#include <SysCatalog.h>

Inheritance diagram for Catalog_Namespace::SysCatalog:

Collaboration diagram for Catalog_Namespace::SysCatalog:

Classes
struct	UpdateQuery

Public Member Functions
void	init (const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)

std::shared_ptr< Catalog >	login (std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)

std::shared_ptr< Catalog >	switchDatabase (std::string &dbname, const std::string &username)

UserMetadata	createUser (std::string const &name, UserAlterations alts, bool is_temporary)

void	dropUser (const std::string &name)

void	dropUserUnchecked (const std::string &name, const UserMetadata &user)

UserMetadata	alterUser (std::string const &name, UserAlterations alts)

void	renameUser (std::string const &old_name, std::string const &new_name)

void	createDatabase (const std::string &dbname, int owner)

void	renameDatabase (std::string const &old_name, std::string const &new_name)

void	changeDatabaseOwner (std::string const &dbname, const std::string &new_owner)

void	dropDatabase (const DBMetadata &db)

std::optional< UserMetadata >	getUser (std::string const &uname)

std::optional< UserMetadata >	getUser (int32_t const uid)

std::optional< DBMetadata >	getDB (std::string const &dbname)

std::optional< DBMetadata >	getDB (int32_t const dbid)

bool	getMetadataForUser (const std::string &name, UserMetadata &user)

bool	getMetadataForUserById (const int32_t idIn, UserMetadata &user)

bool	checkPasswordForUser (const std::string &passwd, std::string &name, UserMetadata &user)

bool	getMetadataForDB (const std::string &name, DBMetadata &db)

bool	getMetadataForDBById (const int32_t idIn, DBMetadata &db)

Data_Namespace::DataMgr &	getDataMgr () const

Calcite &	getCalciteMgr () const

const std::string &	getCatalogBasePath () const

SqliteConnector *	getSqliteConnector ()

std::list< DBMetadata >	getAllDBMetadata ()

std::list< UserMetadata >	getAllUserMetadata ()

std::list< UserMetadata >	getAllUserMetadata (const int64_t dbId)

DBSummaryList	getDatabaseListForUser (const UserMetadata &user)

void	createDBObject (const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)

void	renameDBObject (const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)

void	grantDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)

void	grantDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivilegesFromAll (DBObject object, Catalog *catalog)

void	revokeDBObjectPrivilegesFromAll_unsafe (DBObject object, Catalog *catalog)

void	revokeDBObjectPrivilegesFromAllBatch (std::vector< DBObject > &objects, Catalog *catalog)

void	revokeDBObjectPrivilegesFromAllBatch_unsafe (std::vector< DBObject > &objects, Catalog *catalog)

void	getDBObjectPrivileges (const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const

bool	verifyDBObjectOwnership (const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)

void	changeDBObjectOwnership (const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)

void	createRole (const std::string &roleName, const bool user_private_role, const bool is_temporary=false)

void	dropRole (const std::string &roleName, const bool is_temporary=false)

void	grantRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	grantRole (const std::string &role, const std::string &grantee, const bool is_temporary=false)

void	revokeRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	revokeRole (const std::string &role, const std::string &grantee, const bool is_temporary=false)

bool	hasAnyPrivileges (const UserMetadata &user, std::vector< DBObject > &privObjects)

bool	checkPrivileges (const UserMetadata &user, const std::vector< DBObject > &privObjects) const

bool	checkPrivileges (const std::string &userName, const std::vector< DBObject > &privObjects) const

Grantee *	getGrantee (const std::string &name) const

Role *	getRoleGrantee (const std::string &name) const

User *	getUserGrantee (const std::string &name) const

std::vector < ObjectRoleDescriptor * >	getMetadataForObject (int32_t dbId, int32_t dbType, int32_t objectId) const

std::vector< ObjectRoleDescriptor >	getMetadataForAllObjects () const

bool	isRoleGrantedToGrantee (const std::string &granteeName, const std::string &roleName, bool only_direct) const

std::vector< std::string >	getRoles (const std::string &user_name, bool effective=true)

std::vector< std::string >	getRoles (bool include_user_private_role, bool is_super, const std::string &user_name, bool ignore_deleted_user=false)

std::vector< std::string >	getRoles (const std::string &userName, const int32_t dbId)

std::set< std::string >	getCreatedRoles () const

bool	isAggregator () const

void	populateRoleDbObjects (const std::vector< DBObject > &objects)

std::string	name () const

void	renameObjectsInDescriptorMap (DBObject &object, const Catalog_Namespace::Catalog &cat)

void	syncUserWithRemoteProvider (const std::string &user_name, std::vector< std::string > idp_roles, UserAlterations alts)

std::unordered_map < std::string, std::vector < std::string > >	getGranteesOfSharedDashboards (const std::vector< std::string > &dashboard_ids)

void	check_for_session_encryption (const std::string &pki_cert, std::string &session)

std::vector< Catalog * >	getCatalogsForAllDbs ()

std::shared_ptr< Catalog >	getCatalog (const std::string &dbName)

std::shared_ptr< Catalog >	getCatalog (const int32_t db_id)

std::shared_ptr< Catalog >	getCatalog (const DBMetadata &curDB, bool is_new_db)

void	removeCatalog (const std::string &dbName)

virtual	~SysCatalog ()

void	reassignObjectOwners (const std::map< int32_t, std::vector< DBObject >> &old_owner_db_objects, int32_t new_owner_id, const Catalog_Namespace::Catalog &catalog)

bool	hasExecutedMigration (const std::string &migration_name) const

Static Public Member Functions
static SysCatalog &	instance ()

static void	destroy ()

Public Attributes
std::unique_ptr < heavyai::DistributedSharedMutex >	dcatalogMutex_

std::unique_ptr < heavyai::DistributedSharedMutex >	dsqliteMutex_

std::mutex	sqliteMutex_

heavyai::shared_mutex	sharedMutex_

std::atomic< std::thread::id >	thread_holding_sqlite_lock

std::atomic< std::thread::id >	thread_holding_write_lock

std::shared_ptr< Catalog >	dummyCatalog_

std::unordered_map < std::string, std::shared_ptr < UserMetadata > >	temporary_users_by_name_

std::unordered_map< int32_t, std::shared_ptr< UserMetadata > >	temporary_users_by_id_

int32_t	next_temporary_user_id_ {shared::kTempUserIdRange}

Static Public Attributes
static thread_local bool	thread_holds_read_lock = false

Private Types
using	GranteeMap = std::map< std::string, std::unique_ptr< Grantee >>

using	ObjectRoleDescriptorMap = std::multimap< std::string, std::unique_ptr< ObjectRoleDescriptor >>

using	UpdateQueries = std::list< UpdateQuery >

using	dbid_to_cat_map = tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog >>

Private Member Functions
	SysCatalog ()

void	initDB ()

void	buildMaps (bool is_new_db=false)

void	buildMapsUnlocked (bool is_new_db=false)

void	buildRoleMapUnlocked ()

void	buildUserRoleMapUnlocked ()

void	buildObjectDescriptorMapUnlocked ()

void	rebuildObjectMapsUnlocked ()

void	checkAndExecuteMigrations ()

void	importDataFromOldMapdDB ()

void	createRoles ()

void	fixRolesMigration ()

void	addAdminUserRole ()

void	migratePrivileges ()

void	migratePrivileged_old ()

void	updateUserSchema ()

void	updatePasswordsToHashes ()

void	updateBlankPasswordsToRandom ()

void	updateSupportUserDeactivation ()

void	migrateDBAccessPrivileges ()

void	loginImpl (std::string &username, const std::string &password, UserMetadata &user_meta)

bool	checkPasswordForUserImpl (const std::string &passwd, std::string &name, UserMetadata &user)

void	runUpdateQueriesAndChangeOwnership (const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, const UpdateQueries &update_queries, bool revoke_privileges=true)

void	grantDefaultPrivilegesToRole_unsafe (const std::string &name, bool issuper)

void	createRole_unsafe (const std::string &roleName, const bool userPrivateRole, const bool is_temporary)

void	dropRole_unsafe (const std::string &roleName, const bool is_temporary)

void	grantRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	grantRole_unsafe (const std::string &roleName, const std::string &granteeName, const bool is_temporary)

void	revokeRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	revokeRole_unsafe (const std::string &roleName, const std::string &granteeName, const bool is_temporary)

void	updateObjectDescriptorMap (const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)

void	deleteObjectDescriptorMap (const std::string &roleName)

void	deleteObjectDescriptorMap (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &cat)

void	grantDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	grantDBObjectPrivileges_unsafe (const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivileges_unsafe (const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)

void	grantAllOnDatabase_unsafe (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)

void	revokeAllOnDatabase_unsafe (const std::string &roleName, int32_t dbId, Grantee *grantee)

bool	isDashboardSystemRole (const std::string &roleName) const

void	updateUserRoleName (const std::string &roleName, const std::string &newName)

void	getMetadataWithDefaultDB (std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)

bool	allowLocalLogin () const

template<typename F , typename... Args>
void	execInTransaction (F &&f, Args &&...args)

void	initializeInformationSchemaDb ()

void	recordExecutedMigration (const std::string &migration_name) const

bool	hasVersionHistoryTable () const

void	createVersionHistoryTable () const

auto	yieldTransactionStreamer ()

Private Member Functions inherited from Catalog_Namespace::CommonFileOperations
	CommonFileOperations (std::string const &base_path)

void	removeCatalogByFullPath (std::string const &full_path)

void	removeCatalogByName (std::string const &name)

auto	duplicateAndRenameCatalog (std::string const &current_name, std::string const &new_name)

auto	assembleCatalogName (std::string const &name)

Private Attributes
std::string	basePath_

GranteeMap	granteeMap_

ObjectRoleDescriptorMap	objectDescriptorMap_

std::unique_ptr< SqliteConnector >	sqliteConnector_

std::shared_ptr < Data_Namespace::DataMgr >	dataMgr_

std::unique_ptr< PkiServer >	pki_server_

const AuthMetadata *	authMetadata_

std::shared_ptr< Calcite >	calciteMgr_

std::vector< LeafHostInfo >	string_dict_hosts_

bool	aggregator_

dbid_to_cat_map	cat_map_

Static Private Attributes
static std::mutex	instance_mutex_

static std::unique_ptr < SysCatalog >	instance_

Detailed Description

Definition at line 166 of file SysCatalog.h.

Member Typedef Documentation

using Catalog_Namespace::SysCatalog::dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>

private

Definition at line 515 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::GranteeMap = std::map<std::string, std::unique_ptr<Grantee>>

private

Definition at line 392 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::ObjectRoleDescriptorMap = std::multimap<std::string, std::unique_ptr<ObjectRoleDescriptor>>

private

Definition at line 394 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::UpdateQueries = std::list<UpdateQuery>

private

Definition at line 428 of file SysCatalog.h.

Constructor & Destructor Documentation

Catalog_Namespace::SysCatalog::~SysCatalog ( )

virtual

Definition at line 269 of file SysCatalog.cpp.

References cat_map_, granteeMap_, and objectDescriptorMap_.

                         {
   // TODO(sy): Need to lock here to wait for other threads to complete before pulling out
   // the rug from under them. Unfortunately this lock was seen to deadlock because the
   // HeavyDB shutdown sequence needs cleanup. Do we even need these clear()'s anymore?
   // sys_write_lock write_lock(this);
   granteeMap_.clear();
   objectDescriptorMap_.clear();
   cat_map_.clear();
 }

Catalog_Namespace::SysCatalog::SysCatalog ( )

private

Definition at line 261 of file SysCatalog.cpp.

References basePath_.

Referenced by instance().

     : CommonFileOperations{basePath_}
     , aggregator_{false}
     , sqliteMutex_{}
     , sharedMutex_{}
     , thread_holding_sqlite_lock{std::thread::id()}
     , thread_holding_write_lock{std::thread::id()} {}

Here is the caller graph for this function:

Member Function Documentation

void Catalog_Namespace::SysCatalog::addAdminUserRole ( )

private

Definition at line 620 of file SysCatalog.cpp.

References createRole_unsafe(), shared::kRootUsername, and sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                   {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "SELECT roleName FROM mapd_object_permissions WHERE roleName = \'" +
         shared::kRootUsername + "\'");
     if (sqliteConnector_->getNumRows() != 0) {
       // already done
       sqliteConnector_->query("END TRANSACTION");
       return;
     }
 
     createRole_unsafe(
         shared::kRootUsername, /*userPrivateRole=*/true, /*is_temporary=*/false);
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::allowLocalLogin ( ) const

private

For servers configured to use external authentication providers, determine whether users will be allowed to fallback to local login accounts. If no external providers are configured, returns true.

UserMetadata Catalog_Namespace::SysCatalog::alterUser	(	std::string const &	name,
		UserAlterations	alts
	)

Definition at line 1156 of file SysCatalog.cpp.

Referenced by syncUserWithRemoteProvider().

                                                                            {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   UserMetadata user;
   if (!getMetadataForUser(name, user)) {
     std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
     throw runtime_error("Cannot alter user. User " + loggable + "does not exist.");
   }
   if (!alts.wouldChange(user)) {
     return user;
   }
 
   // Temporary user.
   if (user.is_temporary) {
     if (alts.passwd) {
       user.passwd_hash = hash_with_bcrypt(*alts.passwd);
     }
     if (alts.is_super) {
       user.isSuper = *alts.is_super;
     }
     if (alts.default_db) {
       if (!alts.default_db->empty()) {
         DBMetadata db;
         if (!getMetadataForDB(*alts.default_db, db)) {
           throw runtime_error(string("DEFAULT_DB ") + *alts.default_db + " not found.");
         }
         user.defaultDbId = db.dbId;
       } else {
         user.defaultDbId = -1;
       }
     }
     if (alts.can_login) {
       user.can_login = *alts.can_login;
     }
     *temporary_users_by_name_[name] = user;
     return user;
   }
 
   // Normal user.
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     string sql;
     std::vector<std::string> values;
     if (alts.passwd) {
       append_with_commas(sql, "passwd_hash = ?");
       values.push_back(hash_with_bcrypt(*alts.passwd));
     }
     if (alts.is_super) {
       append_with_commas(sql, "issuper = ?");
       values.push_back(std::to_string(*alts.is_super));
     }
     if (alts.default_db) {
       if (!alts.default_db->empty()) {
         append_with_commas(sql, "default_db = ?");
         DBMetadata db;
         if (!getMetadataForDB(*alts.default_db, db)) {
           throw runtime_error(string("DEFAULT_DB ") + *alts.default_db + " not found.");
         }
         values.push_back(std::to_string(db.dbId));
       } else {
         append_with_commas(sql, "default_db = NULL");
       }
     }
     if (alts.can_login) {
       append_with_commas(sql, "can_login = ?");
       values.push_back(std::to_string(*alts.can_login));
     }
 
     sql = "UPDATE mapd_users SET " + sql + " WHERE userid = ?";
     values.push_back(std::to_string(user.userId));
 
     sqliteConnector_->query_with_text_params(sql, values);
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   auto u = getUser(name);
   CHECK(u);
   VLOG(1) << "Altered user: " << u->userLoggable();
   return *u;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildMaps ( bool is_new_db = false )

private

Definition at line 208 of file SysCatalog.cpp.

                                          {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   buildMapsUnlocked(is_new_db);
 }

void Catalog_Namespace::SysCatalog::buildMapsUnlocked ( bool is_new_db = false )

private

Definition at line 215 of file SysCatalog.cpp.

References CHECK, shared::kSystemCatalogName, run_benchmark_import::result, to_upper(), Catalog_Namespace::UserMetadata::userName, and VLOG.

                                                  {
   VLOG(2) << "reloading catalog caches for: " << shared::kSystemCatalogName;
 
   // Store permissions for temporary users.
   std::map<std::string, std::vector<std::string>> tu_map;
   for (auto& pair : temporary_users_by_name_) {
     CHECK(pair.second);
     UserMetadata& user = *pair.second;
     auto it = granteeMap_.find(to_upper(user.userName));
     CHECK(it != granteeMap_.end()) << to_upper(user.userName) << " not found";
 
     auto user_rl = dynamic_cast<User*>(it->second.get());
     CHECK(user_rl);
     std::vector<std::string> current_roles = user_rl->getRoles();
     auto result = tu_map.emplace(user.userName, std::move(current_roles));
     CHECK(result.second);
   }
 
   // Forget permissions and reload them from file storage.
   buildRoleMapUnlocked();
   buildUserRoleMapUnlocked();
   buildObjectDescriptorMapUnlocked();
   if (!is_new_db) {
     // We don't want to create the information schema db during database initialization
     // because we don't have the appropriate context to intialize the tables.  For
     // instance if the server is intended to run in distributed mode, initializing the
     // table as part of initdb will be missing information such as the location of the
     // string dictionary server.
     initializeInformationSchemaDb();
   }
 
   // Restore permissions for temporary users that were stored above.
   for (auto& pair : temporary_users_by_name_) {
     CHECK(pair.second);
     UserMetadata& user = *pair.second;
 
     createRole_unsafe(user.userName, /*user_private_role*/ true, /*is_temporary*/ true);
 
     auto it = tu_map.find(user.userName);
     CHECK(it != tu_map.end()) << user.userName << " not found";
     for (const auto& r : it->second) {
       grantRole_unsafe(r, user.userName, /*is_temporary*/ true);
     }
   }
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::buildObjectDescriptorMapUnlocked ( )

private

Definition at line 2739 of file SysCatalog.cpp.

References objectDescriptorMap_, sqliteConnector_, and to_string().

Referenced by rebuildObjectMapsUnlocked().

                                                   {
   objectDescriptorMap_.clear();
   string objectQuery(
       "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
       "objectPermissions, objectOwnerId, objectName "
       "from mapd_object_permissions");
   sqliteConnector_->query(objectQuery);
   size_t numRows = sqliteConnector_->getNumRows();
   for (size_t r = 0; r < numRows; ++r) {
     auto od = std::make_unique<ObjectRoleDescriptor>();
     od->roleName = sqliteConnector_->getData<string>(r, 0);
     od->roleType = sqliteConnector_->getData<bool>(r, 1);
     od->objectType = sqliteConnector_->getData<int>(r, 2);
     od->dbId = sqliteConnector_->getData<int>(r, 3);
     od->objectId = sqliteConnector_->getData<int>(r, 4);
     od->privs.privileges = sqliteConnector_->getData<int>(r, 5);
     od->objectOwnerId = sqliteConnector_->getData<int>(r, 6);
     od->objectName = sqliteConnector_->getData<string>(r, 7);
     objectDescriptorMap_.insert(ObjectRoleDescriptorMap::value_type(
         std::to_string(od->dbId) + ":" + std::to_string(od->objectType) + ":" +
             std::to_string(od->objectId),
         std::move(od)));
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildRoleMapUnlocked ( )

private

Definition at line 2624 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::fromString(), getGrantee(), granteeMap_, name(), AccessPrivileges::privileges, sqliteConnector_, and to_upper().

Referenced by rebuildObjectMapsUnlocked().

                                       {
   granteeMap_.clear();
   string roleQuery(
       "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
       "objectPermissions, objectOwnerId, objectName "
       "from mapd_object_permissions");
   sqliteConnector_->query(roleQuery);
   size_t numRows = sqliteConnector_->getNumRows();
   std::vector<std::string> objectKeyStr(4);
   DBObjectKey objectKey;
   AccessPrivileges privs;
   bool userPrivateRole{false};
   for (size_t r = 0; r < numRows; ++r) {
     std::string roleName = sqliteConnector_->getData<string>(r, 0);
     userPrivateRole = sqliteConnector_->getData<bool>(r, 1);
     DBObjectType permissionType =
         static_cast<DBObjectType>(sqliteConnector_->getData<int>(r, 2));
     objectKeyStr[0] = sqliteConnector_->getData<string>(r, 2);
     objectKeyStr[1] = sqliteConnector_->getData<string>(r, 3);
     objectKeyStr[2] = sqliteConnector_->getData<string>(r, 4);
     objectKey = DBObjectKey::fromString(objectKeyStr, permissionType);
     privs.privileges = sqliteConnector_->getData<int>(r, 5);
     int32_t owner = sqliteConnector_->getData<int>(r, 6);
     std::string name = sqliteConnector_->getData<string>(r, 7);
 
     DBObject dbObject(objectKey, privs, owner);
     dbObject.setName(name);
     if (-1 == objectKey.objectId) {
       dbObject.setObjectType(DBObjectType::DatabaseDBObjectType);
     } else {
       dbObject.setObjectType(permissionType);
     }
 
     auto* rl = getGrantee(roleName);
     if (!rl) {
       std::unique_ptr<Grantee> g;
       if (userPrivateRole) {
         g.reset(new User(roleName));
       } else {
         g.reset(new Role(roleName));
       }
       rl = g.get();
       granteeMap_[to_upper(roleName)] = std::move(g);
     }
     rl->grantPrivileges(dbObject);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildUserRoleMapUnlocked ( )

private

Definition at line 2695 of file SysCatalog.cpp.

References getGrantee(), shared::kRootUsername, and sqliteConnector_.

                                           {
   std::vector<std::pair<std::string, std::string>> granteeRoles;
   string userRoleQuery("SELECT roleName, userName from mapd_roles");
   sqliteConnector_->query(userRoleQuery);
   size_t numRows = sqliteConnector_->getNumRows();
   for (size_t r = 0; r < numRows; ++r) {
     std::string roleName = sqliteConnector_->getData<string>(r, 0);
     std::string userName = sqliteConnector_->getData<string>(r, 1);
     // required for declared nomenclature before v4.0.0
     if ((boost::equals(roleName, "mapd_default_suser_role") &&
          boost::equals(userName, shared::kRootUsername)) ||
         (boost::equals(roleName, "mapd_default_user_role") &&
          !boost::equals(userName, "mapd_default_user_role"))) {
       // grouprole already exists with roleName==userName in mapd_roles table
       // ignore duplicate instances of userRole which exists before v4.0.0
       continue;
     }
     auto* rl = getGrantee(roleName);
     if (!rl) {
       throw runtime_error("Data inconsistency when building role map. Role " + roleName +
                           " from db not found in the map.");
     }
     std::pair<std::string, std::string> roleVecElem(roleName, userName);
     granteeRoles.push_back(roleVecElem);
   }
 
   for (const auto& [roleName, granteeName] : granteeRoles) {
     auto* grantee = getGrantee(granteeName);
     if (!grantee) {
       throw runtime_error("Data inconsistency when building role map. Grantee " +
                           granteeName + " not found in the map.");
     }
     if (granteeName == roleName) {
       continue;
     }
     Role* rl = dynamic_cast<Role*>(getGrantee(roleName));
     if (!rl) {
       throw runtime_error("Data inconsistency when building role map. Role " + roleName +
                           " not found in the map.");
     }
     grantee->grantRole(rl);
   }
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::changeDatabaseOwner	(	std::string const &	dbname,
		const std::string &	new_owner
	)

Definition at line 1331 of file SysCatalog.cpp.

References cat(), DatabaseDBObjectType, getCatalog(), getMetadataForDB(), getMetadataForUser(), getMetadataForUserById(), runUpdateQueriesAndChangeOwnership(), and to_string().

                                                                  {
   using namespace std::string_literals;
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   DBMetadata db;
   if (!getMetadataForDB(dbname, db)) {
     throw std::runtime_error("Database " + dbname + " does not exists.");
   }
 
   Catalog_Namespace::UserMetadata user, original_owner;
   if (!getMetadataForUser(new_owner, user)) {
     throw std::runtime_error("User with username \"" + new_owner + "\" does not exist. " +
                              "Database with name \"" + dbname +
                              "\" can not have owner changed.");
   }
 
   bool original_owner_exists = getMetadataForUserById(db.dbOwner, original_owner);
   auto cat = getCatalog(db, true);
   DBObject db_object(dbname, DBObjectType::DatabaseDBObjectType);
   runUpdateQueriesAndChangeOwnership(
       user,
       original_owner,
       db_object,
       *cat,
       UpdateQueries{{"UPDATE mapd_databases SET owner=?1 WHERE name=?2;",
                      {std::to_string(user.userId), dbname}}},
       original_owner_exists);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::changeDBObjectOwnership	(	const UserMetadata &	new_owner,
		const UserMetadata &	previous_owner,
		DBObject	object,
		const Catalog_Namespace::Catalog &	catalog,
		bool	revoke_privileges = `true`
	)

Change ownership of a DBObject

Parameters

new_owner	- new owner of DBObject
previous_owner	- previous owner of DBObject
object	- DBObject to change ownership of
catalog	- Catalog instance object exists in
revoke_privileges	- if true, revoke previous_owner's privileges

Definition at line 2167 of file SysCatalog.cpp.

References runUpdateQueriesAndChangeOwnership().

                                                                  {
   runUpdateQueriesAndChangeOwnership(
       new_owner, previous_owner, object, catalog, {}, revoke_privileges);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::check_for_session_encryption	(	const std::string &	pki_cert,
		std::string &	session
	)

Definition at line 919 of file SysCatalog.cpp.

References pki_server_.

                                                                   {
   if (!pki_server_->inUse()) {
     return;
   }
   pki_server_->encrypt_session(pki_cert, session);
 }

void Catalog_Namespace::SysCatalog::checkAndExecuteMigrations ( )

private

Definition at line 322 of file SysCatalog.cpp.

References addAdminUserRole(), createRoles(), fixRolesMigration(), migrateDBAccessPrivileges(), migratePrivileged_old(), migratePrivileges(), updateBlankPasswordsToRandom(), updatePasswordsToHashes(), updateSupportUserDeactivation(), and updateUserSchema().

                                            {
   migratePrivileged_old();
   createRoles();
   fixRolesMigration();
   migratePrivileges();
   migrateDBAccessPrivileges();
   updateUserSchema();  // must come before updatePasswordsToHashes()
   updatePasswordsToHashes();
   updateBlankPasswordsToRandom();  // must come after updatePasswordsToHashes()
   updateSupportUserDeactivation();
   addAdminUserRole();
 }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::checkPasswordForUser	(	const std::string &	passwd,
		std::string &	name,
		UserMetadata &	user
	)

Definition at line 1572 of file SysCatalog.cpp.

References checkPasswordForUserImpl().

Referenced by loginImpl().

                                                           {
   return checkPasswordForUserImpl(passwd, name, user);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPasswordForUserImpl	(	const std::string &	passwd,
		std::string &	name,
		UserMetadata &	user
	)

private

Definition at line 1578 of file SysCatalog.cpp.

References CHECK, getMetadataForUser(), LOG, Catalog_Namespace::UserMetadata::passwd_hash, and logger::WARNING.

Referenced by checkPasswordForUser().

                                                               {
   sys_read_lock read_lock(this);
   if (!getMetadataForUser(name, user)) {
     // Check password against some fake hash just to waste time so that response times
     // for invalid password and invalid user are similar and a caller can't say the
     // difference
     char fake_hash[BCRYPT_HASHSIZE];
     CHECK(bcrypt_gensalt(-1, fake_hash) == 0);
     bcrypt_checkpw(passwd.c_str(), fake_hash);
     LOG(WARNING) << "Local login failed";
     return false;
   }
   int pwd_check_result = bcrypt_checkpw(passwd.c_str(), user.passwd_hash.c_str());
   // if the check fails there is a good chance that data on disc is broken
   CHECK(pwd_check_result >= 0);
   return pwd_check_result == 0;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPrivileges	(	const UserMetadata &	user,
		const std::vector< DBObject > &	privObjects
	)		const

Definition at line 2452 of file SysCatalog.cpp.

References getUserGrantee(), instance(), Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::SessionInfo::checkDBAccessPrivileges(), checkPrivileges(), getDatabaseListForUser(), and switchDatabase().

                                                                                {
   sys_read_lock read_lock(this);
   if (user.isSuper) {
     return true;
   }
 
   auto* user_rl = instance().getUserGrantee(user.userName);
   if (!user_rl) {
     throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
                         " does not exist.");
   }
   for (auto& object : privObjects) {
     if (!user_rl->checkPrivileges(object)) {
       return false;
     }
   }
   return true;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPrivileges	(	const std::string &	userName,
		const std::vector< DBObject > &	privObjects
	)		const

Definition at line 2472 of file SysCatalog.cpp.

References checkPrivileges(), Catalog_Namespace::g_log_user_id, getMetadataForUser(), and instance().

                                                                                {
   UserMetadata user;
   if (!instance().getMetadataForUser(userName, user)) {
     std::string const loggable = g_log_user_id ? std::string("") : userName + ' ';
     throw runtime_error("Request to check privileges for user " + loggable +
                         "failed because user with this name does not exist.");
   }
   return (checkPrivileges(user, privObjects));
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createDatabase	(	const std::string &	dbname,
		int	owner
	)

Definition at line 1406 of file SysCatalog.cpp.

References basePath_, cat(), CHECK, DatabaseDBObjectType, g_enable_fsi, getCatalog(), Catalog_Namespace::Catalog::getCustomExpressionsSchema(), Catalog_Namespace::Catalog::getForeignServerSchema(), Catalog_Namespace::Catalog::getForeignTableSchema(), getMetadataForDB(), getMetadataForUserById(), grantAllOnDatabase_unsafe(), shared::kCatalogDirectoryName, shared::kRootUserId, shared::kSystemCatalogName, removeCatalog(), sqliteConnector_, to_string(), to_upper(), and Catalog_Namespace::UserMetadata::userName.

Referenced by initDB(), and initializeInformationSchemaDb().

                                                              {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   DBMetadata db;
   if (getMetadataForDB(name, db)) {
     throw runtime_error("Database " + name + " already exists.");
   }
   if (to_upper(name) == to_upper(shared::kSystemCatalogName)) {
     throw runtime_error("Database name " + name + " is reserved.");
   }
 
   std::unique_ptr<SqliteConnector> dbConn(
       new SqliteConnector(name, basePath_ + "/" + shared::kCatalogDirectoryName + "/"));
   // NOTE(max): it's okay to run this in a separate transaction. If we fail later
   // we delete the database anyways.
   // If we run it in the same transaction as SysCatalog functions, then Catalog
   // constructor won't find the tables we have just created.
   dbConn->query("BEGIN TRANSACTION");
   try {
     dbConn->query(
         "CREATE TABLE mapd_tables (tableid integer primary key, name text unique, userid "
         "integer, ncolumns integer, "
         "isview boolean, "
         "fragments text, frag_type integer, max_frag_rows integer, max_chunk_size "
         "bigint, "
         "frag_page_size integer, "
         "max_rows bigint, partitions text, shard_column_id integer, shard integer, "
         "sort_column_id integer default 0, storage_type text default '', "
         "max_rollback_epochs integer default -1, "
         "is_system_table boolean default 0, "
         "num_shards integer, key_metainfo TEXT, version_num "
         "BIGINT DEFAULT 1) ");
     dbConn->query(
         "CREATE TABLE mapd_columns (tableid integer references mapd_tables, columnid "
         "integer, name text, coltype "
         "integer, colsubtype integer, coldim integer, colscale integer, is_notnull "
         "boolean, compression integer, "
         "comp_param integer, size integer, chunks text, is_systemcol boolean, "
         "is_virtualcol boolean, virtual_expr "
         "text, is_deletedcol boolean, version_num BIGINT, default_value text, "
         "primary key(tableid, columnid), unique(tableid, name))");
     dbConn->query(
         "CREATE TABLE mapd_views (tableid integer references mapd_tables, sql text)");
     dbConn->query(
         "CREATE TABLE mapd_dashboards (id integer primary key autoincrement, name text , "
         "userid integer references mapd_users, state text, image_hash text, update_time "
         "timestamp, "
         "metadata text, UNIQUE(userid, name) )");
     dbConn->query(
         "CREATE TABLE mapd_links (linkid integer primary key, userid integer references "
         "mapd_users, "
         "link text unique, view_state text, update_time timestamp, view_metadata text)");
     dbConn->query(
         "CREATE TABLE mapd_dictionaries (dictid integer primary key, name text unique, "
         "nbits int, is_shared boolean, "
         "refcount int, version_num BIGINT DEFAULT 1)");
     dbConn->query(
         "CREATE TABLE mapd_logical_to_physical(logical_table_id integer, "
         "physical_table_id "
         "integer)");
     dbConn->query("CREATE TABLE mapd_record_ownership_marker (dummy integer)");
     dbConn->query_with_text_params(
         "INSERT INTO mapd_record_ownership_marker (dummy) VALUES (?1)",
         std::vector<std::string>{std::to_string(owner)});
 
     if (g_enable_fsi) {
       dbConn->query(Catalog::getForeignServerSchema());
       dbConn->query(Catalog::getForeignTableSchema());
     }
     dbConn->query(Catalog::getCustomExpressionsSchema());
   } catch (const std::exception&) {
     dbConn->query("ROLLBACK TRANSACTION");
     boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                               name);
     throw;
   }
   dbConn->query("END TRANSACTION");
 
   std::shared_ptr<Catalog> cat;
   // Now update SysCatalog with privileges and the new database
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query_with_text_param(
         "INSERT INTO mapd_databases (name, owner) VALUES (?, " + std::to_string(owner) +
             ")",
         name);
     CHECK(getMetadataForDB(name, db));
 
     cat = getCatalog(db, true);
 
     if (owner != shared::kRootUserId) {
       DBObject object(name, DBObjectType::DatabaseDBObjectType);
       object.loadKey(*cat);
       UserMetadata user;
       CHECK(getMetadataForUserById(owner, user));
       grantAllOnDatabase_unsafe(user.userName, object, *cat);
     }
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                               name);
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 
   // force a migration on the new database
   removeCatalog(name);
   cat = getCatalog(db, false);
 
   if (g_enable_fsi) {
     try {
       cat->createDefaultServersIfNotExists();
     } catch (...) {
       boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                                 name);
       throw;
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createDBObject	(	const UserMetadata &	user,
		const std::string &	objectName,
		DBObjectType	type,
		const Catalog_Namespace::Catalog &	catalog,
		int32_t	objectId = `-1`
	)

Definition at line 1820 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, DashboardDBObjectType, getUserGrantee(), grantDBObjectPrivileges_unsafe(), Grantee::grantPrivileges(), instance(), Catalog_Namespace::UserMetadata::isSuper, ServerDBObjectType, sqliteConnector_, TableDBObjectType, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by CreateForeignServerCommand::execute(), CreateForeignTableCommand::execute(), and EmbeddedDatabase::DBEngineImpl::importArrowTable().

                                                   {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   DBObject object =
       objectId == -1 ? DBObject(objectName, type) : DBObject(objectId, type);
   object.loadKey(catalog);
   switch (type) {
     case TableDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_TABLE);
       break;
     case DashboardDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
       break;
     case ServerDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_SERVER);
       break;
     default:
       object.setPrivileges(AccessPrivileges::ALL_DATABASE);
       break;
   }
   object.setOwner(user.userId);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     if (!user.isSuper) {  // no need to grant to suser, has all privs by default
       grantDBObjectPrivileges_unsafe(user.userName, object, catalog);
       auto* grantee = instance().getUserGrantee(user.userName);
       if (!grantee) {
         throw runtime_error("Cannot create DBObject. User " + user.userLoggable() +
                             " does not exist.");
       }
       grantee->grantPrivileges(object);
     }
   } catch (std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRole	(	const std::string &	roleName,
		const bool	user_private_role,
		const bool	is_temporary = `false`
	)

Definition at line 2778 of file SysCatalog.cpp.

References createRole_unsafe(), and execInTransaction().

                                                      {
   execInTransaction(
       &SysCatalog::createRole_unsafe, roleName, user_private_role, is_temporary);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createRole_unsafe	(	const std::string &	roleName,
		const bool	userPrivateRole,
		const bool	is_temporary
	)

private

Definition at line 2198 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::dbId, getGrantee(), granteeMap_, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kDefaultDbName, DBObjectKey::permissionType, DBObject::setObjectKey(), sqliteConnector_, and to_upper().

Referenced by addAdminUserRole(), createRole(), createUser(), and initDB().

                                                             {
   sys_write_lock write_lock(this);
 
   auto* grantee = getGrantee(roleName);
   if (grantee) {
     throw std::runtime_error("CREATE ROLE " + roleName +
                              " failed because grantee with this name already exists.");
   }
   std::unique_ptr<Grantee> g;
   if (user_private_role) {
     g.reset(new User(roleName));
   } else {
     g.reset(new Role(roleName));
   }
   grantee = g.get();
   granteeMap_[to_upper(roleName)] = std::move(g);
 
   // NOTE (max): Why create an empty privileges record for a role?
   /* grant none privileges to this role and add it to sqlite DB */
   DBObject dbObject(shared::kDefaultDbName, DatabaseDBObjectType);
   DBObjectKey objKey;
   // 0 is an id that does not exist
   objKey.dbId = 0;
   objKey.permissionType = DatabaseDBObjectType;
   dbObject.setObjectKey(objKey);
   grantee->grantPrivileges(dbObject);
 
   if (!is_temporary) {
     sys_sqlite_lock sqlite_lock(this);
     insertOrUpdateObjectPrivileges(
         sqliteConnector_, roleName, user_private_role, dbObject);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRoles ( )

private

Definition at line 408 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                              {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "SELECT name FROM sqlite_master WHERE type='table' AND name='mapd_roles'");
     if (sqliteConnector_->getNumRows() != 0) {
       // already done
       sqliteConnector_->query("END TRANSACTION");
       return;
     }
     sqliteConnector_->query(
         "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
         "userName))");
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

UserMetadata Catalog_Namespace::SysCatalog::createUser	(	std::string const &	name,
		UserAlterations	alts,
		bool	is_temporary
	)

Definition at line 927 of file SysCatalog.cpp.

References Catalog_Namespace::UserAlterations::can_login, CHECK, createRole_unsafe(), Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::UserAlterations::default_db, Catalog_Namespace::g_log_user_id, g_read_only, getGrantee(), getMetadataForDB(), getMetadataForUser(), getUser(), anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), Catalog_Namespace::UserAlterations::is_super, name(), next_temporary_user_id_, Catalog_Namespace::UserAlterations::passwd, sqliteConnector_, temporary_users_by_id_, temporary_users_by_name_, to_string(), Catalog_Namespace::UserMetadata::userLoggable(), and VLOG.

Referenced by syncUserWithRemoteProvider().

                                                        {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   if (!alts.passwd) {
     alts.passwd = "";
   }
   if (!alts.is_super) {
     alts.is_super = false;
   }
   if (!alts.default_db) {
     alts.default_db = "";
   }
   if (!alts.can_login) {
     alts.can_login = true;
   }
 
   UserMetadata user;
   if (getMetadataForUser(name, user)) {
     throw runtime_error("User " + user.userLoggable() + " already exists.");
   }
   if (getGrantee(name)) {
     std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
     throw runtime_error(
         "User " + loggable +
         "is same as one of existing grantees. User and role names should be unique.");
   }
   DBMetadata db;
   if (!alts.default_db->empty()) {
     if (!getMetadataForDB(*alts.default_db, db)) {
       throw runtime_error("DEFAULT_DB " + *alts.default_db + " not found.");
     }
   }
 
   // Temporary user.
   if (is_temporary) {
     if (!g_read_only) {
       throw std::runtime_error("Temporary users require read-only mode.");
       // NOTE(sy): We can remove this restriction when we're confident that
       // nothing permanent can depend on a temporary user.
     }
     auto user2 = std::make_shared<UserMetadata>(next_temporary_user_id_++,
                                                 name,
                                                 hash_with_bcrypt(*alts.passwd),
                                                 *alts.is_super,
                                                 !alts.default_db->empty() ? db.dbId : -1,
                                                 *alts.can_login,
                                                 true);
     temporary_users_by_name_[name] = user2;
     temporary_users_by_id_[user2->userId] = user2;
     createRole_unsafe(name, /*userPrivateRole=*/true, /*is_temporary=*/true);
     VLOG(1) << "Created temporary user: " << user2->userLoggable();
     return *user2;
   }
 
   // Normal user.
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     std::vector<std::string> vals;
     if (!alts.default_db->empty()) {
       vals = {name,
               hash_with_bcrypt(*alts.passwd),
               std::to_string(*alts.is_super),
               std::to_string(db.dbId),
               std::to_string(*alts.can_login)};
       sqliteConnector_->query_with_text_params(
           "INSERT INTO mapd_users (name, passwd_hash, issuper, default_db, can_login) "
           "VALUES (?, ?, ?, ?, ?)",
           vals);
     } else {
       vals = {name,
               hash_with_bcrypt(*alts.passwd),
               std::to_string(*alts.is_super),
               std::to_string(*alts.can_login)};
       sqliteConnector_->query_with_text_params(
           "INSERT INTO mapd_users (name, passwd_hash, issuper, can_login) "
           "VALUES (?, ?, ?, ?)",
           vals);
     }
     createRole_unsafe(name, /*userPrivateRole=*/true, /*is_temporary=*/false);
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   auto u = getUser(name);
   CHECK(u);
   VLOG(1) << "Created user: " << u->userLoggable();
   return *u;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createVersionHistoryTable ( ) const

private

Definition at line 3111 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by recordExecutedMigration().

                                                  {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query(
       "CREATE TABLE mapd_version_history(version integer, migration_history text "
       "unique)");
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap ( const std::string & roleName )

private

Definition at line 2400 of file SysCatalog.cpp.

References objectDescriptorMap_.

Referenced by dropUserUnchecked(), and revokeDBObjectPrivileges_unsafe().

                                                                     {
   sys_write_lock write_lock(this);
 
   for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
     if (d->second->roleName == roleName) {
       d = objectDescriptorMap_.erase(d);
     } else {
       d++;
     }
   }
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap	(	const std::string &	roleName,
		DBObject &	object,
		const Catalog_Namespace::Catalog &	cat
	)

private

Definition at line 2413 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), objectDescriptorMap_, and to_string().

                                                                                 {
   sys_write_lock write_lock(this);
   auto range = objectDescriptorMap_.equal_range(
       std::to_string(cat.getCurrentDB().dbId) + ":" +
       std::to_string(object.getObjectKey().permissionType) + ":" +
       std::to_string(object.getObjectKey().objectId));
   for (auto d = range.first; d != range.second;) {
     // remove the entry
     if (d->second->roleName == roleName) {
       d = objectDescriptorMap_.erase(d);
     } else {
       d++;
     }
   }
 }

Here is the call graph for this function:

static void Catalog_Namespace::SysCatalog::destroy ( )

inlinestatic

Definition at line 349 of file SysCatalog.h.

References migrations::MigrationMgr::destroy(), instance_, and instance_mutex_.

Referenced by main(), EmbeddedDatabase::DBEngineImpl::reset(), and DBHandler::shutdown().

                         {
     std::unique_lock lk(instance_mutex_);
     instance_.reset();
     migrations::MigrationMgr::destroy();
   }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropDatabase ( const DBMetadata & db )

Definition at line 1527 of file SysCatalog.cpp.

References cat(), DashboardDBObjectType, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, getCatalog(), granteeMap_, removeCatalog(), revokeAllOnDatabase_unsafe(), revokeDBObjectPrivilegesFromAll_unsafe(), sqliteConnector_, TableDBObjectType, run_benchmark_import::tables, and to_string().

Referenced by initializeInformationSchemaDb().

                                                   {
   auto cat = getCatalog(db, false);
   cat->eraseDbPhysicalData();
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     // remove this database ID from any users that have it set as their default database
     sqliteConnector_->query_with_text_param(
         "UPDATE mapd_users SET default_db = NULL WHERE default_db = ?",
         std::to_string(db.dbId));
     /* revoke object privileges to all tables of the database being dropped */
     const auto tables = cat->getAllTableMetadata();
     for (const auto table : tables) {
       if (table->shard >= 0) {
         // skip shards, they're not standalone tables
         continue;
       }
       revokeDBObjectPrivilegesFromAll_unsafe(
           DBObject(table->tableName, TableDBObjectType), cat.get());
     }
     const auto dashboards = cat->getAllDashboardsMetadata();
     for (const auto dashboard : dashboards) {
       revokeDBObjectPrivilegesFromAll_unsafe(
           DBObject(dashboard->dashboardId, DashboardDBObjectType), cat.get());
     }
     /* revoke object privileges to the database being dropped */
     for (const auto& grantee : granteeMap_) {
       if (grantee.second->hasAnyPrivilegesOnDb(db.dbId, true)) {
         revokeAllOnDatabase_unsafe(
             grantee.second->getName(), db.dbId, grantee.second.get());
       }
     }
     sqliteConnector_->query_with_text_param("DELETE FROM mapd_databases WHERE dbid = ?",
                                             std::to_string(db.dbId));
     cat->eraseDbMetadata();
     removeCatalog(db.dbName);
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropRole	(	const std::string &	roleName,
		const bool	is_temporary = `false`
	)

Definition at line 2785 of file SysCatalog.cpp.

References dropRole_unsafe(), and execInTransaction().

                                                                             {
   execInTransaction(&SysCatalog::dropRole_unsafe, roleName, is_temporary);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::dropRole_unsafe	(	const std::string &	roleName,
		const bool	is_temporary
	)

private

Definition at line 2234 of file SysCatalog.cpp.

References granteeMap_, objectDescriptorMap_, sqliteConnector_, and to_upper().

Referenced by dropRole(), and dropUserUnchecked().

                                                                                    {
   sys_write_lock write_lock(this);
 
   for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
     if (d->second->roleName == roleName) {
       d = objectDescriptorMap_.erase(d);
     } else {
       d++;
     }
   }
   // it may very well be a user "role", so keep it generic
   granteeMap_.erase(to_upper(roleName));
 
   if (!is_temporary) {
     sys_sqlite_lock sqlite_lock(this);
     sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE roleName = ?",
                                             roleName);
     sqliteConnector_->query_with_text_param(
         "DELETE FROM mapd_object_permissions WHERE roleName = ?", roleName);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropUser ( const std::string & name )

Definition at line 1058 of file SysCatalog.cpp.

References dropUserUnchecked(), Catalog_Namespace::g_log_user_id, getAllDBMetadata(), getMetadataForUser(), and Catalog_Namespace::UserMetadata::userId.

                                             {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
 
   UserMetadata user;
   if (!getMetadataForUser(name, user)) {
     throw runtime_error("Cannot drop user. User " + loggable + "does not exist.");
   }
 
   auto dbs = getAllDBMetadata();
   for (const auto& db : dbs) {
     if (db.dbOwner == user.userId) {
       throw runtime_error("Cannot drop user. User " + loggable + "owns database " +
                           db.dbName);
     }
   }
 
   dropUserUnchecked(name, user);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::dropUserUnchecked	(	const std::string &	name,
		const UserMetadata &	user
	)

Definition at line 1021 of file SysCatalog.cpp.

References CHECK, deleteObjectDescriptorMap(), dropRole_unsafe(), Catalog_Namespace::UserMetadata::is_temporary, sqliteConnector_, temporary_users_by_id_, temporary_users_by_name_, to_string(), and Catalog_Namespace::UserMetadata::userId.

Referenced by dropUser().

                                                                                   {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   // Temporary user.
   if (user.is_temporary) {
     auto it1 = temporary_users_by_name_.find(name);
     CHECK(it1 != temporary_users_by_name_.end());
     auto it2 = temporary_users_by_id_.find(it1->second->userId);
     CHECK(it2 != temporary_users_by_id_.end());
     dropRole_unsafe(name, /*is_temporary=*/true);
     deleteObjectDescriptorMap(name);
     temporary_users_by_name_.erase(it1);
     temporary_users_by_id_.erase(it2);
     return;
   }
 
   // Normal user.
 
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     dropRole_unsafe(name, /*is_temporary=*/false);
     deleteObjectDescriptorMap(name);
     const std::string& roleName(name);
     sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE userName = ?",
                                             roleName);
     sqliteConnector_->query("DELETE FROM mapd_users WHERE userid = " +
                             std::to_string(user.userId));
     sqliteConnector_->query("DELETE FROM mapd_privileges WHERE userid = " +
                             std::to_string(user.userId));
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

template<typename F , typename... Args>

void Catalog_Namespace::SysCatalog::execInTransaction	(	F &&	f,
		Args &&...	args
	)

private

Definition at line 2765 of file SysCatalog.cpp.

References run_benchmark_import::args, anonymous_namespace{Utm.h}::f, and sqliteConnector_.

Referenced by createRole(), dropRole(), grantDBObjectPrivileges(), grantDBObjectPrivilegesBatch(), grantRole(), grantRoleBatch(), revokeDBObjectPrivileges(), revokeDBObjectPrivilegesBatch(), revokeDBObjectPrivilegesFromAll(), revokeDBObjectPrivilegesFromAllBatch(), revokeRole(), and revokeRoleBatch().

                                                         {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     (this->*f)(std::forward<Args>(args)...);
   } catch (std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::fixRolesMigration ( )

private

Definition at line 435 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                    {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query("SELECT name FROM mapd_users");
     auto num_rows = sqliteConnector_->getNumRows();
     std::vector<std::string> user_names;
     for (size_t i = 0; i < num_rows; ++i) {
       user_names.push_back(sqliteConnector_->getData<std::string>(i, 0));
     }
     for (const auto& user_name : user_names) {
       sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE roleName = ?",
                                               user_name);
     }
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

list< DBMetadata > Catalog_Namespace::SysCatalog::getAllDBMetadata ( )

Definition at line 1660 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and sqliteConnector_.

Referenced by dropUser(), getCatalogsForAllDbs(), and getDatabaseListForUser().

                                               {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("SELECT dbid, name, owner FROM mapd_databases");
   int numRows = sqliteConnector_->getNumRows();
   list<DBMetadata> db_list;
   for (int r = 0; r < numRows; ++r) {
     DBMetadata db;
     db.dbId = sqliteConnector_->getData<int>(r, 0);
     db.dbName = sqliteConnector_->getData<string>(r, 1);
     db.dbOwner = sqliteConnector_->getData<int>(r, 2);
     db_list.push_back(db);
   }
   return db_list;
 }

Here is the caller graph for this function:

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( )

Definition at line 1720 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), and sqliteConnector_.

Referenced by Catalog_Namespace::anonymous_namespace{Catalog.cpp}::get_user_id_to_user_name_map(), and getDatabaseListForUser().

                                                   {
   sys_sqlite_lock sqlite_lock(this);
   return get_users(*this, sqliteConnector_);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( const int64_t dbId )

return the users associated with the given DB

Definition at line 1713 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), and sqliteConnector_.

                                                                     {
   // this call is to return users that have some form of permissions to objects in the db
   // sadly mapd_object_permissions table is also misused to manage user roles.
   sys_sqlite_lock sqlite_lock(this);
   return get_users(*this, sqliteConnector_, dbId);
 }

Here is the call graph for this function:

Calcite& Catalog_Namespace::SysCatalog::getCalciteMgr ( ) const

inline

Definition at line 233 of file SysCatalog.h.

References calciteMgr_.

233 { return *calciteMgr_; }

Catalog_Namespace::SysCatalog::calciteMgr_

std::shared_ptr< Calcite > calciteMgr_

Definition: SysCatalog.h:507

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const std::string & dbName )

Definition at line 2952 of file SysCatalog.cpp.

References cat_map_, and getMetadataForDB().

Referenced by foreign_storage::anonymous_namespace{LogFileBufferParser.cpp}::add_nonce_values(), foreign_storage::cache_blocks(), changeDatabaseOwner(), createDatabase(), foreign_storage::ForeignDataWrapperFactory::createForeignTableProxy(), foreign_storage::ParquetDataWrapper::createRenderGroupAnalyzers(), foreign_storage::AbstractTextFileDataWrapper::createRenderGroupAnalyzers(), dropDatabase(), foreign_storage::ParquetDataWrapper::fetchChunkMetadata(), foreign_storage::ForeignTableSchema::ForeignTableSchema(), foreign_storage::anonymous_namespace{InternalMemoryStatsDataWrapper.cpp}::get_column_name(), foreign_storage::get_foreign_table_for_key(), foreign_storage::anonymous_namespace{InternalCatalogDataWrapper.cpp}::get_table_ddl(), foreign_storage::get_table_name(), foreign_storage::ParseBufferRequest::getCatalog(), getCatalogsForAllDbs(), foreign_storage::ParquetImportBatchResult::getChunksAndDictionaries(), lockmgr::TableLockMgrImpl< TableDataLockMgr >::getClusterTableMutex(), foreign_storage::ParquetDataWrapper::getColumnsToInitialize(), foreign_storage::init_chunk_for_column(), foreign_storage::Csv::init_chunk_for_column(), PersistentStorageMgr::isForeignStorage(), foreign_storage::AbstractTextFileDataWrapper::iterativeFileScan(), foreign_storage::ParquetDataWrapper::loadBuffersUsingLazyParquetChunkLoader(), login(), foreign_storage::AbstractTextFileDataWrapper::populateChunkBuffers(), foreign_storage::AbstractTextFileDataWrapper::populateChunkMetadata(), switchDatabase(), and foreign_storage::AbstractTextFileDataWrapper::updateMetadata().

                                                                      {
   dbid_to_cat_map::const_accessor cata;
   if (cat_map_.find(cata, dbName)) {
     return cata->second;
   } else {
     Catalog_Namespace::DBMetadata db_meta;
     if (getMetadataForDB(dbName, db_meta)) {
       return getCatalog(db_meta, false);
     } else {
       return nullptr;
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const int32_t db_id )

Definition at line 2966 of file SysCatalog.cpp.

References cat_map_.

                                                                  {
   dbid_to_cat_map::const_accessor cata;
   for (dbid_to_cat_map::iterator cat_it = cat_map_.begin(); cat_it != cat_map_.end();
        ++cat_it) {
     if (cat_it->second->getDatabaseId() == db_id) {
       return cat_it->second;
     }
   }
   return nullptr;
 }

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog	(	const DBMetadata &	curDB,
		bool	is_new_db
	)

Definition at line 2977 of file SysCatalog.cpp.

References basePath_, calciteMgr_, cat(), cat_map_, dataMgr_, Catalog_Namespace::DBMetadata::dbName, and string_dict_hosts_.

                                                                                      {
   {
     dbid_to_cat_map::const_accessor cata;
     if (cat_map_.find(cata, curDB.dbName)) {
       return cata->second;
     }
   }
 
   // Catalog doesnt exist
   // has to be made outside of lock as migration uses cat
   auto cat = std::make_shared<Catalog>(
       basePath_, curDB, dataMgr_, string_dict_hosts_, calciteMgr_, is_new_db);
 
   dbid_to_cat_map::accessor cata;
 
   if (cat_map_.find(cata, curDB.dbName)) {
     return cata->second;
   }
 
   cat_map_.insert(cata, curDB.dbName);
   cata->second = cat;
 
   return cat;
 }

Here is the call graph for this function:

const std::string& Catalog_Namespace::SysCatalog::getCatalogBasePath ( ) const

inline

Definition at line 234 of file SysCatalog.h.

References basePath_.

234 { return basePath_; }

Catalog_Namespace::SysCatalog::basePath_

std::string basePath_

Definition: SysCatalog.h:499

std::vector< Catalog * > Catalog_Namespace::SysCatalog::getCatalogsForAllDbs ( )

Definition at line 1080 of file SysCatalog.cpp.

References getAllDBMetadata(), and getCatalog().

