#include <SysCatalog.h>

Inheritance diagram for Catalog_Namespace::SysCatalog:

Collaboration diagram for Catalog_Namespace::SysCatalog:

Public Member Functions
void	init (const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)

std::shared_ptr< Catalog >	login (std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)

std::shared_ptr< Catalog >	switchDatabase (std::string &dbname, const std::string &username)

UserMetadata	createUser (std::string const &name, UserAlterations alts, bool is_temporary)

void	dropUser (const std::string &name)

UserMetadata	alterUser (std::string const &name, UserAlterations alts)

void	renameUser (std::string const &old_name, std::string const &new_name)

void	createDatabase (const std::string &dbname, int owner)

void	renameDatabase (std::string const &old_name, std::string const &new_name)

void	dropDatabase (const DBMetadata &db)

std::optional< UserMetadata >	getUser (std::string const &uname)

std::optional< UserMetadata >	getUser (int32_t const uid)

std::optional< DBMetadata >	getDB (std::string const &dbname)

std::optional< DBMetadata >	getDB (int32_t const dbid)

bool	getMetadataForUser (const std::string &name, UserMetadata &user)

bool	getMetadataForUserById (const int32_t idIn, UserMetadata &user)

bool	checkPasswordForUser (const std::string &passwd, std::string &name, UserMetadata &user)

bool	getMetadataForDB (const std::string &name, DBMetadata &db)

bool	getMetadataForDBById (const int32_t idIn, DBMetadata &db)

Data_Namespace::DataMgr &	getDataMgr () const

Calcite &	getCalciteMgr () const

const std::string &	getCatalogBasePath () const

SqliteConnector *	getSqliteConnector ()

std::list< DBMetadata >	getAllDBMetadata ()

std::list< UserMetadata >	getAllUserMetadata ()

std::list< UserMetadata >	getAllUserMetadata (const int64_t dbId)

DBSummaryList	getDatabaseListForUser (const UserMetadata &user)

void	createDBObject (const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)

void	renameDBObject (const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)

void	grantDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)

void	grantDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivilegesFromAll (DBObject object, Catalog *catalog)

void	revokeDBObjectPrivilegesFromAll_unsafe (DBObject object, Catalog *catalog)

void	revokeDBObjectPrivilegesFromAllBatch (std::vector< DBObject > &objects, Catalog *catalog)

void	revokeDBObjectPrivilegesFromAllBatch_unsafe (std::vector< DBObject > &objects, Catalog *catalog)

void	getDBObjectPrivileges (const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const

bool	verifyDBObjectOwnership (const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)

void	changeDBObjectOwnership (const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)

void	createRole (const std::string &roleName, const bool user_private_role, const bool is_temporary=false)

void	dropRole (const std::string &roleName, const bool is_temporary=false)

void	grantRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	grantRole (const std::string &role, const std::string &grantee, const bool is_temporary=false)

void	revokeRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	revokeRole (const std::string &role, const std::string &grantee, const bool is_temporary=false)

bool	hasAnyPrivileges (const UserMetadata &user, std::vector< DBObject > &privObjects)

bool	checkPrivileges (const UserMetadata &user, const std::vector< DBObject > &privObjects) const

bool	checkPrivileges (const std::string &userName, const std::vector< DBObject > &privObjects) const

Grantee *	getGrantee (const std::string &name) const

Role *	getRoleGrantee (const std::string &name) const

User *	getUserGrantee (const std::string &name) const

std::vector < ObjectRoleDescriptor * >	getMetadataForObject (int32_t dbId, int32_t dbType, int32_t objectId) const

std::vector< ObjectRoleDescriptor >	getMetadataForAllObjects () const

bool	isRoleGrantedToGrantee (const std::string &granteeName, const std::string &roleName, bool only_direct) const

std::vector< std::string >	getRoles (const std::string &user_name, bool effective=true)

std::vector< std::string >	getRoles (bool include_user_private_role, bool is_super, const std::string &user_name, bool ignore_deleted_user=false)

std::vector< std::string >	getRoles (const std::string &userName, const int32_t dbId)

std::set< std::string >	getCreatedRoles () const

bool	isAggregator () const

void	populateRoleDbObjects (const std::vector< DBObject > &objects)

std::string	name () const

void	renameObjectsInDescriptorMap (DBObject &object, const Catalog_Namespace::Catalog &cat)

void	syncUserWithRemoteProvider (const std::string &user_name, std::vector< std::string > idp_roles, UserAlterations alts)

std::unordered_map < std::string, std::vector < std::string > >	getGranteesOfSharedDashboards (const std::vector< std::string > &dashboard_ids)

void	check_for_session_encryption (const std::string &pki_cert, std::string &session)

std::vector< Catalog * >	getCatalogsForAllDbs ()

std::shared_ptr< Catalog >	getDummyCatalog ()

std::shared_ptr< Catalog >	getCatalog (const std::string &dbName)

std::shared_ptr< Catalog >	getCatalog (const int32_t db_id)

std::shared_ptr< Catalog >	getCatalog (const DBMetadata &curDB, bool is_new_db)

void	removeCatalog (const std::string &dbName)

virtual	~SysCatalog ()

void	reassignObjectOwners (const std::map< int32_t, std::vector< DBObject >> &old_owner_db_objects, int32_t new_owner_id, const Catalog_Namespace::Catalog &catalog)

bool	hasExecutedMigration (const std::string &migration_name) const

Static Public Member Functions
static SysCatalog &	instance ()

static void	destroy ()

Public Attributes
std::mutex	sqliteMutex_

mapd_shared_mutex	sharedMutex_

std::atomic< std::thread::id >	thread_holding_sqlite_lock

std::atomic< std::thread::id >	thread_holding_write_lock

std::shared_ptr< Catalog >	dummyCatalog_

std::unordered_map < std::string, std::shared_ptr < UserMetadata > >	temporary_users_by_name_

std::unordered_map< int32_t, std::shared_ptr< UserMetadata > >	temporary_users_by_id_

int32_t	next_temporary_user_id_ {shared::kTempUserIdRange}

Static Public Attributes
static thread_local bool	thread_holds_read_lock = false

Private Types
using	GranteeMap = std::map< std::string, std::unique_ptr< Grantee >>

using	ObjectRoleDescriptorMap = std::multimap< std::string, std::unique_ptr< ObjectRoleDescriptor >>

using	dbid_to_cat_map = tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog >>

Private Member Functions
	SysCatalog ()

void	initDB ()

void	buildRoleMap ()

void	buildUserRoleMap ()

void	buildObjectDescriptorMap ()

void	rebuildObjectMaps ()

void	checkAndExecuteMigrations ()

void	importDataFromOldMapdDB ()

void	createRoles ()

void	fixRolesMigration ()

void	addAdminUserRole ()

void	migratePrivileges ()

void	migratePrivileged_old ()

void	updateUserSchema ()

void	updatePasswordsToHashes ()

void	updateBlankPasswordsToRandom ()

void	updateSupportUserDeactivation ()

void	migrateDBAccessPrivileges ()

void	loginImpl (std::string &username, const std::string &password, UserMetadata &user_meta)

bool	checkPasswordForUserImpl (const std::string &passwd, std::string &name, UserMetadata &user)

void	grantDefaultPrivilegesToRole_unsafe (const std::string &name, bool issuper)

void	createRole_unsafe (const std::string &roleName, const bool userPrivateRole, const bool is_temporary)

void	dropRole_unsafe (const std::string &roleName, const bool is_temporary)

void	grantRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	grantRole_unsafe (const std::string &roleName, const std::string &granteeName, const bool is_temporary)

void	revokeRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	revokeRole_unsafe (const std::string &roleName, const std::string &granteeName, const bool is_temporary)

void	updateObjectDescriptorMap (const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)

void	deleteObjectDescriptorMap (const std::string &roleName)

void	deleteObjectDescriptorMap (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &cat)

void	grantDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	grantDBObjectPrivileges_unsafe (const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivileges_unsafe (const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)

void	grantAllOnDatabase_unsafe (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)

void	revokeAllOnDatabase_unsafe (const std::string &roleName, int32_t dbId, Grantee *grantee)

bool	isDashboardSystemRole (const std::string &roleName) const

void	updateUserRoleName (const std::string &roleName, const std::string &newName)

void	getMetadataWithDefaultDB (std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)

bool	allowLocalLogin () const

template<typename F , typename... Args>
void	execInTransaction (F &&f, Args &&...args)

void	initializeInformationSchemaDb ()

void	recordExecutedMigration (const std::string &migration_name) const

bool	hasVersionHistoryTable () const

void	createVersionHistoryTable () const

auto	yieldTransactionStreamer ()

Private Member Functions inherited from Catalog_Namespace::CommonFileOperations
	CommonFileOperations (std::string const &base_path)

void	removeCatalogByFullPath (std::string const &full_path)

void	removeCatalogByName (std::string const &name)

auto	duplicateAndRenameCatalog (std::string const &current_name, std::string const &new_name)

auto	assembleCatalogName (std::string const &name)

Private Attributes
std::string	basePath_

GranteeMap	granteeMap_

ObjectRoleDescriptorMap	objectDescriptorMap_

std::unique_ptr< SqliteConnector >	sqliteConnector_

std::shared_ptr < Data_Namespace::DataMgr >	dataMgr_

std::unique_ptr< PkiServer >	pki_server_

const AuthMetadata *	authMetadata_

std::shared_ptr< Calcite >	calciteMgr_

std::vector< LeafHostInfo >	string_dict_hosts_

bool	aggregator_

dbid_to_cat_map	cat_map_

Static Private Attributes
static std::unique_ptr < SysCatalog >	instance_

Detailed Description

Definition at line 166 of file SysCatalog.h.

Member Typedef Documentation

using Catalog_Namespace::SysCatalog::dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>

private

Definition at line 494 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::GranteeMap = std::map<std::string, std::unique_ptr<Grantee>>

private

Definition at line 385 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::ObjectRoleDescriptorMap = std::multimap<std::string, std::unique_ptr<ObjectRoleDescriptor>>

private

Definition at line 387 of file SysCatalog.h.

Constructor & Destructor Documentation

Catalog_Namespace::SysCatalog::~SysCatalog ( )

virtual

Definition at line 217 of file SysCatalog.cpp.

References cat_map_, granteeMap_, and objectDescriptorMap_.

                         {
   sys_write_lock write_lock(this);
   granteeMap_.clear();
   objectDescriptorMap_.clear();
   cat_map_.clear();
 }

Catalog_Namespace::SysCatalog::SysCatalog ( )

private

Definition at line 208 of file SysCatalog.cpp.

References basePath_.

Referenced by instance().

     : CommonFileOperations{basePath_}
     , aggregator_{false}
     , sqliteMutex_{}
     , sharedMutex_{}
     , thread_holding_sqlite_lock{std::thread::id()}
     , thread_holding_write_lock{std::thread::id()}
     , dummyCatalog_{std::make_shared<Catalog>()} {}

Here is the caller graph for this function:

Member Function Documentation

void Catalog_Namespace::SysCatalog::addAdminUserRole ( )

private

Definition at line 562 of file SysCatalog.cpp.

References createRole_unsafe(), shared::kRootUsername, and sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                   {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "SELECT roleName FROM mapd_object_permissions WHERE roleName = \'" +
         shared::kRootUsername + "\'");
     if (sqliteConnector_->getNumRows() != 0) {
       // already done
       sqliteConnector_->query("END TRANSACTION");
       return;
     }
 
     createRole_unsafe(
         shared::kRootUsername, /*userPrivateRole=*/true, /*is_temporary=*/false);
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::allowLocalLogin ( ) const

private

For servers configured to use external authentication providers, determine whether users will be allowed to fallback to local login accounts. If no external providers are configured, returns true.

UserMetadata Catalog_Namespace::SysCatalog::alterUser	(	std::string const &	name,
		UserAlterations	alts
	)

Definition at line 1080 of file SysCatalog.cpp.

Referenced by syncUserWithRemoteProvider().

                                                                            {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   UserMetadata user;
   if (!getMetadataForUser(name, user)) {
     std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
     throw runtime_error("Cannot alter user. User " + loggable + "does not exist.");
   }
   if (!alts.wouldChange(user)) {
     return user;
   }
 
   // Temporary user.
   if (user.is_temporary) {
     if (alts.passwd) {
       user.passwd_hash = hash_with_bcrypt(*alts.passwd);
     }
     if (alts.is_super) {
       user.isSuper = *alts.is_super;
     }
     if (alts.default_db) {
       if (!alts.default_db->empty()) {
         DBMetadata db;
         if (!getMetadataForDB(*alts.default_db, db)) {
           throw runtime_error(string("DEFAULT_DB ") + *alts.default_db + " not found.");
         }
         user.defaultDbId = db.dbId;
       } else {
         user.defaultDbId = -1;
       }
     }
     if (alts.can_login) {
       user.can_login = *alts.can_login;
     }
     *temporary_users_by_name_[name] = user;
     return user;
   }
 
   // Normal user.
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     string sql;
     std::vector<std::string> values;
     if (alts.passwd) {
       append_with_commas(sql, "passwd_hash = ?");
       values.push_back(hash_with_bcrypt(*alts.passwd));
     }
     if (alts.is_super) {
       append_with_commas(sql, "issuper = ?");
       values.push_back(std::to_string(*alts.is_super));
     }
     if (alts.default_db) {
       if (!alts.default_db->empty()) {
         append_with_commas(sql, "default_db = ?");
         DBMetadata db;
         if (!getMetadataForDB(*alts.default_db, db)) {
           throw runtime_error(string("DEFAULT_DB ") + *alts.default_db + " not found.");
         }
         values.push_back(std::to_string(db.dbId));
       } else {
         append_with_commas(sql, "default_db = NULL");
       }
     }
     if (alts.can_login) {
       append_with_commas(sql, "can_login = ?");
       values.push_back(std::to_string(*alts.can_login));
     }
 
     sql = "UPDATE mapd_users SET " + sql + " WHERE userid = ?";
     values.push_back(std::to_string(user.userId));
 
     sqliteConnector_->query_with_text_params(sql, values);
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   auto u = getUser(name);
   CHECK(u);
   VLOG(1) << "Altered user: " << u->userLoggable();
   return *u;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildObjectDescriptorMap ( )

private

Definition at line 2612 of file SysCatalog.cpp.

