog (const int32_t db_id)
 
std::shared_ptr< CataloggetCatalog (const DBMetadata &curDB, bool is_new_db)
 
void removeCatalog (const std::string &dbName)
 
virtual ~SysCatalog ()
 

Static Public Member Functions

static SysCataloginstance ()
 
static void destroy ()
 

Public Attributes

std::mutex sqliteMutex_
 
mapd_shared_mutex sharedMutex_
 
std::atomic< std::thread::id > thread_holding_sqlite_lock
 
std::atomic< std::thread::id > thread_holding_write_lock
 
std::shared_ptr< CatalogdummyCatalog_
 

Static Public Attributes

static thread_local bool thread_holds_read_lock = false
 

Private Types

using GranteeMap = std::map< std::string, Grantee * >
 
using ObjectRoleDescriptorMap = std::multimap< std::string, ObjectRoleDescriptor * >
 
using dbid_to_cat_map = tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog >>
 

Private Member Functions

 SysCatalog ()
 
void initDB ()
 
void buildRoleMap ()
 
void buildUserRoleMap ()
 
void buildObjectDescriptorMap ()
 
void checkAndExecuteMigrations ()
 
void importDataFromOldMapdDB ()
 
void createUserRoles ()
 
void addAdminUserRole ()
 
void migratePrivileges ()
 
void migratePrivileged_old ()
 
void updateUserSchema ()
 
void updatePasswordsToHashes ()
 
void updateBlankPasswordsToRandom ()
 
void updateSupportUserDeactivation ()
 
void migrateDBAccessPrivileges ()
 
void loginImpl (std::string &username, const std::string &password, UserMetadata &user_meta)
 
bool checkPasswordForUserImpl (const std::string &passwd, std::string &name, UserMetadata &user)
 
void grantDefaultPrivilegesToRole_unsafe (const std::string &name, bool issuper)
 
void createRole_unsafe (const std::string &roleName, const bool userPrivateRole=false)
 
void dropRole_unsafe (const std::string &roleName)
 
void grantRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void grantRole_unsafe (const std::string &roleName, const std::string &granteeName)
 
void revokeRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
 
void revokeRole_unsafe (const std::string &roleName, const std::string &granteeName)
 
void updateObjectDescriptorMap (const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
 
void deleteObjectDescriptorMap (const std::string &roleName)
 
void deleteObjectDescriptorMap (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &cat)
 
void grantDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void grantDBObjectPrivileges_unsafe (const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
 
void revokeDBObjectPrivileges_unsafe (const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
 
void grantAllOnDatabase_unsafe (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
 
void revokeAllOnDatabase_unsafe (const std::string &roleName, int32_t dbId, Grantee *grantee)
 
bool isDashboardSystemRole (const std::string &roleName)
 
void updateUserRoleName (const std::string &roleName, const std::string &newName)
 
void getMetadataWithDefaultDB (std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
 
bool getMetadataForDBById (const int32_t idIn, DBMetadata &db)
 
bool allowLocalLogin () const
 
template<typename F , typename... Args>
void execInTransaction (F &&f, Args &&...args)
 
auto yieldTransactionStreamer ()
 
- Private Member Functions inherited from Catalog_Namespace::CommonFileOperations
 CommonFileOperations (std::string const &base_path)
 
void removeCatalogByFullPath (std::string const &full_path)
 
void removeCatalogByName (std::string const &name)
 
auto duplicateAndRenameCatalog (std::string const &current_name, std::string const &new_name)
 
auto assembleCatalogName (std::string const &name)
 

Private Attributes

std::string basePath_
 
GranteeMap granteeMap_
 
ObjectRoleDescriptorMap objectDescriptorMap_
 
std::unique_ptr< SqliteConnectorsqliteConnector_
 
std::shared_ptr
< Data_Namespace::DataMgr
dataMgr_
 
std::unique_ptr< PkiServerpki_server_
 
const AuthMetadataauthMetadata_
 
std::shared_ptr< CalcitecalciteMgr_
 
std::vector< LeafHostInfostring_dict_hosts_
 
bool aggregator_
 
dbid_to_cat_map cat_map_
 

Static Private Attributes

static std::unique_ptr
< SysCatalog
instance_
 

Detailed Description

Definition at line 150 of file SysCatalog.h.

Member Typedef Documentation

using Catalog_Namespace::SysCatalog::dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>
private

Definition at line 427 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::GranteeMap = std::map<std::string, Grantee*>
private

Definition at line 324 of file SysCatalog.h.

Definition at line 325 of file SysCatalog.h.

Constructor & Destructor Documentation

Catalog_Namespace::SysCatalog::~SysCatalog ( )
virtual

Definition at line 194 of file SysCatalog.cpp.

194  {
196  for (auto grantee = granteeMap_.begin(); grantee != granteeMap_.end(); ++grantee) {
197  delete grantee->second;
198  }
199  granteeMap_.clear();
200  for (ObjectRoleDescriptorMap::iterator objectIt = objectDescriptorMap_.begin();
201  objectIt != objectDescriptorMap_.end();) {
202  ObjectRoleDescriptorMap::iterator eraseIt = objectIt++;
203  delete eraseIt->second;
204  }
205  objectDescriptorMap_.clear();
206 
207  cat_map_.clear();
208 }
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:413
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
mapd_unique_lock< mapd_shared_mutex > write_lock
Catalog_Namespace::SysCatalog::SysCatalog ( )
inlineprivate

Definition at line 327 of file SysCatalog.h.

Referenced by instance().

329  , aggregator_(false)
330  , sqliteMutex_()
331  , sharedMutex_()
332  , thread_holding_sqlite_lock(std::thread::id())
333  , thread_holding_write_lock(std::thread::id())
334  , dummyCatalog_(std::make_shared<Catalog>()) {}
std::atomic< std::thread::id > thread_holding_sqlite_lock
Definition: SysCatalog.h:435
mapd_shared_mutex sharedMutex_
Definition: SysCatalog.h:434
CommonFileOperations(std::string const &base_path)
Definition: SysCatalog.h:133
std::shared_ptr< Catalog > dummyCatalog_
Definition: SysCatalog.h:439
std::atomic< std::thread::id > thread_holding_write_lock
Definition: SysCatalog.h:436

+ Here is the caller graph for this function:

Member Function Documentation

void Catalog_Namespace::SysCatalog::addAdminUserRole ( )
private

Definition at line 537 of file SysCatalog.cpp.

References OMNISCI_ROOT_USER.

537  {
538  sys_sqlite_lock sqlite_lock(this);
539  sqliteConnector_->query("BEGIN TRANSACTION");
540  try {
541  sqliteConnector_->query(
542  "SELECT roleName FROM mapd_object_permissions WHERE roleName = \'" +
543  OMNISCI_ROOT_USER + "\'");
544  if (sqliteConnector_->getNumRows() != 0) {
545  // already done
546  sqliteConnector_->query("END TRANSACTION");
547  return;
548  }
549 
551  } catch (const std::exception&) {
552  sqliteConnector_->query("ROLLBACK TRANSACTION");
553  throw;
554  }
555  sqliteConnector_->query("END TRANSACTION");
556 }
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole=false)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
const std::string OMNISCI_ROOT_USER
Definition: SysCatalog.h:60
bool Catalog_Namespace::SysCatalog::allowLocalLogin ( ) const
private

For servers configured to use external authentication providers, determine whether users will be allowed to fallback to local login accounts. If no external providers are configured, returns true.

void Catalog_Namespace::SysCatalog::alterUser ( const int32_t  userid,
const std::string *  passwd,
bool *  issuper,
const std::string *  dbname,
bool *  can_login 
)

Definition at line 943 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::append_with_commas, Catalog_Namespace::DBMetadata::dbId, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), and to_string().

947  {
948  sys_sqlite_lock sqlite_lock(this);
949  sqliteConnector_->query("BEGIN TRANSACTION");
950  try {
951  string sql;
952  std::vector<std::string> values;
953  if (passwd != nullptr) {
954  append_with_commas(sql, "passwd_hash = ?");
955  values.push_back(hash_with_bcrypt(*passwd));
956  }
957  if (issuper != nullptr) {
958  append_with_commas(sql, "issuper = ?");
959  values.push_back(std::to_string(*issuper));
960  }
961  if (dbname != nullptr) {
962  if (!dbname->empty()) {
963  append_with_commas(sql, "default_db = ?");
964  DBMetadata db;
965  if (!SysCatalog::instance().getMetadataForDB(*dbname, db)) {
966  throw runtime_error(string("DEFAULT_DB ") + *dbname + " not found.");
967  }
968  values.push_back(std::to_string(db.dbId));
969  } else {
970  append_with_commas(sql, "default_db = NULL");
971  }
972  }
973  if (can_login != nullptr) {
974  append_with_commas(sql, "can_login = ?");
975  values.push_back(std::to_string(*can_login));
976  }
977 
978  sql = "UPDATE mapd_users SET " + sql + " WHERE userid = ?";
979  values.push_back(std::to_string(userid));
980 
981  sqliteConnector_->query_with_text_params(sql, values);
982  } catch (const std::exception& e) {
983  sqliteConnector_->query("ROLLBACK TRANSACTION");
984  throw;
985  }
986  sqliteConnector_->query("END TRANSACTION");
987 }
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
static SysCatalog & instance()
Definition: SysCatalog.h:292
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:70
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::buildObjectDescriptorMap ( )
private

Definition at line 2292 of file SysCatalog.cpp.

References ObjectRoleDescriptor::dbId, ObjectRoleDescriptor::objectId, ObjectRoleDescriptor::objectName, ObjectRoleDescriptor::objectOwnerId, ObjectRoleDescriptor::objectType, AccessPrivileges::privileges, ObjectRoleDescriptor::privs, test_fsi::r, ObjectRoleDescriptor::roleName, ObjectRoleDescriptor::roleType, and to_string().

2292  {
2293  sys_write_lock write_lock(this);
2294  sys_sqlite_lock sqlite_lock(this);
2295  string objectQuery(
2296  "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
2297  "objectPermissions, objectOwnerId, objectName "
2298  "from mapd_object_permissions");
2299  sqliteConnector_->query(objectQuery);
2300  size_t numRows = sqliteConnector_->getNumRows();
2301  for (size_t r = 0; r < numRows; ++r) {
2303  od->roleName = sqliteConnector_->getData<string>(r, 0);
2304  od->roleType = sqliteConnector_->getData<bool>(r, 1);
2305  od->objectType = sqliteConnector_->getData<int>(r, 2);
2306  od->dbId = sqliteConnector_->getData<int>(r, 3);
2307  od->objectId = sqliteConnector_->getData<int>(r, 4);
2308  od->privs.privileges = sqliteConnector_->getData<int>(r, 5);
2309  od->objectOwnerId = sqliteConnector_->getData<int>(r, 6);
2310  od->objectName = sqliteConnector_->getData<string>(r, 7);
2311  objectDescriptorMap_.insert(ObjectRoleDescriptorMap::value_type(
2312  std::to_string(od->dbId) + ":" + std::to_string(od->objectType) + ":" +
2313  std::to_string(od->objectId),
2314  od));
2315  }
2316 }
tuple r
Definition: test_fsi.py:16
specifies the object_roles content in-memory of a row in mapd_object_permissions table ...
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:413
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
mapd_unique_lock< mapd_shared_mutex > write_lock
int64_t privileges
Definition: DBObject.h:135

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::buildRoleMap ( )
private

Definition at line 2174 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::fromString(), setup::name, AccessPrivileges::privileges, test_fsi::r, and to_upper().

2174  {
2175  sys_write_lock write_lock(this);
2176  sys_sqlite_lock sqlite_lock(this);
2177  string roleQuery(
2178  "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
2179  "objectPermissions, objectOwnerId, objectName "
2180  "from mapd_object_permissions");
2181  sqliteConnector_->query(roleQuery);
2182  size_t numRows = sqliteConnector_->getNumRows();
2183  std::vector<std::string> objectKeyStr(4);
2184  DBObjectKey objectKey;
2185  AccessPrivileges privs;
2186  bool userPrivateRole{false};
2187  for (size_t r = 0; r < numRows; ++r) {
2188  std::string roleName = sqliteConnector_->getData<string>(r, 0);
2189  userPrivateRole = sqliteConnector_->getData<bool>(r, 1);
2190  DBObjectType permissionType =
2191  static_cast<DBObjectType>(sqliteConnector_->getData<int>(r, 2));
2192  objectKeyStr[0] = sqliteConnector_->getData<string>(r, 2);
2193  objectKeyStr[1] = sqliteConnector_->getData<string>(r, 3);
2194  objectKeyStr[2] = sqliteConnector_->getData<string>(r, 4);
2195  objectKey = DBObjectKey::fromString(objectKeyStr, permissionType);
2196  privs.privileges = sqliteConnector_->getData<int>(r, 5);
2197  int32_t owner = sqliteConnector_->getData<int>(r, 6);
2198  std::string name = sqliteConnector_->getData<string>(r, 7);
2199 
2200  DBObject dbObject(objectKey, privs, owner);
2201  dbObject.setName(name);
2202  if (-1 == objectKey.objectId) {
2203  dbObject.setObjectType(DBObjectType::DatabaseDBObjectType);
2204  } else {
2205  dbObject.setObjectType(permissionType);
2206  }
2207 
2208  auto* rl = getGrantee(roleName);
2209  if (!rl) {
2210  if (userPrivateRole) {
2211  rl = new User(roleName);
2212  } else {
2213  rl = new Role(roleName);
2214  }
2215  granteeMap_[to_upper(roleName)] = rl;
2216  }
2217  rl->grantPrivileges(dbObject);
2218  }
2219 }
DBObjectType
Definition: DBObject.h:42
tuple r
Definition: test_fsi.py:16
std::string name() const
Definition: SysCatalog.h:302
Definition: Grantee.h:70
Grantee * getGrantee(const std::string &name) const
Definition: Grantee.h:76
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
static DBObjectKey fromString(const std::vector< std::string > &key, const DBObjectType &type)
Definition: DBObject.cpp:261
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
std::string to_upper(const std::string &str)
mapd_unique_lock< mapd_shared_mutex > write_lock
int64_t privileges
Definition: DBObject.h:135

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::buildUserRoleMap ( )
private

Definition at line 2244 of file SysCatalog.cpp.

References i, OMNISCI_ROOT_USER, and test_fsi::r.

2244  {
2245  sys_write_lock write_lock(this);
2246  sys_sqlite_lock sqlite_lock(this);
2247  std::vector<std::pair<std::string, std::string>> granteeRooles;
2248  string userRoleQuery("SELECT roleName, userName from mapd_roles");
2249  sqliteConnector_->query(userRoleQuery);
2250  size_t numRows = sqliteConnector_->getNumRows();
2251  for (size_t r = 0; r < numRows; ++r) {
2252  std::string roleName = sqliteConnector_->getData<string>(r, 0);
2253  std::string userName = sqliteConnector_->getData<string>(r, 1);
2254  // required for declared nomenclature before v4.0.0
2255  if ((boost::equals(roleName, "mapd_default_suser_role") &&
2256  boost::equals(userName, OMNISCI_ROOT_USER)) ||
2257  (boost::equals(roleName, "mapd_default_user_role") &&
2258  !boost::equals(userName, "mapd_default_user_role"))) {
2259  // grouprole already exists with roleName==userName in mapd_roles table
2260  // ignore duplicate instances of userRole which exists before v4.0.0
2261  continue;
2262  }
2263  auto* rl = getGrantee(roleName);
2264  if (!rl) {
2265  throw runtime_error("Data inconsistency when building role map. Role " + roleName +
2266  " from db not found in the map.");
2267  }
2268  std::pair<std::string, std::string> roleVecElem(roleName, userName);
2269  granteeRooles.push_back(roleVecElem);
2270  }
2271 
2272  for (size_t i = 0; i < granteeRooles.size(); i++) {
2273  std::string roleName = granteeRooles[i].first;
2274  std::string granteeName = granteeRooles[i].second;
2275  auto* grantee = getGrantee(granteeName);
2276  if (!grantee) {
2277  throw runtime_error("Data inconsistency when building role map. Grantee " +
2278  granteeName + " not found in the map.");
2279  }
2280  if (granteeName == roleName) {
2281  continue;
2282  }
2283  Role* rl = dynamic_cast<Role*>(getGrantee(roleName));
2284  if (!rl) {
2285  throw runtime_error("Data inconsistency when building role map. Role " + roleName +
2286  " not found in the map.");
2287  }
2288  grantee->grantRole(rl);
2289  }
2290 }
tuple r
Definition: test_fsi.py:16
Grantee * getGrantee(const std::string &name) const
Definition: Grantee.h:76
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
const std::string OMNISCI_ROOT_USER
Definition: SysCatalog.h:60
mapd_unique_lock< mapd_shared_mutex > write_lock
void Catalog_Namespace::SysCatalog::changeDBObjectOwnership ( const UserMetadata new_owner,
const UserMetadata previous_owner,
DBObject  object,
const Catalog_Namespace::Catalog catalog,
bool  revoke_privileges = true 
)

Change ownership of a DBObject

Parameters
new_owner- new owner of DBObject
previous_owner- previous owner of DBObject
object- DBObject to change ownership of
catalog- Catalog instance object exists in
revoke_privileges- if true, revoke previous_owner's privileges

Definition at line 1738 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, Catalog_Namespace::UserMetadata::isSuper, ServerDBObjectType, TableDBObjectType, UNREACHABLE, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userName, and ViewDBObjectType.

1742  {
1743  sys_write_lock write_lock(this);
1744  sys_sqlite_lock sqlite_lock(this);
1745  object.loadKey(catalog);
1746  switch (object.getType()) {
1747  case TableDBObjectType:
1748  object.setPrivileges(AccessPrivileges::ALL_TABLE);
1749  break;
1750  case DashboardDBObjectType:
1751  object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
1752  break;
1753  case ServerDBObjectType:
1754  object.setPrivileges(AccessPrivileges::ALL_SERVER);
1755  break;
1756  case DatabaseDBObjectType:
1757  object.setPrivileges(AccessPrivileges::ALL_DATABASE);
1758  break;
1759  case ViewDBObjectType:
1760  object.setPrivileges(AccessPrivileges::ALL_VIEW);
1761  break;
1762  default:
1763  UNREACHABLE(); // unkown object type
1764  break;
1765  }
1766  sqliteConnector_->query("BEGIN TRANSACTION");
1767  try {
1768  if (!new_owner.isSuper) { // no need to grant to suser, has all privs by default
1769  grantDBObjectPrivileges_unsafe(new_owner.userName, object, catalog);
1770  }
1771  if (!previous_owner.isSuper && revoke_privileges) { // no need to revoke from suser
1772  revokeDBObjectPrivileges_unsafe(previous_owner.userName, object, catalog);
1773  }
1774  } catch (std::exception& e) {
1775  sqliteConnector_->query("ROLLBACK TRANSACTION");
1776  throw;
1777  }
1778  sqliteConnector_->query("END TRANSACTION");
1779  object.setOwner(new_owner.userId); // change owner if no exceptions happen
1780 }
static const AccessPrivileges ALL_DATABASE
Definition: DBObject.h:153
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
#define UNREACHABLE()
Definition: Logger.h:241
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
static const AccessPrivileges ALL_VIEW
Definition: DBObject.h:179
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
static const AccessPrivileges ALL_SERVER
Definition: DBObject.h:189
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:171
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:159
mapd_unique_lock< mapd_shared_mutex > write_lock
void Catalog_Namespace::SysCatalog::check_for_session_encryption ( const std::string &  pki_cert,
std::string &  session 
)

Definition at line 835 of file SysCatalog.cpp.

836  {
837  if (!pki_server_->inUse()) {
838  return;
839  }
840  pki_server_->encrypt_session(pki_cert, session);
841 }
std::unique_ptr< PkiServer > pki_server_
Definition: SysCatalog.h:417
void Catalog_Namespace::SysCatalog::checkAndExecuteMigrations ( )
private

Definition at line 249 of file SysCatalog.cpp.

249  {
251  createUserRoles();
254  updateUserSchema(); // must come before updatePasswordsToHashes()
256  updateBlankPasswordsToRandom(); // must come after updatePasswordsToHashes()
259 }
bool Catalog_Namespace::SysCatalog::checkPasswordForUser ( const std::string &  passwd,
std::string &  name,
UserMetadata user 
)

Definition at line 1262 of file SysCatalog.cpp.

1264  {
1265  return checkPasswordForUserImpl(passwd, name, user);
1266 }
std::string name() const
Definition: SysCatalog.h:302
bool checkPasswordForUserImpl(const std::string &passwd, std::string &name, UserMetadata &user)
bool Catalog_Namespace::SysCatalog::checkPasswordForUserImpl ( const std::string &  passwd,
std::string &  name,
UserMetadata user 
)
private

Definition at line 1268 of file SysCatalog.cpp.

References CHECK, LOG, Catalog_Namespace::UserMetadata::passwd_hash, and logger::WARNING.

1270  {
1271  sys_read_lock read_lock(this);
1272  if (!getMetadataForUser(name, user)) {
1273  // Check password against some fake hash just to waste time so that response times
1274  // for invalid password and invalid user are similar and a caller can't say the
1275  // difference
1276  char fake_hash[BCRYPT_HASHSIZE];
1277  CHECK(bcrypt_gensalt(-1, fake_hash) == 0);
1278  bcrypt_checkpw(passwd.c_str(), fake_hash);
1279  LOG(WARNING) << "Local login failed";
1280  return false;
1281  }
1282  int pwd_check_result = bcrypt_checkpw(passwd.c_str(), user.passwd_hash.c_str());
1283  // if the check fails there is a good chance that data on disc is broken
1284  CHECK(pwd_check_result >= 0);
1285  return pwd_check_result == 0;
1286 }
#define LOG(tag)
Definition: Logger.h:188
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string name() const
Definition: SysCatalog.h:302
mapd_shared_lock< mapd_shared_mutex > read_lock
#define CHECK(condition)
Definition: Logger.h:197
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112
bool Catalog_Namespace::SysCatalog::checkPrivileges ( const UserMetadata user,
const std::vector< DBObject > &  privObjects 
) const

Definition at line 2033 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::SessionInfo::checkDBAccessPrivileges().

2034  {
2035  sys_read_lock read_lock(this);
2036  if (user.isSuper) {
2037  return true;
2038  }
2039 
2040  auto* user_rl = instance().getUserGrantee(user.userName);
2041  if (!user_rl) {
2042  throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
2043  " does not exist.");
2044  }
2045  for (auto& object : privObjects) {
2046  if (!user_rl->checkPrivileges(object)) {
2047  return false;
2048  }
2049  }
2050  return true;
2051 }
static SysCatalog & instance()
Definition: SysCatalog.h:292
User * getUserGrantee(const std::string &name) const
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPrivileges ( const std::string &  userName,
const std::vector< DBObject > &  privObjects 
) const

Definition at line 2053 of file SysCatalog.cpp.

References Catalog_Namespace::g_log_user_id.

2054  {
2055  UserMetadata user;
2056  if (!instance().getMetadataForUser(userName, user)) {
2057  std::string const loggable = g_log_user_id ? std::string("") : userName + ' ';
2058  throw runtime_error("Request to check privileges for user " + loggable +
2059  "failed because user with this name does not exist.");
2060  }
2061  return (checkPrivileges(user, privObjects));
2062 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
static SysCatalog & instance()
Definition: SysCatalog.h:292
void Catalog_Namespace::SysCatalog::createDatabase ( const std::string &  dbname,
int  owner 
)

Definition at line 1103 of file SysCatalog.cpp.

References cat(), CHECK, DatabaseDBObjectType, g_enable_fsi, OMNISCI_ROOT_USER_ID, OMNISCI_SYSTEM_CATALOG, to_string(), to_upper(), and Catalog_Namespace::UserMetadata::userName.

1103  {
1104  sys_write_lock write_lock(this);
1105  sys_sqlite_lock sqlite_lock(this);
1106 
1107  DBMetadata db;
1108  if (getMetadataForDB(name, db)) {
1109  throw runtime_error("Database " + name + " already exists.");
1110  }
1112  throw runtime_error("Database name " + name + " is reserved.");
1113  }
1114 
1115  std::unique_ptr<SqliteConnector> dbConn(
1116  new SqliteConnector(name, basePath_ + "/mapd_catalogs/"));
1117  // NOTE(max): it's okay to run this in a separate transaction. If we fail later
1118  // we delete the database anyways.
1119  // If we run it in the same transaction as SysCatalog functions, then Catalog
1120  // constructor won't find the tables we have just created.
1121  dbConn->query("BEGIN TRANSACTION");
1122  try {
1123  dbConn->query(
1124  "CREATE TABLE mapd_tables (tableid integer primary key, name text unique, userid "
1125  "integer, ncolumns integer, "
1126  "isview boolean, "
1127  "fragments text, frag_type integer, max_frag_rows integer, max_chunk_size "
1128  "bigint, "
1129  "frag_page_size integer, "
1130  "max_rows bigint, partitions text, shard_column_id integer, shard integer, "
1131  "sort_column_id integer default 0, storage_type text default '', "
1132  "max_rollback_epochs integer default -1, "
1133  "num_shards integer, key_metainfo TEXT, version_num "
1134  "BIGINT DEFAULT 1) ");
1135  dbConn->query(
1136  "CREATE TABLE mapd_columns (tableid integer references mapd_tables, columnid "
1137  "integer, name text, coltype "
1138  "integer, colsubtype integer, coldim integer, colscale integer, is_notnull "
1139  "boolean, compression integer, "
1140  "comp_param integer, size integer, chunks text, is_systemcol boolean, "
1141  "is_virtualcol boolean, virtual_expr "
1142  "text, is_deletedcol boolean, version_num BIGINT, "
1143  "primary key(tableid, columnid), unique(tableid, name))");
1144  dbConn->query(
1145  "CREATE TABLE mapd_views (tableid integer references mapd_tables, sql text)");
1146  dbConn->query(
1147  "CREATE TABLE mapd_dashboards (id integer primary key autoincrement, name text , "
1148  "userid integer references mapd_users, state text, image_hash text, update_time "
1149  "timestamp, "
1150  "metadata text, UNIQUE(userid, name) )");
1151  dbConn->query(
1152  "CREATE TABLE mapd_links (linkid integer primary key, userid integer references "
1153  "mapd_users, "
1154  "link text unique, view_state text, update_time timestamp, view_metadata text)");
1155  dbConn->query(
1156  "CREATE TABLE mapd_dictionaries (dictid integer primary key, name text unique, "
1157  "nbits int, is_shared boolean, "
1158  "refcount int, version_num BIGINT DEFAULT 1)");
1159  dbConn->query(
1160  "CREATE TABLE mapd_logical_to_physical(logical_table_id integer, "
1161  "physical_table_id "
1162  "integer)");
1163  dbConn->query("CREATE TABLE mapd_record_ownership_marker (dummy integer)");
1164  dbConn->query_with_text_params(
1165  "INSERT INTO mapd_record_ownership_marker (dummy) VALUES (?1)",
1166  std::vector<std::string>{std::to_string(owner)});
1167 
1168  if (g_enable_fsi) {
1169  dbConn->query(Catalog::getForeignServerSchema());
1170  dbConn->query(Catalog::getForeignTableSchema());
1171  }
1172  } catch (const std::exception&) {
1173  dbConn->query("ROLLBACK TRANSACTION");
1174  boost::filesystem::remove(basePath_ + "/mapd_catalogs/" + name);
1175  throw;
1176  }
1177  dbConn->query("END TRANSACTION");
1178 
1179  std::shared_ptr<Catalog> cat;
1180  // Now update SysCatalog with privileges and the new database
1181  sqliteConnector_->query("BEGIN TRANSACTION");
1182  try {
1183  sqliteConnector_->query_with_text_param(
1184  "INSERT INTO mapd_databases (name, owner) VALUES (?, " + std::to_string(owner) +
1185  ")",
1186  name);
1187  CHECK(getMetadataForDB(name, db));
1188 
1189  cat = getCatalog(db, true);
1190 
1191  if (owner != OMNISCI_ROOT_USER_ID) {
1193  object.loadKey(*cat);
1194  UserMetadata user;
1195  CHECK(getMetadataForUserById(owner, user));
1196  grantAllOnDatabase_unsafe(user.userName, object, *cat);
1197  }
1198  } catch (const std::exception&) {
1199  sqliteConnector_->query("ROLLBACK TRANSACTION");
1200  boost::filesystem::remove(basePath_ + "/mapd_catalogs/" + name);
1201  throw;
1202  }
1203  sqliteConnector_->query("END TRANSACTION");
1204 
1205  // force a migration on the new database
1207  cat = getCatalog(db, false);
1208 
1209  if (g_enable_fsi) {
1210  try {
1211  cat->createDefaultServersIfNotExists();
1212  } catch (...) {
1213  boost::filesystem::remove(basePath_ + "/mapd_catalogs/" + name);
1214  throw;
1215  }
1216  }
1217 }
std::string cat(Ts &&...args)
void removeCatalog(const std::string &dbName)
std::string name() const
Definition: SysCatalog.h:302
const std::string OMNISCI_SYSTEM_CATALOG
Definition: SysCatalog.h:58
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
static const std::string getForeignTableSchema(bool if_not_exists=false)
Definition: Catalog.cpp:648
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
static const std::string getForeignServerSchema(bool if_not_exists=false)
Definition: Catalog.cpp:641
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
std::string to_upper(const std::string &str)
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
const int OMNISCI_ROOT_USER_ID
Definition: SysCatalog.h:61
#define CHECK(condition)
Definition: Logger.h:197
mapd_unique_lock< mapd_shared_mutex > write_lock
bool g_enable_fsi
Definition: Catalog.cpp:92
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createDBObject ( const UserMetadata user,
const std::string &  objectName,
DBObjectType  type,
const Catalog_Namespace::Catalog catalog,
int32_t  objectId = -1 
)

Definition at line 1480 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, DashboardDBObjectType, Catalog_Namespace::UserMetadata::isSuper, ServerDBObjectType, TableDBObjectType, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by CreateForeignServerCommand::execute(), CreateForeignTableCommand::execute(), and EmbeddedDatabase::DBEngineImpl::importArrowTable().

1484  {
1485  sys_write_lock write_lock(this);
1486  sys_sqlite_lock sqlite_lock(this);
1487 
1488  DBObject object =
1489  objectId == -1 ? DBObject(objectName, type) : DBObject(objectId, type);
1490  object.loadKey(catalog);
1491  switch (type) {
1492  case TableDBObjectType:
1493  object.setPrivileges(AccessPrivileges::ALL_TABLE);
1494  break;
1495  case DashboardDBObjectType:
1496  object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
1497  break;
1498  case ServerDBObjectType:
1499  object.setPrivileges(AccessPrivileges::ALL_SERVER);
1500  break;
1501  default:
1502  object.setPrivileges(AccessPrivileges::ALL_DATABASE);
1503  break;
1504  }
1505  object.setOwner(user.userId);
1506  sqliteConnector_->query("BEGIN TRANSACTION");
1507  try {
1508  if (!user.isSuper) { // no need to grant to suser, has all privs by default
1509  grantDBObjectPrivileges_unsafe(user.userName, object, catalog);
1510  auto* grantee = instance().getUserGrantee(user.userName);
1511  if (!grantee) {
1512  throw runtime_error("Cannot create DBObject. User " + user.userLoggable() +
1513  " does not exist.");
1514  }
1515  grantee->grantPrivileges(object);
1516  }
1517  } catch (std::exception& e) {
1518  sqliteConnector_->query("ROLLBACK TRANSACTION");
1519  throw;
1520  }
1521  sqliteConnector_->query("END TRANSACTION");
1522 }
static const AccessPrivileges ALL_DATABASE
Definition: DBObject.h:153
virtual void grantPrivileges(const DBObject &object)
Definition: Grantee.cpp:92
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
static SysCatalog & instance()
Definition: SysCatalog.h:292
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
static const AccessPrivileges ALL_SERVER
Definition: DBObject.h:189
User * getUserGrantee(const std::string &name) const
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
void loadKey()
Definition: DBObject.cpp:181
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:171
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:159
mapd_unique_lock< mapd_shared_mutex > write_lock

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRole ( const std::string &  roleName,
const bool &  userPrivateRole = false 
)

Definition at line 2332 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

2332  {
2333  execInTransaction(&SysCatalog::createRole_unsafe, roleName, userPrivateRole);
2334 }
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole=false)
void execInTransaction(F &&f, Args &&...args)

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRole_unsafe ( const std::string &  roleName,
const bool  userPrivateRole = false 
)
private

Definition at line 1804 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::dbId, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), OMNISCI_DEFAULT_DB, DBObjectKey::permissionType, DBObject::setObjectKey(), and to_upper().

