OmniSciDB  72c90bc290
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
anonymous_namespace{Calcite.cpp} Namespace Reference

Functions

template<typename XDEBUG_OPTION , typename REMOTE_DEBUG_OPTION , typename... REMAINING_ARGS>
int wrapped_execlp (char const *path, XDEBUG_OPTION &&x_debug, REMOTE_DEBUG_OPTION &&remote_debug, REMAINING_ARGS &&...standard_args)
 
void check_db_access (const Catalog_Namespace::SessionInfo &session_info, const Catalog_Namespace::Catalog &accessed_catalog)
 
void checkPermissionForTables (const Catalog_Namespace::SessionInfo &session_info, std::vector< std::vector< std::string >> tableOrViewNames, AccessPrivileges tablePrivs, AccessPrivileges viewPrivs)
 

Function Documentation

void anonymous_namespace{Calcite.cpp}::check_db_access ( const Catalog_Namespace::SessionInfo session_info,
const Catalog_Namespace::Catalog accessed_catalog 
)

Definition at line 423 of file Calcite.cpp.

References AccessPrivileges::ACCESS, DatabaseDBObjectType, Catalog_Namespace::SessionInfo::get_currentUser(), Catalog_Namespace::SysCatalog::instance(), DBObject::loadKey(), Catalog_Namespace::Catalog::name(), and DBObject::setPrivileges().

Referenced by checkPermissionForTables().

424  {
425  const auto db_name = accessed_catalog.name();
426  DBObject db_object(db_name, DatabaseDBObjectType);
427  db_object.loadKey(accessed_catalog);
428  db_object.setPrivileges(AccessPrivileges::ACCESS);
429 
430  const auto& user = session_info.get_currentUser();
431  if (!Catalog_Namespace::SysCatalog::instance().checkPrivileges(user, {db_object})) {
432  throw std::runtime_error("Unauthorized Access: user " + user.userLoggable() +
433  " is not allowed to access database " + db_name + ".");
434  }
435 }
std::string name() const
Definition: Catalog.h:348
static SysCatalog & instance()
Definition: SysCatalog.h:343
static const AccessPrivileges ACCESS
Definition: DBObject.h:153
const UserMetadata & get_currentUser() const
Definition: SessionInfo.h:88

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void anonymous_namespace{Calcite.cpp}::checkPermissionForTables ( const Catalog_Namespace::SessionInfo session_info,
std::vector< std::vector< std::string >>  tableOrViewNames,
AccessPrivileges  tablePrivs,
AccessPrivileges  viewPrivs 
)

Definition at line 437 of file Calcite.cpp.

References CHECK, check_db_access(), DBObjectKey::dbId, Catalog_Namespace::SessionInfo::get_currentUser(), Catalog_Namespace::SysCatalog::getCatalog(), AccessPrivileges::hasAny(), Catalog_Namespace::SysCatalog::instance(), TableDescriptor::isView, DBObjectKey::objectId, DBObjectKey::permissionType, TableDBObjectType, TableDescriptor::tableId, TableDescriptor::userId, Catalog_Namespace::UserMetadata::userLoggable(), and ViewDBObjectType.

Referenced by Calcite::checkAccessedObjectsPrivileges().

440  {
441  for (auto tableOrViewName : tableOrViewNames) {
442  // Calcite returns table names in the form of a {table_name, database_name} vector.
443  const auto catalog =
445  CHECK(catalog);
446  check_db_access(session_info, *catalog);
447 
448  const TableDescriptor* tableMeta =
449  catalog->getMetadataForTable(tableOrViewName[0], false);
450 
451  if (!tableMeta) {
452  throw std::runtime_error("unknown table of view: " + tableOrViewName[0]);
453  }
454 
455  DBObjectKey key;
456  key.dbId = catalog->getCurrentDB().dbId;
459  key.objectId = tableMeta->tableId;
460  AccessPrivileges privs = tableMeta->isView ? viewPrivs : tablePrivs;
461  DBObject dbobject(key, privs, tableMeta->userId);
462  std::vector<DBObject> privObjects{dbobject};
463 
464  if (!privs.hasAny()) {
465  throw std::runtime_error("Operation not supported for object " +
466  tableOrViewName[0]);
467  }
468 
469  if (!Catalog_Namespace::SysCatalog::instance().checkPrivileges(
470  session_info.get_currentUser(), privObjects)) {
471  throw std::runtime_error("Violation of access privileges: user " +
472  session_info.get_currentUser().userLoggable() +
473  " has no proper privileges for object " +
474  tableOrViewName[0]);
475  }
476  }
477 }
bool hasAny() const
Definition: DBObject.h:140
int32_t objectId
Definition: DBObject.h:55
static SysCatalog & instance()
Definition: SysCatalog.h:343
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
void check_db_access(const Catalog_Namespace::SessionInfo &session_info, const Catalog_Namespace::Catalog &accessed_catalog)
Definition: Calcite.cpp:423
int32_t dbId
Definition: DBObject.h:54
#define CHECK(condition)
Definition: Logger.h:291
int32_t permissionType
Definition: DBObject.h:53
std::string userLoggable() const
Definition: SysCatalog.cpp:158
const UserMetadata & get_currentUser() const
Definition: SessionInfo.h:88

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

template<typename XDEBUG_OPTION , typename REMOTE_DEBUG_OPTION , typename... REMAINING_ARGS>
int anonymous_namespace{Calcite.cpp}::wrapped_execlp ( char const *  path,
XDEBUG_OPTION &&  x_debug,
REMOTE_DEBUG_OPTION &&  remote_debug,
REMAINING_ARGS &&...  standard_args 
)

Definition at line 58 of file Calcite.cpp.

Referenced by start_calcite_server_as_daemon().

61  {
62 #ifdef ENABLE_JAVA_REMOTE_DEBUG
63  return execlp(
64  path, x_debug, remote_debug, std::forward<REMAINING_ARGS>(standard_args)...);
65 #else
66  return execlp(path, std::forward<REMAINING_ARGS>(standard_args)...);
67 #endif
68 }

+ Here is the caller graph for this function: