OmniSciDB  5ade3759e0
Grantee.h
Go to the documentation of this file.
1 /*
2  * Copyright 2017 MapD Technologies, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef GRANTEE_H
18 #define GRANTEE_H
19 
20 #include "DBObject.h"
21 
22 #include <boost/algorithm/string.hpp>
23 #include <boost/make_unique.hpp>
24 #include <map>
25 #include <string>
26 #include <unordered_set>
27 #include "Shared/Logger.h"
28 
29 class User;
30 class Role;
31 
32 class Grantee {
33  typedef std::map<DBObjectKey, std::unique_ptr<DBObject>> DBObjectMap;
34 
35  public:
36  Grantee(const std::string& name);
37  virtual ~Grantee();
38  virtual bool isUser() const = 0;
39  virtual void grantPrivileges(const DBObject& object);
40  virtual DBObject* revokePrivileges(const DBObject& object);
41  virtual void grantRole(Role* role);
42  virtual void revokeRole(Role* role);
43  virtual bool hasAnyPrivileges(const DBObject& objectRequested, bool only_direct) const;
44  virtual bool checkPrivileges(const DBObject& objectRequested) const;
45  virtual void updatePrivileges();
46  virtual void updatePrivileges(Role* role);
47  virtual void revokeAllOnDatabase(int32_t dbId);
48  virtual void renameDbObject(const DBObject& object);
49  void getPrivileges(DBObject& object, bool only_direct);
50  DBObject* findDbObject(const DBObjectKey& objectKey, bool only_direct) const;
51  bool hasAnyPrivilegesOnDb(int32_t dbId, bool only_direct) const;
52  const std::string& getName() const { return name_; }
53  void setName(const std::string& name) { name_ = name; }
54  std::vector<std::string> getRoles() const;
55  bool hasRole(Role* role, bool only_direct) const;
56  const DBObjectMap* getDbObjects(bool only_direct) const {
57  return only_direct ? &directPrivileges_ : &effectivePrivileges_;
58  }
59  void checkCycles(Role* newRole);
60 
61  protected:
62  std::string name_;
63  std::unordered_set<Role*> roles_;
64  // tracks all privileges, including privileges from granted roles recursively
65  DBObjectMap effectivePrivileges_;
66  // tracks only privileges granted directly to this grantee
67  DBObjectMap directPrivileges_;
68 };
69 
70 class User : public Grantee {
71  public:
72  User(const std::string& name) : Grantee(name) {}
73  bool isUser() const override { return true; }
74 };
75 
76 class Role : public Grantee {
77  public:
78  Role(const std::string& name) : Grantee(name) {}
79  ~Role() override;
80 
81  bool isUser() const override { return false; }
82  void updatePrivileges() override;
83  void renameDbObject(const DBObject& object) override;
84 
85  // NOTE(max): To be used only from Grantee
86  virtual void addGrantee(Grantee* grantee);
87  virtual void removeGrantee(Grantee* grantee);
88 
89  void revokeAllOnDatabase(int32_t dbId) override;
90  std::vector<Grantee*> getGrantees() const;
91 
92  private:
93  std::unordered_set<Grantee*> grantees_;
94 };
95 
96 #endif /* GRANTEE_H */
DBObjectMap effectivePrivileges_
Definition: Grantee.h:65
bool isUser() const override
Definition: Grantee.h:73
User(const std::string &name)
Definition: Grantee.h:72
const std::string & getName() const
Definition: Grantee.h:52
std::map< DBObjectKey, std::unique_ptr< DBObject > > DBObjectMap
Definition: Grantee.h:33
bool hasRole(Role *role, bool only_direct) const
Definition: Grantee.cpp:42
virtual void updatePrivileges()
Definition: Grantee.cpp:255
virtual void grantPrivileges(const DBObject &object)
Definition: Grantee.cpp:92
virtual DBObject * revokePrivileges(const DBObject &object)
Definition: Grantee.cpp:123
DBObject * findDbObject(const DBObjectKey &objectKey, bool only_direct) const
Definition: Grantee.cpp:72
Definition: Grantee.h:70
Definition: Grantee.h:76
virtual ~Grantee()
Definition: Grantee.cpp:25
virtual bool checkPrivileges(const DBObject &objectRequested) const
Definition: Grantee.cpp:218
bool hasAnyPrivilegesOnDb(int32_t dbId, bool only_direct) const
Definition: Grantee.cpp:82
virtual void revokeAllOnDatabase(int32_t dbId)
Definition: Grantee.cpp:279
Grantee(const std::string &name)
Definition: Grantee.cpp:23
virtual void revokeRole(Role *role)
Definition: Grantee.cpp:168
std::vector< std::string > getRoles() const
Definition: Grantee.cpp:34
virtual bool isUser() const =0
std::unordered_set< Role * > roles_
Definition: Grantee.h:63
void checkCycles(Role *newRole)
Definition: Grantee.cpp:293
const DBObjectMap * getDbObjects(bool only_direct) const
Definition: Grantee.h:56
bool isUser() const override
Definition: Grantee.h:81
Role(const std::string &name)
Definition: Grantee.h:78
void setName(const std::string &name)
Definition: Grantee.h:53
virtual void grantRole(Role *role)
Definition: Grantee.cpp:150
std::string name_
Definition: Grantee.h:62
std::unordered_set< Grantee * > grantees_
Definition: Grantee.h:93
DBObjectMap directPrivileges_
Definition: Grantee.h:67
void getPrivileges(DBObject &object, bool only_direct)
Definition: Grantee.cpp:63
virtual bool hasAnyPrivileges(const DBObject &objectRequested, bool only_direct) const
Definition: Grantee.cpp:194
virtual void renameDbObject(const DBObject &object)
Definition: Grantee.cpp:108