1805  {
1806  sys_write_lock write_lock(this);
1807 
1808  auto* grantee = getGrantee(roleName);
1809  if (grantee) {
1810  throw std::runtime_error("CREATE ROLE " + roleName +
1811  " failed because grantee with this name already exists.");
1812  }
1813  if (userPrivateRole) {
1814  grantee = new User(roleName);
1815  } else {
1816  grantee = new Role(roleName);
1817  }
1818  granteeMap_[to_upper(roleName)] = grantee;
1819 
1820  // NOTE (max): Why create an empty privileges record for a role?
1821  /* grant none privileges to this role and add it to sqlite DB */
1823  DBObjectKey objKey;
1824  // 0 is an id that does not exist
1825  objKey.dbId = 0;
1827  dbObject.setObjectKey(objKey);
1828  grantee->grantPrivileges(dbObject);
1829 
1830  sys_sqlite_lock sqlite_lock(this);
1831  insertOrUpdateObjectPrivileges(sqliteConnector_, roleName, userPrivateRole, dbObject);
1832 }
Definition: Grantee.h:70
Grantee * getGrantee(const std::string &name) const
Definition: Grantee.h:76
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:59
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
std::string to_upper(const std::string &str)
int32_t dbId
Definition: DBObject.h:56
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:391
int32_t permissionType
Definition: DBObject.h:55
mapd_unique_lock< mapd_shared_mutex > write_lock

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createUser ( const std::string &  name,
const std::string &  passwd,
bool  issuper,
const std::string &  dbname,
bool  can_login 
)

Definition at line 843 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::g_log_user_id, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), setup::name, to_string(), and Catalog_Namespace::UserMetadata::userLoggable().

847  {
849  sys_sqlite_lock sqlite_lock(this);
850 
851  UserMetadata user;
852  if (getMetadataForUser(name, user)) {
853  throw runtime_error("User " + user.userLoggable() + " already exists.");
854  }
855  if (getGrantee(name)) {
856  std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
857  throw runtime_error(
858  "User " + loggable +
859  "is same as one of existing grantees. User and role names should be unique.");
860  }
861  sqliteConnector_->query("BEGIN TRANSACTION");
862  try {
863  std::vector<std::string> vals;
864  if (!dbname.empty()) {
865  DBMetadata db;
866  if (!SysCatalog::instance().getMetadataForDB(dbname, db)) {
867  throw runtime_error("DEFAULT_DB " + dbname + " not found.");
868  }
869  vals = {name,
870  hash_with_bcrypt(passwd),
871  std::to_string(issuper),
872  std::to_string(db.dbId),
873  std::to_string(can_login)};
874  sqliteConnector_->query_with_text_params(
875  "INSERT INTO mapd_users (name, passwd_hash, issuper, default_db, can_login) "
876  "VALUES (?, ?, ?, ?, ?)",
877  vals);
878  } else {
879  vals = {name,
880  hash_with_bcrypt(passwd),
881  std::to_string(issuper),
882  std::to_string(can_login)};
883  sqliteConnector_->query_with_text_params(
884  "INSERT INTO mapd_users (name, passwd_hash, issuper, can_login) "
885  "VALUES (?, ?, ?, ?)",
886  vals);
887  }
888  createRole_unsafe(name, true);
889  } catch (const std::exception& e) {
890  sqliteConnector_->query("ROLLBACK TRANSACTION");
891  throw;
892  }
893  sqliteConnector_->query("END TRANSACTION");
894 }
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole=false)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string name() const
Definition: SysCatalog.h:302
Grantee * getGrantee(const std::string &name) const
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
static SysCatalog & instance()
Definition: SysCatalog.h:292
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:70
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
mapd_unique_lock< mapd_shared_mutex > write_lock
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createUserRoles ( )
private

Definition at line 334 of file SysCatalog.cpp.

References i, and OMNISCI_ROOT_USER.

334  {
335  sys_sqlite_lock sqlite_lock(this);
336  sqliteConnector_->query("BEGIN TRANSACTION");
337  try {
338  sqliteConnector_->query(
339  "SELECT name FROM sqlite_master WHERE type='table' AND name='mapd_roles'");
340  if (sqliteConnector_->getNumRows() != 0) {
341  // already done
342  sqliteConnector_->query("END TRANSACTION");
343  return;
344  }
345  sqliteConnector_->query(
346  "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
347  "userName))");
348  // need to account for old conversions where we are building and moving
349  // from pre version 4.0 and 'mapd' was default superuser
350  sqliteConnector_->query("SELECT name FROM mapd_users WHERE name NOT IN ( \'" +
351  OMNISCI_ROOT_USER + "\', 'mapd')");
352  size_t numRows = sqliteConnector_->getNumRows();
353  vector<string> user_names;
354  for (size_t i = 0; i < numRows; ++i) {
355  user_names.push_back(sqliteConnector_->getData<string>(i, 0));
356  }
357  for (const auto& user_name : user_names) {
358  // for each user, create a fake role with the same name
359  sqliteConnector_->query_with_text_params(
360  "INSERT INTO mapd_roles(roleName, userName) VALUES (?, ?)",
361  vector<string>{user_name, user_name});
362  }
363  } catch (const std::exception&) {
364  sqliteConnector_->query("ROLLBACK TRANSACTION");
365  throw;
366  }
367  sqliteConnector_->query("END TRANSACTION");
368 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
const std::string OMNISCI_ROOT_USER
Definition: SysCatalog.h:60
void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap ( const std::string &  roleName)
private

Definition at line 1979 of file SysCatalog.cpp.

References test_fsi::d.

1979  {
1980  sys_write_lock write_lock(this);
1981 
1982  for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
1983  if (d->second->roleName == roleName) {
1984  delete d->second;
1985  d = objectDescriptorMap_.erase(d);
1986  } else {
1987  d++;
1988  }
1989  }
1990 }
tuple d
Definition: test_fsi.py:9
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:413
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
mapd_unique_lock< mapd_shared_mutex > write_lock
void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap ( const std::string &  roleName,
DBObject object,
const Catalog_Namespace::Catalog cat 
)
private

Definition at line 1993 of file SysCatalog.cpp.

References test_fsi::d, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), and to_string().

1995  {
1996  sys_write_lock write_lock(this);
1997  auto range = objectDescriptorMap_.equal_range(
1998  std::to_string(cat.getCurrentDB().dbId) + ":" +
1999  std::to_string(object.getObjectKey().permissionType) + ":" +
2000  std::to_string(object.getObjectKey().objectId));
2001  for (auto d = range.first; d != range.second;) {
2002  // remove the entry
2003  if (d->second->roleName == roleName) {
2004  delete d->second;
2005  d = objectDescriptorMap_.erase(d);
2006  } else {
2007  d++;
2008  }
2009  }
2010 }
tuple d
Definition: test_fsi.py:9
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:413
std::string to_string(char const *&&v)
const DBMetadata & getCurrentDB() const
Definition: Catalog.h:221
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
mapd_unique_lock< mapd_shared_mutex > write_lock

+ Here is the call graph for this function:

static void Catalog_Namespace::SysCatalog::destroy ( )
inlinestatic

Definition at line 299 of file SysCatalog.h.

References instance_.

Referenced by EmbeddedDatabase::DBEngineImpl::reset().

299 { instance_.reset(); }
static std::unique_ptr< SysCatalog > instance_
Definition: SysCatalog.h:430

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropDatabase ( const DBMetadata db)

Definition at line 1219 of file SysCatalog.cpp.

References cat(), DashboardDBObjectType, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, test_readcsv::table, TableDBObjectType, run_benchmark_import::tables, and to_string().

1219  {
1220  sys_write_lock write_lock(this);
1221  sys_sqlite_lock sqlite_lock(this);
1222  auto cat = getCatalog(db, false);
1223  sqliteConnector_->query("BEGIN TRANSACTION");
1224  try {
1225  // remove this database ID from any users that have it set as their default database
1226  sqliteConnector_->query_with_text_param(
1227  "UPDATE mapd_users SET default_db = NULL WHERE default_db = ?",
1228  std::to_string(db.dbId));
1229  /* revoke object privileges to all tables of the database being dropped */
1230  const auto tables = cat->getAllTableMetadata();
1231  for (const auto table : tables) {
1232  if (table->shard >= 0) {
1233  // skip shards, they're not standalone tables
1234  continue;
1235  }
1237  DBObject(table->tableName, TableDBObjectType), cat.get());
1238  }
1239  const auto dashboards = cat->getAllDashboardsMetadata();
1240  for (const auto dashboard : dashboards) {
1242  DBObject(dashboard->dashboardId, DashboardDBObjectType), cat.get());
1243  }
1244  /* revoke object privileges to the database being dropped */
1245  for (const auto& grantee : granteeMap_) {
1246  if (grantee.second->hasAnyPrivilegesOnDb(db.dbId, true)) {
1247  revokeAllOnDatabase_unsafe(grantee.second->getName(), db.dbId, grantee.second);
1248  }
1249  }
1250  sqliteConnector_->query_with_text_param("DELETE FROM mapd_databases WHERE dbid = ?",
1251  std::to_string(db.dbId));
1252  cat->eraseDBData();
1253  removeCatalog(db.dbName);
1254  } catch (const std::exception&) {
1255  sqliteConnector_->query("ROLLBACK TRANSACTION");
1256  throw;
1257  }
1258  sqliteConnector_->query("END TRANSACTION");
1259 }
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
std::string cat(Ts &&...args)
void removeCatalog(const std::string &dbName)
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)
mapd_unique_lock< mapd_shared_mutex > write_lock

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::dropRole ( const std::string &  roleName)

Definition at line 2336 of file SysCatalog.cpp.

2336  {
2338 }
void execInTransaction(F &&f, Args &&...args)
void dropRole_unsafe(const std::string &roleName)
void Catalog_Namespace::SysCatalog::dropRole_unsafe ( const std::string &  roleName)
private

Definition at line 1834 of file SysCatalog.cpp.

References to_upper().

1834  {
1835  sys_write_lock write_lock(this);
1836 
1837  // it may very well be a user "role", so keep it generic
1838  auto* rl = getGrantee(roleName);
1839  if (rl) { // admin super user may not exist in roles
1840  delete rl;
1841  }
1842  granteeMap_.erase(to_upper(roleName));
1843 
1844  sys_sqlite_lock sqlite_lock(this);
1845  sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE roleName = ?",
1846  roleName);
1847  sqliteConnector_->query_with_text_param(
1848  "DELETE FROM mapd_object_permissions WHERE roleName = ?", roleName);
1849 }
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
std::string to_upper(const std::string &str)
mapd_unique_lock< mapd_shared_mutex > write_lock

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::dropUser ( const std::string &  name)

Definition at line 896 of file SysCatalog.cpp.

References Catalog_Namespace::g_log_user_id, to_string(), and Catalog_Namespace::UserMetadata::userId.

896  {
898  sys_sqlite_lock sqlite_lock(this);
899 
900  sqliteConnector_->query("BEGIN TRANSACTION");
901  try {
902  UserMetadata user;
903  if (!getMetadataForUser(name, user)) {
904  std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
905  throw runtime_error("Cannot drop user. User " + loggable + "does not exist.");
906  }
909  const std::string& roleName(name);
910  sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE userName = ?",
911  roleName);
912  sqliteConnector_->query("DELETE FROM mapd_users WHERE userid = " +
913  std::to_string(user.userId));
914  sqliteConnector_->query("DELETE FROM mapd_privileges WHERE userid = " +
915  std::to_string(user.userId));
916  } catch (const std::exception& e) {
917  sqliteConnector_->query("ROLLBACK TRANSACTION");
918  throw;
919  }
920  sqliteConnector_->query("END TRANSACTION");
921 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string name() const
Definition: SysCatalog.h:302
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
void deleteObjectDescriptorMap(const std::string &roleName)
mapd_unique_lock< mapd_shared_mutex > write_lock
void dropRole_unsafe(const std::string &roleName)

+ Here is the call graph for this function:

template<typename F , typename... Args>
void Catalog_Namespace::SysCatalog::execInTransaction ( F &&  f,
Args &&...  args 
)
private

Definition at line 2319 of file SysCatalog.cpp.

References run_benchmark_import::args, and f.

2319  {
2320  sys_write_lock write_lock(this);
2321  sys_sqlite_lock sqlite_lock(this);
2322  sqliteConnector_->query("BEGIN TRANSACTION");
2323  try {
2324  (this->*f)(std::forward<Args>(args)...);
2325  } catch (std::exception&) {
2326  sqliteConnector_->query("ROLLBACK TRANSACTION");
2327  throw;
2328  }
2329  sqliteConnector_->query("END TRANSACTION");
2330 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
char * f
mapd_unique_lock< mapd_shared_mutex > write_lock
list< DBMetadata > Catalog_Namespace::SysCatalog::getAllDBMetadata ( )

Definition at line 1329 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and test_fsi::r.

1329  {
1330  sys_sqlite_lock sqlite_lock(this);
1331  sqliteConnector_->query("SELECT dbid, name, owner FROM mapd_databases");
1332  int numRows = sqliteConnector_->getNumRows();
1333  list<DBMetadata> db_list;
1334  for (int r = 0; r < numRows; ++r) {
1335  DBMetadata db;
1336  db.dbId = sqliteConnector_->getData<int>(r, 0);
1337  db.dbName = sqliteConnector_->getData<string>(r, 1);
1338  db.dbOwner = sqliteConnector_->getData<int>(r, 2);
1339  db_list.push_back(db);
1340  }
1341  return db_list;
1342 }
tuple r
Definition: test_fsi.py:16
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( )

Definition at line 1385 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users().

1385  {
1386  sys_sqlite_lock sqlite_lock(this);
1387  return get_users(sqliteConnector_);
1388 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
auto get_users(std::unique_ptr< SqliteConnector > &sqliteConnector, const int32_t dbId=-1)

+ Here is the call graph for this function:

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( const int64_t  dbId)

return the users associated with the given DB

Definition at line 1378 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users().

1378  {
1379  // this call is to return users that have some form of permissions to objects in the db
1380  // sadly mapd_object_permissions table is also misused to manage user roles.
1381  sys_sqlite_lock sqlite_lock(this);
1382  return get_users(sqliteConnector_, dbId);
1383 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
auto get_users(std::unique_ptr< SqliteConnector > &sqliteConnector, const int32_t dbId=-1)

+ Here is the call graph for this function:

Calcite& Catalog_Namespace::SysCatalog::getCalciteMgr ( ) const
inline

Definition at line 194 of file SysCatalog.h.

References calciteMgr_.

194 { return *calciteMgr_; }
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:419
std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const std::string &  dbName)
std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const int32_t  db_id)

Definition at line 2502 of file SysCatalog.cpp.

2502  {
2503  dbid_to_cat_map::const_accessor cata;
2504  for (dbid_to_cat_map::iterator cat_it = cat_map_.begin(); cat_it != cat_map_.end();
2505  ++cat_it) {
2506  if (cat_it->second->getDatabaseId() == db_id) {
2507  return cat_it->second;
2508  }
2509  }
2510  return nullptr;
2511 }
std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const DBMetadata curDB,
bool  is_new_db 
)

Definition at line 2513 of file SysCatalog.cpp.

References cat(), and Catalog_Namespace::DBMetadata::dbName.

2513  {
2514  auto cat = getCatalog(curDB.dbName);
2515  if (cat) {
2516  return cat;
2517  }
2518 
2519  // Catalog doesnt exist
2520  // has to be made outside of lock as migration uses cat
2521  cat = std::make_shared<Catalog>(
2522  basePath_, curDB, dataMgr_, string_dict_hosts_, calciteMgr_, is_new_db);
2523 
2524  dbid_to_cat_map::accessor cata;
2525 
2526  if (cat_map_.find(cata, curDB.dbName)) {
2527  return cata->second;
2528  }
2529 
2530  cat_map_.insert(cata, curDB.dbName);
2531  cata->second = cat;
2532 
2533  return cat;
2534 }
std::string cat(Ts &&...args)
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:416
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:420
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:419

+ Here is the call graph for this function:

const std::string& Catalog_Namespace::SysCatalog::getCatalogBasePath ( ) const
inline

Definition at line 195 of file SysCatalog.h.

References basePath_.

195 { return basePath_; }
std::vector< std::shared_ptr< Catalog > > Catalog_Namespace::SysCatalog::getCatalogsForAllDbs ( )

Definition at line 923 of file SysCatalog.cpp.

923  {
924  std::vector<std::shared_ptr<Catalog>> catalogs{};
925  const auto& db_metadata_list = getAllDBMetadata();
926  for (const auto& db_metadata : db_metadata_list) {
927  catalogs.emplace_back(getCatalog(db_metadata, false));
928  }
929  return catalogs;
930 }
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
std::list< DBMetadata > getAllDBMetadata()
DBSummaryList Catalog_Namespace::SysCatalog::getDatabaseListForUser ( const UserMetadata user)

Definition at line 1456 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, test_fsi::d, DatabaseDBObjectType, DBObject::loadKey(), and DBObject::setPrivileges().

Referenced by ShowDatabasesCommand::execute().

1456  {
1457  DBSummaryList ret;
1458 
1459  std::list<Catalog_Namespace::DBMetadata> db_list = getAllDBMetadata();
1460  std::list<Catalog_Namespace::UserMetadata> user_list = getAllUserMetadata();
1461 
1462  for (auto d : db_list) {
1463  DBObject dbObject(d.dbName, DatabaseDBObjectType);
1464  dbObject.loadKey();
1465  dbObject.setPrivileges(AccessPrivileges::ACCESS);
1466  if (!checkPrivileges(user, std::vector<DBObject>{dbObject})) {
1467  continue;
1468  }
1469  for (auto u : user_list) {
1470  if (d.dbOwner == u.userId) {
1471  ret.emplace_back(DBSummary{d.dbName, u.userName});
1472  break;
1473  }
1474  }
1475  }
1476 
1477  return ret;
1478 }
tuple d
Definition: test_fsi.py:9
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
std::list< UserMetadata > getAllUserMetadata()
std::list< DBMetadata > getAllDBMetadata()
static const AccessPrivileges ACCESS
Definition: DBObject.h:155
std::list< DBSummary > DBSummaryList
Definition: SysCatalog.h:129

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Data_Namespace::DataMgr& Catalog_Namespace::SysCatalog::getDataMgr ( ) const
inline

Definition at line 193 of file SysCatalog.h.

References dataMgr_.

Referenced by Executor::clearMemory(), and Executor::interrupt().

193 { return *dataMgr_; }
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:416

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::getDBObjectPrivileges ( const std::string &  granteeName,
DBObject object,
const Catalog_Namespace::Catalog catalog 
) const

Definition at line 1782 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::isSuper.

1784  {
1785  sys_read_lock read_lock(this);
1786  UserMetadata user_meta;
1787 
1788  if (instance().getMetadataForUser(granteeName, user_meta)) {
1789  if (user_meta.isSuper) {
1790  throw runtime_error(
1791  "Request to show privileges from " + granteeName +
1792  " failed because user is super user and has all privileges by default.");
1793  }
1794  }
1795  auto* grantee = instance().getGrantee(granteeName);
1796  if (!grantee) {
1797  throw runtime_error("Request to show privileges for " + granteeName +
1798  " failed because role or user with this name does not exist.");
1799  }
1800  object.loadKey(catalog);
1801  grantee->getPrivileges(object, true);
1802 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
static SysCatalog & instance()
Definition: SysCatalog.h:292
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112
std::shared_ptr<Catalog> Catalog_Namespace::SysCatalog::getDummyCatalog ( )
inline

Definition at line 313 of file SysCatalog.h.

References dummyCatalog_.

Referenced by Catalog_Namespace::Catalog::getObjForLock().

313 { return dummyCatalog_; }
std::shared_ptr< Catalog > dummyCatalog_
Definition: SysCatalog.h:439

+ Here is the caller graph for this function:

Grantee * Catalog_Namespace::SysCatalog::getGrantee ( const std::string &  name) const

Definition at line 2064 of file SysCatalog.cpp.

References to_upper().

Referenced by Catalog_Namespace::Catalog::renameTable().

2064  {
2065  sys_read_lock read_lock(this);
2066  auto grantee = granteeMap_.find(to_upper(name));
2067  if (grantee == granteeMap_.end()) { // check to make sure role exists
2068  return nullptr;
2069  }
2070  return grantee->second; // returns pointer to role
2071 }
std::string name() const
Definition: SysCatalog.h:302
std::string to_upper(const std::string &str)
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

std::unordered_map< std::string, std::vector< std::string > > Catalog_Namespace::SysCatalog::getGranteesOfSharedDashboards ( const std::vector< std::string > &  dashboard_ids)

Definition at line 2462 of file SysCatalog.cpp.

References DashboardDBObjectType, i, and to_string().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

2462  {
2463  sys_sqlite_lock sqlite_lock(this);
2464  std::unordered_map<std::string, std::vector<std::string>> active_grantees;
2465  sqliteConnector_->query("BEGIN TRANSACTION");
2466  try {
2467  for (auto dash : dashboard_ids) {
2468  std::vector<std::string> grantees = {};
2469  sqliteConnector_->query_with_text_params(
2470  "SELECT roleName FROM mapd_object_permissions WHERE objectPermissions NOT IN "
2471  "(0,1) AND objectPermissionsType = ? AND objectId = ?",
2472  std::vector<std::string>{
2473  std::to_string(static_cast<int32_t>(DashboardDBObjectType)), dash});
2474  int num_rows = sqliteConnector_->getNumRows();
2475  if (num_rows == 0) {
2476  // no grantees
2477  continue;
2478  } else {
2479  for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
2480  grantees.push_back(sqliteConnector_->getData<string>(i, 0));
2481  }
2482  active_grantees[dash] = grantees;
2483  }
2484  }
2485  } catch (const std::exception& e) {
2486  sqliteConnector_->query("ROLLBACK TRANSACTION");
2487  throw;
2488  }
2489  sqliteConnector_->query("END TRANSACTION");
2490  return active_grantees;
2491 }
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForDB ( const std::string &  name,
DBMetadata db 
)

Definition at line 1426 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, and Catalog_Namespace::DBMetadata::dbOwner.

1426  {
1427  sys_read_lock read_lock(this);
1428  sys_sqlite_lock sqlite_lock(this);
1429  sqliteConnector_->query_with_text_param(
1430  "SELECT dbid, name, owner FROM mapd_databases WHERE name = ?", name);
1431  int numRows = sqliteConnector_->getNumRows();
1432  if (numRows == 0) {
1433  return false;
1434  }
1435  db.dbId = sqliteConnector_->getData<int>(0, 0);
1436  db.dbName = sqliteConnector_->getData<string>(0, 1);
1437  db.dbOwner = sqliteConnector_->getData<int>(0, 2);
1438  return true;
1439 }
std::string name() const
Definition: SysCatalog.h:302
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112
bool Catalog_Namespace::SysCatalog::getMetadataForDBById ( const int32_t  idIn,
DBMetadata db 
)
private

Definition at line 1441 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and to_string().

1441  {
1442  sys_sqlite_lock sqlite_lock(this);
1443  sqliteConnector_->query_with_text_param(
1444  "SELECT dbid, name, owner FROM mapd_databases WHERE dbid = ?",
1445  std::to_string(idIn));
1446  int numRows = sqliteConnector_->getNumRows();
1447  if (numRows == 0) {
1448  return false;
1449  }
1450  db.dbId = sqliteConnector_->getData<int>(0, 0);
1451  db.dbName = sqliteConnector_->getData<string>(0, 1);
1452  db.dbOwner = sqliteConnector_->getData<int>(0, 2);
1453  return true;
1454 }
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414

+ Here is the call graph for this function:

std::vector< ObjectRoleDescriptor * > Catalog_Namespace::SysCatalog::getMetadataForObject ( int32_t  dbId,
int32_t  dbType,
int32_t  objectId 
) const

Definition at line 2082 of file SysCatalog.cpp.

References test_fsi::d, and to_string().

Referenced by Catalog_Namespace::Catalog::renameTable().

2082  {
2083  sys_read_lock read_lock(this);
2084  std::vector<ObjectRoleDescriptor*> objectsList;
2085 
2086  auto range = objectDescriptorMap_.equal_range(std::to_string(dbId) + ":" +
2087  std::to_string(dbType) + ":" +
2088  std::to_string(objectId));
2089  for (auto d = range.first; d != range.second; ++d) {
2090  objectsList.push_back(d->second);
2091  }
2092  return objectsList; // return pointers to objects
2093 }
tuple d
Definition: test_fsi.py:9
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:413
std::string to_string(char const *&&v)
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUser ( const std::string &  name,
UserMetadata user 
)

Definition at line 1310 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite().

1310  {
1311  sys_read_lock read_lock(this);
1312  sys_sqlite_lock sqlite_lock(this);
1313  sqliteConnector_->query_with_text_param(
1314  "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
1315  "WHERE name = ?",
1316  name);
1318 }
std::string name() const
Definition: SysCatalog.h:302
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
static bool parseUserMetadataFromSQLite(const std::unique_ptr< SqliteConnector > &conn, UserMetadata &user)
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112

+ Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUserById ( const int32_t  idIn,
UserMetadata user 
)

Definition at line 1320 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite(), and to_string().

1320  {
1321  sys_sqlite_lock sqlite_lock(this);
1322  sqliteConnector_->query_with_text_param(
1323  "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
1324  "WHERE userid = ?",
1325  std::to_string(idIn));
1327 }
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
static bool parseUserMetadataFromSQLite(const std::unique_ptr< SqliteConnector > &conn, UserMetadata &user)
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::getMetadataWithDefaultDB ( std::string &  dbname,
const std::string &  username,
Catalog_Namespace::DBMetadata db_meta,
UserMetadata user_meta 
)
private

Definition at line 1390 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::UserMetadata::defaultDbId, Catalog_Namespace::g_log_user_id, OMNISCI_DEFAULT_DB, to_string(), Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

1393  {
1394  sys_read_lock read_lock(this);
1395  if (!getMetadataForUser(username, user_meta)) {
1396  throw std::runtime_error("Invalid credentials.");
1397  }
1398 
1399  if (!dbname.empty()) {
1400  if (!getMetadataForDB(dbname, db_meta)) {
1401  throw std::runtime_error("Database name " + dbname + " does not exist.");
1402  }
1403  // loaded the requested database
1404  } else {
1405  if (user_meta.defaultDbId != -1) {
1406  if (!getMetadataForDBById(user_meta.defaultDbId, db_meta)) {
1407  std::string loggable = g_log_user_id ? std::string("") : ' ' + user_meta.userName;
1408  throw std::runtime_error(
1409  "Server error: User #" + std::to_string(user_meta.userId) + loggable +
1410  " has invalid default_db #" + std::to_string(user_meta.defaultDbId) +
1411  " which does not exist.");
1412  }
1413  dbname = db_meta.dbName;
1414  // loaded the user's default database
1415  } else {
1416  if (!getMetadataForDB(OMNISCI_DEFAULT_DB, db_meta)) {
1417  throw std::runtime_error(std::string("Database ") + OMNISCI_DEFAULT_DB +
1418  " does not exist.");
1419  }
1420  dbname = OMNISCI_DEFAULT_DB;
1421  // loaded the mapd database by default
1422  }
1423  }
1424 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string to_string(char const *&&v)
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:59
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112
bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

Role * Catalog_Namespace::SysCatalog::getRoleGrantee ( const std::string &  name) const

Definition at line 2073 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles(), and Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

2073  {
2074  return dynamic_cast<Role*>(getGrantee(name));
2075 }
std::string name() const
Definition: SysCatalog.h:302
Grantee * getGrantee(const std::string &name) const
Definition: Grantee.h:76

+ Here is the caller graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles ( bool  userPrivateRole,
bool  isSuper,
const std::string &  userName 
)

Definition at line 2142 of file SysCatalog.cpp.

2144  {
2145  sys_read_lock read_lock(this);
2146  std::vector<std::string> roles;
2147  for (auto& grantee : granteeMap_) {
2148  if (!userPrivateRole && grantee.second->isUser()) {
2149  continue;
2150  }
2151  if (!isSuper && !isRoleGrantedToGrantee(userName, grantee.second->getName(), false)) {
2152  continue;
2153  }
2154  if (isDashboardSystemRole(grantee.second->getName())) {
2155  continue;
2156  }
2157  roles.push_back(grantee.second->getName());
2158  }
2159  return roles;
2160 }
bool isDashboardSystemRole(const std::string &roleName)
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112
std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles ( const std::string &  userName,
const int32_t  dbId 
)

Definition at line 2121 of file SysCatalog.cpp.

References test_fsi::r, and to_string().

2122  {
2123  sys_sqlite_lock sqlite_lock(this);
2124  std::string sql =
2125  "SELECT DISTINCT roleName FROM mapd_object_permissions WHERE "
2126  "objectPermissions<>0 "
2127  "AND roleType=0 AND dbId=" +
2128  std::to_string(dbId);
2129  sqliteConnector_->query(sql);
2130  int numRows = sqliteConnector_->getNumRows();
2131  std::vector<std::string> roles(0);
2132  for (int r = 0; r < numRows; ++r) {
2133  auto roleName = sqliteConnector_->getData<string>(r, 0);
2134  if (isRoleGrantedToGrantee(userName, roleName, false) &&
2135  !isDashboardSystemRole(roleName)) {
2136  roles.push_back(roleName);
2137  }
2138  }
2139  return roles;
2140 }
bool isDashboardSystemRole(const std::string &roleName)
tuple r
Definition: test_fsi.py:16
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const

+ Here is the call graph for this function:

SqliteConnector* Catalog_Namespace::SysCatalog::getSqliteConnector ( )
inline

Definition at line 196 of file SysCatalog.h.

References sqliteConnector_.

196 { return sqliteConnector_.get(); }
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
User * Catalog_Namespace::SysCatalog::getUserGrantee ( const std::string &  name) const

Definition at line 2077 of file SysCatalog.cpp.

2077  {
2078  return dynamic_cast<User*>(getGrantee(name));
2079 }
std::string name() const
Definition: SysCatalog.h:302
Definition: Grantee.h:70
Grantee * getGrantee(const std::string &name) const
void Catalog_Namespace::SysCatalog::grantAllOnDatabase_unsafe ( const std::string &  roleName,
DBObject object,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1597 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, g_enable_fsi, ServerDBObjectType, DBObject::setPermissionType(), DBObject::setPrivileges(), TableDBObjectType, AccessPrivileges::VIEW_SQL_EDITOR, and ViewDBObjectType.

1599  {
1600  // It's a separate use case because it's easier for implementation to convert ALL ON
1601  // DATABASE into ALL ON DASHBOARDS, ALL ON VIEWS and ALL ON TABLES
1602  // Add DB Access privileges
1603  DBObject tmp_object = object;
1606  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1609  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1612  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1614  tmp_object.setPermissionType(ViewDBObjectType);
1615  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1616 
1617  if (g_enable_fsi) {
1620  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1621  }
1622 
1625  grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
1626  return;
1627 }
static const AccessPrivileges VIEW_SQL_EDITOR
Definition: DBObject.h:154
void setPrivileges(const AccessPrivileges &privs)
Definition: DBObject.h:219
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
static const AccessPrivileges ALL_VIEW
Definition: DBObject.h:179
void setPermissionType(const DBObjectType &permissionType)
Definition: DBObject.cpp:151
static const AccessPrivileges ALL_SERVER
Definition: DBObject.h:189
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:171
static const AccessPrivileges ACCESS
Definition: DBObject.h:155
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:159
bool g_enable_fsi
Definition: Catalog.cpp:92

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges ( const std::string &  grantee,
const DBObject object,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 2358 of file SysCatalog.cpp.

2360  {
2362  &SysCatalog::grantDBObjectPrivileges_unsafe, grantee, object, catalog);
2363 }
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)
void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges_unsafe ( const std::string &  granteeName,
const DBObject  object,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1559 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, CHECK, DatabaseDBObjectType, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), and Catalog_Namespace::UserMetadata::isSuper.

1562  {
1563  object.loadKey(catalog);
1564  CHECK(object.valid());
1565  if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
1566  object.getObjectKey().permissionType == DatabaseDBObjectType) {
1567  return grantAllOnDatabase_unsafe(granteeName, object, catalog);
1568  }
1569 
1570  sys_write_lock write_lock(this);
1571 
1572  UserMetadata user_meta;
1573  if (instance().getMetadataForUser(granteeName, user_meta)) {
1574  if (user_meta.isSuper) {
1575  // super doesn't have explicit privileges so nothing to do
1576  return;
1577  }
1578  }
1579  auto* grantee = instance().getGrantee(granteeName);
1580  if (!grantee) {
1581  throw runtime_error("Request to grant privileges to " + granteeName +
1582  " failed because role or user with this name does not exist.");
1583  }
1584  grantee->grantPrivileges(object);
1585 
1586  /* apply grant privileges statement to sqlite DB */
1587  std::vector<std::string> objectKey = object.toString();
1588  object.resetPrivileges();
1589  grantee->getPrivileges(object, true);
1590 
1591  sys_sqlite_lock sqlite_lock(this);
1593  sqliteConnector_, granteeName, grantee->isUser(), object);
1594  updateObjectDescriptorMap(granteeName, object, grantee->isUser(), catalog);
1595 }
static const int32_t ALL
Definition: DBObject.h:79
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
static SysCatalog & instance()
Definition: SysCatalog.h:292
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:391
#define CHECK(condition)
Definition: Logger.h:197
mapd_unique_lock< mapd_shared_mutex > write_lock

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch ( const std::vector< std::string > &  grantees,
const std::vector< DBObject > &  objects,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 2365 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

2367  {
2369  &SysCatalog::grantDBObjectPrivilegesBatch_unsafe, grantees, objects, catalog);
2370 }
void grantDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch_unsafe ( const std::vector< std::string > &  grantees,
const std::vector< DBObject > &  objects,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1547 of file SysCatalog.cpp.