References objectDescriptorMap_, sqliteConnector_, and to_string().

Referenced by rebuildObjectMaps().

                                           {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   string objectQuery(
       "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
       "objectPermissions, objectOwnerId, objectName "
       "from mapd_object_permissions");
   sqliteConnector_->query(objectQuery);
   size_t numRows = sqliteConnector_->getNumRows();
   for (size_t r = 0; r < numRows; ++r) {
     auto od = std::make_unique<ObjectRoleDescriptor>();
     od->roleName = sqliteConnector_->getData<string>(r, 0);
     od->roleType = sqliteConnector_->getData<bool>(r, 1);
     od->objectType = sqliteConnector_->getData<int>(r, 2);
     od->dbId = sqliteConnector_->getData<int>(r, 3);
     od->objectId = sqliteConnector_->getData<int>(r, 4);
     od->privs.privileges = sqliteConnector_->getData<int>(r, 5);
     od->objectOwnerId = sqliteConnector_->getData<int>(r, 6);
     od->objectName = sqliteConnector_->getData<string>(r, 7);
     objectDescriptorMap_.insert(ObjectRoleDescriptorMap::value_type(
         std::to_string(od->dbId) + ":" + std::to_string(od->objectType) + ":" +
             std::to_string(od->objectId),
         std::move(od)));
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildRoleMap ( )

private

Definition at line 2494 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::fromString(), getGrantee(), granteeMap_, name(), AccessPrivileges::privileges, sqliteConnector_, and to_upper().

Referenced by rebuildObjectMaps().

                               {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   string roleQuery(
       "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
       "objectPermissions, objectOwnerId, objectName "
       "from mapd_object_permissions");
   sqliteConnector_->query(roleQuery);
   size_t numRows = sqliteConnector_->getNumRows();
   std::vector<std::string> objectKeyStr(4);
   DBObjectKey objectKey;
   AccessPrivileges privs;
   bool userPrivateRole{false};
   for (size_t r = 0; r < numRows; ++r) {
     std::string roleName = sqliteConnector_->getData<string>(r, 0);
     userPrivateRole = sqliteConnector_->getData<bool>(r, 1);
     DBObjectType permissionType =
         static_cast<DBObjectType>(sqliteConnector_->getData<int>(r, 2));
     objectKeyStr[0] = sqliteConnector_->getData<string>(r, 2);
     objectKeyStr[1] = sqliteConnector_->getData<string>(r, 3);
     objectKeyStr[2] = sqliteConnector_->getData<string>(r, 4);
     objectKey = DBObjectKey::fromString(objectKeyStr, permissionType);
     privs.privileges = sqliteConnector_->getData<int>(r, 5);
     int32_t owner = sqliteConnector_->getData<int>(r, 6);
     std::string name = sqliteConnector_->getData<string>(r, 7);
 
     DBObject dbObject(objectKey, privs, owner);
     dbObject.setName(name);
     if (-1 == objectKey.objectId) {
       dbObject.setObjectType(DBObjectType::DatabaseDBObjectType);
     } else {
       dbObject.setObjectType(permissionType);
     }
 
     auto* rl = getGrantee(roleName);
     if (!rl) {
       std::unique_ptr<Grantee> g;
       if (userPrivateRole) {
         g.reset(new User(roleName));
       } else {
         g.reset(new Role(roleName));
       }
       rl = g.get();
       granteeMap_[to_upper(roleName)] = std::move(g);
     }
     rl->grantPrivileges(dbObject);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildUserRoleMap ( )

private

Definition at line 2566 of file SysCatalog.cpp.

References getGrantee(), shared::kRootUsername, and sqliteConnector_.

                                   {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   std::vector<std::pair<std::string, std::string>> granteeRoles;
   string userRoleQuery("SELECT roleName, userName from mapd_roles");
   sqliteConnector_->query(userRoleQuery);
   size_t numRows = sqliteConnector_->getNumRows();
   for (size_t r = 0; r < numRows; ++r) {
     std::string roleName = sqliteConnector_->getData<string>(r, 0);
     std::string userName = sqliteConnector_->getData<string>(r, 1);
     // required for declared nomenclature before v4.0.0
     if ((boost::equals(roleName, "mapd_default_suser_role") &&
          boost::equals(userName, shared::kRootUsername)) ||
         (boost::equals(roleName, "mapd_default_user_role") &&
          !boost::equals(userName, "mapd_default_user_role"))) {
       // grouprole already exists with roleName==userName in mapd_roles table
       // ignore duplicate instances of userRole which exists before v4.0.0
       continue;
     }
     auto* rl = getGrantee(roleName);
     if (!rl) {
       throw runtime_error("Data inconsistency when building role map. Role " + roleName +
                           " from db not found in the map.");
     }
     std::pair<std::string, std::string> roleVecElem(roleName, userName);
     granteeRoles.push_back(roleVecElem);
   }
 
   for (const auto& [roleName, granteeName] : granteeRoles) {
     auto* grantee = getGrantee(granteeName);
     if (!grantee) {
       throw runtime_error("Data inconsistency when building role map. Grantee " +
                           granteeName + " not found in the map.");
     }
     if (granteeName == roleName) {
       continue;
     }
     Role* rl = dynamic_cast<Role*>(getGrantee(roleName));
     if (!rl) {
       throw runtime_error("Data inconsistency when building role map. Role " + roleName +
                           " not found in the map.");
     }
     grantee->grantRole(rl);
   }
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::changeDBObjectOwnership	(	const UserMetadata &	new_owner,
		const UserMetadata &	previous_owner,
		DBObject	object,
		const Catalog_Namespace::Catalog &	catalog,
		bool	revoke_privileges = `true`
	)

Change ownership of a DBObject

Parameters

new_owner	- new owner of DBObject
previous_owner	- previous owner of DBObject
object	- DBObject to change ownership of
catalog	- Catalog instance object exists in
revoke_privileges	- if true, revoke previous_owner's privileges

Definition at line 1979 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, grantDBObjectPrivileges_unsafe(), granteeMap_, Catalog_Namespace::UserMetadata::is_temporary, Catalog_Namespace::UserMetadata::isSuper, objectDescriptorMap_, rebuildObjectMaps(), revokeDBObjectPrivileges_unsafe(), ServerDBObjectType, sqliteConnector_, TableDBObjectType, to_string(), UNREACHABLE, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userName, and ViewDBObjectType.

                                                                  {
   sys_write_lock write_lock(this);
   if (new_owner.is_temporary || previous_owner.is_temporary) {
     throw std::runtime_error("ownership change not allowed for temporary user(s)");
   }
   sys_sqlite_lock sqlite_lock(this);
   object.loadKey(catalog);
   switch (object.getType()) {
     case TableDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_TABLE);
       break;
     case DashboardDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
       break;
     case ServerDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_SERVER);
       break;
     case DatabaseDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_DATABASE);
       break;
     case ViewDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_VIEW);
       break;
     default:
       UNREACHABLE();  // unkown object type
       break;
   }
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     if (!new_owner.isSuper) {  // no need to grant to suser, has all privs by default
       grantDBObjectPrivileges_unsafe(new_owner.userName, object, catalog);
     }
     if (!previous_owner.isSuper && revoke_privileges) {  // no need to revoke from suser
       revokeDBObjectPrivileges_unsafe(previous_owner.userName, object, catalog);
     }
     auto object_key = object.getObjectKey();
     sqliteConnector_->query_with_text_params(
         "UPDATE mapd_object_permissions SET objectOwnerId = ? WHERE dbId = ? AND "
         "objectId = ? AND objectPermissionsType = ?",
         std::vector<std::string>{std::to_string(new_owner.userId),
                                  std::to_string(object_key.dbId),
                                  std::to_string(object_key.objectId),
                                  std::to_string(object_key.permissionType)});
 
     for (const auto& [user_or_role, grantee] : granteeMap_) {
       grantee->reassignObjectOwner(object_key, new_owner.userId);
     }
 
     for (const auto& [map_object_key, map_object_descriptor] : objectDescriptorMap_) {
       if (map_object_descriptor->objectId == object_key.objectId &&
           map_object_descriptor->objectType == object_key.permissionType &&
           map_object_descriptor->dbId == object_key.dbId) {
         map_object_descriptor->objectOwnerId = new_owner.userId;
       }
     }
   } catch (std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     rebuildObjectMaps();
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::check_for_session_encryption	(	const std::string &	pki_cert,
		std::string &	session
	)

Definition at line 861 of file SysCatalog.cpp.

References pki_server_.

                                                                   {
   if (!pki_server_->inUse()) {
     return;
   }
   pki_server_->encrypt_session(pki_cert, session);
 }

void Catalog_Namespace::SysCatalog::checkAndExecuteMigrations ( )

private

Definition at line 264 of file SysCatalog.cpp.

References addAdminUserRole(), createRoles(), fixRolesMigration(), migrateDBAccessPrivileges(), migratePrivileged_old(), migratePrivileges(), updateBlankPasswordsToRandom(), updatePasswordsToHashes(), updateSupportUserDeactivation(), and updateUserSchema().

                                            {
   migratePrivileged_old();
   createRoles();
   fixRolesMigration();
   migratePrivileges();
   migrateDBAccessPrivileges();
   updateUserSchema();  // must come before updatePasswordsToHashes()
   updatePasswordsToHashes();
   updateBlankPasswordsToRandom();  // must come after updatePasswordsToHashes()
   updateSupportUserDeactivation();
   addAdminUserRole();
 }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::checkPasswordForUser	(	const std::string &	passwd,
		std::string &	name,
		UserMetadata &	user
	)

Definition at line 1465 of file SysCatalog.cpp.

References checkPasswordForUserImpl().

Referenced by loginImpl().

                                                           {
   return checkPasswordForUserImpl(passwd, name, user);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPasswordForUserImpl	(	const std::string &	passwd,
		std::string &	name,
		UserMetadata &	user
	)

private

Definition at line 1471 of file SysCatalog.cpp.

References CHECK, getMetadataForUser(), LOG, Catalog_Namespace::UserMetadata::passwd_hash, and logger::WARNING.

Referenced by checkPasswordForUser().

                                                               {
   sys_read_lock read_lock(this);
   if (!getMetadataForUser(name, user)) {
     // Check password against some fake hash just to waste time so that response times
     // for invalid password and invalid user are similar and a caller can't say the
     // difference
     char fake_hash[BCRYPT_HASHSIZE];
     CHECK(bcrypt_gensalt(-1, fake_hash) == 0);
     bcrypt_checkpw(passwd.c_str(), fake_hash);
     LOG(WARNING) << "Local login failed";
     return false;
   }
   int pwd_check_result = bcrypt_checkpw(passwd.c_str(), user.passwd_hash.c_str());
   // if the check fails there is a good chance that data on disc is broken
   CHECK(pwd_check_result >= 0);
   return pwd_check_result == 0;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPrivileges	(	const UserMetadata &	user,
		const std::vector< DBObject > &	privObjects
	)		const

Definition at line 2322 of file SysCatalog.cpp.

References getUserGrantee(), instance(), Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::SessionInfo::checkDBAccessPrivileges(), checkPrivileges(), getDatabaseListForUser(), and switchDatabase().

                                                                                {
   sys_read_lock read_lock(this);
   if (user.isSuper) {
     return true;
   }
 
   auto* user_rl = instance().getUserGrantee(user.userName);
   if (!user_rl) {
     throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
                         " does not exist.");
   }
   for (auto& object : privObjects) {
     if (!user_rl->checkPrivileges(object)) {
       return false;
     }
   }
   return true;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPrivileges	(	const std::string &	userName,
		const std::vector< DBObject > &	privObjects
	)		const

Definition at line 2342 of file SysCatalog.cpp.

References checkPrivileges(), Catalog_Namespace::g_log_user_id, getMetadataForUser(), and instance().

                                                                                {
   UserMetadata user;
   if (!instance().getMetadataForUser(userName, user)) {
     std::string const loggable = g_log_user_id ? std::string("") : userName + ' ';
     throw runtime_error("Request to check privileges for user " + loggable +
                         "failed because user with this name does not exist.");
   }
   return (checkPrivileges(user, privObjects));
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createDatabase	(	const std::string &	dbname,
		int	owner
	)

Definition at line 1299 of file SysCatalog.cpp.

References basePath_, cat(), CHECK, DatabaseDBObjectType, g_enable_fsi, getCatalog(), Catalog_Namespace::Catalog::getCustomExpressionsSchema(), Catalog_Namespace::Catalog::getForeignServerSchema(), Catalog_Namespace::Catalog::getForeignTableSchema(), getMetadataForDB(), getMetadataForUserById(), grantAllOnDatabase_unsafe(), shared::kCatalogDirectoryName, shared::kRootUserId, shared::kSystemCatalogName, removeCatalog(), sqliteConnector_, to_string(), to_upper(), and Catalog_Namespace::UserMetadata::userName.

Referenced by initDB(), and initializeInformationSchemaDb().

                                                              {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   DBMetadata db;
   if (getMetadataForDB(name, db)) {
     throw runtime_error("Database " + name + " already exists.");
   }
   if (to_upper(name) == to_upper(shared::kSystemCatalogName)) {
     throw runtime_error("Database name " + name + " is reserved.");
   }
 
   std::unique_ptr<SqliteConnector> dbConn(
       new SqliteConnector(name, basePath_ + "/" + shared::kCatalogDirectoryName + "/"));
   // NOTE(max): it's okay to run this in a separate transaction. If we fail later
   // we delete the database anyways.
   // If we run it in the same transaction as SysCatalog functions, then Catalog
   // constructor won't find the tables we have just created.
   dbConn->query("BEGIN TRANSACTION");
   try {
     dbConn->query(
         "CREATE TABLE mapd_tables (tableid integer primary key, name text unique, userid "
         "integer, ncolumns integer, "
         "isview boolean, "
         "fragments text, frag_type integer, max_frag_rows integer, max_chunk_size "
         "bigint, "
         "frag_page_size integer, "
         "max_rows bigint, partitions text, shard_column_id integer, shard integer, "
         "sort_column_id integer default 0, storage_type text default '', "
         "max_rollback_epochs integer default -1, "
         "is_system_table boolean default 0, "
         "num_shards integer, key_metainfo TEXT, version_num "
         "BIGINT DEFAULT 1) ");
     dbConn->query(
         "CREATE TABLE mapd_columns (tableid integer references mapd_tables, columnid "
         "integer, name text, coltype "
         "integer, colsubtype integer, coldim integer, colscale integer, is_notnull "
         "boolean, compression integer, "
         "comp_param integer, size integer, chunks text, is_systemcol boolean, "
         "is_virtualcol boolean, virtual_expr "
         "text, is_deletedcol boolean, version_num BIGINT, default_value text, "
         "primary key(tableid, columnid), unique(tableid, name))");
     dbConn->query(
         "CREATE TABLE mapd_views (tableid integer references mapd_tables, sql text)");
     dbConn->query(
         "CREATE TABLE mapd_dashboards (id integer primary key autoincrement, name text , "
         "userid integer references mapd_users, state text, image_hash text, update_time "
         "timestamp, "
         "metadata text, UNIQUE(userid, name) )");
     dbConn->query(
         "CREATE TABLE mapd_links (linkid integer primary key, userid integer references "
         "mapd_users, "
         "link text unique, view_state text, update_time timestamp, view_metadata text)");
     dbConn->query(
         "CREATE TABLE mapd_dictionaries (dictid integer primary key, name text unique, "
         "nbits int, is_shared boolean, "
         "refcount int, version_num BIGINT DEFAULT 1)");
     dbConn->query(
         "CREATE TABLE mapd_logical_to_physical(logical_table_id integer, "
         "physical_table_id "
         "integer)");
     dbConn->query("CREATE TABLE mapd_record_ownership_marker (dummy integer)");
     dbConn->query_with_text_params(
         "INSERT INTO mapd_record_ownership_marker (dummy) VALUES (?1)",
         std::vector<std::string>{std::to_string(owner)});
 
     if (g_enable_fsi) {
       dbConn->query(Catalog::getForeignServerSchema());
       dbConn->query(Catalog::getForeignTableSchema());
     }
     dbConn->query(Catalog::getCustomExpressionsSchema());
   } catch (const std::exception&) {
     dbConn->query("ROLLBACK TRANSACTION");
     boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                               name);
     throw;
   }
   dbConn->query("END TRANSACTION");
 
   std::shared_ptr<Catalog> cat;
   // Now update SysCatalog with privileges and the new database
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query_with_text_param(
         "INSERT INTO mapd_databases (name, owner) VALUES (?, " + std::to_string(owner) +
             ")",
         name);
     CHECK(getMetadataForDB(name, db));
 
     cat = getCatalog(db, true);
 
     if (owner != shared::kRootUserId) {
       DBObject object(name, DBObjectType::DatabaseDBObjectType);
       object.loadKey(*cat);
       UserMetadata user;
       CHECK(getMetadataForUserById(owner, user));
       grantAllOnDatabase_unsafe(user.userName, object, *cat);
     }
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                               name);
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 
   // force a migration on the new database
   removeCatalog(name);
   cat = getCatalog(db, false);
 
   if (g_enable_fsi) {
     try {
       cat->createDefaultServersIfNotExists();
     } catch (...) {
       boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                                 name);
       throw;
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createDBObject	(	const UserMetadata &	user,
		const std::string &	objectName,
		DBObjectType	type,
		const Catalog_Namespace::Catalog &	catalog,
		int32_t	objectId = `-1`
	)

Definition at line 1708 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, DashboardDBObjectType, getUserGrantee(), grantDBObjectPrivileges_unsafe(), Grantee::grantPrivileges(), instance(), Catalog_Namespace::UserMetadata::isSuper, ServerDBObjectType, sqliteConnector_, TableDBObjectType, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by CreateForeignServerCommand::execute(), CreateForeignTableCommand::execute(), and EmbeddedDatabase::DBEngineImpl::importArrowTable().

                                                   {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   DBObject object =
       objectId == -1 ? DBObject(objectName, type) : DBObject(objectId, type);
   object.loadKey(catalog);
   switch (type) {
     case TableDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_TABLE);
       break;
     case DashboardDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
       break;
     case ServerDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_SERVER);
       break;
     default:
       object.setPrivileges(AccessPrivileges::ALL_DATABASE);
       break;
   }
   object.setOwner(user.userId);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     if (!user.isSuper) {  // no need to grant to suser, has all privs by default
       grantDBObjectPrivileges_unsafe(user.userName, object, catalog);
       auto* grantee = instance().getUserGrantee(user.userName);
       if (!grantee) {
         throw runtime_error("Cannot create DBObject. User " + user.userLoggable() +
                             " does not exist.");
       }
       grantee->grantPrivileges(object);
     }
   } catch (std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRole	(	const std::string &	roleName,
		const bool	user_private_role,
		const bool	is_temporary = `false`
	)

Definition at line 2652 of file SysCatalog.cpp.

References createRole_unsafe(), and execInTransaction().

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

                                                      {
   execInTransaction(
       &SysCatalog::createRole_unsafe, roleName, user_private_role, is_temporary);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRole_unsafe	(	const std::string &	roleName,
		const bool	userPrivateRole,
		const bool	is_temporary
	)

private

Definition at line 2068 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::dbId, getGrantee(), granteeMap_, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kDefaultDbName, DBObjectKey::permissionType, DBObject::setObjectKey(), sqliteConnector_, and to_upper().

Referenced by addAdminUserRole(), createRole(), createUser(), and initDB().

                                                             {
   sys_write_lock write_lock(this);
 
   auto* grantee = getGrantee(roleName);
   if (grantee) {
     throw std::runtime_error("CREATE ROLE " + roleName +
                              " failed because grantee with this name already exists.");
   }
   std::unique_ptr<Grantee> g;
   if (user_private_role) {
     g.reset(new User(roleName));
   } else {
     g.reset(new Role(roleName));
   }
   grantee = g.get();
   granteeMap_[to_upper(roleName)] = std::move(g);
 
   // NOTE (max): Why create an empty privileges record for a role?
   /* grant none privileges to this role and add it to sqlite DB */
   DBObject dbObject(shared::kDefaultDbName, DatabaseDBObjectType);
   DBObjectKey objKey;
   // 0 is an id that does not exist
   objKey.dbId = 0;
   objKey.permissionType = DatabaseDBObjectType;
   dbObject.setObjectKey(objKey);
   grantee->grantPrivileges(dbObject);
 
   if (!is_temporary) {
     sys_sqlite_lock sqlite_lock(this);
     insertOrUpdateObjectPrivileges(
         sqliteConnector_, roleName, user_private_role, dbObject);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRoles ( )

private

Definition at line 350 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                              {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "SELECT name FROM sqlite_master WHERE type='table' AND name='mapd_roles'");
     if (sqliteConnector_->getNumRows() != 0) {
       // already done
       sqliteConnector_->query("END TRANSACTION");
       return;
     }
     sqliteConnector_->query(
         "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
         "userName))");
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

UserMetadata Catalog_Namespace::SysCatalog::createUser	(	std::string const &	name,
		UserAlterations	alts,
		bool	is_temporary
	)

Definition at line 869 of file SysCatalog.cpp.

References Catalog_Namespace::UserAlterations::can_login, CHECK, createRole_unsafe(), Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::UserAlterations::default_db, Catalog_Namespace::g_log_user_id, g_read_only, getGrantee(), getMetadataForDB(), getMetadataForUser(), getUser(), anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), Catalog_Namespace::UserAlterations::is_super, name(), next_temporary_user_id_, Catalog_Namespace::UserAlterations::passwd, sqliteConnector_, temporary_users_by_id_, temporary_users_by_name_, to_string(), Catalog_Namespace::UserMetadata::userLoggable(), and VLOG.

Referenced by syncUserWithRemoteProvider().

                                                        {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   if (!alts.passwd) {
     alts.passwd = "";
   }
   if (!alts.is_super) {
     alts.is_super = false;
   }
   if (!alts.default_db) {
     alts.default_db = "";
   }
   if (!alts.can_login) {
     alts.can_login = true;
   }
 
   UserMetadata user;
   if (getMetadataForUser(name, user)) {
     throw runtime_error("User " + user.userLoggable() + " already exists.");
   }
   if (getGrantee(name)) {
     std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
     throw runtime_error(
         "User " + loggable +
         "is same as one of existing grantees. User and role names should be unique.");
   }
   DBMetadata db;
   if (!alts.default_db->empty()) {
     if (!getMetadataForDB(*alts.default_db, db)) {
       throw runtime_error("DEFAULT_DB " + *alts.default_db + " not found.");
     }
   }
 
   // Temporary user.
   if (is_temporary) {
     if (!g_read_only) {
       throw std::runtime_error("Temporary users require read-only mode.");
       // NOTE(sy): We can remove this restriction when we're confident that
       // nothing permanent can depend on a temporary user.
     }
     auto user2 = std::make_shared<UserMetadata>(next_temporary_user_id_++,
                                                 name,
                                                 hash_with_bcrypt(*alts.passwd),
                                                 *alts.is_super,
                                                 !alts.default_db->empty() ? db.dbId : -1,
                                                 *alts.can_login,
                                                 true);
     temporary_users_by_name_[name] = user2;
     temporary_users_by_id_[user2->userId] = user2;
     createRole_unsafe(name, /*userPrivateRole=*/true, /*is_temporary=*/true);
     VLOG(1) << "Created temporary user: " << user2->userLoggable();
     return *user2;
   }
 
   // Normal user.
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     std::vector<std::string> vals;
     if (!alts.default_db->empty()) {
       vals = {name,
               hash_with_bcrypt(*alts.passwd),
               std::to_string(*alts.is_super),
               std::to_string(db.dbId),
               std::to_string(*alts.can_login)};
       sqliteConnector_->query_with_text_params(
           "INSERT INTO mapd_users (name, passwd_hash, issuper, default_db, can_login) "
           "VALUES (?, ?, ?, ?, ?)",
           vals);
     } else {
       vals = {name,
               hash_with_bcrypt(*alts.passwd),
               std::to_string(*alts.is_super),
               std::to_string(*alts.can_login)};
       sqliteConnector_->query_with_text_params(
           "INSERT INTO mapd_users (name, passwd_hash, issuper, can_login) "
           "VALUES (?, ?, ?, ?)",
           vals);
     }
     createRole_unsafe(name, /*userPrivateRole=*/true, /*is_temporary=*/false);
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   auto u = getUser(name);
   CHECK(u);
   VLOG(1) << "Created user: " << u->userLoggable();
   return *u;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createVersionHistoryTable ( ) const

private

Definition at line 2985 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by recordExecutedMigration().

                                                  {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query(
       "CREATE TABLE mapd_version_history(version integer, migration_history text "
       "unique)");
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap ( const std::string & roleName )

private

Definition at line 2270 of file SysCatalog.cpp.

References objectDescriptorMap_.

Referenced by dropUser(), and revokeDBObjectPrivileges_unsafe().

                                                                     {
   sys_write_lock write_lock(this);
 
   for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
     if (d->second->roleName == roleName) {
       d = objectDescriptorMap_.erase(d);
     } else {
       d++;
     }
   }
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap	(	const std::string &	roleName,
		DBObject &	object,
		const Catalog_Namespace::Catalog &	cat
	)

private

Definition at line 2283 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), objectDescriptorMap_, and to_string().

                                                                                 {
   sys_write_lock write_lock(this);
   auto range = objectDescriptorMap_.equal_range(
       std::to_string(cat.getCurrentDB().dbId) + ":" +
       std::to_string(object.getObjectKey().permissionType) + ":" +
       std::to_string(object.getObjectKey().objectId));
   for (auto d = range.first; d != range.second;) {
     // remove the entry
     if (d->second->roleName == roleName) {
       d = objectDescriptorMap_.erase(d);
     } else {
       d++;
     }
   }
 }

Here is the call graph for this function:

static void Catalog_Namespace::SysCatalog::destroy ( )

inlinestatic

Definition at line 344 of file SysCatalog.h.

References instance_.

Referenced by main(), EmbeddedDatabase::DBEngineImpl::reset(), and startHeavyDBServer().

344 { instance_.reset(); }

Catalog_Namespace::SysCatalog::instance_

static std::unique_ptr< SysCatalog > instance_

Definition: SysCatalog.h:497

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropDatabase ( const DBMetadata & db )

Definition at line 1420 of file SysCatalog.cpp.

References cat(), DashboardDBObjectType, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, getCatalog(), granteeMap_, removeCatalog(), revokeAllOnDatabase_unsafe(), revokeDBObjectPrivilegesFromAll_unsafe(), sqliteConnector_, TableDBObjectType, run_benchmark_import::tables, and to_string().

Referenced by initializeInformationSchemaDb().

                                                   {
   auto cat = getCatalog(db, false);
   cat->eraseDbPhysicalData();
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     // remove this database ID from any users that have it set as their default database
     sqliteConnector_->query_with_text_param(
         "UPDATE mapd_users SET default_db = NULL WHERE default_db = ?",
         std::to_string(db.dbId));
     /* revoke object privileges to all tables of the database being dropped */
     const auto tables = cat->getAllTableMetadata();
     for (const auto table : tables) {
       if (table->shard >= 0) {
         // skip shards, they're not standalone tables
         continue;
       }
       revokeDBObjectPrivilegesFromAll_unsafe(
           DBObject(table->tableName, TableDBObjectType), cat.get());
     }
     const auto dashboards = cat->getAllDashboardsMetadata();
     for (const auto dashboard : dashboards) {
       revokeDBObjectPrivilegesFromAll_unsafe(
           DBObject(dashboard->dashboardId, DashboardDBObjectType), cat.get());
     }
     /* revoke object privileges to the database being dropped */
     for (const auto& grantee : granteeMap_) {
       if (grantee.second->hasAnyPrivilegesOnDb(db.dbId, true)) {
         revokeAllOnDatabase_unsafe(
             grantee.second->getName(), db.dbId, grantee.second.get());
       }
     }
     sqliteConnector_->query_with_text_param("DELETE FROM mapd_databases WHERE dbid = ?",
                                             std::to_string(db.dbId));
     cat->eraseDbMetadata();
     removeCatalog(db.dbName);
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropRole	(	const std::string &	roleName,
		const bool	is_temporary = `false`
	)

Definition at line 2659 of file SysCatalog.cpp.

References dropRole_unsafe(), and execInTransaction().

                                                                             {
   execInTransaction(&SysCatalog::dropRole_unsafe, roleName, is_temporary);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::dropRole_unsafe	(	const std::string &	roleName,
		const bool	is_temporary
	)

private

Definition at line 2104 of file SysCatalog.cpp.

References granteeMap_, objectDescriptorMap_, sqliteConnector_, and to_upper().

Referenced by dropRole(), and dropUser().

                                                                                    {
   sys_write_lock write_lock(this);
 
   for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
     if (d->second->roleName == roleName) {
       d = objectDescriptorMap_.erase(d);
     } else {
       d++;
     }
   }
   // it may very well be a user "role", so keep it generic
   granteeMap_.erase(to_upper(roleName));
 
   if (!is_temporary) {
     sys_sqlite_lock sqlite_lock(this);
     sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE roleName = ?",
                                             roleName);
     sqliteConnector_->query_with_text_param(
         "DELETE FROM mapd_object_permissions WHERE roleName = ?", roleName);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropUser ( const std::string & name )

Definition at line 962 of file SysCatalog.cpp.

References CHECK, deleteObjectDescriptorMap(), dropRole_unsafe(), Catalog_Namespace::g_log_user_id, getMetadataForUser(), Catalog_Namespace::UserMetadata::is_temporary, sqliteConnector_, temporary_users_by_id_, temporary_users_by_name_, to_string(), and Catalog_Namespace::UserMetadata::userId.

                                             {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   UserMetadata user;
   if (!getMetadataForUser(name, user)) {
     std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
     throw runtime_error("Cannot drop user. User " + loggable + "does not exist.");
   }
 
   // Temporary user.
   if (user.is_temporary) {
     auto it1 = temporary_users_by_name_.find(name);
     CHECK(it1 != temporary_users_by_name_.end());
     auto it2 = temporary_users_by_id_.find(it1->second->userId);
     CHECK(it2 != temporary_users_by_id_.end());
     dropRole_unsafe(name, /*is_temporary=*/true);
     deleteObjectDescriptorMap(name);
     temporary_users_by_name_.erase(it1);
     temporary_users_by_id_.erase(it2);
     return;
   }
 
   // Normal user.
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     dropRole_unsafe(name, /*is_temporary=*/false);
     deleteObjectDescriptorMap(name);
     const std::string& roleName(name);
     sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE userName = ?",
                                             roleName);
     sqliteConnector_->query("DELETE FROM mapd_users WHERE userid = " +
                             std::to_string(user.userId));
     sqliteConnector_->query("DELETE FROM mapd_privileges WHERE userid = " +
                             std::to_string(user.userId));
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

template<typename F , typename... Args>

void Catalog_Namespace::SysCatalog::execInTransaction	(	F &&	f,
		Args &&...	args
	)

private

Definition at line 2639 of file SysCatalog.cpp.

References run_benchmark_import::args, anonymous_namespace{Utm.h}::f, and sqliteConnector_.

Referenced by createRole(), dropRole(), grantDBObjectPrivileges(), grantDBObjectPrivilegesBatch(), grantRole(), grantRoleBatch(), revokeDBObjectPrivileges(), revokeDBObjectPrivilegesBatch(), revokeDBObjectPrivilegesFromAll(), revokeDBObjectPrivilegesFromAllBatch(), revokeRole(), and revokeRoleBatch().

                                                         {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     (this->*f)(std::forward<Args>(args)...);
   } catch (std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::fixRolesMigration ( )

private

Definition at line 377 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                    {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query("SELECT name FROM mapd_users");
     auto num_rows = sqliteConnector_->getNumRows();
     std::vector<std::string> user_names;
     for (size_t i = 0; i < num_rows; ++i) {
       user_names.push_back(sqliteConnector_->getData<std::string>(i, 0));
     }
     for (const auto& user_name : user_names) {
       sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE roleName = ?",
                                               user_name);
     }
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

list< DBMetadata > Catalog_Namespace::SysCatalog::getAllDBMetadata ( )

Definition at line 1553 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and sqliteConnector_.

Referenced by getCatalogsForAllDbs(), and getDatabaseListForUser().

                                               {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("SELECT dbid, name, owner FROM mapd_databases");
   int numRows = sqliteConnector_->getNumRows();
   list<DBMetadata> db_list;
   for (int r = 0; r < numRows; ++r) {
     DBMetadata db;
     db.dbId = sqliteConnector_->getData<int>(r, 0);
     db.dbName = sqliteConnector_->getData<string>(r, 1);
     db.dbOwner = sqliteConnector_->getData<int>(r, 2);
     db_list.push_back(db);
   }
   return db_list;
 }

Here is the caller graph for this function:

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( )

Definition at line 1613 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), and sqliteConnector_.

Referenced by Catalog_Namespace::anonymous_namespace{Catalog.cpp}::get_user_id_to_user_name_map(), and getDatabaseListForUser().

                                                   {
   sys_sqlite_lock sqlite_lock(this);
   return get_users(*this, sqliteConnector_);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( const int64_t dbId )

return the users associated with the given DB

Definition at line 1606 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), and sqliteConnector_.

                                                                     {
   // this call is to return users that have some form of permissions to objects in the db
   // sadly mapd_object_permissions table is also misused to manage user roles.
   sys_sqlite_lock sqlite_lock(this);
   return get_users(*this, sqliteConnector_, dbId);
 }

Here is the call graph for this function:

Calcite& Catalog_Namespace::SysCatalog::getCalciteMgr ( ) const

inline

Definition at line 229 of file SysCatalog.h.

References calciteMgr_.

229 { return *calciteMgr_; }

Catalog_Namespace::SysCatalog::calciteMgr_

std::shared_ptr< Calcite > calciteMgr_

Definition: SysCatalog.h:486

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const std::string & dbName )

Definition at line 2826 of file SysCatalog.cpp.

References cat_map_, and getMetadataForDB().

                                                                      {
   dbid_to_cat_map::const_accessor cata;
   if (cat_map_.find(cata, dbName)) {
     return cata->second;
   } else {
     Catalog_Namespace::DBMetadata db_meta;
     if (getMetadataForDB(dbName, db_meta)) {
       return getCatalog(db_meta, false);
     } else {
       return nullptr;
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const int32_t db_id )

Definition at line 2840 of file SysCatalog.cpp.

References cat_map_.

                                                                  {
   dbid_to_cat_map::const_accessor cata;
   for (dbid_to_cat_map::iterator cat_it = cat_map_.begin(); cat_it != cat_map_.end();
        ++cat_it) {
     if (cat_it->second->getDatabaseId() == db_id) {
       return cat_it->second;
     }
   }
   return nullptr;
 }

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog	(	const DBMetadata &	curDB,
		bool	is_new_db
	)

Definition at line 2851 of file SysCatalog.cpp.

References basePath_, calciteMgr_, cat(), cat_map_, dataMgr_, Catalog_Namespace::DBMetadata::dbName, and string_dict_hosts_.

                                                                                      {
   {
     dbid_to_cat_map::const_accessor cata;
     if (cat_map_.find(cata, curDB.dbName)) {
       return cata->second;
     }
   }
 
   // Catalog doesnt exist
   // has to be made outside of lock as migration uses cat
   auto cat = std::make_shared<Catalog>(
       basePath_, curDB, dataMgr_, string_dict_hosts_, calciteMgr_, is_new_db);
 
   dbid_to_cat_map::accessor cata;
 
   if (cat_map_.find(cata, curDB.dbName)) {
     return cata->second;
   }
 
   cat_map_.insert(cata, curDB.dbName);
   cata->second = cat;
 
   return cat;
 }

Here is the call graph for this function:

const std::string& Catalog_Namespace::SysCatalog::getCatalogBasePath ( ) const

inline

Definition at line 230 of file SysCatalog.h.

References basePath_.

230 { return basePath_; }

Catalog_Namespace::SysCatalog::basePath_

std::string basePath_

Definition: SysCatalog.h:478

std::vector< Catalog * > Catalog_Namespace::SysCatalog::getCatalogsForAllDbs ( )

Definition at line 1004 of file SysCatalog.cpp.

References getAllDBMetadata(), and getCatalog().

                                                      {
   std::vector<Catalog*> catalogs{};
   const auto& db_metadata_list = getAllDBMetadata();
   for (const auto& db_metadata : db_metadata_list) {
     catalogs.emplace_back(getCatalog(db_metadata, false).get());
   }
   return catalogs;
 }

Here is the call graph for this function:

std::set< std::string > Catalog_Namespace::SysCatalog::getCreatedRoles ( ) const

Definition at line 2483 of file SysCatalog.cpp.

References granteeMap_, and isDashboardSystemRole().

                                                     {
   sys_read_lock read_lock(this);
   std::set<std::string> roles;  // Sorted for human readers.
   for (const auto& [key, grantee] : granteeMap_) {
     if (!grantee->isUser() && !isDashboardSystemRole(grantee->getName())) {
       roles.emplace(grantee->getName());
     }
   }
   return roles;
 }

Here is the call graph for this function:

DBSummaryList Catalog_Namespace::SysCatalog::getDatabaseListForUser ( const UserMetadata & user )

Definition at line 1684 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, checkPrivileges(), DatabaseDBObjectType, Catalog_Namespace::DBSummary::dbName, getAllDBMetadata(), getAllUserMetadata(), DBObject::loadKey(), and DBObject::setPrivileges().

Referenced by ShowDatabasesCommand::execute().

                                                                          {
   DBSummaryList ret;
 
   std::list<Catalog_Namespace::DBMetadata> db_list = getAllDBMetadata();
   std::list<Catalog_Namespace::UserMetadata> user_list = getAllUserMetadata();
 
   for (auto d : db_list) {
     DBObject dbObject(d.dbName, DatabaseDBObjectType);
     dbObject.loadKey();
     dbObject.setPrivileges(AccessPrivileges::ACCESS);
     if (!checkPrivileges(user, std::vector<DBObject>{dbObject})) {
       continue;
     }
     for (auto u : user_list) {
       if (d.dbOwner == u.userId) {
         ret.emplace_back(DBSummary{d.dbName, u.userName});
         break;
       }
     }
   }
 
   return ret;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

Data_Namespace::DataMgr& Catalog_Namespace::SysCatalog::getDataMgr ( ) const

inline

Definition at line 228 of file SysCatalog.h.

References dataMgr_.

Referenced by Executor::clearMemory(), Executor::getExecutor(), foreign_storage::InternalMemoryStatsDataWrapper::initializeObjectsForTable(), and foreign_storage::InternalStorageStatsDataWrapper::initializeObjectsForTable().

228 { return *dataMgr_; }

Catalog_Namespace::SysCatalog::dataMgr_

std::shared_ptr< Data_Namespace::DataMgr > dataMgr_

Definition: SysCatalog.h:483

Here is the caller graph for this function:

std::optional<DBMetadata> Catalog_Namespace::SysCatalog::getDB ( std::string const & dbname )

inline

Definition at line 209 of file SysCatalog.h.

References getMetadataForDB().

                                                          {
     if (DBMetadata db; getMetadataForDB(dbname, db)) {
       return db;
     }
     return {};
   }

Here is the call graph for this function:

std::optional<DBMetadata> Catalog_Namespace::SysCatalog::getDB ( int32_t const dbid )

inline

Definition at line 215 of file SysCatalog.h.

References getMetadataForDBById().

                                                     {
     if (DBMetadata db; getMetadataForDBById(dbid, db)) {
       return db;
     }
     return {};
   }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::getDBObjectPrivileges	(	const std::string &	granteeName,
		DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)		const

Definition at line 2046 of file SysCatalog.cpp.

References getGrantee(), getMetadataForUser(), instance(), and Catalog_Namespace::UserMetadata::isSuper.

                                                                                       {
   sys_read_lock read_lock(this);
   UserMetadata user_meta;
 
   if (instance().getMetadataForUser(granteeName, user_meta)) {
     if (user_meta.isSuper) {
       throw runtime_error(
           "Request to show privileges from " + granteeName +
           " failed because user is super user and has all privileges by default.");
     }
   }
   auto* grantee = instance().getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to show privileges for " + granteeName +
                         " failed because role or user with this name does not exist.");
   }
   object.loadKey(catalog);
   grantee->getPrivileges(object, true);
 }

Here is the call graph for this function:

std::shared_ptr<Catalog> Catalog_Namespace::SysCatalog::getDummyCatalog ( )

inline

Definition at line 358 of file SysCatalog.h.

References dummyCatalog_.

Referenced by Catalog_Namespace::Catalog::getObjForLock().

358 { return dummyCatalog_; }

Catalog_Namespace::SysCatalog::dummyCatalog_

std::shared_ptr< Catalog > dummyCatalog_

Definition: SysCatalog.h:506

Here is the caller graph for this function:

Grantee * Catalog_Namespace::SysCatalog::getGrantee ( const std::string & name ) const

Definition at line 2353 of file SysCatalog.cpp.

References granteeMap_, and to_upper().

Referenced by buildRoleMap(), buildUserRoleMap(), createRole_unsafe(), createUser(), getDBObjectPrivileges(), getRoleGrantee(), getRoles(), getUserGrantee(), grantDBObjectPrivileges_unsafe(), grantRole_unsafe(), renameDBObject(), renameUser(), revokeDBObjectPrivileges_unsafe(), and revokeRole_unsafe().

                                                            {
   sys_read_lock read_lock(this);
   auto grantee = granteeMap_.find(to_upper(name));
   if (grantee == granteeMap_.end()) {  // check to make sure role exists
     return nullptr;
   }
   return grantee->second.get();  // returns pointer to role
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::unordered_map< std::string, std::vector< std::string > > Catalog_Namespace::SysCatalog::getGranteesOfSharedDashboards ( const std::vector< std::string > & dashboard_ids )

Definition at line 2795 of file SysCatalog.cpp.

References DashboardDBObjectType, sqliteConnector_, and to_string().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

                                                                                    {
   sys_sqlite_lock sqlite_lock(this);
   std::unordered_map<std::string, std::vector<std::string>> active_grantees;
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     for (auto dash : dashboard_ids) {
       std::vector<std::string> grantees = {};
       sqliteConnector_->query_with_text_params(
           "SELECT roleName FROM mapd_object_permissions WHERE objectPermissions NOT IN "
           "(0,1) AND objectPermissionsType = ? AND objectId = ?",
           std::vector<std::string>{
               std::to_string(static_cast<int32_t>(DashboardDBObjectType)), dash});
       int num_rows = sqliteConnector_->getNumRows();
       if (num_rows == 0) {
         // no grantees
         continue;
       } else {
         for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
           grantees.push_back(sqliteConnector_->getData<string>(i, 0));
         }
         active_grantees[dash] = grantees;
       }
     }
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   return active_grantees;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::vector< ObjectRoleDescriptor > Catalog_Namespace::SysCatalog::getMetadataForAllObjects ( ) const

Definition at line 2384 of file SysCatalog.cpp.

References isDashboardSystemRole(), and objectDescriptorMap_.

                                                                            {
   sys_read_lock read_lock(this);
   std::vector<ObjectRoleDescriptor> objects;
   for (const auto& entry : objectDescriptorMap_) {
     auto object_role = entry.second.get();
     if (object_role->dbId != 0 && !isDashboardSystemRole(object_role->roleName)) {
       objects.emplace_back(*object_role);
     }
   }
   return objects;
 }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForDB	(	const std::string &	name,
		DBMetadata &	db
	)

Definition at line 1654 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and sqliteConnector_.

Referenced by alterUser(), createDatabase(), createUser(), getCatalog(), getDB(), getMetadataWithDefaultDB(), initializeInformationSchemaDb(), migrateDBAccessPrivileges(), renameDatabase(), and Catalog_Namespace::UserAlterations::wouldChange().

                                                                     {
   sys_read_lock read_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT dbid, name, owner FROM mapd_databases WHERE name = ?", name);
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     return false;
   }
   db.dbId = sqliteConnector_->getData<int>(0, 0);
   db.dbName = sqliteConnector_->getData<string>(0, 1);
   db.dbOwner = sqliteConnector_->getData<int>(0, 2);
   return true;
 }

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForDBById	(	const int32_t	idIn,
		DBMetadata &	db
	)

Definition at line 1669 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, sqliteConnector_, and to_string().

Referenced by getDB(), and getMetadataWithDefaultDB().

                                                                         {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT dbid, name, owner FROM mapd_databases WHERE dbid = ?",
       std::to_string(idIn));
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     return false;
   }
   db.dbId = sqliteConnector_->getData<int>(0, 0);
   db.dbName = sqliteConnector_->getData<string>(0, 1);
   db.dbOwner = sqliteConnector_->getData<int>(0, 2);
   return true;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::vector< ObjectRoleDescriptor * > Catalog_Namespace::SysCatalog::getMetadataForObject	(	int32_t	dbId,
		int32_t	dbType,
		int32_t	objectId
	)		const

Definition at line 2371 of file SysCatalog.cpp.

References objectDescriptorMap_, and to_string().

Referenced by renameDBObject().

                                                                                      {
   sys_read_lock read_lock(this);
   std::vector<ObjectRoleDescriptor*> objectsList;
 
   auto range = objectDescriptorMap_.equal_range(std::to_string(dbId) + ":" +
                                                 std::to_string(dbType) + ":" +
                                                 std::to_string(objectId));
   for (auto d = range.first; d != range.second; ++d) {
     objectsList.push_back(d->second.get());
   }
   return objectsList;  // return pointers to objects
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUser	(	const std::string &	name,
		UserMetadata &	user
	)

Definition at line 1514 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite(), sqliteConnector_, and temporary_users_by_name_.

Referenced by alterUser(), checkPasswordForUserImpl(), checkPrivileges(), createUser(), dropUser(), getDBObjectPrivileges(), getMetadataWithDefaultDB(), getRoles(), getUser(), grantDBObjectPrivileges_unsafe(), grantRoleBatch_unsafe(), login(), renameUser(), revokeDBObjectPrivileges_unsafe(), and revokeRoleBatch_unsafe().

                                                                           {
   sys_read_lock read_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
       "WHERE name = ?",
       name);
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     auto userit = temporary_users_by_name_.find(name);
     if (userit != temporary_users_by_name_.end()) {
       user = *userit->second;
       return true;
     } else {
       return false;
     }
   }
   return parseUserMetadataFromSQLite(sqliteConnector_, user, 0);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUserById	(	const int32_t	idIn,
		UserMetadata &	user
	)

Definition at line 1534 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite(), sqliteConnector_, temporary_users_by_id_, and to_string().

Referenced by createDatabase(), getUser(), populateRoleDbObjects(), and reassignObjectOwners().

                                                                               {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
       "WHERE userid = ?",
       std::to_string(idIn));
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     auto userit = temporary_users_by_id_.find(idIn);
     if (userit != temporary_users_by_id_.end()) {
       user = *userit->second;
       return true;
     } else {
       return false;
     }
   }
   return parseUserMetadataFromSQLite(sqliteConnector_, user, 0);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::getMetadataWithDefaultDB	(	std::string &	dbname,
		const std::string &	username,
		Catalog_Namespace::DBMetadata &	db_meta,
		UserMetadata &	user_meta
	)

private

Definition at line 1618 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::UserMetadata::defaultDbId, Catalog_Namespace::g_log_user_id, getMetadataForDB(), getMetadataForDBById(), getMetadataForUser(), shared::kDefaultDbName, to_string(), Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

Referenced by login(), and switchDatabase().

                                                                    {
   sys_read_lock read_lock(this);
   if (!getMetadataForUser(username, user_meta)) {
     throw std::runtime_error("Invalid credentials.");
   }
 
   if (!dbname.empty()) {
     if (!getMetadataForDB(dbname, db_meta)) {
       throw std::runtime_error("Database name " + dbname + " does not exist.");
     }
     // loaded the requested database
   } else {
     if (user_meta.defaultDbId != -1) {
       if (!getMetadataForDBById(user_meta.defaultDbId, db_meta)) {
         std::string loggable = g_log_user_id ? std::string("") : ' ' + user_meta.userName;
         throw std::runtime_error(
             "Server error: User #" + std::to_string(user_meta.userId) + loggable +
             " has invalid default_db #" + std::to_string(user_meta.defaultDbId) +
             " which does not exist.");
       }
       dbname = db_meta.dbName;
       // loaded the user's default database
     } else {
       if (!getMetadataForDB(shared::kDefaultDbName, db_meta)) {
         throw std::runtime_error(std::string("Database ") + shared::kDefaultDbName +
                                  " does not exist.");
       }
       dbname = shared::kDefaultDbName;
       // loaded the mapd database by default
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

Role * Catalog_Namespace::SysCatalog::getRoleGrantee ( const std::string & name ) const

Definition at line 2362 of file SysCatalog.cpp.

References getGrantee().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles(), Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole(), grantRole_unsafe(), isRoleGrantedToGrantee(), revokeRole_unsafe(), and syncUserWithRemoteProvider().

                                                             {
   return dynamic_cast<Role*>(getGrantee(name));
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles	(	const std::string &	user_name,
		bool	effective = `true`
	)

Definition at line 2422 of file SysCatalog.cpp.

References getGrantee().

                                                               {
   sys_read_lock read_lock(this);
   auto* grantee = getGrantee(user_name);
   if (!grantee) {
     throw std::runtime_error("user or role not found");
   }
   return grantee->getRoles(/*only_direct=*/!effective);
 }

Here is the call graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles	(	bool	include_user_private_role,
		bool	is_super,
		const std::string &	user_name,
		bool	ignore_deleted_user = `false`
	)

Definition at line 2453 of file SysCatalog.cpp.

References getMetadataForUser(), granteeMap_, isDashboardSystemRole(), and isRoleGrantedToGrantee().

                                                                         {
   sys_read_lock read_lock(this);
   if (ignore_deleted_user) {
     // In certain cases, it is possible to concurrently call this method while the user is
     // being dropped. In such a case, return an empty result.
     UserMetadata user;
     if (!getMetadataForUser(user_name, user)) {
       return {};
     }
   }
   std::vector<std::string> roles;
   for (auto& grantee : granteeMap_) {
     if (!include_user_private_role && grantee.second->isUser()) {
       continue;
     }
     if (!is_super &&
         !isRoleGrantedToGrantee(user_name, grantee.second->getName(), false)) {
       continue;
     }
     if (isDashboardSystemRole(grantee.second->getName())) {
       continue;
     }
     roles.push_back(grantee.second->getName());
   }
   return roles;
 }

Here is the call graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles	(	const std::string &	userName,
		const int32_t	dbId
	)

Definition at line 2432 of file SysCatalog.cpp.

References isDashboardSystemRole(), isRoleGrantedToGrantee(), sqliteConnector_, and to_string().

                                                                   {
   sys_sqlite_lock sqlite_lock(this);
   std::string sql =
       "SELECT DISTINCT roleName FROM mapd_object_permissions WHERE "
       "objectPermissions<>0 "
       "AND roleType=0 AND dbId=" +
       std::to_string(dbId);
   sqliteConnector_->query(sql);
   int numRows = sqliteConnector_->getNumRows();
   std::vector<std::string> roles(0);
   for (int r = 0; r < numRows; ++r) {
     auto roleName = sqliteConnector_->getData<string>(r, 0);
     if (isRoleGrantedToGrantee(userName, roleName, false) &&
         !isDashboardSystemRole(roleName)) {
       roles.push_back(roleName);
     }
   }
   return roles;
 }

Here is the call graph for this function:

SqliteConnector* Catalog_Namespace::SysCatalog::getSqliteConnector ( )

inline

Definition at line 231 of file SysCatalog.h.

References sqliteConnector_.

231 { return sqliteConnector_.get(); }

Catalog_Namespace::SysCatalog::sqliteConnector_

std::unique_ptr< SqliteConnector > sqliteConnector_

Definition: SysCatalog.h:481

std::optional<UserMetadata> Catalog_Namespace::SysCatalog::getUser ( std::string const & uname )

inline

Definition at line 197 of file SysCatalog.h.

References getMetadataForUser().

Referenced by alterUser(), createUser(), and syncUserWithRemoteProvider().

                                                             {
     if (UserMetadata user; getMetadataForUser(uname, user)) {
       return user;
     }
     return {};
   }

Here is the call graph for this function:

Here is the caller graph for this function:

std::optional<UserMetadata> Catalog_Namespace::SysCatalog::getUser ( int32_t const uid )

inline

Definition at line 203 of file SysCatalog.h.

References getMetadataForUserById().

                                                        {
     if (UserMetadata user; getMetadataForUserById(uid, user)) {
       return user;
     }
     return {};
   }

Here is the call graph for this function:

User * Catalog_Namespace::SysCatalog::getUserGrantee ( const std::string & name ) const

Definition at line 2366 of file SysCatalog.cpp.

References getGrantee().

Referenced by checkPrivileges(), createDBObject(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), hasAnyPrivileges(), isRoleGrantedToGrantee(), populateRoleDbObjects(), syncUserWithRemoteProvider(), and verifyDBObjectOwnership().

                                                             {
   return dynamic_cast<User*>(getGrantee(name));
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantAllOnDatabase_unsafe	(	const std::string &	roleName,
		DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 1829 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, g_enable_fsi, grantDBObjectPrivileges_unsafe(), ServerDBObjectType, DBObject::setPermissionType(), DBObject::setPrivileges(), TableDBObjectType, AccessPrivileges::VIEW_SQL_EDITOR, and ViewDBObjectType.

Referenced by createDatabase(), and grantDBObjectPrivileges_unsafe().

                                                                                     {
   // It's a separate use case because it's easier for implementation to convert ALL ON
   // DATABASE into ALL ON DASHBOARDS, ALL ON VIEWS and ALL ON TABLES
   // Add DB Access privileges
   DBObject tmp_object = object;
   tmp_object.setPrivileges(AccessPrivileges::ACCESS);
   tmp_object.setPermissionType(DatabaseDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   tmp_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR);
   tmp_object.setPermissionType(DatabaseDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   tmp_object.setPrivileges(AccessPrivileges::ALL_TABLE);
   tmp_object.setPermissionType(TableDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   tmp_object.setPrivileges(AccessPrivileges::ALL_VIEW);
   tmp_object.setPermissionType(ViewDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
 
   if (g_enable_fsi) {
     tmp_object.setPrivileges(AccessPrivileges::ALL_SERVER);
     tmp_object.setPermissionType(ServerDBObjectType);
     grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   }
 
   tmp_object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
   tmp_object.setPermissionType(DashboardDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   return;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges	(	const std::string &	grantee,
		const DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2685 of file SysCatalog.cpp.

References execInTransaction(), and grantDBObjectPrivileges_unsafe().

                                                                                   {
   execInTransaction(
       &SysCatalog::grantDBObjectPrivileges_unsafe, grantee, object, catalog);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges_unsafe	(	const std::string &	granteeName,
		const DBObject	object,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 1787 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, CHECK, DatabaseDBObjectType, getGrantee(), getMetadataForUser(), grantAllOnDatabase_unsafe(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), instance(), Catalog_Namespace::UserMetadata::is_temporary, Catalog_Namespace::UserMetadata::isSuper, sqliteConnector_, and updateObjectDescriptorMap().

Referenced by changeDBObjectOwnership(), createDBObject(), grantAllOnDatabase_unsafe(), grantDBObjectPrivileges(), and grantDBObjectPrivilegesBatch_unsafe().

                                              {
   object.loadKey(catalog);
   CHECK(object.valid());
   if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
       object.getObjectKey().permissionType == DatabaseDBObjectType) {
     return grantAllOnDatabase_unsafe(granteeName, object, catalog);
   }
 
   sys_write_lock write_lock(this);
 
   UserMetadata user_meta;
   bool is_temporary_user{false};
   if (instance().getMetadataForUser(granteeName, user_meta)) {
     if (user_meta.isSuper) {
       // super doesn't have explicit privileges so nothing to do
       return;
     }
     is_temporary_user = user_meta.is_temporary;
   }
   auto* grantee = instance().getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to grant privileges to " + granteeName +
                         " failed because role or user with this name does not exist.");
   }
   grantee->grantPrivileges(object);
 
   /* apply grant privileges statement to sqlite DB */
   std::vector<std::string> objectKey = object.toString();
   object.resetPrivileges();
   grantee->getPrivileges(object, true);
 
   if (!is_temporary_user) {
     sys_sqlite_lock sqlite_lock(this);
     insertOrUpdateObjectPrivileges(
         sqliteConnector_, granteeName, grantee->isUser(), object);
   }
   updateObjectDescriptorMap(granteeName, object, grantee->isUser(), catalog);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch	(	const std::vector< std::string > &	grantees,
		const std::vector< DBObject > &	objects,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2692 of file SysCatalog.cpp.

References execInTransaction(), and grantDBObjectPrivilegesBatch_unsafe().

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

                                                                                        {
   execInTransaction(
       &SysCatalog::grantDBObjectPrivilegesBatch_unsafe, grantees, objects, catalog);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch_unsafe	(	const std::vector< std::string > &	grantees,
		const std::vector< DBObject > &	objects,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 1775 of file SysCatalog.cpp.

References grantDBObjectPrivileges_unsafe().

Referenced by grantDBObjectPrivilegesBatch(), and reassignObjectOwners().

                                              {
   for (const auto& grantee : grantees) {
     for (const auto& object : objects) {
       grantDBObjectPrivileges_unsafe(grantee, object, catalog);
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDefaultPrivilegesToRole_unsafe	(	const std::string &	name,
		bool	issuper
	)

private

void Catalog_Namespace::SysCatalog::grantRole	(	const std::string &	role,
		const std::string &	grantee,
		const bool	is_temporary = `false`
	)

Definition at line 2668 of file SysCatalog.cpp.

References execInTransaction(), and grantRole_unsafe().

Referenced by syncUserWithRemoteProvider().

                                                     {
   execInTransaction(&SysCatalog::grantRole_unsafe, role, grantee, is_temporary);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRole_unsafe	(	const std::string &	roleName,
		const std::string &	granteeName,
		const bool	is_temporary
	)

private

Definition at line 2141 of file SysCatalog.cpp.

References getGrantee(), getRoleGrantee(), and sqliteConnector_.

Referenced by grantRole(), and grantRoleBatch_unsafe().

                                                            {
   auto* rl = getRoleGrantee(roleName);
   if (!rl) {
     throw runtime_error("Request to grant role " + roleName +
                         " failed because role with this name does not exist.");
   }
   auto* grantee = getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to grant role " + roleName + " failed because grantee " +
                         granteeName + " does not exist.");
   }
   sys_write_lock write_lock(this);
   if (!grantee->hasRole(rl, true)) {
     grantee->grantRole(rl);
     if (!is_temporary) {
       sys_sqlite_lock sqlite_lock(this);
       sqliteConnector_->query_with_text_params(
           "INSERT INTO mapd_roles(roleName, userName) VALUES (?, ?)",
           std::vector<std::string>{rl->getName(), grantee->getName()});
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRoleBatch	(	const std::vector< std::string > &	roles,
		const std::vector< std::string > &	grantees
	)

Definition at line 2663 of file SysCatalog.cpp.

References execInTransaction(), and grantRoleBatch_unsafe().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

                                                                       {
   execInTransaction(&SysCatalog::grantRoleBatch_unsafe, roles, grantees);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRoleBatch_unsafe	(	const std::vector< std::string > &	roles,
		const std::vector< std::string > &	grantees
	)

private

Definition at line 2126 of file SysCatalog.cpp.

References getMetadataForUser(), grantRole_unsafe(), and Catalog_Namespace::UserMetadata::is_temporary.

Referenced by grantRoleBatch().

                                                                              {
   for (const auto& role : roles) {
     for (const auto& grantee : grantees) {
       bool is_temporary_user{false};
       UserMetadata user;
       if (getMetadataForUser(grantee, user)) {
         is_temporary_user = user.is_temporary;
       }
       grantRole_unsafe(role, grantee, is_temporary_user);
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::hasAnyPrivileges	(	const UserMetadata &	user,
		std::vector< DBObject > &	privObjects
	)

Definition at line 2301 of file SysCatalog.cpp.

References getUserGrantee(), instance(), Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

                                                                     {
   sys_read_lock read_lock(this);
   if (user.isSuper) {
     return true;
   }
   auto* user_rl = instance().getUserGrantee(user.userName);
   if (!user_rl) {
     throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
                         " does not exist.");
   }
   for (std::vector<DBObject>::iterator objectIt = privObjects.begin();
        objectIt != privObjects.end();
        ++objectIt) {
     if (!user_rl->hasAnyPrivileges(*objectIt, false)) {
       return false;
     }
   }
   return true;
 }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::hasExecutedMigration ( const std::string & migration_name ) const

Definition at line 2956 of file SysCatalog.cpp.

References hasVersionHistoryTable(), and sqliteConnector_.

Referenced by initializeInformationSchemaDb().

                                                                            {
   if (hasVersionHistoryTable()) {
     sys_sqlite_lock sqlite_lock(this);
     sqliteConnector_->query_with_text_params(
         "SELECT migration_history FROM mapd_version_history WHERE migration_history = ?",
         std::vector<std::string>{migration_name});
     return (sqliteConnector_->getNumRows() > 0);
   }
   return false;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::hasVersionHistoryTable ( ) const

private

Definition at line 2977 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by hasExecutedMigration(), and recordExecutedMigration().

                                               {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query(
       "select name from sqlite_master WHERE type='table' AND "
       "name='mapd_version_history'");
   return (sqliteConnector_->getNumRows() > 0);
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::importDataFromOldMapdDB ( )

private

Definition at line 301 of file SysCatalog.cpp.

References basePath_, logger::ERROR, logger::INFO, shared::kCatalogDirectoryName, shared::kSystemCatalogName, LOG, and sqliteConnector_.

                                          {
   sys_sqlite_lock sqlite_lock(this);
   std::string mapd_db_path = basePath_ + "/" + shared::kCatalogDirectoryName + "/mapd";
   sqliteConnector_->query("ATTACH DATABASE `" + mapd_db_path + "` as old_cat");
   sqliteConnector_->query("BEGIN TRANSACTION");
   LOG(INFO) << "Moving global metadata into a separate catalog";
   try {
     auto moveTableIfExists = [conn = sqliteConnector_.get()](const std::string& tableName,
                                                              bool deleteOld = true) {
       conn->query("SELECT sql FROM old_cat.sqlite_master WHERE type='table' AND name='" +
                   tableName + "'");
       if (conn->getNumRows() != 0) {
         conn->query(conn->getData<string>(0, 0));
         conn->query("INSERT INTO " + tableName + " SELECT * FROM old_cat." + tableName);
         if (deleteOld) {
           conn->query("DROP TABLE old_cat." + tableName);
         }
       }
     };
     moveTableIfExists("mapd_users");
     moveTableIfExists("mapd_databases");
     moveTableIfExists("mapd_roles");
     moveTableIfExists("mapd_object_permissions");
     moveTableIfExists("mapd_privileges");
     moveTableIfExists("mapd_version_history", false);
   } catch (const std::exception& e) {
     LOG(ERROR) << "Failed to move global metadata into a separate catalog: " << e.what();
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     try {
       sqliteConnector_->query("DETACH DATABASE old_cat");
     } catch (const std::exception&) {
       // nothing to do here
     }
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   const std::string sys_catalog_path =
       basePath_ + "/" + shared::kCatalogDirectoryName + "/" + shared::kSystemCatalogName;
   LOG(INFO) << "Global metadata has been successfully moved into a separate catalog: "
             << sys_catalog_path
             << ". Using this database with an older version of heavydb "
                "is now impossible.";
   try {
     sqliteConnector_->query("DETACH DATABASE old_cat");
   } catch (const std::exception&) {
     // nothing to do here
   }
 }

void Catalog_Namespace::SysCatalog::init	(	const std::string &	basePath,
		std::shared_ptr< Data_Namespace::DataMgr >	dataMgr,
		const AuthMetadata &	authMetadata,
		std::shared_ptr< Calcite >	calcite,
		bool	is_new_db,
		bool	aggregator,
		const std::vector< LeafHostInfo > &	string_dict_hosts
	)

Definition at line 162 of file SysCatalog.cpp.

References anonymous_namespace{SysCatalog.cpp}::copy_catalog_if_read_only(), shared::kCatalogDirectoryName, and shared::kSystemCatalogName.

                                                                         {
   {
     sys_write_lock write_lock(this);
     sys_sqlite_lock sqlite_lock(this);
 
     basePath_ = copy_catalog_if_read_only(basePath).string();
     dataMgr_ = dataMgr;
     authMetadata_ = &authMetadata;
     pki_server_.reset(new PkiServer(*authMetadata_));
     calciteMgr_ = calcite;
     string_dict_hosts_ = string_dict_hosts;
     aggregator_ = aggregator;
     bool db_exists =
         boost::filesystem::exists(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                                   shared::kSystemCatalogName);
     sqliteConnector_.reset(
         new SqliteConnector(shared::kSystemCatalogName,
                             basePath_ + "/" + shared::kCatalogDirectoryName + "/"));
     if (is_new_db) {
       initDB();
     } else {
       if (!db_exists) {
         importDataFromOldMapdDB();
       }
       checkAndExecuteMigrations();
     }
     buildRoleMap();
     buildUserRoleMap();
     buildObjectDescriptorMap();
     if (!is_new_db) {
       // We don't want to create the information schema db during database initialization
       // because we don't have the appropriate context to intialize the tables.  For
       // instance if the server is intended to run in distributed mode, initializing the
       // table as part of initdb will be missing information such as the location of the
       // string dictionary server.
       initializeInformationSchemaDb();
     }
   }
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::initDB ( )

private

Definition at line 224 of file SysCatalog.cpp.

References createDatabase(), createRole_unsafe(), anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), shared::kDefaultDbName, shared::kDefaultRootPasswd, shared::kRootUserId, shared::kRootUserIdStr, shared::kRootUsername, and sqliteConnector_.

                         {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "CREATE TABLE mapd_users (userid integer primary key, name text unique, "
         "passwd_hash text, issuper boolean, default_db integer references "
         "mapd_databases, can_login boolean)");
     sqliteConnector_->query_with_text_params(
         "INSERT INTO mapd_users VALUES (?, ?, ?, 1, NULL, 1)",
         std::vector<std::string>{shared::kRootUserIdStr,
                                  shared::kRootUsername,
                                  hash_with_bcrypt(shared::kDefaultRootPasswd)});
     sqliteConnector_->query(
         "CREATE TABLE mapd_databases (dbid integer primary key, name text unique, owner "
         "integer references mapd_users)");
     sqliteConnector_->query(
         "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
         "userName))");
     sqliteConnector_->query(
         "CREATE TABLE mapd_object_permissions ("
         "roleName text, "
         "roleType bool, "
         "dbId integer references mapd_databases, "
         "objectName text, "
         "objectId integer, "
         "objectPermissionsType integer, "
         "objectPermissions integer, "
         "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
         "objectId))");
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   createDatabase(shared::kDefaultDbName, shared::kRootUserId);
   createRole_unsafe(
       shared::kRootUsername, /*userPrivateRole=*/true, /*is_temporary=*/false);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::initializeInformationSchemaDb ( )

private

Definition at line 2935 of file SysCatalog.cpp.

References createDatabase(), dropDatabase(), g_enable_system_tables, getMetadataForDB(), hasExecutedMigration(), shared::kInfoSchemaDbName, shared::kInfoSchemaMigrationName, shared::kRootUserId, LOG, recordExecutedMigration(), and logger::WARNING.

                                                {
   if (g_enable_system_tables && !hasExecutedMigration(shared::kInfoSchemaMigrationName)) {
     sys_write_lock write_lock(this);
     DBMetadata db_metadata;
     if (getMetadataForDB(shared::kInfoSchemaDbName, db_metadata)) {
       LOG(WARNING) << "A database with name \"" << shared::kInfoSchemaDbName
                    << "\" already exists. System table creation will be skipped. Rename "
                       "this database in order to use system tables.";
     } else {
       createDatabase(shared::kInfoSchemaDbName, shared::kRootUserId);
       try {
         recordExecutedMigration(shared::kInfoSchemaMigrationName);
       } catch (...) {
         getMetadataForDB(shared::kInfoSchemaDbName, db_metadata);
         dropDatabase(db_metadata);
         throw;
       }
     }
   }
 }

Here is the call graph for this function:

static SysCatalog& Catalog_Namespace::SysCatalog::instance ( )

inlinestatic

Definition at line 337 of file SysCatalog.h.

References instance_, and SysCatalog().

                                 {
     if (!instance_) {
       instance_.reset(new SysCatalog());
     }
     return *instance_;
   }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::isAggregator ( ) const

inline

Definition at line 336 of file SysCatalog.h.

References aggregator_.

336 { return aggregator_; }

Catalog_Namespace::SysCatalog::aggregator_

bool aggregator_

Definition: SysCatalog.h:488

bool Catalog_Namespace::SysCatalog::isDashboardSystemRole ( const std::string & roleName ) const

private

Definition at line 2418 of file SysCatalog.cpp.

References SYSTEM_ROLE_TAG().

Referenced by getCreatedRoles(), getMetadataForAllObjects(), and getRoles().

                                                                       {
   return boost::algorithm::ends_with(roleName, SYSTEM_ROLE_TAG);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::isRoleGrantedToGrantee	(	const std::string &	granteeName,
		const std::string &	roleName,
		bool	only_direct
	)		const

Definition at line 2396 of file SysCatalog.cpp.

References CHECK, getRoleGrantee(), getUserGrantee(), Grantee::hasRole(), and instance().

Referenced by getRoles().

                                                                 {
   sys_read_lock read_lock(this);
   if (roleName == granteeName) {
     return true;
   }
   bool is_role_granted = false;
   auto* target_role = instance().getRoleGrantee(roleName);
   auto has_role = [&](auto grantee_rl) {
     is_role_granted = target_role && grantee_rl->hasRole(target_role, only_direct);
   };
   if (auto* user_role = instance().getUserGrantee(granteeName); user_role) {
     has_role(user_role);
   } else if (auto* role = instance().getRoleGrantee(granteeName); role) {
     has_role(role);
   } else {
     CHECK(false);
   }
   return is_role_granted;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::login	(	std::string &	db,
		std::string &	username,
		const std::string &	password,
		UserMetadata &	user_meta,
		bool	check_password = `true`
	)

logins (connects) a user against a database.

throws a std::exception in all error cases! (including wrong password)

Definition at line 805 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::can_login, getCatalog(), getMetadataForUser(), getMetadataWithDefaultDB(), and loginImpl().

                                                                 {
   // NOTE(sy): The dbname isn't const because getMetadataWithDefaultDB()
   // can reset it. The username isn't const because SamlServer's
   // login()/authenticate_user() can reset it.
 
   if (check_password) {
     loginImpl(username, password, user_meta);
   } else {  // not checking for password so user must exist
     if (!getMetadataForUser(username, user_meta)) {
       throw std::runtime_error("Invalid credentials.");
     }
   }
   // we should have a user and user_meta by now
   if (!user_meta.can_login) {
     throw std::runtime_error("Unauthorized Access: User " + username + " is deactivated");
   }
   Catalog_Namespace::DBMetadata db_meta;
   getMetadataWithDefaultDB(dbname, username, db_meta, user_meta);
   return getCatalog(db_meta, false);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::loginImpl	(	std::string &	username,
		const std::string &	password,
		UserMetadata &	user_meta
	)

private

Definition at line 831 of file SysCatalog.cpp.

References checkPasswordForUser().

Referenced by login().

                                                     {
   if (!checkPasswordForUser(password, username, user_meta)) {
     throw std::runtime_error("Authentication failure");
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migrateDBAccessPrivileges ( )

private

Definition at line 710 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, CHECK, DatabaseDBObjectType, DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, logger::ERROR, getMetadataForDB(), logger::INFO, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kRootUserId, LOG, MAPD_VERSION, DBObjectKey::permissionType, DBObject::setName(), DBObject::setObjectType(), sqliteConnector_, to_string(), DBObject::updatePrivileges(), and AccessPrivileges::VIEW_SQL_EDITOR.

Referenced by checkAndExecuteMigrations().

                                            {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "select name from sqlite_master WHERE type='table' AND "
         "name='mapd_version_history'");
     if (sqliteConnector_->getNumRows() == 0) {
       sqliteConnector_->query(
           "CREATE TABLE mapd_version_history(version integer, migration_history text "
           "unique)");
     } else {
       sqliteConnector_->query(
           "select * from mapd_version_history where migration_history = "
           "'db_access_privileges'");
       if (sqliteConnector_->getNumRows() != 0) {
         // both privileges migrated
         // no need for further execution
         sqliteConnector_->query("END TRANSACTION");
         return;
       }
     }
     // Insert check for migration
     sqliteConnector_->query_with_text_params(
         "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
         std::vector<std::string>{std::to_string(MAPD_VERSION), "db_access_privileges"});
 
     sqliteConnector_->query("select dbid, name from mapd_databases");
     std::unordered_map<int, string> databases;
     for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
       databases[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
     }
 
     sqliteConnector_->query("select userid, name from mapd_users");
     std::unordered_map<int, string> users;
     for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
       users[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
     }
 
     // All existing users by default will be granted DB Access permissions
     // and view sql editor privileges
     DBMetadata dbmeta;
     for (auto db_ : databases) {
       CHECK(getMetadataForDB(db_.second, dbmeta));
       for (auto user : users) {
         if (user.first != shared::kRootUserId) {
           {
             DBObjectKey key;
             key.permissionType = DBObjectType::DatabaseDBObjectType;
             key.dbId = dbmeta.dbId;
 
             // access permission;
             DBObject object_access(key, AccessPrivileges::ACCESS, dbmeta.dbOwner);
             object_access.setObjectType(DBObjectType::DatabaseDBObjectType);
             object_access.setName(dbmeta.dbName);
             // sql_editor permission
             DBObject object_editor(
                 key, AccessPrivileges::VIEW_SQL_EDITOR, dbmeta.dbOwner);
             object_editor.setObjectType(DBObjectType::DatabaseDBObjectType);
             object_editor.setName(dbmeta.dbName);
             object_editor.updatePrivileges(object_access);
             insertOrUpdateObjectPrivileges(
                 sqliteConnector_, user.second, true, object_editor);
           }
         }
       }
     }
   } catch (const std::exception& e) {
     LOG(ERROR) << "Failed to migrate db access privileges: " << e.what();
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   LOG(INFO) << "Successfully migrated db access privileges";
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migratePrivileged_old ( )

private

Definition at line 788 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                        {
   sys_sqlite_lock sqlite_lock(this);
 
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "CREATE TABLE IF NOT EXISTS mapd_privileges (userid integer references "
         "mapd_users, dbid integer references "
         "mapd_databases, select_priv boolean, insert_priv boolean, UNIQUE(userid, "
         "dbid))");
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migratePrivileges ( )

private

Definition at line 452 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD_MIGRATE, AccessPrivileges::ALL_TABLE_MIGRATE, AccessPrivileges::ALL_VIEW_MIGRATE, DashboardDBObjectType, DatabaseDBObjectType, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kRootUserId, AccessPrivileges::NONE, sqliteConnector_, TableDBObjectType, run_benchmark_import::type, and ViewDBObjectType.

Referenced by checkAndExecuteMigrations().

                                    {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "SELECT name FROM sqlite_master WHERE type='table' AND "
         "name='mapd_object_permissions'");
     if (sqliteConnector_->getNumRows() != 0) {
       // already done
       sqliteConnector_->query("END TRANSACTION");
       return;
     }
 
     sqliteConnector_->query(
         "CREATE TABLE IF NOT EXISTS mapd_object_permissions ("
         "roleName text, "
         "roleType bool, "
         "dbId integer references mapd_databases, "
         "objectName text, "
         "objectId integer, "
         "objectPermissionsType integer, "
         "objectPermissions integer, "
         "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
         "objectId))");
 
     // get the list of databases and their grantees
     sqliteConnector_->query(
         "SELECT userid, dbid FROM mapd_privileges WHERE select_priv = 1 and insert_priv "
         "= 1");
     size_t numRows = sqliteConnector_->getNumRows();
     vector<pair<int, int>> db_grantees(numRows);
     for (size_t i = 0; i < numRows; ++i) {
       db_grantees[i].first = sqliteConnector_->getData<int>(i, 0);
       db_grantees[i].second = sqliteConnector_->getData<int>(i, 1);
     }
     // map user names to user ids
     sqliteConnector_->query("select userid, name from mapd_users");
     numRows = sqliteConnector_->getNumRows();
     std::unordered_map<int, string> users_by_id;
     std::unordered_map<int, bool> user_has_privs;
     for (size_t i = 0; i < numRows; ++i) {
       users_by_id[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
       user_has_privs[sqliteConnector_->getData<int>(i, 0)] = false;
     }
     // map db names to db ids
     sqliteConnector_->query("select dbid, name from mapd_databases");
     numRows = sqliteConnector_->getNumRows();
     std::unordered_map<int, string> dbs_by_id;
     for (size_t i = 0; i < numRows; ++i) {
       dbs_by_id[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
     }
     // migrate old privileges to new privileges: if user had insert access to database, he
     // was a grantee
     for (const auto& grantee : db_grantees) {
       user_has_privs[grantee.first] = true;
       auto dbName = dbs_by_id[grantee.second];
       {
         // table level permissions
         auto type = DBObjectType::TableDBObjectType;
         DBObjectKey key{type, grantee.second};
         DBObject object(
             dbName, type, key, AccessPrivileges::ALL_TABLE_MIGRATE, shared::kRootUserId);
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, users_by_id[grantee.first], true, object);
       }
 
       {
         // dashboard level permissions
         auto type = DBObjectType::DashboardDBObjectType;
         DBObjectKey key{type, grantee.second};
         DBObject object(dbName,
                         type,
                         key,
                         AccessPrivileges::ALL_DASHBOARD_MIGRATE,
                         shared::kRootUserId);
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, users_by_id[grantee.first], true, object);
       }
 
       {
         // view level permissions
         auto type = DBObjectType::ViewDBObjectType;
         DBObjectKey key{type, grantee.second};
         DBObject object(
             dbName, type, key, AccessPrivileges::ALL_VIEW_MIGRATE, shared::kRootUserId);
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, users_by_id[grantee.first], true, object);
       }
     }
     for (auto user : user_has_privs) {
       auto dbName = dbs_by_id[0];
       if (user.second == false && user.first != shared::kRootUserId) {
         {
           auto type = DBObjectType::DatabaseDBObjectType;
           DBObjectKey key{type, 0};
           DBObject object(dbName, type, key, AccessPrivileges::NONE, shared::kRootUserId);
           insertOrUpdateObjectPrivileges(
               sqliteConnector_, users_by_id[user.first], true, object);
         }
       }
     }
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::string Catalog_Namespace::SysCatalog::name ( ) const

inline

Definition at line 347 of file SysCatalog.h.

References shared::kDefaultDbName.

Referenced by alterUser(), buildRoleMap(), createUser(), and Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users().

347 { return shared::kDefaultDbName; }

shared::kDefaultDbName

const std::string kDefaultDbName

Definition: SysDefinitions.h:26

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::populateRoleDbObjects ( const std::vector< DBObject > & objects )

Definition at line 2543 of file SysCatalog.cpp.

References CHECK, getMetadataForUserById(), getUserGrantee(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), sqliteConnector_, and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::Catalog::recordOwnershipOfObjectsInObjectPermissions().

                                                                          {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     for (auto dbobject : objects) {
       UserMetadata user;
       CHECK(getMetadataForUserById(dbobject.getOwner(), user));
       auto* grantee = getUserGrantee(user.userName);
       if (grantee) {
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, grantee->getName(), true, dbobject);
         grantee->grantPrivileges(dbobject);
       }
     }
 
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::reassignObjectOwners	(	const std::map< int32_t, std::vector< DBObject >> &	old_owner_db_objects,
		int32_t	new_owner_id,
		const Catalog_Namespace::Catalog &	catalog
	)

Reassigns database object ownership from a set of users (old owners) to another user (new owner).

Parameters

old_owner_db_objects	- map of user ids and database objects whose ownership will be reassigned
new_owner_id	- id of user who will own reassigned database objects
catalog	- catalog for database where ownership reassignment occurred

Definition at line 2880 of file SysCatalog.cpp.