                                                      {
   std::vector<Catalog*> catalogs{};
   const auto& db_metadata_list = getAllDBMetadata();
   for (const auto& db_metadata : db_metadata_list) {
     catalogs.emplace_back(getCatalog(db_metadata, false).get());
   }
   return catalogs;
 }

Here is the call graph for this function:

std::set< std::string > Catalog_Namespace::SysCatalog::getCreatedRoles ( ) const

Definition at line 2613 of file SysCatalog.cpp.

References granteeMap_, and isDashboardSystemRole().

                                                     {
   sys_read_lock read_lock(this);
   std::set<std::string> roles;  // Sorted for human readers.
   for (const auto& [key, grantee] : granteeMap_) {
     if (!grantee->isUser() && !isDashboardSystemRole(grantee->getName())) {
       roles.emplace(grantee->getName());
     }
   }
   return roles;
 }

Here is the call graph for this function:

DBSummaryList Catalog_Namespace::SysCatalog::getDatabaseListForUser ( const UserMetadata & user )

Definition at line 1791 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, checkPrivileges(), DatabaseDBObjectType, Catalog_Namespace::DBSummary::dbName, getAllDBMetadata(), getAllUserMetadata(), DBObject::loadKey(), DBObject::setPrivileges(), Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

Referenced by ShowDatabasesCommand::execute().

                                                                          {
   DBSummaryList ret;
 
   std::list<Catalog_Namespace::DBMetadata> db_list = getAllDBMetadata();
   std::list<Catalog_Namespace::UserMetadata> user_list = getAllUserMetadata();
 
   std::map<int32_t, std::string> user_id_to_name_map;
   for (const auto& user : user_list) {
     user_id_to_name_map.emplace(user.userId, user.userName);
   }
 
   for (auto d : db_list) {
     DBObject dbObject(d.dbName, DatabaseDBObjectType);
     dbObject.loadKey();
     dbObject.setPrivileges(AccessPrivileges::ACCESS);
     if (!checkPrivileges(user, std::vector<DBObject>{dbObject})) {
       continue;
     }
 
     if (auto it = user_id_to_name_map.find(d.dbOwner); it != user_id_to_name_map.end()) {
       ret.emplace_back(DBSummary{d.dbName, it->second});
     } else {
       ret.emplace_back(DBSummary{d.dbName, "<DELETED>"});
     }
   }
 
   return ret;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

Data_Namespace::DataMgr& Catalog_Namespace::SysCatalog::getDataMgr ( ) const

inline

Definition at line 232 of file SysCatalog.h.

References dataMgr_.

Referenced by Executor::clearMemory(), Executor::getExecutor(), foreign_storage::InternalMemoryStatsDataWrapper::initializeObjectsForTable(), and foreign_storage::InternalStorageStatsDataWrapper::initializeObjectsForTable().

232 { return *dataMgr_; }

Catalog_Namespace::SysCatalog::dataMgr_

std::shared_ptr< Data_Namespace::DataMgr > dataMgr_

Definition: SysCatalog.h:504

Here is the caller graph for this function:

std::optional<DBMetadata> Catalog_Namespace::SysCatalog::getDB ( std::string const & dbname )

inline

Definition at line 213 of file SysCatalog.h.

References getMetadataForDB().

                                                          {
     if (DBMetadata db; getMetadataForDB(dbname, db)) {
       return db;
     }
     return {};
   }

Here is the call graph for this function:

std::optional<DBMetadata> Catalog_Namespace::SysCatalog::getDB ( int32_t const dbid )

inline

Definition at line 219 of file SysCatalog.h.

References getMetadataForDBById().

                                                     {
     if (DBMetadata db; getMetadataForDBById(dbid, db)) {
       return db;
     }
     return {};
   }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::getDBObjectPrivileges	(	const std::string &	granteeName,
		DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)		const

Definition at line 2176 of file SysCatalog.cpp.

References getGrantee(), getMetadataForUser(), instance(), and Catalog_Namespace::UserMetadata::isSuper.

                                                                                       {
   sys_read_lock read_lock(this);
   UserMetadata user_meta;
 
   if (instance().getMetadataForUser(granteeName, user_meta)) {
     if (user_meta.isSuper) {
       throw runtime_error(
           "Request to show privileges from " + granteeName +
           " failed because user is super user and has all privileges by default.");
     }
   }
   auto* grantee = instance().getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to show privileges for " + granteeName +
                         " failed because role or user with this name does not exist.");
   }
   object.loadKey(catalog);
   grantee->getPrivileges(object, true);
 }

Here is the call graph for this function:

Grantee * Catalog_Namespace::SysCatalog::getGrantee ( const std::string & name ) const

Definition at line 2483 of file SysCatalog.cpp.

References granteeMap_, and to_upper().

Referenced by buildRoleMapUnlocked(), buildUserRoleMapUnlocked(), createRole_unsafe(), createUser(), getDBObjectPrivileges(), getRoleGrantee(), getRoles(), getUserGrantee(), grantDBObjectPrivileges_unsafe(), grantRole_unsafe(), renameDBObject(), renameUser(), revokeDBObjectPrivileges_unsafe(), and revokeRole_unsafe().

                                                            {
   sys_read_lock read_lock(this);
   auto grantee = granteeMap_.find(to_upper(name));
   if (grantee == granteeMap_.end()) {  // check to make sure role exists
     return nullptr;
   }
   return grantee->second.get();  // returns pointer to role
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::unordered_map< std::string, std::vector< std::string > > Catalog_Namespace::SysCatalog::getGranteesOfSharedDashboards ( const std::vector< std::string > & dashboard_ids )

Definition at line 2921 of file SysCatalog.cpp.

References DashboardDBObjectType, sqliteConnector_, and to_string().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

                                                                                    {
   sys_sqlite_lock sqlite_lock(this);
   std::unordered_map<std::string, std::vector<std::string>> active_grantees;
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     for (auto dash : dashboard_ids) {
       std::vector<std::string> grantees = {};
       sqliteConnector_->query_with_text_params(
           "SELECT roleName FROM mapd_object_permissions WHERE objectPermissions NOT IN "
           "(0,1) AND objectPermissionsType = ? AND objectId = ?",
           std::vector<std::string>{
               std::to_string(static_cast<int32_t>(DashboardDBObjectType)), dash});
       int num_rows = sqliteConnector_->getNumRows();
       if (num_rows == 0) {
         // no grantees
         continue;
       } else {
         for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
           grantees.push_back(sqliteConnector_->getData<string>(i, 0));
         }
         active_grantees[dash] = grantees;
       }
     }
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   return active_grantees;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::vector< ObjectRoleDescriptor > Catalog_Namespace::SysCatalog::getMetadataForAllObjects ( ) const

Definition at line 2514 of file SysCatalog.cpp.

References isDashboardSystemRole(), and objectDescriptorMap_.

                                                                            {
   sys_read_lock read_lock(this);
   std::vector<ObjectRoleDescriptor> objects;
   for (const auto& entry : objectDescriptorMap_) {
     auto object_role = entry.second.get();
     if (object_role->dbId != 0 && !isDashboardSystemRole(object_role->roleName)) {
       objects.emplace_back(*object_role);
     }
   }
   return objects;
 }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForDB	(	const std::string &	name,
		DBMetadata &	db
	)

Definition at line 1761 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and sqliteConnector_.

Referenced by alterUser(), changeDatabaseOwner(), createDatabase(), createUser(), getCatalog(), getDB(), getMetadataWithDefaultDB(), initializeInformationSchemaDb(), migrateDBAccessPrivileges(), renameDatabase(), and Catalog_Namespace::UserAlterations::wouldChange().

                                                                     {
   sys_read_lock read_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT dbid, name, owner FROM mapd_databases WHERE name = ?", name);
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     return false;
   }
   db.dbId = sqliteConnector_->getData<int>(0, 0);
   db.dbName = sqliteConnector_->getData<string>(0, 1);
   db.dbOwner = sqliteConnector_->getData<int>(0, 2);
   return true;
 }

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForDBById	(	const int32_t	idIn,
		DBMetadata &	db
	)

Definition at line 1776 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, sqliteConnector_, and to_string().

Referenced by getDB(), and getMetadataWithDefaultDB().

                                                                         {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT dbid, name, owner FROM mapd_databases WHERE dbid = ?",
       std::to_string(idIn));
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     return false;
   }
   db.dbId = sqliteConnector_->getData<int>(0, 0);
   db.dbName = sqliteConnector_->getData<string>(0, 1);
   db.dbOwner = sqliteConnector_->getData<int>(0, 2);
   return true;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::vector< ObjectRoleDescriptor * > Catalog_Namespace::SysCatalog::getMetadataForObject	(	int32_t	dbId,
		int32_t	dbType,
		int32_t	objectId
	)		const

Definition at line 2501 of file SysCatalog.cpp.

References objectDescriptorMap_, and to_string().

Referenced by renameDBObject().

                                                                                      {
   sys_read_lock read_lock(this);
   std::vector<ObjectRoleDescriptor*> objectsList;
 
   auto range = objectDescriptorMap_.equal_range(std::to_string(dbId) + ":" +
                                                 std::to_string(dbType) + ":" +
                                                 std::to_string(objectId));
   for (auto d = range.first; d != range.second; ++d) {
     objectsList.push_back(d->second.get());
   }
   return objectsList;  // return pointers to objects
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUser	(	const std::string &	name,
		UserMetadata &	user
	)

Definition at line 1621 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite(), sqliteConnector_, and temporary_users_by_name_.

Referenced by alterUser(), changeDatabaseOwner(), checkPasswordForUserImpl(), checkPrivileges(), createUser(), dropUser(), getDBObjectPrivileges(), getMetadataWithDefaultDB(), getRoles(), getUser(), grantDBObjectPrivileges_unsafe(), grantRoleBatch_unsafe(), login(), renameUser(), revokeDBObjectPrivileges_unsafe(), and revokeRoleBatch_unsafe().

                                                                           {
   sys_read_lock read_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
       "WHERE name = ?",
       name);
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     auto userit = temporary_users_by_name_.find(name);
     if (userit != temporary_users_by_name_.end()) {
       user = *userit->second;
       return true;
     } else {
       return false;
     }
   }
   return parseUserMetadataFromSQLite(sqliteConnector_, user, 0);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUserById	(	const int32_t	idIn,
		UserMetadata &	user
	)

Definition at line 1641 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite(), sqliteConnector_, temporary_users_by_id_, and to_string().

Referenced by changeDatabaseOwner(), createDatabase(), getUser(), populateRoleDbObjects(), and reassignObjectOwners().

                                                                               {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
       "WHERE userid = ?",
       std::to_string(idIn));
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     auto userit = temporary_users_by_id_.find(idIn);
     if (userit != temporary_users_by_id_.end()) {
       user = *userit->second;
       return true;
     } else {
       return false;
     }
   }
   return parseUserMetadataFromSQLite(sqliteConnector_, user, 0);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::getMetadataWithDefaultDB	(	std::string &	dbname,
		const std::string &	username,
		Catalog_Namespace::DBMetadata &	db_meta,
		UserMetadata &	user_meta
	)

private

Definition at line 1725 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::UserMetadata::defaultDbId, Catalog_Namespace::g_log_user_id, getMetadataForDB(), getMetadataForDBById(), getMetadataForUser(), shared::kDefaultDbName, to_string(), Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

Referenced by login(), and switchDatabase().

                                                                    {
   sys_read_lock read_lock(this);
   if (!getMetadataForUser(username, user_meta)) {
     throw std::runtime_error("Invalid credentials.");
   }
 
   if (!dbname.empty()) {
     if (!getMetadataForDB(dbname, db_meta)) {
       throw std::runtime_error("Database name " + dbname + " does not exist.");
     }
     // loaded the requested database
   } else {
     if (user_meta.defaultDbId != -1) {
       if (!getMetadataForDBById(user_meta.defaultDbId, db_meta)) {
         std::string loggable = g_log_user_id ? std::string("") : ' ' + user_meta.userName;
         throw std::runtime_error(
             "Server error: User #" + std::to_string(user_meta.userId) + loggable +
             " has invalid default_db #" + std::to_string(user_meta.defaultDbId) +
             " which does not exist.");
       }
       dbname = db_meta.dbName;
       // loaded the user's default database
     } else {
       if (!getMetadataForDB(shared::kDefaultDbName, db_meta)) {
         throw std::runtime_error(std::string("Database ") + shared::kDefaultDbName +
                                  " does not exist.");
       }
       dbname = shared::kDefaultDbName;
       // loaded the mapd database by default
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

Role * Catalog_Namespace::SysCatalog::getRoleGrantee ( const std::string & name ) const

Definition at line 2492 of file SysCatalog.cpp.

References getGrantee().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles(), grantRole_unsafe(), isRoleGrantedToGrantee(), revokeRole_unsafe(), and syncUserWithRemoteProvider().

                                                             {
   return dynamic_cast<Role*>(getGrantee(name));
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles	(	const std::string &	user_name,
		bool	effective = `true`
	)

Definition at line 2552 of file SysCatalog.cpp.

References getGrantee().

                                                               {
   sys_read_lock read_lock(this);
   auto* grantee = getGrantee(user_name);
   if (!grantee) {
     throw std::runtime_error("user or role not found");
   }
   return grantee->getRoles(/*only_direct=*/!effective);
 }

Here is the call graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles	(	bool	include_user_private_role,
		bool	is_super,
		const std::string &	user_name,
		bool	ignore_deleted_user = `false`
	)

Definition at line 2583 of file SysCatalog.cpp.

References getMetadataForUser(), granteeMap_, isDashboardSystemRole(), and isRoleGrantedToGrantee().

                                                                         {
   sys_read_lock read_lock(this);
   if (ignore_deleted_user) {
     // In certain cases, it is possible to concurrently call this method while the user is
     // being dropped. In such a case, return an empty result.
     UserMetadata user;
     if (!getMetadataForUser(user_name, user)) {
       return {};
     }
   }
   std::vector<std::string> roles;
   for (auto& grantee : granteeMap_) {
     if (!include_user_private_role && grantee.second->isUser()) {
       continue;
     }
     if (!is_super &&
         !isRoleGrantedToGrantee(user_name, grantee.second->getName(), false)) {
       continue;
     }
     if (isDashboardSystemRole(grantee.second->getName())) {
       continue;
     }
     roles.push_back(grantee.second->getName());
   }
   return roles;
 }

Here is the call graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles	(	const std::string &	userName,
		const int32_t	dbId
	)

Definition at line 2562 of file SysCatalog.cpp.

References isDashboardSystemRole(), isRoleGrantedToGrantee(), sqliteConnector_, and to_string().

                                                                   {
   sys_sqlite_lock sqlite_lock(this);
   std::string sql =
       "SELECT DISTINCT roleName FROM mapd_object_permissions WHERE "
       "objectPermissions<>0 "
       "AND roleType=0 AND dbId=" +
       std::to_string(dbId);
   sqliteConnector_->query(sql);
   int numRows = sqliteConnector_->getNumRows();
   std::vector<std::string> roles(0);
   for (int r = 0; r < numRows; ++r) {
     auto roleName = sqliteConnector_->getData<string>(r, 0);
     if (isRoleGrantedToGrantee(userName, roleName, false) &&
         !isDashboardSystemRole(roleName)) {
       roles.push_back(roleName);
     }
   }
   return roles;
 }

Here is the call graph for this function:

SqliteConnector* Catalog_Namespace::SysCatalog::getSqliteConnector ( )

inline

Definition at line 235 of file SysCatalog.h.

References sqliteConnector_.

235 { return sqliteConnector_.get(); }

Catalog_Namespace::SysCatalog::sqliteConnector_

std::unique_ptr< SqliteConnector > sqliteConnector_

Definition: SysCatalog.h:502

std::optional<UserMetadata> Catalog_Namespace::SysCatalog::getUser ( std::string const & uname )

inline

Definition at line 201 of file SysCatalog.h.

References getMetadataForUser().

Referenced by alterUser(), createUser(), and syncUserWithRemoteProvider().

                                                             {
     if (UserMetadata user; getMetadataForUser(uname, user)) {
       return user;
     }
     return {};
   }

Here is the call graph for this function:

Here is the caller graph for this function:

std::optional<UserMetadata> Catalog_Namespace::SysCatalog::getUser ( int32_t const uid )

inline

Definition at line 207 of file SysCatalog.h.

References getMetadataForUserById().

                                                        {
     if (UserMetadata user; getMetadataForUserById(uid, user)) {
       return user;
     }
     return {};
   }

Here is the call graph for this function:

User * Catalog_Namespace::SysCatalog::getUserGrantee ( const std::string & name ) const

Definition at line 2496 of file SysCatalog.cpp.

References getGrantee().

Referenced by checkPrivileges(), createDBObject(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), hasAnyPrivileges(), isRoleGrantedToGrantee(), populateRoleDbObjects(), syncUserWithRemoteProvider(), and verifyDBObjectOwnership().

                                                             {
   return dynamic_cast<User*>(getGrantee(name));
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantAllOnDatabase_unsafe	(	const std::string &	roleName,
		DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 1941 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, g_enable_fsi, grantDBObjectPrivileges_unsafe(), ServerDBObjectType, DBObject::setPermissionType(), DBObject::setPrivileges(), TableDBObjectType, AccessPrivileges::VIEW_SQL_EDITOR, and ViewDBObjectType.

Referenced by createDatabase(), and grantDBObjectPrivileges_unsafe().

                                                                                     {
   // It's a separate use case because it's easier for implementation to convert ALL ON
   // DATABASE into ALL ON DASHBOARDS, ALL ON VIEWS and ALL ON TABLES
   // Add DB Access privileges
   DBObject tmp_object = object;
   tmp_object.setPrivileges(AccessPrivileges::ACCESS);
   tmp_object.setPermissionType(DatabaseDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   tmp_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR);
   tmp_object.setPermissionType(DatabaseDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   tmp_object.setPrivileges(AccessPrivileges::ALL_TABLE);
   tmp_object.setPermissionType(TableDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   tmp_object.setPrivileges(AccessPrivileges::ALL_VIEW);
   tmp_object.setPermissionType(ViewDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
 
   if (g_enable_fsi) {
     tmp_object.setPrivileges(AccessPrivileges::ALL_SERVER);
     tmp_object.setPermissionType(ServerDBObjectType);
     grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   }
 
   tmp_object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
   tmp_object.setPermissionType(DashboardDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   return;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges	(	const std::string &	grantee,
		const DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2811 of file SysCatalog.cpp.

References execInTransaction(), and grantDBObjectPrivileges_unsafe().

                                                                                   {
   execInTransaction(
       &SysCatalog::grantDBObjectPrivileges_unsafe, grantee, object, catalog);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges_unsafe	(	const std::string &	granteeName,
		const DBObject	object,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 1899 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, CHECK, DatabaseDBObjectType, getGrantee(), getMetadataForUser(), grantAllOnDatabase_unsafe(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), instance(), Catalog_Namespace::UserMetadata::is_temporary, Catalog_Namespace::UserMetadata::isSuper, sqliteConnector_, and updateObjectDescriptorMap().

Referenced by createDBObject(), grantAllOnDatabase_unsafe(), grantDBObjectPrivileges(), grantDBObjectPrivilegesBatch_unsafe(), and runUpdateQueriesAndChangeOwnership().

                                              {
   object.loadKey(catalog);
   CHECK(object.valid());
   if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
       object.getObjectKey().permissionType == DatabaseDBObjectType) {
     return grantAllOnDatabase_unsafe(granteeName, object, catalog);
   }
 
   sys_write_lock write_lock(this);
 
   UserMetadata user_meta;
   bool is_temporary_user{false};
   if (instance().getMetadataForUser(granteeName, user_meta)) {
     if (user_meta.isSuper) {
       // super doesn't have explicit privileges so nothing to do
       return;
     }
     is_temporary_user = user_meta.is_temporary;
   }
   auto* grantee = instance().getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to grant privileges to " + granteeName +
                         " failed because role or user with this name does not exist.");
   }
   grantee->grantPrivileges(object);
 
   /* apply grant privileges statement to sqlite DB */
   std::vector<std::string> objectKey = object.toString();
   object.resetPrivileges();
   grantee->getPrivileges(object, true);
 
   if (!is_temporary_user) {
     sys_sqlite_lock sqlite_lock(this);
     insertOrUpdateObjectPrivileges(
         sqliteConnector_, granteeName, grantee->isUser(), object);
   }
   updateObjectDescriptorMap(granteeName, object, grantee->isUser(), catalog);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch	(	const std::vector< std::string > &	grantees,
		const std::vector< DBObject > &	objects,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2818 of file SysCatalog.cpp.

References execInTransaction(), and grantDBObjectPrivilegesBatch_unsafe().

                                                                                        {
   execInTransaction(
       &SysCatalog::grantDBObjectPrivilegesBatch_unsafe, grantees, objects, catalog);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch_unsafe	(	const std::vector< std::string > &	grantees,
		const std::vector< DBObject > &	objects,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 1887 of file SysCatalog.cpp.

References grantDBObjectPrivileges_unsafe().

Referenced by grantDBObjectPrivilegesBatch(), and reassignObjectOwners().

                                              {
   for (const auto& grantee : grantees) {
     for (const auto& object : objects) {
       grantDBObjectPrivileges_unsafe(grantee, object, catalog);
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDefaultPrivilegesToRole_unsafe	(	const std::string &	name,
		bool	issuper
	)

private

void Catalog_Namespace::SysCatalog::grantRole	(	const std::string &	role,
		const std::string &	grantee,
		const bool	is_temporary = `false`
	)

Definition at line 2794 of file SysCatalog.cpp.

References execInTransaction(), and grantRole_unsafe().

Referenced by syncUserWithRemoteProvider().

                                                     {
   execInTransaction(&SysCatalog::grantRole_unsafe, role, grantee, is_temporary);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRole_unsafe	(	const std::string &	roleName,
		const std::string &	granteeName,
		const bool	is_temporary
	)

private

Definition at line 2271 of file SysCatalog.cpp.

References getGrantee(), getRoleGrantee(), and sqliteConnector_.

Referenced by grantRole(), and grantRoleBatch_unsafe().

                                                            {
   auto* rl = getRoleGrantee(roleName);
   if (!rl) {
     throw runtime_error("Request to grant role " + roleName +
                         " failed because role with this name does not exist.");
   }
   auto* grantee = getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to grant role " + roleName + " failed because grantee " +
                         granteeName + " does not exist.");
   }
   sys_write_lock write_lock(this);
   if (!grantee->hasRole(rl, true)) {
     grantee->grantRole(rl);
     if (!is_temporary) {
       sys_sqlite_lock sqlite_lock(this);
       sqliteConnector_->query_with_text_params(
           "INSERT INTO mapd_roles(roleName, userName) VALUES (?, ?)",
           std::vector<std::string>{rl->getName(), grantee->getName()});
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRoleBatch	(	const std::vector< std::string > &	roles,
		const std::vector< std::string > &	grantees
	)

Definition at line 2789 of file SysCatalog.cpp.

References execInTransaction(), and grantRoleBatch_unsafe().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

                                                                       {
   execInTransaction(&SysCatalog::grantRoleBatch_unsafe, roles, grantees);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRoleBatch_unsafe	(	const std::vector< std::string > &	roles,
		const std::vector< std::string > &	grantees
	)

private

Definition at line 2256 of file SysCatalog.cpp.

References getMetadataForUser(), grantRole_unsafe(), and Catalog_Namespace::UserMetadata::is_temporary.

Referenced by grantRoleBatch().

                                                                              {
   for (const auto& role : roles) {
     for (const auto& grantee : grantees) {
       bool is_temporary_user{false};
       UserMetadata user;
       if (getMetadataForUser(grantee, user)) {
         is_temporary_user = user.is_temporary;
       }
       grantRole_unsafe(role, grantee, is_temporary_user);
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::hasAnyPrivileges	(	const UserMetadata &	user,
		std::vector< DBObject > &	privObjects
	)

Definition at line 2431 of file SysCatalog.cpp.

References getUserGrantee(), instance(), Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

                                                                     {
   sys_read_lock read_lock(this);
   if (user.isSuper) {
     return true;
   }
   auto* user_rl = instance().getUserGrantee(user.userName);
   if (!user_rl) {
     throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
                         " does not exist.");
   }
   for (std::vector<DBObject>::iterator objectIt = privObjects.begin();
        objectIt != privObjects.end();
        ++objectIt) {
     if (!user_rl->hasAnyPrivileges(*objectIt, false)) {
       return false;
     }
   }
   return true;
 }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::hasExecutedMigration ( const std::string & migration_name ) const

Definition at line 3082 of file SysCatalog.cpp.

References hasVersionHistoryTable(), and sqliteConnector_.

Referenced by initializeInformationSchemaDb().

                                                                            {
   if (hasVersionHistoryTable()) {
     sys_sqlite_lock sqlite_lock(this);
     sqliteConnector_->query_with_text_params(
         "SELECT migration_history FROM mapd_version_history WHERE migration_history = ?",
         std::vector<std::string>{migration_name});
     return (sqliteConnector_->getNumRows() > 0);
   }
   return false;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::hasVersionHistoryTable ( ) const

private

Definition at line 3103 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by hasExecutedMigration(), and recordExecutedMigration().

                                               {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query(
       "select name from sqlite_master WHERE type='table' AND "
       "name='mapd_version_history'");
   return (sqliteConnector_->getNumRows() > 0);
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::importDataFromOldMapdDB ( )

private

Definition at line 359 of file SysCatalog.cpp.

References basePath_, logger::ERROR, logger::INFO, shared::kCatalogDirectoryName, shared::kSystemCatalogName, LOG, and sqliteConnector_.

                                          {
   sys_sqlite_lock sqlite_lock(this);
   std::string mapd_db_path = basePath_ + "/" + shared::kCatalogDirectoryName + "/mapd";
   sqliteConnector_->query("ATTACH DATABASE `" + mapd_db_path + "` as old_cat");
   sqliteConnector_->query("BEGIN TRANSACTION");
   LOG(INFO) << "Moving global metadata into a separate catalog";
   try {
     auto moveTableIfExists = [conn = sqliteConnector_.get()](const std::string& tableName,
                                                              bool deleteOld = true) {
       conn->query("SELECT sql FROM old_cat.sqlite_master WHERE type='table' AND name='" +
                   tableName + "'");
       if (conn->getNumRows() != 0) {
         conn->query(conn->getData<string>(0, 0));
         conn->query("INSERT INTO " + tableName + " SELECT * FROM old_cat." + tableName);
         if (deleteOld) {
           conn->query("DROP TABLE old_cat." + tableName);
         }
       }
     };
     moveTableIfExists("mapd_users");
     moveTableIfExists("mapd_databases");
     moveTableIfExists("mapd_roles");
     moveTableIfExists("mapd_object_permissions");
     moveTableIfExists("mapd_privileges");
     moveTableIfExists("mapd_version_history", false);
   } catch (const std::exception& e) {
     LOG(ERROR) << "Failed to move global metadata into a separate catalog: " << e.what();
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     try {
       sqliteConnector_->query("DETACH DATABASE old_cat");
     } catch (const std::exception&) {
       // nothing to do here
     }
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   const std::string sys_catalog_path =
       basePath_ + "/" + shared::kCatalogDirectoryName + "/" + shared::kSystemCatalogName;
   LOG(INFO) << "Global metadata has been successfully moved into a separate catalog: "
             << sys_catalog_path
             << ". Using this database with an older version of heavydb "
                "is now impossible.";
   try {
     sqliteConnector_->query("DETACH DATABASE old_cat");
   } catch (const std::exception&) {
     // nothing to do here
   }
 }

void Catalog_Namespace::SysCatalog::init	(	const std::string &	basePath,
		std::shared_ptr< Data_Namespace::DataMgr >	dataMgr,
		const AuthMetadata &	authMetadata,
		std::shared_ptr< Calcite >	calcite,
		bool	is_new_db,
		bool	aggregator,
		const std::vector< LeafHostInfo > &	string_dict_hosts
	)

Definition at line 161 of file SysCatalog.cpp.

References anonymous_namespace{SysCatalog.cpp}::copy_catalog_if_read_only(), Catalog_Namespace::dsqliteMutex_(), g_multi_instance, shared::kCatalogDirectoryName, shared::kLockfilesDirectoryName, shared::kSystemCatalogName, migrations::MigrationMgr::migrationEnabled(), migrations::MigrationMgr::relaxMigrationLock(), and migrations::MigrationMgr::takeMigrationLock().

                                                                         {
   basePath_ = !g_multi_instance ? copy_catalog_if_read_only(basePath).string() : basePath;
   sqliteConnector_.reset(new SqliteConnector(
       shared::kSystemCatalogName, basePath_ + "/" + shared::kCatalogDirectoryName + "/"));
   dcatalogMutex_ = std::make_unique<heavyai::DistributedSharedMutex>(
       std::filesystem::path(basePath_) / shared::kLockfilesDirectoryName /
           shared::kCatalogDirectoryName / (shared::kSystemCatalogName + ".lockfile"),
       [this](size_t) {
         heavyai::unique_lock<heavyai::DistributedSharedMutex> dsqlite_lock(
             *dsqliteMutex_);
         buildMapsUnlocked();
       });
   dsqliteMutex_ = std::make_unique<heavyai::DistributedSharedMutex>(
       std::filesystem::path(basePath_) / shared::kLockfilesDirectoryName /
       shared::kCatalogDirectoryName / (shared::kSystemCatalogName + ".sqlite.lockfile"));
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   dataMgr_ = dataMgr;
   authMetadata_ = &authMetadata;
   pki_server_.reset(new PkiServer(*authMetadata_));
   calciteMgr_ = calcite;
   string_dict_hosts_ = string_dict_hosts;
   aggregator_ = aggregator;
   migrations::MigrationMgr::takeMigrationLock(basePath_);
   if (is_new_db) {
     initDB();
   } else {
     bool db_exists =
         boost::filesystem::exists(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                                   shared::kSystemCatalogName);
     if (!db_exists) {
       importDataFromOldMapdDB();
     }
     if (migrations::MigrationMgr::migrationEnabled()) {
       checkAndExecuteMigrations();
       migrations::MigrationMgr::relaxMigrationLock();
     }
   }
   buildMaps(is_new_db);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::initDB ( )

private

Definition at line 279 of file SysCatalog.cpp.

References createDatabase(), createRole_unsafe(), g_read_only, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), shared::kDefaultDbName, shared::kDefaultRootPasswd, shared::kRootUserId, shared::kRootUserIdStr, shared::kRootUsername, and sqliteConnector_.

                         {
   if (g_read_only) {
     throw std::runtime_error("can't init a new database in read-only mode");
   }
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "CREATE TABLE mapd_users (userid integer primary key, name text unique, "
         "passwd_hash text, issuper boolean, default_db integer references "
         "mapd_databases, can_login boolean)");
     sqliteConnector_->query_with_text_params(
         "INSERT INTO mapd_users VALUES (?, ?, ?, 1, NULL, 1)",
         std::vector<std::string>{shared::kRootUserIdStr,
                                  shared::kRootUsername,
                                  hash_with_bcrypt(shared::kDefaultRootPasswd)});
     sqliteConnector_->query(
         "CREATE TABLE mapd_databases (dbid integer primary key, name text unique, owner "
         "integer references mapd_users)");
     sqliteConnector_->query(
         "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
         "userName))");
     sqliteConnector_->query(
         "CREATE TABLE mapd_object_permissions ("
         "roleName text, "
         "roleType bool, "
         "dbId integer references mapd_databases, "
         "objectName text, "
         "objectId integer, "
         "objectPermissionsType integer, "
         "objectPermissions integer, "
         "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
         "objectId))");
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   createDatabase(shared::kDefaultDbName, shared::kRootUserId);
   createRole_unsafe(
       shared::kRootUsername, /*userPrivateRole=*/true, /*is_temporary=*/false);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::initializeInformationSchemaDb ( )

private

Definition at line 3061 of file SysCatalog.cpp.

References createDatabase(), dropDatabase(), g_enable_system_tables, getMetadataForDB(), hasExecutedMigration(), shared::kInfoSchemaDbName, shared::kInfoSchemaMigrationName, shared::kRootUserId, LOG, recordExecutedMigration(), and logger::WARNING.

                                                {
   if (g_enable_system_tables && !hasExecutedMigration(shared::kInfoSchemaMigrationName)) {
     sys_write_lock write_lock(this);
     DBMetadata db_metadata;
     if (getMetadataForDB(shared::kInfoSchemaDbName, db_metadata)) {
       LOG(WARNING) << "A database with name \"" << shared::kInfoSchemaDbName
                    << "\" already exists. System table creation will be skipped. Rename "
                       "this database in order to use system tables.";
     } else {
       createDatabase(shared::kInfoSchemaDbName, shared::kRootUserId);
       try {
         recordExecutedMigration(shared::kInfoSchemaMigrationName);
       } catch (...) {
         getMetadataForDB(shared::kInfoSchemaDbName, db_metadata);
         dropDatabase(db_metadata);
         throw;
       }
     }
   }
 }

Here is the call graph for this function:

static SysCatalog& Catalog_Namespace::SysCatalog::instance ( )

inlinestatic

Definition at line 341 of file SysCatalog.h.

References instance_, instance_mutex_, and SysCatalog().

                                 {
     std::unique_lock lk(instance_mutex_);
     if (!instance_) {
       instance_.reset(new SysCatalog());
     }
     return *instance_;
   }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::isAggregator ( ) const

inline

Definition at line 340 of file SysCatalog.h.

References aggregator_.

Referenced by Parser::create_stmt_for_query(), ShowCreateTableCommand::execute(), Parser::LocalQueryConnector::getOuterFragmentCount(), and DBHandler::parse_to_ra().

340 { return aggregator_; }

Catalog_Namespace::SysCatalog::aggregator_

bool aggregator_

Definition: SysCatalog.h:509

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::isDashboardSystemRole ( const std::string & roleName ) const

private

Definition at line 2548 of file SysCatalog.cpp.

References SYSTEM_ROLE_TAG().

Referenced by getCreatedRoles(), getMetadataForAllObjects(), and getRoles().

                                                                       {
   return boost::algorithm::ends_with(roleName, SYSTEM_ROLE_TAG);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::isRoleGrantedToGrantee	(	const std::string &	granteeName,
		const std::string &	roleName,
		bool	only_direct
	)		const

Definition at line 2526 of file SysCatalog.cpp.

References CHECK, getRoleGrantee(), getUserGrantee(), Grantee::hasRole(), and instance().

Referenced by getRoles().

                                                                 {
   sys_read_lock read_lock(this);
   if (roleName == granteeName) {
     return true;
   }
   bool is_role_granted = false;
   auto* target_role = instance().getRoleGrantee(roleName);
   auto has_role = [&](auto grantee_rl) {
     is_role_granted = target_role && grantee_rl->hasRole(target_role, only_direct);
   };
   if (auto* user_role = instance().getUserGrantee(granteeName); user_role) {
     has_role(user_role);
   } else if (auto* role = instance().getRoleGrantee(granteeName); role) {
     has_role(role);
   } else {
     CHECK(false);
   }
   return is_role_granted;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::login	(	std::string &	db,
		std::string &	username,
		const std::string &	password,
		UserMetadata &	user_meta,
		bool	check_password = `true`
	)

logins (connects) a user against a database.

throws a std::exception in all error cases! (including wrong password)

Definition at line 863 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::can_login, getCatalog(), getMetadataForUser(), getMetadataWithDefaultDB(), and loginImpl().

                                                                 {
   // NOTE(sy): The dbname isn't const because getMetadataWithDefaultDB()
   // can reset it. The username isn't const because SamlServer's
   // login()/authenticate_user() can reset it.
 
   if (check_password) {
     loginImpl(username, password, user_meta);
   } else {  // not checking for password so user must exist
     if (!getMetadataForUser(username, user_meta)) {
       throw std::runtime_error("Invalid credentials.");
     }
   }
   // we should have a user and user_meta by now
   if (!user_meta.can_login) {
     throw std::runtime_error("Unauthorized Access: User " + username + " is deactivated");
   }
   Catalog_Namespace::DBMetadata db_meta;
   getMetadataWithDefaultDB(dbname, username, db_meta, user_meta);
   return getCatalog(db_meta, false);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::loginImpl	(	std::string &	username,
		const std::string &	password,
		UserMetadata &	user_meta
	)

private

Definition at line 889 of file SysCatalog.cpp.

References checkPasswordForUser().

Referenced by login().

                                                     {
   if (!checkPasswordForUser(password, username, user_meta)) {
     throw std::runtime_error("Authentication failure");
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migrateDBAccessPrivileges ( )

private

Definition at line 768 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, CHECK, DatabaseDBObjectType, DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, logger::ERROR, getMetadataForDB(), logger::INFO, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kRootUserId, LOG, MAPD_VERSION, DBObjectKey::permissionType, DBObject::setName(), DBObject::setObjectType(), sqliteConnector_, to_string(), DBObject::updatePrivileges(), and AccessPrivileges::VIEW_SQL_EDITOR.

Referenced by checkAndExecuteMigrations().

                                            {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "select name from sqlite_master WHERE type='table' AND "
         "name='mapd_version_history'");
     if (sqliteConnector_->getNumRows() == 0) {
       sqliteConnector_->query(
           "CREATE TABLE mapd_version_history(version integer, migration_history text "
           "unique)");
     } else {
       sqliteConnector_->query(
           "select * from mapd_version_history where migration_history = "
           "'db_access_privileges'");
       if (sqliteConnector_->getNumRows() != 0) {
         // both privileges migrated
         // no need for further execution
         sqliteConnector_->query("END TRANSACTION");
         return;
       }
     }
     // Insert check for migration
     sqliteConnector_->query_with_text_params(
         "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
         std::vector<std::string>{std::to_string(MAPD_VERSION), "db_access_privileges"});
 
     sqliteConnector_->query("select dbid, name from mapd_databases");
     std::unordered_map<int, string> databases;
     for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
       databases[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
     }
 
     sqliteConnector_->query("select userid, name from mapd_users");
     std::unordered_map<int, string> users;
     for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
       users[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
     }
 
     // All existing users by default will be granted DB Access permissions
     // and view sql editor privileges
     DBMetadata dbmeta;
     for (auto db_ : databases) {
       CHECK(getMetadataForDB(db_.second, dbmeta));
       for (auto user : users) {
         if (user.first != shared::kRootUserId) {
           {
             DBObjectKey key;
             key.permissionType = DBObjectType::DatabaseDBObjectType;
             key.dbId = dbmeta.dbId;
 
             // access permission;
             DBObject object_access(key, AccessPrivileges::ACCESS, dbmeta.dbOwner);
             object_access.setObjectType(DBObjectType::DatabaseDBObjectType);
             object_access.setName(dbmeta.dbName);
             // sql_editor permission
             DBObject object_editor(
                 key, AccessPrivileges::VIEW_SQL_EDITOR, dbmeta.dbOwner);
             object_editor.setObjectType(DBObjectType::DatabaseDBObjectType);
             object_editor.setName(dbmeta.dbName);
             object_editor.updatePrivileges(object_access);
             insertOrUpdateObjectPrivileges(
                 sqliteConnector_, user.second, true, object_editor);
           }
         }
       }
     }
   } catch (const std::exception& e) {
     LOG(ERROR) << "Failed to migrate db access privileges: " << e.what();
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   LOG(INFO) << "Successfully migrated db access privileges";
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migratePrivileged_old ( )

private

Definition at line 846 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                        {
   sys_sqlite_lock sqlite_lock(this);
 
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "CREATE TABLE IF NOT EXISTS mapd_privileges (userid integer references "
         "mapd_users, dbid integer references "
         "mapd_databases, select_priv boolean, insert_priv boolean, UNIQUE(userid, "
         "dbid))");
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migratePrivileges ( )

private

Definition at line 510 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD_MIGRATE, AccessPrivileges::ALL_TABLE_MIGRATE, AccessPrivileges::ALL_VIEW_MIGRATE, DashboardDBObjectType, DatabaseDBObjectType, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kRootUserId, AccessPrivileges::NONE, sqliteConnector_, TableDBObjectType, run_benchmark_import::type, and ViewDBObjectType.

Referenced by checkAndExecuteMigrations().

                                    {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "SELECT name FROM sqlite_master WHERE type='table' AND "
         "name='mapd_object_permissions'");
     if (sqliteConnector_->getNumRows() != 0) {
       // already done
       sqliteConnector_->query("END TRANSACTION");
       return;
     }
 
     sqliteConnector_->query(
         "CREATE TABLE IF NOT EXISTS mapd_object_permissions ("
         "roleName text, "
         "roleType bool, "
         "dbId integer references mapd_databases, "
         "objectName text, "
         "objectId integer, "
         "objectPermissionsType integer, "
         "objectPermissions integer, "
         "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
         "objectId))");
 
     // get the list of databases and their grantees
     sqliteConnector_->query(
         "SELECT userid, dbid FROM mapd_privileges WHERE select_priv = 1 and insert_priv "
         "= 1");
     size_t numRows = sqliteConnector_->getNumRows();
     vector<pair<int, int>> db_grantees(numRows);
     for (size_t i = 0; i < numRows; ++i) {
       db_grantees[i].first = sqliteConnector_->getData<int>(i, 0);
       db_grantees[i].second = sqliteConnector_->getData<int>(i, 1);
     }
     // map user names to user ids
     sqliteConnector_->query("select userid, name from mapd_users");
     numRows = sqliteConnector_->getNumRows();
     std::unordered_map<int, string> users_by_id;
     std::unordered_map<int, bool> user_has_privs;
     for (size_t i = 0; i < numRows; ++i) {
       users_by_id[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
       user_has_privs[sqliteConnector_->getData<int>(i, 0)] = false;
     }
     // map db names to db ids
     sqliteConnector_->query("select dbid, name from mapd_databases");
     numRows = sqliteConnector_->getNumRows();
     std::unordered_map<int, string> dbs_by_id;
     for (size_t i = 0; i < numRows; ++i) {
       dbs_by_id[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
     }
     // migrate old privileges to new privileges: if user had insert access to database, he
     // was a grantee
     for (const auto& grantee : db_grantees) {
       user_has_privs[grantee.first] = true;
       auto dbName = dbs_by_id[grantee.second];
       {
         // table level permissions
         auto type = DBObjectType::TableDBObjectType;
         DBObjectKey key{type, grantee.second};
         DBObject object(
             dbName, type, key, AccessPrivileges::ALL_TABLE_MIGRATE, shared::kRootUserId);
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, users_by_id[grantee.first], true, object);
       }
 
       {
         // dashboard level permissions
         auto type = DBObjectType::DashboardDBObjectType;
         DBObjectKey key{type, grantee.second};
         DBObject object(dbName,
                         type,
                         key,
                         AccessPrivileges::ALL_DASHBOARD_MIGRATE,
                         shared::kRootUserId);
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, users_by_id[grantee.first], true, object);
       }
 
       {
         // view level permissions
         auto type = DBObjectType::ViewDBObjectType;
         DBObjectKey key{type, grantee.second};
         DBObject object(
             dbName, type, key, AccessPrivileges::ALL_VIEW_MIGRATE, shared::kRootUserId);
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, users_by_id[grantee.first], true, object);
       }
     }
     for (auto user : user_has_privs) {
       auto dbName = dbs_by_id[0];
       if (user.second == false && user.first != shared::kRootUserId) {
         {
           auto type = DBObjectType::DatabaseDBObjectType;
           DBObjectKey key{type, 0};
           DBObject object(dbName, type, key, AccessPrivileges::NONE, shared::kRootUserId);
           insertOrUpdateObjectPrivileges(
               sqliteConnector_, users_by_id[user.first], true, object);
         }
       }
     }
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::string Catalog_Namespace::SysCatalog::name ( ) const

inline

Definition at line 356 of file SysCatalog.h.

References shared::kSystemCatalogName.

Referenced by alterUser(), buildRoleMapUnlocked(), createUser(), and Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users().

356 { return shared::kSystemCatalogName; }

shared::kSystemCatalogName

const std::string kSystemCatalogName

Definition: SysDefinitions.h:26

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::populateRoleDbObjects ( const std::vector< DBObject > & objects )

Definition at line 2672 of file SysCatalog.cpp.

References CHECK, getMetadataForUserById(), getUserGrantee(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), sqliteConnector_, and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::Catalog::recordOwnershipOfObjectsInObjectPermissions().

                                                                          {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     for (auto dbobject : objects) {
       UserMetadata user;
       CHECK(getMetadataForUserById(dbobject.getOwner(), user));
       auto* grantee = getUserGrantee(user.userName);
       if (grantee) {
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, grantee->getName(), true, dbobject);
         grantee->grantPrivileges(dbobject);
       }
     }
 
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::reassignObjectOwners	(	const std::map< int32_t, std::vector< DBObject >> &	old_owner_db_objects,
		int32_t	new_owner_id,
		const Catalog_Namespace::Catalog &	catalog
	)

Reassigns database object ownership from a set of users (old owners) to another user (new owner).

Parameters

old_owner_db_objects	- map of user ids and database objects whose ownership will be reassigned
new_owner_id	- id of user who will own reassigned database objects
catalog	- catalog for database where ownership reassignment occurred

Definition at line 3006 of file SysCatalog.cpp.

References CHECK, shared::contains(), Catalog_Namespace::Catalog::getDatabaseId(), getMetadataForUserById(), grantDBObjectPrivilegesBatch_unsafe(), granteeMap_, Catalog_Namespace::UserMetadata::isSuper, objectDescriptorMap_, rebuildObjectMapsUnlocked(), revokeDBObjectPrivilegesBatch_unsafe(), sqliteConnector_, to_string(), and Catalog_Namespace::UserMetadata::userName.

                                              {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     UserMetadata new_owner;
     CHECK(getMetadataForUserById(new_owner_id, new_owner));
     for (const auto& [old_owner_id, db_objects] : old_owner_db_objects) {
       UserMetadata old_owner;
       CHECK(getMetadataForUserById(old_owner_id, old_owner));
       if (!old_owner.isSuper) {
         revokeDBObjectPrivilegesBatch_unsafe({old_owner.userName}, db_objects, catalog);
       }
       if (!new_owner.isSuper) {
         grantDBObjectPrivilegesBatch_unsafe({new_owner.userName}, db_objects, catalog);
       }
     }
 
     std::set<int32_t> old_owner_ids;
     for (const auto& [old_owner_id, db_objects] : old_owner_db_objects) {
       old_owner_ids.emplace(old_owner_id);
     }
 
     auto db_id = catalog.getDatabaseId();
     for (const auto old_user_id : old_owner_ids) {
       sqliteConnector_->query_with_text_params(
           "UPDATE mapd_object_permissions SET objectOwnerId = ? WHERE objectOwnerId = ? "
           "AND dbId = ? AND objectId != -1",
           std::vector<std::string>{std::to_string(new_owner_id),
                                    std::to_string(old_user_id),
                                    std::to_string(db_id)});
     }
 
     for (const auto& [user_or_role, grantee] : granteeMap_) {
       grantee->reassignObjectOwners(old_owner_ids, new_owner_id, db_id);
     }
 
     for (const auto& [object_key, object_descriptor] : objectDescriptorMap_) {
       if (object_descriptor->objectId != -1 && object_descriptor->dbId == db_id &&
           shared::contains(old_owner_ids, object_descriptor->objectOwnerId)) {
         object_descriptor->objectOwnerId = new_owner_id;
       }
     }
   } catch (std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     rebuildObjectMapsUnlocked();
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::rebuildObjectMapsUnlocked ( )

private

Definition at line 3118 of file SysCatalog.cpp.

References buildObjectDescriptorMapUnlocked(), buildRoleMapUnlocked(), granteeMap_, and objectDescriptorMap_.

Referenced by reassignObjectOwners(), and runUpdateQueriesAndChangeOwnership().

                                            {
   // Rebuild updated maps from storage
   granteeMap_.clear();
   buildRoleMapUnlocked();
   objectDescriptorMap_.clear();
   buildObjectDescriptorMapUnlocked();
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::recordExecutedMigration ( const std::string & migration_name ) const

private

Definition at line 3093 of file SysCatalog.cpp.

References createVersionHistoryTable(), hasVersionHistoryTable(), MAPD_VERSION, sqliteConnector_, and to_string().

Referenced by initializeInformationSchemaDb().

                                                                               {
   if (!hasVersionHistoryTable()) {
     createVersionHistoryTable();
   }
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_params(
       "INSERT INTO mapd_version_history(version, migration_history) values(?, ?)",
       std::vector<std::string>{std::to_string(MAPD_VERSION), migration_name});
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::removeCatalog ( const std::string & dbName )

Definition at line 3002 of file SysCatalog.cpp.

References cat_map_.

Referenced by createDatabase(), dropDatabase(), and renameDatabase().

                                                       {
   cat_map_.erase(dbName);
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameDatabase	(	std::string const &	old_name,
		std::string const &	new_name
	)

Definition at line 1362 of file SysCatalog.cpp.

References DatabaseDBObjectType, Catalog_Namespace::CommonFileOperations::duplicateAndRenameCatalog(), getMetadataForDB(), shared::kSystemCatalogName, removeCatalog(), Catalog_Namespace::CommonFileOperations::removeCatalogByFullPath(), sqliteConnector_, to_string(), to_upper(), and yieldTransactionStreamer().

Referenced by AlterDatabaseCommand::rename().

                                                            {
   using namespace std::string_literals;
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   DBMetadata new_db;
   if (getMetadataForDB(new_name, new_db)) {
     throw std::runtime_error("Database " + new_name + " already exists.");
   }
   if (to_upper(new_name) == to_upper(shared::kSystemCatalogName)) {
     throw std::runtime_error("Database name " + new_name + "is reserved.");
   }
 
   DBMetadata old_db;
   if (!getMetadataForDB(old_name, old_db)) {
     throw std::runtime_error("Database " + old_name + " does not exists.");
   }
 
   removeCatalog(old_db.dbName);
 
   std::string old_catalog_path, new_catalog_path;
   std::tie(old_catalog_path, new_catalog_path) =
       duplicateAndRenameCatalog(old_name, new_name);
 
   auto transaction_streamer = yieldTransactionStreamer();
   auto failure_handler = [this, new_catalog_path] {
     removeCatalogByFullPath(new_catalog_path);
   };
   auto success_handler = [this, old_catalog_path] {
     removeCatalogByFullPath(old_catalog_path);
   };
 
   auto q1 = {"UPDATE mapd_databases SET name=?1 WHERE name=?2;"s, new_name, old_name};
   auto q2 = {
       "UPDATE mapd_object_permissions SET objectName=?1 WHERE objectNAME=?2 and (objectPermissionsType=?3 or objectId = -1) and dbId=?4;"s,
       new_name,
       old_name,
       std::to_string(static_cast<int>(DBObjectType::DatabaseDBObjectType)),
       std::to_string(old_db.dbId)};
 
   transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameDBObject	(	const std::string &	objectName,
		const std::string &	newName,
		DBObjectType	type,
		int32_t	objectId,
		const Catalog_Namespace::Catalog &	catalog
	)

Renames an DBObject

Parameters

objectName	- original DBObject name
newName	- new name of DBObject
type	- type of DBObject
objectId	- original DBObject ID
catalog	- Catalog instance object exists in

Definition at line 1864 of file SysCatalog.cpp.

References DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), getGrantee(), getMetadataForObject(), DBObjectKey::objectId, DBObjectKey::permissionType, Grantee::renameDbObject(), renameObjectsInDescriptorMap(), DBObject::setObjectKey(), and run_benchmark_import::type.

                                                                          {
   sys_write_lock write_lock(this);
   DBObject new_object(newName, type);
   DBObjectKey key;
   key.dbId = catalog.getCurrentDB().dbId;
   key.objectId = objectId;
   key.permissionType = type;
   new_object.setObjectKey(key);
   auto objdescs =
       getMetadataForObject(key.dbId, static_cast<int32_t>(type), key.objectId);
   for (auto obj : objdescs) {
     Grantee* grnt = getGrantee(obj->roleName);
     if (grnt) {
       grnt->renameDbObject(new_object);
     }
   }
   renameObjectsInDescriptorMap(new_object, catalog);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::renameObjectsInDescriptorMap	(	DBObject &	object,
		const Catalog_Namespace::Catalog &	cat
	)

Definition at line 2371 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), objectDescriptorMap_, sqliteConnector_, and to_string().

Referenced by renameDBObject().

                                                                                    {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   auto range = objectDescriptorMap_.equal_range(
       std::to_string(cat.getCurrentDB().dbId) + ":" +
       std::to_string(object.getObjectKey().permissionType) + ":" +
       std::to_string(object.getObjectKey().objectId));
   for (auto d = range.first; d != range.second; ++d) {
     // rename object
     d->second->objectName = object.getName();
   }
 
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query_with_text_params(
         "UPDATE mapd_object_permissions SET objectName = ?1 WHERE "
         "dbId = ?2 AND objectId = ?3",
         std::vector<std::string>{object.getName(),
                                  std::to_string(cat.getCurrentDB().dbId),
                                  std::to_string(object.getObjectKey().objectId)});
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameUser	(	std::string const &	old_name,
		std::string const &	new_name
	)

Definition at line 1282 of file SysCatalog.cpp.

References CHECK, Catalog_Namespace::g_log_user_id, getGrantee(), getMetadataForUser(), sqliteConnector_, temporary_users_by_name_, updateUserRoleName(), and yieldTransactionStreamer().

                                                                                 {
   using namespace std::string_literals;
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   UserMetadata old_user;
   if (!getMetadataForUser(old_name, old_user)) {
     std::string const loggable = g_log_user_id ? std::string("") : old_name + ' ';
     throw std::runtime_error("User " + loggable + "doesn't exist.");
   }
 
   UserMetadata new_user;
   if (getMetadataForUser(new_name, new_user)) {
     throw std::runtime_error("User " + new_user.userLoggable() + " already exists.");
   }
 
   if (getGrantee(new_name)) {
     std::string const loggable = g_log_user_id ? std::string("") : new_name + ' ';
     throw runtime_error(
         "Username " + loggable +
         "is same as one of existing grantees. User and role names should be unique.");
   }
 
   // Temporary user.
   if (old_user.is_temporary) {
     auto userit = temporary_users_by_name_.find(old_name);
     CHECK(userit != temporary_users_by_name_.end());
     auto node = temporary_users_by_name_.extract(userit);
     node.key() = new_name;
     temporary_users_by_name_.insert(std::move(node));
     userit->second->userName = new_name;
     updateUserRoleName(old_name, new_name);
     return;
   }
 
   // Normal user.
   auto transaction_streamer = yieldTransactionStreamer();
   auto failure_handler = [] {};
   auto success_handler = [this, &old_name, &new_name] {
     updateUserRoleName(old_name, new_name);
   };
   auto q1 = {"UPDATE mapd_users SET name=?1 where name=?2;"s, new_name, old_name};
   auto q2 = {"UPDATE mapd_object_permissions set roleName=?1 WHERE roleName=?2;"s,
              new_name,
              old_name};
   auto q3 = {"UPDATE mapd_roles set userName=?1 WHERE userName=?2;"s, new_name, old_name};
   transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2, q3);
 }

Classes

Public Member Functions

Static Public Member Functions

Public Attributes

Static Public Attributes

Private Types

Private Member Functions

Private Attributes

Static Private Attributes

Detailed Description

Member Typedef Documentation

Constructor & Destructor Documentation

Member Function Documentation