1550  {
1551  for (const auto& grantee : grantees) {
1552  for (const auto& object : objects) {
1553  grantDBObjectPrivileges_unsafe(grantee, object, catalog);
1554  }
1555  }
1556 }
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void Catalog_Namespace::SysCatalog::grantDefaultPrivilegesToRole_unsafe ( const std::string &  name,
bool  issuper 
)
private
void Catalog_Namespace::SysCatalog::grantRole ( const std::string &  role,
const std::string &  grantee 
)

Definition at line 2345 of file SysCatalog.cpp.

2345  {
2347 }
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName)
void execInTransaction(F &&f, Args &&...args)
void Catalog_Namespace::SysCatalog::grantRole_unsafe ( const std::string &  roleName,
const std::string &  granteeName 
)
private

Definition at line 1861 of file SysCatalog.cpp.

1862  {
1863  auto* rl = getRoleGrantee(roleName);
1864  if (!rl) {
1865  throw runtime_error("Request to grant role " + roleName +
1866  " failed because role with this name does not exist.");
1867  }
1868  auto* grantee = getGrantee(granteeName);
1869  if (!grantee) {
1870  throw runtime_error("Request to grant role " + roleName + " failed because grantee " +
1871  granteeName + " does not exist.");
1872  }
1873  sys_write_lock write_lock(this);
1874  if (!grantee->hasRole(rl, true)) {
1875  grantee->grantRole(rl);
1876  sys_sqlite_lock sqlite_lock(this);
1877  sqliteConnector_->query_with_text_params(
1878  "INSERT INTO mapd_roles(roleName, userName) VALUES (?, ?)",
1879  std::vector<std::string>{rl->getName(), grantee->getName()});
1880  }
1881 }
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
Role * getRoleGrantee(const std::string &name) const
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
mapd_unique_lock< mapd_shared_mutex > write_lock
void Catalog_Namespace::SysCatalog::grantRoleBatch ( const std::vector< std::string > &  roles,
const std::vector< std::string > &  grantees 
)

Definition at line 2340 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

2341  {
2343 }
void grantRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void execInTransaction(F &&f, Args &&...args)

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRoleBatch_unsafe ( const std::vector< std::string > &  roles,
const std::vector< std::string > &  grantees 
)
private

Definition at line 1851 of file SysCatalog.cpp.

1852  {
1853  for (const auto& role : roles) {
1854  for (const auto& grantee : grantees) {
1855  grantRole_unsafe(role, grantee);
1856  }
1857  }
1858 }
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName)
bool Catalog_Namespace::SysCatalog::hasAnyPrivileges ( const UserMetadata user,
std::vector< DBObject > &  privObjects 
)

Definition at line 2012 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

2013  {
2014  sys_read_lock read_lock(this);
2015  if (user.isSuper) {
2016  return true;
2017  }
2018  auto* user_rl = instance().getUserGrantee(user.userName);
2019  if (!user_rl) {
2020  throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
2021  " does not exist.");
2022  }
2023  for (std::vector<DBObject>::iterator objectIt = privObjects.begin();
2024  objectIt != privObjects.end();
2025  ++objectIt) {
2026  if (!user_rl->hasAnyPrivileges(*objectIt, false)) {
2027  return false;
2028  }
2029  }
2030  return true;
2031 }
static SysCatalog & instance()
Definition: SysCatalog.h:292
User * getUserGrantee(const std::string &name) const
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::importDataFromOldMapdDB ( )
private

Definition at line 285 of file SysCatalog.cpp.

References logger::ERROR, logger::INFO, LOG, and OMNISCI_SYSTEM_CATALOG.

285  {
286  sys_sqlite_lock sqlite_lock(this);
287  std::string mapd_db_path = basePath_ + "/mapd_catalogs/mapd";
288  sqliteConnector_->query("ATTACH DATABASE `" + mapd_db_path + "` as old_cat");
289  sqliteConnector_->query("BEGIN TRANSACTION");
290  LOG(INFO) << "Moving global metadata into a separate catalog";
291  try {
292  auto moveTableIfExists = [conn = sqliteConnector_.get()](const std::string& tableName,
293  bool deleteOld = true) {
294  conn->query("SELECT sql FROM old_cat.sqlite_master WHERE type='table' AND name='" +
295  tableName + "'");
296  if (conn->getNumRows() != 0) {
297  conn->query(conn->getData<string>(0, 0));
298  conn->query("INSERT INTO " + tableName + " SELECT * FROM old_cat." + tableName);
299  if (deleteOld) {
300  conn->query("DROP TABLE old_cat." + tableName);
301  }
302  }
303  };
304  moveTableIfExists("mapd_users");
305  moveTableIfExists("mapd_databases");
306  moveTableIfExists("mapd_roles");
307  moveTableIfExists("mapd_object_permissions");
308  moveTableIfExists("mapd_privileges");
309  moveTableIfExists("mapd_version_history", false);
310  } catch (const std::exception& e) {
311  LOG(ERROR) << "Failed to move global metadata into a separate catalog: " << e.what();
312  sqliteConnector_->query("ROLLBACK TRANSACTION");
313  try {
314  sqliteConnector_->query("DETACH DATABASE old_cat");
315  } catch (const std::exception&) {
316  // nothing to do here
317  }
318  throw;
319  }
320  sqliteConnector_->query("END TRANSACTION");
321  const std::string sys_catalog_path =
322  basePath_ + "/mapd_catalogs/" + OMNISCI_SYSTEM_CATALOG;
323  LOG(INFO) << "Global metadata has been successfully moved into a separate catalog: "
324  << sys_catalog_path
325  << ". Using this database with an older version of omnisci_server "
326  "is now impossible.";
327  try {
328  sqliteConnector_->query("DETACH DATABASE old_cat");
329  } catch (const std::exception&) {
330  // nothing to do here
331  }
332 }
#define LOG(tag)
Definition: Logger.h:188
const std::string OMNISCI_SYSTEM_CATALOG
Definition: SysCatalog.h:58
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
void Catalog_Namespace::SysCatalog::init ( const std::string &  basePath,
std::shared_ptr< Data_Namespace::DataMgr dataMgr,
const AuthMetadata authMetadata,
std::shared_ptr< Calcite calcite,
bool  is_new_db,
bool  aggregator,
const std::vector< LeafHostInfo > &  string_dict_hosts 
)

Definition at line 158 of file SysCatalog.cpp.

References anonymous_namespace{SysCatalog.cpp}::copy_catalog_if_read_only(), and OMNISCI_SYSTEM_CATALOG.

164  {
165  {
167  sys_sqlite_lock sqlite_lock(this);
168 
169  basePath_ = copy_catalog_if_read_only(basePath).string();
170  dataMgr_ = dataMgr;
171  authMetadata_ = &authMetadata;
172  pki_server_.reset(new PkiServer(*authMetadata_));
173  calciteMgr_ = calcite;
174  string_dict_hosts_ = string_dict_hosts;
175  aggregator_ = aggregator;
176  bool db_exists =
177  boost::filesystem::exists(basePath_ + "/mapd_catalogs/" + OMNISCI_SYSTEM_CATALOG);
178  sqliteConnector_.reset(
179  new SqliteConnector(OMNISCI_SYSTEM_CATALOG, basePath_ + "/mapd_catalogs/"));
180  if (is_new_db) {
181  initDB();
182  } else {
183  if (!db_exists) {
185  }
187  }
188  buildRoleMap();
191  }
192 }
const std::string OMNISCI_SYSTEM_CATALOG
Definition: SysCatalog.h:58
std::unique_ptr< PkiServer > pki_server_
Definition: SysCatalog.h:417
const AuthMetadata * authMetadata_
Definition: SysCatalog.h:418
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:416
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:420
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:419
mapd_unique_lock< mapd_shared_mutex > write_lock
std::filesystem::path copy_catalog_if_read_only(std::filesystem::path base_data_path)
Definition: SysCatalog.cpp:78

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::initDB ( )
private

Definition at line 210 of file SysCatalog.cpp.

References anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), OMNISCI_DEFAULT_DB, OMNISCI_ROOT_PASSWD_DEFAULT, OMNISCI_ROOT_USER, OMNISCI_ROOT_USER_ID, and OMNISCI_ROOT_USER_ID_STR.

210  {
211  sys_sqlite_lock sqlite_lock(this);
212  sqliteConnector_->query("BEGIN TRANSACTION");
213  try {
214  sqliteConnector_->query(
215  "CREATE TABLE mapd_users (userid integer primary key, name text unique, "
216  "passwd_hash text, issuper boolean, default_db integer references "
217  "mapd_databases, can_login boolean)");
218  sqliteConnector_->query_with_text_params(
219  "INSERT INTO mapd_users VALUES (?, ?, ?, 1, NULL, 1)",
220  std::vector<std::string>{OMNISCI_ROOT_USER_ID_STR,
223  sqliteConnector_->query(
224  "CREATE TABLE mapd_databases (dbid integer primary key, name text unique, owner "
225  "integer references mapd_users)");
226  sqliteConnector_->query(
227  "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
228  "userName))");
229  sqliteConnector_->query(
230  "CREATE TABLE mapd_object_permissions ("
231  "roleName text, "
232  "roleType bool, "
233  "dbId integer references mapd_databases, "
234  "objectName text, "
235  "objectId integer, "
236  "objectPermissionsType integer, "
237  "objectPermissions integer, "
238  "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
239  "objectId))");
240  } catch (const std::exception&) {
241  sqliteConnector_->query("ROLLBACK TRANSACTION");
242  throw;
243  }
244  sqliteConnector_->query("END TRANSACTION");
247 }
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole=false)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:59
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:70
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
const std::string OMNISCI_ROOT_USER
Definition: SysCatalog.h:60
const std::string OMNISCI_ROOT_PASSWD_DEFAULT
Definition: SysCatalog.h:63
const int OMNISCI_ROOT_USER_ID
Definition: SysCatalog.h:61
const std::string OMNISCI_ROOT_USER_ID_STR
Definition: SysCatalog.h:62
void createDatabase(const std::string &dbname, int owner)

+ Here is the call graph for this function:

static SysCatalog& Catalog_Namespace::SysCatalog::instance ( )
inlinestatic

Definition at line 292 of file SysCatalog.h.

References instance_, and SysCatalog().

Referenced by foreign_storage::cache_blocks(), AlterForeignServerCommand::changeForeignServerOwner(), Catalog_Namespace::SessionInfo::checkDBAccessPrivileges(), checkPermissionForTables(), QueryRunner::QueryRunner::clearCpuMemory(), QueryRunner::QueryRunner::clearGpuMemory(), Executor::clearMemory(), Catalog_Namespace::Catalog::createDashboardSystemRoles(), Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole(), Catalog_Namespace::Catalog::deleteMetadataForDashboards(), Catalog_Namespace::Catalog::doTruncateTable(), Catalog_Namespace::Catalog::dropTable(), CreateForeignServerCommand::execute(), DropForeignServerCommand::execute(), CreateForeignTableCommand::execute(), ShowDatabasesCommand::execute(), RefreshForeignTablesCommand::execute(), foreign_storage::ParquetDataWrapper::fetchChunkMetadata(), Catalog_Namespace::Catalog::filterTableByTypeAndUser(), foreign_storage::ForeignTableSchema::ForeignTableSchema(), foreign_storage::csv_file_buffer_parser::ParseBufferRequest::getCatalog(), foreign_storage::ParquetDataWrapper::getColumnsToInitialize(), QueryRunner::QueryRunner::getExecutor(), Catalog_Namespace::Catalog::getForeignServersForUser(), Catalog_Namespace::Catalog::getObjForLock(), QueryRunner::QueryRunner::getParsedQueryHint(), Catalog_Namespace::Catalog::getTableNamesForUser(), Catalog_Namespace::Catalog::getTablesMetadataForUser(), Catalog_Namespace::anonymous_namespace{Catalog.cpp}::getUserFromId(), EmbeddedDatabase::DBEngineImpl::importArrowTable(), Executor::interrupt(), PersistentStorageMgr::isForeignStorage(), foreign_storage::ParquetDataWrapper::loadBuffersUsingLazyParquetChunkLoader(), DBObject::loadKey(), main(), foreign_storage::Csv::make_chunk_for_column(), foreign_storage::CsvDataWrapper::populateChunkBuffers(), foreign_storage::CsvDataWrapper::populateChunkMetadata(), QueryRunner::QueryRunner::QueryRunner(), Catalog_Namespace::Catalog::recordOwnershipOfObjectsInObjectPermissions(), foreign_storage::CachingForeignStorageMgr::refreshTableInCache(), Catalog_Namespace::Catalog::removeTableFromMap(), AlterForeignServerCommand::renameForeignServer(), Catalog_Namespace::Catalog::renameTable(), QueryRunner::QueryRunner::runDDLStatement(), QueryRunner::QueryRunner::runSelectQuery(), QueryRunner::QueryRunner::runSQL(), QueryRunner::QueryRunner::runSQLWithAllowingInterrupt(), EmbeddedDatabase::DBEngineImpl::setDatabase(), foreign_storage::ForeignTableRefreshScheduler::start(), and foreign_storage::CsvDataWrapper::updateMetadata().

292  {
293  if (!instance_) {
294  instance_.reset(new SysCatalog());
295  }
296  return *instance_;
297  }
static std::unique_ptr< SysCatalog > instance_
Definition: SysCatalog.h:430

+ Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::isAggregator ( ) const
inline

Definition at line 291 of file SysCatalog.h.

References aggregator_.

291 { return aggregator_; }
bool Catalog_Namespace::SysCatalog::isDashboardSystemRole ( const std::string &  roleName)
private

Definition at line 2117 of file SysCatalog.cpp.

References SYSTEM_ROLE_TAG().

2117  {
2118  return boost::algorithm::ends_with(roleName, SYSTEM_ROLE_TAG);
2119 }
static const std::string SYSTEM_ROLE_TAG("#dash_system_role")
specifies the content in-memory of a row in the dashboard

+ Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::isRoleGrantedToGrantee ( const std::string &  granteeName,
const std::string &  roleName,
bool  only_direct 
) const

Definition at line 2095 of file SysCatalog.cpp.

References CHECK.

2097  {
2098  sys_read_lock read_lock(this);
2099  if (roleName == granteeName) {
2100  return true;
2101  }
2102  bool is_role_granted = false;
2103  auto* target_role = instance().getRoleGrantee(roleName);
2104  auto has_role = [&](auto grantee_rl) {
2105  is_role_granted = target_role && grantee_rl->hasRole(target_role, only_direct);
2106  };
2107  if (auto* user_role = instance().getUserGrantee(granteeName); user_role) {
2108  has_role(user_role);
2109  } else if (auto* role = instance().getRoleGrantee(granteeName); role) {
2110  has_role(role);
2111  } else {
2112  CHECK(false);
2113  }
2114  return is_role_granted;
2115 }
static SysCatalog & instance()
Definition: SysCatalog.h:292
Role * getRoleGrantee(const std::string &name) const
User * getUserGrantee(const std::string &name) const
bool hasRole(Role *role, bool only_direct) const
Definition: Grantee.cpp:42
mapd_shared_lock< mapd_shared_mutex > read_lock
#define CHECK(condition)
Definition: Logger.h:197
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112
std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::login ( std::string &  db,
std::string &  username,
const std::string &  password,
UserMetadata user_meta,
bool  check_password = true 
)

logins (connects) a user against a database.

throws a std::exception in all error cases! (including wrong password)

Definition at line 779 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::can_login.

783  {
784  // NOTE(sy): The dbname isn't const because getMetadataWithDefaultDB()
785  // can reset it. The username isn't const because SamlServer's
786  // login()/authenticate_user() can reset it.
787 
788  if (check_password) {
789  loginImpl(username, password, user_meta);
790  } else { // not checking for password so user must exist
791  if (!getMetadataForUser(username, user_meta)) {
792  throw std::runtime_error("Invalid credentials.");
793  }
794  }
795  // we should have a user and user_meta by now
796  if (!user_meta.can_login) {
797  throw std::runtime_error("Unauthorized Access: User " + username + " is deactivated");
798  }
800  getMetadataWithDefaultDB(dbname, username, db_meta, user_meta);
801  return getCatalog(db_meta, false);
802 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
void loginImpl(std::string &username, const std::string &password, UserMetadata &user_meta)
Definition: SysCatalog.cpp:805
void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
void Catalog_Namespace::SysCatalog::loginImpl ( std::string &  username,
const std::string &  password,
UserMetadata user_meta 
)
private

Definition at line 805 of file SysCatalog.cpp.