References CHECK, shared::contains(), Catalog_Namespace::Catalog::getDatabaseId(), getMetadataForUserById(), grantDBObjectPrivilegesBatch_unsafe(), granteeMap_, Catalog_Namespace::UserMetadata::isSuper, objectDescriptorMap_, rebuildObjectMaps(), revokeDBObjectPrivilegesBatch_unsafe(), sqliteConnector_, to_string(), and Catalog_Namespace::UserMetadata::userName.

                                              {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     UserMetadata new_owner;
     CHECK(getMetadataForUserById(new_owner_id, new_owner));
     for (const auto& [old_owner_id, db_objects] : old_owner_db_objects) {
       UserMetadata old_owner;
       CHECK(getMetadataForUserById(old_owner_id, old_owner));
       if (!old_owner.isSuper) {
         revokeDBObjectPrivilegesBatch_unsafe({old_owner.userName}, db_objects, catalog);
       }
       if (!new_owner.isSuper) {
         grantDBObjectPrivilegesBatch_unsafe({new_owner.userName}, db_objects, catalog);
       }
     }
 
     std::set<int32_t> old_owner_ids;
     for (const auto& [old_owner_id, db_objects] : old_owner_db_objects) {
       old_owner_ids.emplace(old_owner_id);
     }
 
     auto db_id = catalog.getDatabaseId();
     for (const auto old_user_id : old_owner_ids) {
       sqliteConnector_->query_with_text_params(
           "UPDATE mapd_object_permissions SET objectOwnerId = ? WHERE objectOwnerId = ? "
           "AND dbId = ? AND objectId != -1",
           std::vector<std::string>{std::to_string(new_owner_id),
                                    std::to_string(old_user_id),
                                    std::to_string(db_id)});
     }
 
     for (const auto& [user_or_role, grantee] : granteeMap_) {
       grantee->reassignObjectOwners(old_owner_ids, new_owner_id, db_id);
     }
 
     for (const auto& [object_key, object_descriptor] : objectDescriptorMap_) {
       if (object_descriptor->objectId != -1 && object_descriptor->dbId == db_id &&
           shared::contains(old_owner_ids, object_descriptor->objectOwnerId)) {
         object_descriptor->objectOwnerId = new_owner_id;
       }
     }
   } catch (std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     rebuildObjectMaps();
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::rebuildObjectMaps ( )

private

Definition at line 2992 of file SysCatalog.cpp.

References buildObjectDescriptorMap(), buildRoleMap(), granteeMap_, and objectDescriptorMap_.

Referenced by changeDBObjectOwnership(), and reassignObjectOwners().

                                    {
   // Rebuild updated maps from storage
   granteeMap_.clear();
   buildRoleMap();
   objectDescriptorMap_.clear();
   buildObjectDescriptorMap();
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::recordExecutedMigration ( const std::string & migration_name ) const

private

Definition at line 2967 of file SysCatalog.cpp.

References createVersionHistoryTable(), hasVersionHistoryTable(), MAPD_VERSION, sqliteConnector_, and to_string().

Referenced by initializeInformationSchemaDb().

                                                                               {
   if (!hasVersionHistoryTable()) {
     createVersionHistoryTable();
   }
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_params(
       "INSERT INTO mapd_version_history(version, migration_history) values(?, ?)",
       std::vector<std::string>{std::to_string(MAPD_VERSION), migration_name});
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::removeCatalog ( const std::string & dbName )

Definition at line 2876 of file SysCatalog.cpp.

References cat_map_.

Referenced by createDatabase(), dropDatabase(), and renameDatabase().

                                                       {
   cat_map_.erase(dbName);
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameDatabase	(	std::string const &	old_name,
		std::string const &	new_name
	)

Definition at line 1255 of file SysCatalog.cpp.

References DatabaseDBObjectType, Catalog_Namespace::CommonFileOperations::duplicateAndRenameCatalog(), getMetadataForDB(), shared::kSystemCatalogName, removeCatalog(), Catalog_Namespace::CommonFileOperations::removeCatalogByFullPath(), sqliteConnector_, to_string(), to_upper(), and yieldTransactionStreamer().

                                                            {
   using namespace std::string_literals;
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   DBMetadata new_db;
   if (getMetadataForDB(new_name, new_db)) {
     throw std::runtime_error("Database " + new_name + " already exists.");
   }
   if (to_upper(new_name) == to_upper(shared::kSystemCatalogName)) {
     throw std::runtime_error("Database name " + new_name + "is reserved.");
   }
 
   DBMetadata old_db;
   if (!getMetadataForDB(old_name, old_db)) {
     throw std::runtime_error("Database " + old_name + " does not exists.");
   }
 
   removeCatalog(old_db.dbName);
 
   std::string old_catalog_path, new_catalog_path;
   std::tie(old_catalog_path, new_catalog_path) =
       duplicateAndRenameCatalog(old_name, new_name);
 
   auto transaction_streamer = yieldTransactionStreamer();
   auto failure_handler = [this, new_catalog_path] {
     removeCatalogByFullPath(new_catalog_path);
   };
   auto success_handler = [this, old_catalog_path] {
     removeCatalogByFullPath(old_catalog_path);
   };
 
   auto q1 = {"UPDATE mapd_databases SET name=?1 WHERE name=?2;"s, new_name, old_name};
   auto q2 = {
       "UPDATE mapd_object_permissions SET objectName=?1 WHERE objectNAME=?2 and (objectPermissionsType=?3 or objectId = -1) and dbId=?4;"s,
       new_name,
       old_name,
       std::to_string(static_cast<int>(DBObjectType::DatabaseDBObjectType)),
       std::to_string(old_db.dbId)};
 
   transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::renameDBObject	(	const std::string &	objectName,
		const std::string &	newName,
		DBObjectType	type,
		int32_t	objectId,
		const Catalog_Namespace::Catalog &	catalog
	)

Renames an DBObject

Parameters

objectName	- original DBObject name
newName	- new name of DBObject
type	- type of DBObject
objectId	- original DBObject ID
catalog	- Catalog instance object exists in

Definition at line 1752 of file SysCatalog.cpp.

References DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), getGrantee(), getMetadataForObject(), DBObjectKey::objectId, DBObjectKey::permissionType, Grantee::renameDbObject(), renameObjectsInDescriptorMap(), DBObject::setObjectKey(), and run_benchmark_import::type.

                                                                          {
   sys_write_lock write_lock(this);
   DBObject new_object(newName, type);
   DBObjectKey key;
   key.dbId = catalog.getCurrentDB().dbId;
   key.objectId = objectId;
   key.permissionType = type;
   new_object.setObjectKey(key);
   auto objdescs =
       getMetadataForObject(key.dbId, static_cast<int32_t>(type), key.objectId);
   for (auto obj : objdescs) {
     Grantee* grnt = getGrantee(obj->roleName);
     if (grnt) {
       grnt->renameDbObject(new_object);
     }
   }
   renameObjectsInDescriptorMap(new_object, catalog);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::renameObjectsInDescriptorMap	(	DBObject &	object,
		const Catalog_Namespace::Catalog &	cat
	)

Definition at line 2241 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), objectDescriptorMap_, sqliteConnector_, and to_string().

Referenced by renameDBObject().

                                                                                    {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   auto range = objectDescriptorMap_.equal_range(
       std::to_string(cat.getCurrentDB().dbId) + ":" +
       std::to_string(object.getObjectKey().permissionType) + ":" +
       std::to_string(object.getObjectKey().objectId));
   for (auto d = range.first; d != range.second; ++d) {
     // rename object
     d->second->objectName = object.getName();
   }
 
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query_with_text_params(
         "UPDATE mapd_object_permissions SET objectName = ?1 WHERE "
         "dbId = ?2 AND objectId = ?3",
         std::vector<std::string>{object.getName(),
                                  std::to_string(cat.getCurrentDB().dbId),
                                  std::to_string(object.getObjectKey().objectId)});
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameUser	(	std::string const &	old_name,
		std::string const &	new_name
	)

Definition at line 1206 of file SysCatalog.cpp.

References CHECK, Catalog_Namespace::g_log_user_id, getGrantee(), getMetadataForUser(), sqliteConnector_, temporary_users_by_name_, updateUserRoleName(), and yieldTransactionStreamer().

                                                                                 {
   using namespace std::string_literals;
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   UserMetadata old_user;
   if (!getMetadataForUser(old_name, old_user)) {
     std::string const loggable = g_log_user_id ? std::string("") : old_name + ' ';
     throw std::runtime_error("User " + loggable + "doesn't exist.");
   }
 
   UserMetadata new_user;
   if (getMetadataForUser(new_name, new_user)) {
     throw std::runtime_error("User " + new_user.userLoggable() + " already exists.");
   }
 
   if (getGrantee(new_name)) {
     std::string const loggable = g_log_user_id ? std::string("") : new_name + ' ';
     throw runtime_error(
         "Username " + loggable +
         "is same as one of existing grantees. User and role names should be unique.");
   }
 
   // Temporary user.
   if (old_user.is_temporary) {
     auto userit = temporary_users_by_name_.find(old_name);
     CHECK(userit != temporary_users_by_name_.end());
     auto node = temporary_users_by_name_.extract(userit);
     node.key() = new_name;
     temporary_users_by_name_.insert(std::move(node));
     userit->second->userName = new_name;
     updateUserRoleName(old_name, new_name);
     return;
   }
 
   // Normal user.
   auto transaction_streamer = yieldTransactionStreamer();
   auto failure_handler = [] {};
   auto success_handler = [this, &old_name, &new_name] {
     updateUserRoleName(old_name, new_name);
   };
   auto q1 = {"UPDATE mapd_users SET name=?1 where name=?2;"s, new_name, old_name};
   auto q2 = {"UPDATE mapd_object_permissions set roleName=?1 WHERE roleName=?2;"s,
              new_name,
              old_name};
   auto q3 = {"UPDATE mapd_roles set userName=?1 WHERE userName=?2;"s, new_name, old_name};
   transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2, q3);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeAllOnDatabase_unsafe	(	const std::string &	roleName,
		int32_t	dbId,
		Grantee *	grantee
	)

private

Definition at line 1925 of file SysCatalog.cpp.

References objectDescriptorMap_, Grantee::revokeAllOnDatabase(), sqliteConnector_, temporary_users_by_name_, and to_string().

Referenced by dropDatabase(), and revokeDBObjectPrivileges_unsafe().

                                                               {
   bool is_temporary =
       (temporary_users_by_name_.find(roleName) != temporary_users_by_name_.end());
   if (!is_temporary) {
     sys_sqlite_lock sqlite_lock(this);
     sqliteConnector_->query_with_text_params(
         "DELETE FROM mapd_object_permissions WHERE roleName = ?1 and dbId = ?2",
         std::vector<std::string>{roleName, std::to_string(dbId)});
   }
   grantee->revokeAllOnDatabase(dbId);
   for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
     if (d->second->roleName == roleName && d->second->dbId == dbId) {
       d = objectDescriptorMap_.erase(d);
     } else {
       d++;
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivileges	(	const std::string &	grantee,
		const DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2699 of file SysCatalog.cpp.

References execInTransaction(), and revokeDBObjectPrivileges_unsafe().

Referenced by Catalog_Namespace::Catalog::createOrUpdateDashboardSystemRole().

                                                                                    {
   execInTransaction(
       &SysCatalog::revokeDBObjectPrivileges_unsafe, grantee, object, catalog);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivileges_unsafe	(	const std::string &	granteeName,
		DBObject	object,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 1881 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, DatabaseDBObjectType, deleteObjectDescriptorMap(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::deleteObjectPrivileges(), getGrantee(), getMetadataForUser(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), instance(), Catalog_Namespace::UserMetadata::is_temporary, Catalog_Namespace::UserMetadata::isSuper, revokeAllOnDatabase_unsafe(), sqliteConnector_, and updateObjectDescriptorMap().

Referenced by changeDBObjectOwnership(), revokeDBObjectPrivileges(), revokeDBObjectPrivilegesBatch_unsafe(), and revokeDBObjectPrivilegesFromAll_unsafe().

                                              {
   sys_write_lock write_lock(this);
 
   UserMetadata user_meta;
   bool is_temporary_user{false};
   if (instance().getMetadataForUser(granteeName, user_meta)) {
     if (user_meta.isSuper) {
       // super doesn't have explicit privileges so nothing to do
       return;
     }
     is_temporary_user = user_meta.is_temporary;
   }
   auto* grantee = getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to revoke privileges from " + granteeName +
                         " failed because role or user with this name does not exist.");
   }
   object.loadKey(catalog);
 
   if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
       object.getObjectKey().permissionType == DatabaseDBObjectType) {
     return revokeAllOnDatabase_unsafe(granteeName, object.getObjectKey().dbId, grantee);
   }
 
   auto ret_object = grantee->revokePrivileges(object);
   if (ret_object) {
     if (!is_temporary_user) {
       sys_sqlite_lock sqlite_lock(this);
       insertOrUpdateObjectPrivileges(
           sqliteConnector_, granteeName, grantee->isUser(), *ret_object);
     }
     updateObjectDescriptorMap(granteeName, *ret_object, grantee->isUser(), catalog);
   } else {
     if (!is_temporary_user) {
       sys_sqlite_lock sqlite_lock(this);
       deleteObjectPrivileges(sqliteConnector_, granteeName, grantee->isUser(), object);
     }
     deleteObjectDescriptorMap(granteeName, object, catalog);
   }
 }

Public Member Functions

Static Public Member Functions

Public Attributes

Static Public Attributes

Private Types

Private Member Functions

Private Attributes

Static Private Attributes

Detailed Description

Member Typedef Documentation

Constructor & Destructor Documentation

Member Function Documentation