807  {
808  if (!checkPasswordForUser(password, username, user_meta)) {
809  throw std::runtime_error("Authentication failure");
810  }
811 }
bool checkPasswordForUser(const std::string &passwd, std::string &name, UserMetadata &user)
void Catalog_Namespace::SysCatalog::migrateDBAccessPrivileges ( )
private

Definition at line 684 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, CHECK, DatabaseDBObjectType, DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, logger::ERROR, i, logger::INFO, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), LOG, MAPD_VERSION, OMNISCI_ROOT_USER_ID, DBObjectKey::permissionType, DBObject::setName(), DBObject::setObjectType(), to_string(), DBObject::updatePrivileges(), and AccessPrivileges::VIEW_SQL_EDITOR.

684  {
685  sys_sqlite_lock sqlite_lock(this);
686  sqliteConnector_->query("BEGIN TRANSACTION");
687  try {
688  sqliteConnector_->query(
689  "select name from sqlite_master WHERE type='table' AND "
690  "name='mapd_version_history'");
691  if (sqliteConnector_->getNumRows() == 0) {
692  sqliteConnector_->query(
693  "CREATE TABLE mapd_version_history(version integer, migration_history text "
694  "unique)");
695  } else {
696  sqliteConnector_->query(
697  "select * from mapd_version_history where migration_history = "
698  "'db_access_privileges'");
699  if (sqliteConnector_->getNumRows() != 0) {
700  // both privileges migrated
701  // no need for further execution
702  sqliteConnector_->query("END TRANSACTION");
703  return;
704  }
705  }
706  // Insert check for migration
707  sqliteConnector_->query_with_text_params(
708  "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
709  std::vector<std::string>{std::to_string(MAPD_VERSION), "db_access_privileges"});
710 
711  sqliteConnector_->query("select dbid, name from mapd_databases");
712  std::unordered_map<int, string> databases;
713  for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
714  databases[sqliteConnector_->getData<int>(i, 0)] =
715  sqliteConnector_->getData<string>(i, 1);
716  }
717 
718  sqliteConnector_->query("select userid, name from mapd_users");
719  std::unordered_map<int, string> users;
720  for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
721  users[sqliteConnector_->getData<int>(i, 0)] =
722  sqliteConnector_->getData<string>(i, 1);
723  }
724 
725  // All existing users by default will be granted DB Access permissions
726  // and view sql editor privileges
727  DBMetadata dbmeta;
728  for (auto db_ : databases) {
729  CHECK(SysCatalog::instance().getMetadataForDB(db_.second, dbmeta));
730  for (auto user : users) {
731  if (user.first != OMNISCI_ROOT_USER_ID) {
732  {
733  DBObjectKey key;
735  key.dbId = dbmeta.dbId;
736 
737  // access permission;
738  DBObject object_access(key, AccessPrivileges::ACCESS, dbmeta.dbOwner);
739  object_access.setObjectType(DBObjectType::DatabaseDBObjectType);
740  object_access.setName(dbmeta.dbName);
741  // sql_editor permission
742  DBObject object_editor(
743  key, AccessPrivileges::VIEW_SQL_EDITOR, dbmeta.dbOwner);
744  object_editor.setObjectType(DBObjectType::DatabaseDBObjectType);
745  object_editor.setName(dbmeta.dbName);
746  object_editor.updatePrivileges(object_access);
748  sqliteConnector_, user.second, true, object_editor);
749  }
750  }
751  }
752  }
753  } catch (const std::exception& e) {
754  LOG(ERROR) << "Failed to migrate db access privileges: " << e.what();
755  sqliteConnector_->query("ROLLBACK TRANSACTION");
756  throw;
757  }
758  sqliteConnector_->query("END TRANSACTION");
759  LOG(INFO) << "Successfully migrated db access privileges";
760 }
static const AccessPrivileges VIEW_SQL_EDITOR
Definition: DBObject.h:154
#define LOG(tag)
Definition: Logger.h:188
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
static SysCatalog & instance()
Definition: SysCatalog.h:292
static const int32_t MAPD_VERSION
Definition: release.h:33
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
const int OMNISCI_ROOT_USER_ID
Definition: SysCatalog.h:61
int32_t dbId
Definition: DBObject.h:56
static const AccessPrivileges ACCESS
Definition: DBObject.h:155
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:391
#define CHECK(condition)
Definition: Logger.h:197
int32_t permissionType
Definition: DBObject.h:55
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::migratePrivileged_old ( )
private

Definition at line 762 of file SysCatalog.cpp.

762  {
763  sys_sqlite_lock sqlite_lock(this);
764 
765  sqliteConnector_->query("BEGIN TRANSACTION");
766  try {
767  sqliteConnector_->query(
768  "CREATE TABLE IF NOT EXISTS mapd_privileges (userid integer references "
769  "mapd_users, dbid integer references "
770  "mapd_databases, select_priv boolean, insert_priv boolean, UNIQUE(userid, "
771  "dbid))");
772  } catch (const std::exception& e) {
773  sqliteConnector_->query("ROLLBACK TRANSACTION");
774  throw;
775  }
776  sqliteConnector_->query("END TRANSACTION");
777 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
void Catalog_Namespace::SysCatalog::migratePrivileges ( )
private

Definition at line 424 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD_MIGRATE, AccessPrivileges::ALL_TABLE_MIGRATE, AccessPrivileges::ALL_VIEW_MIGRATE, DashboardDBObjectType, DatabaseDBObjectType, DBObjectKey::dbId, i, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), AccessPrivileges::NONE, OMNISCI_ROOT_USER_ID, DBObjectKey::permissionType, TableDBObjectType, and ViewDBObjectType.

424  {
425  sys_sqlite_lock sqlite_lock(this);
426  sqliteConnector_->query("BEGIN TRANSACTION");
427  try {
428  sqliteConnector_->query(
429  "SELECT name FROM sqlite_master WHERE type='table' AND "
430  "name='mapd_object_permissions'");
431  if (sqliteConnector_->getNumRows() != 0) {
432  // already done
433  sqliteConnector_->query("END TRANSACTION");
434  return;
435  }
436 
437  sqliteConnector_->query(
438  "CREATE TABLE IF NOT EXISTS mapd_object_permissions ("
439  "roleName text, "
440  "roleType bool, "
441  "dbId integer references mapd_databases, "
442  "objectName text, "
443  "objectId integer, "
444  "objectPermissionsType integer, "
445  "objectPermissions integer, "
446  "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
447  "objectId))");
448 
449  // get the list of databases and their grantees
450  sqliteConnector_->query(
451  "SELECT userid, dbid FROM mapd_privileges WHERE select_priv = 1 and insert_priv "
452  "= 1");
453  size_t numRows = sqliteConnector_->getNumRows();
454  vector<pair<int, int>> db_grantees(numRows);
455  for (size_t i = 0; i < numRows; ++i) {
456  db_grantees[i].first = sqliteConnector_->getData<int>(i, 0);
457  db_grantees[i].second = sqliteConnector_->getData<int>(i, 1);
458  }
459  // map user names to user ids
460  sqliteConnector_->query("select userid, name from mapd_users");
461  numRows = sqliteConnector_->getNumRows();
462  std::unordered_map<int, string> users_by_id;
463  std::unordered_map<int, bool> user_has_privs;
464  for (size_t i = 0; i < numRows; ++i) {
465  users_by_id[sqliteConnector_->getData<int>(i, 0)] =
466  sqliteConnector_->getData<string>(i, 1);
467  user_has_privs[sqliteConnector_->getData<int>(i, 0)] = false;
468  }
469  // map db names to db ids
470  sqliteConnector_->query("select dbid, name from mapd_databases");
471  numRows = sqliteConnector_->getNumRows();
472  std::unordered_map<int, string> dbs_by_id;
473  for (size_t i = 0; i < numRows; ++i) {
474  dbs_by_id[sqliteConnector_->getData<int>(i, 0)] =
475  sqliteConnector_->getData<string>(i, 1);
476  }
477  // migrate old privileges to new privileges: if user had insert access to database, he
478  // was a grantee
479  for (const auto& grantee : db_grantees) {
480  user_has_privs[grantee.first] = true;
481  auto dbName = dbs_by_id[grantee.second];
482  {
483  // table level permissions
484  DBObjectKey key;
486  key.dbId = grantee.second;
488  object.setName(dbName);
490  sqliteConnector_, users_by_id[grantee.first], true, object);
491  }
492 
493  {
494  // dashboard level permissions
495  DBObjectKey key;
497  key.dbId = grantee.second;
498  DBObject object(
500  object.setName(dbName);
502  sqliteConnector_, users_by_id[grantee.first], true, object);
503  }
504 
505  {
506  // view level permissions
507  DBObjectKey key;
509  key.dbId = grantee.second;
511  object.setName(dbName);
513  sqliteConnector_, users_by_id[grantee.first], true, object);
514  }
515  }
516  for (auto user : user_has_privs) {
517  auto dbName = dbs_by_id[0];
518  if (user.second == false && user.first != OMNISCI_ROOT_USER_ID) {
519  {
520  DBObjectKey key;
522  key.dbId = 0;
524  object.setName(dbName);
526  sqliteConnector_, users_by_id[user.first], true, object);
527  }
528  }
529  }
530  } catch (const std::exception&) {
531  sqliteConnector_->query("ROLLBACK TRANSACTION");
532  throw;
533  }
534  sqliteConnector_->query("END TRANSACTION");
535 }
static const AccessPrivileges ALL_TABLE_MIGRATE
Definition: DBObject.h:158
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
static const AccessPrivileges ALL_DASHBOARD_MIGRATE
Definition: DBObject.h:170
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
static const AccessPrivileges NONE
Definition: DBObject.h:150
static const AccessPrivileges ALL_VIEW_MIGRATE
Definition: DBObject.h:178
const int OMNISCI_ROOT_USER_ID
Definition: SysCatalog.h:61
int32_t dbId
Definition: DBObject.h:56
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:391
int32_t permissionType
Definition: DBObject.h:55

+ Here is the call graph for this function:

std::string Catalog_Namespace::SysCatalog::name ( ) const
inline

Definition at line 302 of file SysCatalog.h.

References OMNISCI_DEFAULT_DB.

302 { return OMNISCI_DEFAULT_DB; }
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:59
void Catalog_Namespace::SysCatalog::populateRoleDbObjects ( const std::vector< DBObject > &  objects)

Definition at line 2221 of file SysCatalog.cpp.

References CHECK, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::Catalog::recordOwnershipOfObjectsInObjectPermissions().

2221  {
2222  sys_write_lock write_lock(this);
2223  sys_sqlite_lock sqlite_lock(this);
2224  sqliteConnector_->query("BEGIN TRANSACTION");
2225  try {
2226  for (auto dbobject : objects) {
2227  UserMetadata user;
2228  CHECK(getMetadataForUserById(dbobject.getOwner(), user));
2229  auto* grantee = getUserGrantee(user.userName);
2230  if (grantee) {
2232  sqliteConnector_, grantee->getName(), true, dbobject);
2233  grantee->grantPrivileges(dbobject);
2234  }
2235  }
2236 
2237  } catch (const std::exception& e) {
2238  sqliteConnector_->query("ROLLBACK TRANSACTION");
2239  throw;
2240  }
2241  sqliteConnector_->query("END TRANSACTION");
2242 }
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
User * getUserGrantee(const std::string &name) const
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:391
#define CHECK(condition)
Definition: Logger.h:197
mapd_unique_lock< mapd_shared_mutex > write_lock

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::removeCatalog ( const std::string &  dbName)

Definition at line 2536 of file SysCatalog.cpp.

2536  {
2537  cat_map_.erase(dbName);
2538 }
void Catalog_Namespace::SysCatalog::renameDatabase ( std::string const old_name,
std::string const new_name 
)

Definition at line 1059 of file SysCatalog.cpp.

References DatabaseDBObjectType, OMNISCI_SYSTEM_CATALOG, to_string(), and to_upper().

1060  {
1061  using namespace std::string_literals;
1062  sys_write_lock write_lock(this);
1063  sys_sqlite_lock sqlite_lock(this);
1064 
1065  DBMetadata new_db;
1066  if (getMetadataForDB(new_name, new_db)) {
1067  throw std::runtime_error("Database " + new_name + " already exists.");
1068  }
1069  if (to_upper(new_name) == to_upper(OMNISCI_SYSTEM_CATALOG)) {
1070  throw std::runtime_error("Database name " + new_name + "is reserved.");
1071  }
1072 
1073  DBMetadata old_db;
1074  if (!getMetadataForDB(old_name, old_db)) {
1075  throw std::runtime_error("Database " + old_name + " does not exists.");
1076  }
1077 
1078  removeCatalog(old_db.dbName);
1079 
1080  std::string old_catalog_path, new_catalog_path;
1081  std::tie(old_catalog_path, new_catalog_path) =
1082  duplicateAndRenameCatalog(old_name, new_name);
1083 
1084  auto transaction_streamer = yieldTransactionStreamer();
1085  auto failure_handler = [this, new_catalog_path] {
1086  removeCatalogByFullPath(new_catalog_path);
1087  };
1088  auto success_handler = [this, old_catalog_path] {
1089  removeCatalogByFullPath(old_catalog_path);
1090  };
1091 
1092  auto q1 = {"UPDATE mapd_databases SET name=?1 WHERE name=?2;"s, new_name, old_name};
1093  auto q2 = {
1094  "UPDATE mapd_object_permissions SET objectName=?1 WHERE objectNAME=?2 and (objectPermissionsType=?3 or objectId = -1) and dbId=?4;"s,
1095  new_name,
1096  old_name,
1098  std::to_string(old_db.dbId)};
1099 
1100  transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2);
1101 }
auto duplicateAndRenameCatalog(std::string const &current_name, std::string const &new_name)
Definition: SysCatalog.cpp:141
void removeCatalog(const std::string &dbName)
const std::string OMNISCI_SYSTEM_CATALOG
Definition: SysCatalog.h:58
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
std::string to_upper(const std::string &str)
mapd_unique_lock< mapd_shared_mutex > write_lock
void removeCatalogByFullPath(std::string const &full_path)
Definition: SysCatalog.cpp:133
bool getMetadataForDB(const std::string &name, DBMetadata &db)

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::renameDBObject ( const std::string &  objectName,
const std::string &  newName,
DBObjectType  type,
int32_t  objectId,
const Catalog_Namespace::Catalog catalog 
)

Renames an DBObject

Parameters
objectName- original DBObject name
newName- new name of DBObject
type- type of DBObject
objectId- original DBObject ID
catalog- Catalog instance object exists in

Definition at line 1524 of file SysCatalog.cpp.

References DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), DBObjectKey::objectId, DBObjectKey::permissionType, Grantee::renameDbObject(), DBObject::setObjectKey(), and run_benchmark_import::type.

1528  {
1529  sys_write_lock write_lock(this);
1530  DBObject new_object(newName, type);
1531  DBObjectKey key;
1532  key.dbId = catalog.getCurrentDB().dbId;
1533  key.objectId = objectId;
1534  key.permissionType = type;
1535  new_object.setObjectKey(key);
1536  auto objdescs =
1537  getMetadataForObject(key.dbId, static_cast<int32_t>(type), key.objectId);
1538  for (auto obj : objdescs) {
1539  Grantee* grnt = getGrantee(obj->roleName);
1540  if (grnt) {
1541  grnt->renameDbObject(new_object);
1542  }
1543  }
1544  renameObjectsInDescriptorMap(new_object, catalog);
1545 }
Grantee * getGrantee(const std::string &name) const
int32_t objectId
Definition: DBObject.h:57
const DBMetadata & getCurrentDB() const
Definition: Catalog.h:221
void renameObjectsInDescriptorMap(DBObject &object, const Catalog_Namespace::Catalog &cat)
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
int32_t dbId
Definition: DBObject.h:56
int32_t permissionType
Definition: DBObject.h:55
mapd_unique_lock< mapd_shared_mutex > write_lock
std::vector< ObjectRoleDescriptor * > getMetadataForObject(int32_t dbId, int32_t dbType, int32_t objectId) const
virtual void renameDbObject(const DBObject &object)
Definition: Grantee.cpp:108

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::renameObjectsInDescriptorMap ( DBObject object,
const Catalog_Namespace::Catalog cat 
)

Definition at line 1950 of file SysCatalog.cpp.

References test_fsi::d, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), and to_string().

Referenced by Catalog_Namespace::Catalog::renameTable().

1951  {
1952  sys_write_lock write_lock(this);
1953  sys_sqlite_lock sqlite_lock(this);
1954  auto range = objectDescriptorMap_.equal_range(
1955  std::to_string(cat.getCurrentDB().dbId) + ":" +
1956  std::to_string(object.getObjectKey().permissionType) + ":" +
1957  std::to_string(object.getObjectKey().objectId));
1958  for (auto d = range.first; d != range.second; ++d) {
1959  // rename object
1960  d->second->objectName = object.getName();
1961  }
1962 
1963  sqliteConnector_->query("BEGIN TRANSACTION");
1964  try {
1965  sqliteConnector_->query_with_text_params(
1966  "UPDATE mapd_object_permissions SET objectName = ?1 WHERE "
1967  "dbId = ?2 AND objectId = ?3",
1968  std::vector<std::string>{object.getName(),
1970  std::to_string(object.getObjectKey().objectId)});
1971  } catch (const std::exception& e) {
1972  sqliteConnector_->query("ROLLBACK TRANSACTION");
1973  throw;
1974  }
1975  sqliteConnector_->query("END TRANSACTION");
1976 }
tuple d
Definition: test_fsi.py:9
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:413
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
const DBMetadata & getCurrentDB() const
Definition: Catalog.h:221
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
mapd_unique_lock< mapd_shared_mutex > write_lock

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameUser ( std::string const old_name,
std::string const new_name 
)

Definition at line 1024 of file SysCatalog.cpp.

References Catalog_Namespace::g_log_user_id.

1024  {
1025  using namespace std::string_literals;
1026  sys_write_lock write_lock(this);
1027  sys_sqlite_lock sqlite_lock(this);
1028 
1029  UserMetadata old_user;
1030  if (!getMetadataForUser(old_name, old_user)) {
1031  std::string const loggable = g_log_user_id ? std::string("") : old_name + ' ';
1032  throw std::runtime_error("User " + loggable + "doesn't exist.");
1033  }
1034 
1035  UserMetadata new_user;
1036  if (getMetadataForUser(new_name, new_user)) {
1037  throw std::runtime_error("User " + new_user.userLoggable() + " already exists.");
1038  }
1039 
1040  if (getGrantee(new_name)) {
1041  std::string const loggable = g_log_user_id ? std::string("") : new_name + ' ';
1042  throw runtime_error(
1043  "Username " + loggable +
1044  "is same as one of existing grantees. User and role names should be unique.");
1045  }
1046 
1047  auto transaction_streamer = yieldTransactionStreamer();
1048  auto failure_handler = [] {};
1049  auto success_handler = [this, &old_name, &new_name] {
1050  updateUserRoleName(old_name, new_name);
1051  };
1052  auto q1 = {"UPDATE mapd_users SET name=?1 where name=?2;"s, new_name, old_name};
1053  auto q2 = {"UPDATE mapd_object_permissions set roleName=?1 WHERE roleName=?2;"s,
1054  new_name,
1055  old_name};
1056  transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2);
1057 }
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
void updateUserRoleName(const std::string &roleName, const std::string &newName)
mapd_unique_lock< mapd_shared_mutex > write_lock
void Catalog_Namespace::SysCatalog::revokeAllOnDatabase_unsafe ( const std::string &  roleName,
int32_t  dbId,
Grantee grantee 
)
private

Definition at line 1687 of file SysCatalog.cpp.

References test_fsi::d, Grantee::revokeAllOnDatabase(), and to_string().

1689  {
1690  sys_sqlite_lock sqlite_lock(this);
1691  sqliteConnector_->query_with_text_params(
1692  "DELETE FROM mapd_object_permissions WHERE roleName = ?1 and dbId = ?2",
1693  std::vector<std::string>{roleName, std::to_string(dbId)});
1694  grantee->revokeAllOnDatabase(dbId);
1695  for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
1696  if (d->second->roleName == roleName && d->second->dbId == dbId) {
1697  delete d->second;
1698  d = objectDescriptorMap_.erase(d);
1699  } else {
1700  d++;
1701  }
1702  }
1703 }
tuple d
Definition: test_fsi.py:9
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:413
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
virtual void revokeAllOnDatabase(int32_t dbId)
Definition: Grantee.cpp:279
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeDashboardSystemRole ( const std::string  roleName,
const std::vector< std::string >  grantees 
)

Definition at line 2162 of file SysCatalog.cpp.

2163  {
2164  auto* rl = getRoleGrantee(roleName);
2165  for (auto granteeName : grantees) {
2166  const auto* grantee = SysCatalog::instance().getGrantee(granteeName);
2167  if (rl && grantee->hasRole(rl, true)) {
2168  // Grantees existence have been already validated
2169  SysCatalog::instance().revokeRole(roleName, granteeName);
2170  }
2171  }
2172 }
Grantee * getGrantee(const std::string &name) const
static SysCatalog & instance()
Definition: SysCatalog.h:292
Role * getRoleGrantee(const std::string &name) const
void revokeRole(const std::string &role, const std::string &grantee)
void Catalog_Namespace::SysCatalog::revokeDBObjectPrivileges ( const std::string &  grantee,
const DBObject object,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 2372 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

2374  {
2376  &SysCatalog::revokeDBObjectPrivileges_unsafe, grantee, object, catalog);
2377 }
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivileges_unsafe ( const std::string &  granteeName,
DBObject  object,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1649 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, DatabaseDBObjectType, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::deleteObjectPrivileges(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), and Catalog_Namespace::UserMetadata::isSuper.

1652  {
1653  sys_write_lock write_lock(this);
1654 
1655  UserMetadata user_meta;
1656  if (instance().getMetadataForUser(granteeName, user_meta)) {
1657  if (user_meta.isSuper) {
1658  // super doesn't have explicit privileges so nothing to do
1659  return;
1660  }
1661  }
1662  auto* grantee = getGrantee(granteeName);
1663  if (!grantee) {
1664  throw runtime_error("Request to revoke privileges from " + granteeName +
1665  " failed because role or user with this name does not exist.");
1666  }
1667  object.loadKey(catalog);
1668 
1669  if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
1670  object.getObjectKey().permissionType == DatabaseDBObjectType) {
1671  return revokeAllOnDatabase_unsafe(granteeName, object.getObjectKey().dbId, grantee);
1672  }
1673 
1674  auto ret_object = grantee->revokePrivileges(object);
1675  if (ret_object) {
1676  sys_sqlite_lock sqlite_lock(this);
1678  sqliteConnector_, granteeName, grantee->isUser(), *ret_object);
1679  updateObjectDescriptorMap(granteeName, *ret_object, grantee->isUser(), catalog);
1680  } else {
1681  sys_sqlite_lock sqlite_lock(this);
1682  deleteObjectPrivileges(sqliteConnector_, granteeName, grantee->isUser(), object);
1683  deleteObjectDescriptorMap(granteeName, object, catalog);
1684  }
1685 }
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
static const int32_t ALL
Definition: DBObject.h:79
bool getMetadataForUser(const std::string &name, UserMetadata &user)
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
static SysCatalog & instance()
Definition: SysCatalog.h:292
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
void deleteObjectDescriptorMap(const std::string &roleName)
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
void insertOrUpdateObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:391
void deleteObjectPrivileges(std::unique_ptr< SqliteConnector > &sqliteConnector, std::string roleName, bool userRole, DBObject &object)
Definition: SysCatalog.cpp:372
mapd_unique_lock< mapd_shared_mutex > write_lock

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesBatch ( const std::vector< std::string > &  grantees,
const std::vector< DBObject > &  objects,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 2379 of file SysCatalog.cpp.

2382  {
2384  &SysCatalog::revokeDBObjectPrivilegesBatch_unsafe, grantees, objects, catalog);
2385 }
void revokeDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)
void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesBatch_unsafe ( const std::vector< std::string > &  grantees,
const std::vector< DBObject > &  objects,
const Catalog_Namespace::Catalog catalog 
)
private

Definition at line 1629 of file SysCatalog.cpp.

1632  {
1633  for (const auto& grantee : grantees) {
1634  for (const auto& object : objects) {
1635  revokeDBObjectPrivileges_unsafe(grantee, object, catalog);
1636  }
1637  }
1638 }
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAll ( DBObject  object,
Catalog catalog 
)

Definition at line 2387 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::dropTable(), and DropForeignServerCommand::execute().

2387  {
2389 }
void execInTransaction(F &&f, Args &&...args)
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAll_unsafe ( DBObject  object,
Catalog catalog 
)

Definition at line 1705 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_TABLE, DashboardDBObjectType, DBObject::getObjectKey(), DBObject::loadKey(), DBObjectKey::permissionType, DBObject::setPrivileges(), and TableDBObjectType.

1706  {
1707  sys_write_lock write_lock(this);
1708  dbObject.loadKey(*catalog);
1709  auto privs = (dbObject.getObjectKey().permissionType == TableDBObjectType)
1711  : (dbObject.getObjectKey().permissionType == DashboardDBObjectType)
1714  dbObject.setPrivileges(privs);
1715  for (const auto& grantee : granteeMap_) {
1716  if (grantee.second->findDbObject(dbObject.getObjectKey(), true)) {
1717  revokeDBObjectPrivileges_unsafe(grantee.second->getName(), dbObject, *catalog);
1718  }
1719  }
1720 }
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
static const AccessPrivileges ALL_DASHBOARD
Definition: DBObject.h:171
static const AccessPrivileges ALL_TABLE
Definition: DBObject.h:159
mapd_unique_lock< mapd_shared_mutex > write_lock

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAllBatch ( std::vector< DBObject > &  objects,
Catalog catalog 
)

Definition at line 2391 of file SysCatalog.cpp.

Referenced by Catalog_Namespace::Catalog::deleteMetadataForDashboards().

2392  {
2395 }
void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector< DBObject > &objects, Catalog *catalog)
void execInTransaction(F &&f, Args &&...args)

+ Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAllBatch_unsafe ( std::vector< DBObject > &  objects,
Catalog catalog 
)

Definition at line 1640 of file SysCatalog.cpp.

1642  {
1643  for (const auto& object : objects) {
1644  revokeDBObjectPrivilegesFromAll_unsafe(object, catalog);
1645  }
1646 }
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)
void Catalog_Namespace::SysCatalog::revokeRole ( const std::string &  role,
const std::string &  grantee 
)

Definition at line 2354 of file SysCatalog.cpp.

2354  {
2356 }
void execInTransaction(F &&f, Args &&...args)
void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName)
void Catalog_Namespace::SysCatalog::revokeRole_unsafe ( const std::string &  roleName,
const std::string &  granteeName 
)
private

Definition at line 1893 of file SysCatalog.cpp.

1894  {
1895  auto* rl = getRoleGrantee(roleName);
1896  if (!rl) {
1897  throw runtime_error("Request to revoke role " + roleName +
1898  " failed because role with this name does not exist.");
1899  }
1900  auto* grantee = getGrantee(granteeName);
1901  if (!grantee) {
1902  throw runtime_error("Request to revoke role from " + granteeName +
1903  " failed because grantee with this name does not exist.");
1904  }
1905  sys_write_lock write_lock(this);
1906  grantee->revokeRole(rl);
1907  sys_sqlite_lock sqlite_lock(this);
1908  sqliteConnector_->query_with_text_params(
1909  "DELETE FROM mapd_roles WHERE roleName = ? AND userName = ?",
1910  std::vector<std::string>{rl->getName(), grantee->getName()});
1911 }
Grantee * getGrantee(const std::string &name) const
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
Role * getRoleGrantee(const std::string &name) const
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
mapd_unique_lock< mapd_shared_mutex > write_lock
void Catalog_Namespace::SysCatalog::revokeRoleBatch ( const std::vector< std::string > &  roles,
const std::vector< std::string > &  grantees 
)

Definition at line 2349 of file SysCatalog.cpp.

2350  {
2352 }
void revokeRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void execInTransaction(F &&f, Args &&...args)
void Catalog_Namespace::SysCatalog::revokeRoleBatch_unsafe ( const std::vector< std::string > &  roles,
const std::vector< std::string > &  grantees 
)
private

Definition at line 1883 of file SysCatalog.cpp.

1884  {
1885  for (const auto& role : roles) {
1886  for (const auto& grantee : grantees) {
1887  revokeRole_unsafe(role, grantee);
1888  }
1889  }
1890 }
void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName)
std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::switchDatabase ( std::string &  dbname,
const std::string &  username 
)

Definition at line 813 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, cat(), DatabaseDBObjectType, DBObject::loadKey(), DBObject::setPrivileges(), and Catalog_Namespace::UserMetadata::userLoggable().

814  {
815  DBMetadata db_meta;
816  UserMetadata user_meta;
817 
818  getMetadataWithDefaultDB(dbname, username, db_meta, user_meta);
819 
820  // NOTE(max): register database in Catalog that early to allow ldap
821  // and saml create default user and role privileges on databases
822  auto cat = getCatalog(db_meta, false);
823 
824  DBObject dbObject(dbname, DatabaseDBObjectType);
825  dbObject.loadKey();
826  dbObject.setPrivileges(AccessPrivileges::ACCESS);
827  if (!checkPrivileges(user_meta, std::vector<DBObject>{dbObject})) {
828  throw std::runtime_error("Unauthorized Access: user " + user_meta.userLoggable() +
829  " is not allowed to access database " + dbname + ".");
830  }
831 
832  return cat;
833 }
std::string cat(Ts &&...args)
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
static const AccessPrivileges ACCESS
Definition: DBObject.h:155

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::syncUserWithRemoteProvider ( const std::string &  user_name,
std::vector< std::string >  idp_roles,
bool *  issuper 
)

Definition at line 2397 of file SysCatalog.cpp.

References generate_random_string(), logger::INFO, Catalog_Namespace::UserMetadata::isSuper, join(), LOG, to_upper(), Catalog_Namespace::read_lock< T >::unlock(), Catalog_Namespace::UserMetadata::userId, and logger::WARNING.

2399  {
2400  UserMetadata user_meta;
2401  bool is_super_user = is_super ? *is_super : false;
2402  // need to escalate to a write lock
2403  // need to unlock the read lock
2404  sys_read_lock read_lock(this);
2405  read_lock.unlock();
2406  sys_write_lock write_lock(this);
2407  if (!getMetadataForUser(user_name, user_meta)) {
2408  createUser(user_name, generate_random_string(72), is_super_user, "", true);
2409  LOG(INFO) << "User " << user_name << " has been created by remote identity provider"
2410  << " with IS_SUPER = " << (is_super_user ? "'TRUE'" : "'FALSE'");
2411  } else if (is_super && is_super_user != user_meta.isSuper) {
2412  alterUser(user_meta.userId, nullptr, is_super, nullptr, nullptr);
2413  LOG(INFO) << "IS_SUPER for user " << user_name << " has been changed to "
2414  << (is_super_user ? "TRUE" : "FALSE") << " by remote identity provider";
2415  }
2416  std::vector<std::string> current_roles = {};
2417  auto* user_rl = getUserGrantee(user_name);
2418  if (user_rl) {
2419  current_roles = user_rl->getRoles();
2420  }
2421  std::transform(
2422  current_roles.begin(), current_roles.end(), current_roles.begin(), to_upper);
2423  std::transform(idp_roles.begin(), idp_roles.end(), idp_roles.begin(), to_upper);
2424  std::list<std::string> roles_revoked, roles_granted;
2425  // first remove obsolete ones
2426  for (auto& current_role_name : current_roles) {
2427  if (std::find(idp_roles.begin(), idp_roles.end(), current_role_name) ==
2428  idp_roles.end()) {
2429  revokeRole(current_role_name, user_name);
2430  roles_revoked.push_back(current_role_name);
2431  }
2432  }
2433  for (auto& role_name : idp_roles) {
2434  if (std::find(current_roles.begin(), current_roles.end(), role_name) ==
2435  current_roles.end()) {
2436  auto* rl = getRoleGrantee(role_name);
2437  if (rl) {
2438  grantRole(role_name, user_name);
2439  roles_granted.push_back(role_name);
2440  } else {
2441  LOG(WARNING) << "Error synchronizing roles for user " << user_name << ": role "
2442  << role_name << " does not exist";
2443  }
2444  }
2445  }
2446  if (roles_granted.empty() && roles_revoked.empty()) {
2447  LOG(INFO) << "Roles for user " << user_name
2448  << " are up to date with remote identity provider";
2449  } else {
2450  if (!roles_revoked.empty()) {
2451  LOG(INFO) << "Roles revoked during synchronization with identity provider for user "
2452  << user_name << ": " << join(roles_revoked, " ");
2453  }
2454  if (!roles_granted.empty()) {
2455  LOG(INFO) << "Roles granted during synchronization with identity provider for user "
2456  << user_name << ": " << join(roles_granted, " ");
2457  }
2458  }
2459 }
#define LOG(tag)
Definition: Logger.h:188
bool getMetadataForUser(const std::string &name, UserMetadata &user)
std::string join(T const &container, std::string const &delim)
void createUser(const std::string &name, const std::string &passwd, bool issuper, const std::string &dbname, bool can_login)
Definition: SysCatalog.cpp:843
void alterUser(const int32_t userid, const std::string *passwd, bool *issuper, const std::string *dbname, bool *can_login)
Definition: SysCatalog.cpp:943
std::string generate_random_string(const size_t len)
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
Role * getRoleGrantee(const std::string &name) const
User * getUserGrantee(const std::string &name) const
std::string to_upper(const std::string &str)
void grantRole(const std::string &role, const std::string &grantee)
mapd_shared_lock< mapd_shared_mutex > read_lock
void revokeRole(const std::string &role, const std::string &grantee)
mapd_unique_lock< mapd_shared_mutex > write_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updateBlankPasswordsToRandom ( )
private

Definition at line 610 of file SysCatalog.cpp.

References CHECK, logger::ERROR, generate_random_string(), anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), i, LOG, MAPD_VERSION, to_string(), and logger::WARNING.

610  {
611  const std::string UPDATE_BLANK_PASSWORDS_TO_RANDOM = "update_blank_passwords_to_random";
612  sqliteConnector_->query_with_text_params(
613  "SELECT migration_history FROM mapd_version_history WHERE migration_history = ?",
614  std::vector<std::string>{UPDATE_BLANK_PASSWORDS_TO_RANDOM});
615  if (sqliteConnector_->getNumRows()) {
616  return;
617  }
618 
619  sys_sqlite_lock sqlite_lock(this);
620  sqliteConnector_->query("BEGIN TRANSACTION");
621  try {
622  sqliteConnector_->query(
623  "SELECT userid, passwd_hash, name FROM mapd_users WHERE name <> 'mapd'");
624  auto numRows = sqliteConnector_->getNumRows();
625  vector<std::string> users, passwords, names;
626  for (size_t i = 0; i < numRows; i++) {
627  users.push_back(sqliteConnector_->getData<std::string>(i, 0));
628  passwords.push_back(sqliteConnector_->getData<std::string>(i, 1));
629  names.push_back(sqliteConnector_->getData<std::string>(i, 2));
630  }
631  for (size_t i = 0; i < users.size(); ++i) {
632  int pwd_check_result = bcrypt_checkpw("", passwords[i].c_str());
633  // if the check fails there is a good chance that data on disc is broken
634  CHECK(pwd_check_result >= 0);
635  if (pwd_check_result != 0) {
636  continue;
637  }
638  LOG(WARNING) << "resetting blank password for user " << names[i] << " (" << users[i]
639  << ") to a random password";
640  sqliteConnector_->query_with_text_params(
641  "UPDATE mapd_users SET passwd_hash = ? WHERE userid = ?",
642  std::vector<std::string>{hash_with_bcrypt(generate_random_string(72)),
643  users[i]});
644  }
645  sqliteConnector_->query_with_text_params(
646  "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
647  std::vector<std::string>{std::to_string(MAPD_VERSION),
648  UPDATE_BLANK_PASSWORDS_TO_RANDOM});
649  } catch (const std::exception& e) {
650  LOG(ERROR) << "Failed to fix blank passwords: " << e.what();
651  sqliteConnector_->query("ROLLBACK TRANSACTION");
652  throw;
653  }
654  sqliteConnector_->query("END TRANSACTION");
655 }
#define LOG(tag)
Definition: Logger.h:188
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::string generate_random_string(const size_t len)
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:70
static const int32_t MAPD_VERSION
Definition: release.h:33
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
#define CHECK(condition)
Definition: Logger.h:197

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updateObjectDescriptorMap ( const std::string &  roleName,
DBObject object,
bool  roleType,
const Catalog_Namespace::Catalog cat 
)
private

Definition at line 1914 of file SysCatalog.cpp.

References test_fsi::d, ObjectRoleDescriptor::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), ObjectRoleDescriptor::objectId, ObjectRoleDescriptor::objectName, ObjectRoleDescriptor::objectOwnerId, ObjectRoleDescriptor::objectType, ObjectRoleDescriptor::privs, ObjectRoleDescriptor::roleName, ObjectRoleDescriptor::roleType, and to_string().

1917  {
1918  bool present = false;
1919  auto privs = object.getPrivileges();
1920  sys_write_lock write_lock(this);
1921  auto range = objectDescriptorMap_.equal_range(
1922  std::to_string(cat.getCurrentDB().dbId) + ":" +
1923  std::to_string(object.getObjectKey().permissionType) + ":" +
1924  std::to_string(object.getObjectKey().objectId));
1925  for (auto d = range.first; d != range.second; ++d) {
1926  if (d->second->roleName == roleName) {
1927  // overwrite permissions
1928  d->second->privs = privs;
1929  present = true;
1930  }
1931  }
1932  if (!present) {
1934  od->roleName = roleName;
1935  od->roleType = roleType;
1936  od->objectType = object.getObjectKey().permissionType;
1937  od->dbId = object.getObjectKey().dbId;
1938  od->objectId = object.getObjectKey().objectId;
1939  od->privs = object.getPrivileges();
1940  od->objectOwnerId = object.getOwner();
1941  od->objectName = object.getName();
1942  objectDescriptorMap_.insert(ObjectRoleDescriptorMap::value_type(
1943  std::to_string(od->dbId) + ":" + std::to_string(od->objectType) + ":" +
1944  std::to_string(od->objectId),
1945  od));
1946  }
1947 }
tuple d
Definition: test_fsi.py:9
specifies the object_roles content in-memory of a row in mapd_object_permissions table ...
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:413
std::string to_string(char const *&&v)
const DBMetadata & getCurrentDB() const
Definition: Catalog.h:221
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
mapd_unique_lock< mapd_shared_mutex > write_lock

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updatePasswordsToHashes ( )
private

Definition at line 558 of file SysCatalog.cpp.

References logger::ERROR, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), i, logger::INFO, and LOG.

558  {
559  sys_sqlite_lock sqlite_lock(this);
560  sqliteConnector_->query("BEGIN TRANSACTION");
561  try {
562  sqliteConnector_->query(
563  "SELECT name FROM sqlite_master WHERE type='table' AND name='mapd_users'");
564  if (sqliteConnector_->getNumRows() == 0) {
565  // Nothing to update
566  sqliteConnector_->query("END TRANSACTION");
567  return;
568  }
569  sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
570  for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
571  const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
572  if (col_name == "passwd_hash") {
573  sqliteConnector_->query("END TRANSACTION");
574  return;
575  }
576  }
577  // Alas, SQLite can't drop columns so we have to recreate the table
578  // (or, optionally, add the new column and reset the old one to a bunch of nulls)
579  sqliteConnector_->query("SELECT userid, passwd FROM mapd_users");
580  auto numRows = sqliteConnector_->getNumRows();
581  vector<std::string> users, passwords;
582  for (size_t i = 0; i < numRows; i++) {
583  users.push_back(sqliteConnector_->getData<std::string>(i, 0));
584  passwords.push_back(sqliteConnector_->getData<std::string>(i, 1));
585  }
586  sqliteConnector_->query(
587  "CREATE TABLE mapd_users_tmp (userid integer primary key, name text unique, "
588  "passwd_hash text, issuper boolean, default_db integer references "
589  "mapd_databases)");
590  sqliteConnector_->query(
591  "INSERT INTO mapd_users_tmp(userid, name, passwd_hash, issuper, default_db) "
592  "SELECT userid, name, null, issuper, default_db FROM mapd_users");
593  for (size_t i = 0; i < users.size(); ++i) {
594  sqliteConnector_->query_with_text_params(
595  "UPDATE mapd_users_tmp SET passwd_hash = ? WHERE userid = ?",
596  std::vector<std::string>{hash_with_bcrypt(passwords[i]), users[i]});
597  }
598  sqliteConnector_->query("DROP TABLE mapd_users");
599  sqliteConnector_->query("ALTER TABLE mapd_users_tmp RENAME TO mapd_users");
600  } catch (const std::exception& e) {
601  LOG(ERROR) << "Failed to hash passwords: " << e.what();
602  sqliteConnector_->query("ROLLBACK TRANSACTION");
603  throw;
604  }
605  sqliteConnector_->query("END TRANSACTION");
606  sqliteConnector_->query("VACUUM"); // physically delete plain text passwords
607  LOG(INFO) << "Passwords were successfully hashed";
608 }
#define LOG(tag)
Definition: Logger.h:188
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::string hash_with_bcrypt(const std::string &pwd)
Definition: SysCatalog.cpp:70
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updateSupportUserDeactivation ( )
private

Definition at line 657 of file SysCatalog.cpp.

References logger::ERROR, i, LOG, MAPD_VERSION, and to_string().

657  {
658  const std::string UPDATE_SUPPORT_USER_DEACTIVATION = "update_support_user_deactivation";
659  sys_sqlite_lock sqlite_lock(this);
660  // check to see if the new column already exists
661  sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
662  for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
663  const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
664  if (col_name == "can_login") {
665  return; // new column already exists
666  }
667  }
668  sqliteConnector_->query("BEGIN TRANSACTION");
669  try {
670  sqliteConnector_->query("ALTER TABLE mapd_users ADD COLUMN can_login BOOLEAN");
671  sqliteConnector_->query("UPDATE mapd_users SET can_login = true");
672  sqliteConnector_->query_with_text_params(
673  "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
674  std::vector<std::string>{std::to_string(MAPD_VERSION),
675  UPDATE_SUPPORT_USER_DEACTIVATION});
676  } catch (const std::exception& e) {
677  LOG(ERROR) << "Failed to add support for user deactivation: " << e.what();
678  sqliteConnector_->query("ROLLBACK TRANSACTION");
679  throw;
680  }
681  sqliteConnector_->query("END TRANSACTION");
682 }
#define LOG(tag)
Definition: Logger.h:188
std::string to_string(char const *&&v)
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
static const int32_t MAPD_VERSION
Definition: release.h:33
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updateUserRoleName ( const std::string &  roleName,
const std::string &  newName 
)
private

Definition at line 1012 of file SysCatalog.cpp.

References gpu_enabled::swap(), and to_upper().

1013  {
1014  sys_write_lock write_lock(this);
1015 
1016  auto it = granteeMap_.find(to_upper(roleName));
1017  if (it != granteeMap_.end()) {
1018  it->second->setName(newName);
1019  std::swap(granteeMap_[to_upper(newName)], it->second);
1020  granteeMap_.erase(it);
1021  }
1022 }
write_lock< SysCatalog > sys_write_lock
Definition: SysCatalog.cpp:120
std::string to_upper(const std::string &str)
mapd_unique_lock< mapd_shared_mutex > write_lock
DEVICE void swap(ARGS &&...args)
Definition: gpu_enabled.h:114

+ Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updateUserSchema ( )
private

Definition at line 261 of file SysCatalog.cpp.

References i.

261  {
262  sys_sqlite_lock sqlite_lock(this);
263 
264  // check to see if the new column already exists
265  sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
266  for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
267  const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
268  if (col_name == "default_db") {
269  return; // new column already exists
270  }
271  }
272 
273  // create the new column
274  sqliteConnector_->query("BEGIN TRANSACTION");
275  try {
276  sqliteConnector_->query(
277  "ALTER TABLE mapd_users ADD COLUMN default_db INTEGER REFERENCES mapd_databases");
278  } catch (const std::exception& e) {
279  sqliteConnector_->query("ROLLBACK TRANSACTION");
280  throw;
281  }
282  sqliteConnector_->query("END TRANSACTION");
283 }
sqlite_lock< SysCatalog > sys_sqlite_lock
Definition: SysCatalog.cpp:121
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:414
bool Catalog_Namespace::SysCatalog::verifyDBObjectOwnership ( const UserMetadata user,
DBObject  object,
const Catalog_Namespace::Catalog catalog 
)

Definition at line 1722 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

1724  {
1725  sys_read_lock read_lock(this);
1726 
1727  auto* grantee = instance().getUserGrantee(user.userName);
1728  if (grantee) {
1729  object.loadKey(catalog);
1730  auto* found_object = grantee->findDbObject(object.getObjectKey(), false);
1731  if (found_object && found_object->getOwner() == user.userId) {
1732  return true;
1733  }
1734  }
1735  return false;
1736 }
DBObject * findDbObject(const DBObjectKey &objectKey, bool only_direct) const
Definition: Grantee.cpp:72
static SysCatalog & instance()
Definition: SysCatalog.h:292
User * getUserGrantee(const std::string &name) const
mapd_shared_lock< mapd_shared_mutex > read_lock
read_lock< SysCatalog > sys_read_lock
Definition: Catalog.cpp:112
auto Catalog_Namespace::SysCatalog::yieldTransactionStreamer ( )
private

Definition at line 989 of file SysCatalog.cpp.

989  {
990  return
991  [](auto& db_connector, auto on_success, auto on_failure, auto&&... query_requests) {
992  auto query_runner = [&db_connector](auto&&... query_reqs) {
993  [[gnu::unused]] int throw_away[] = {
994  (db_connector->query_with_text_params(
995  std::forward<decltype(query_reqs)>(query_reqs)),
996  0)...};
997  };
998 
999  db_connector->query("BEGIN TRANSACTION");
1000  try {
1001  query_runner(std::forward<decltype(query_requests)>(query_requests)...);
1002  on_success();
1003  } catch (std::exception&) {
1004  db_connector->query("ROLLBACK TRANSACTION");
1005  on_failure();
1006  throw;
1007  }
1008  db_connector->query("END TRANSACTION");
1009  };
1010 }

Member Data Documentation

bool Catalog_Namespace::SysCatalog::aggregator_
private

Definition at line 421 of file SysCatalog.h.

Referenced by isAggregator().

const AuthMetadata* Catalog_Namespace::SysCatalog::authMetadata_
private

Definition at line 418 of file SysCatalog.h.

std::string Catalog_Namespace::SysCatalog::basePath_
private

Definition at line 411 of file SysCatalog.h.

Referenced by getCatalogBasePath().

std::shared_ptr<Calcite> Catalog_Namespace::SysCatalog::calciteMgr_
private

Definition at line 419 of file SysCatalog.h.

Referenced by getCalciteMgr().

dbid_to_cat_map Catalog_Namespace::SysCatalog::cat_map_
private

Definition at line 428 of file SysCatalog.h.

std::shared_ptr<Data_Namespace::DataMgr> Catalog_Namespace::SysCatalog::dataMgr_
private

Definition at line 416 of file SysCatalog.h.

Referenced by getDataMgr().

std::shared_ptr<Catalog> Catalog_Namespace::SysCatalog::dummyCatalog_

Definition at line 439 of file SysCatalog.h.

Referenced by getDummyCatalog().

GranteeMap Catalog_Namespace::SysCatalog::granteeMap_
private

Definition at line 412 of file SysCatalog.h.

std::unique_ptr< SysCatalog > Catalog_Namespace::SysCatalog::instance_
staticprivate

Definition at line 430 of file SysCatalog.h.

Referenced by destroy(), and instance().

ObjectRoleDescriptorMap Catalog_Namespace::SysCatalog::objectDescriptorMap_
private

Definition at line 413 of file SysCatalog.h.

std::unique_ptr<PkiServer> Catalog_Namespace::SysCatalog::pki_server_
private

Definition at line 417 of file SysCatalog.h.

mapd_shared_mutex Catalog_Namespace::SysCatalog::sharedMutex_
mutable

Definition at line 434 of file SysCatalog.h.

std::unique_ptr<SqliteConnector> Catalog_Namespace::SysCatalog::sqliteConnector_
private

Definition at line 414 of file SysCatalog.h.

Referenced by getSqliteConnector().

std::mutex Catalog_Namespace::SysCatalog::sqliteMutex_
mutable

Definition at line 433 of file SysCatalog.h.

std::vector<LeafHostInfo> Catalog_Namespace::SysCatalog::string_dict_hosts_
private

Definition at line 420 of file SysCatalog.h.

std::atomic<std::thread::id> Catalog_Namespace::SysCatalog::thread_holding_sqlite_lock
mutable

Definition at line 435 of file SysCatalog.h.

std::atomic<std::thread::id> Catalog_Namespace::SysCatalog::thread_holding_write_lock
mutable

Definition at line 436 of file SysCatalog.h.

thread_local bool Catalog_Namespace::SysCatalog::thread_holds_read_lock = false
static

Definition at line 437 of file SysCatalog.h.


The documentation for this class was generated from the following files: