2019-11-17 11:57:02 +00:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
|
|
#include <Access/IAccessEntity.h>
|
2020-05-30 20:10:45 +00:00
|
|
|
#include <Access/RolesOrUsersSet.h>
|
2021-11-18 07:45:52 +00:00
|
|
|
#include <Access/Common/RowPolicyDefs.h>
|
2021-01-27 00:54:57 +00:00
|
|
|
#include <Core/Types.h>
|
2020-05-07 02:45:27 +00:00
|
|
|
#include <array>
|
2019-11-17 11:57:02 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
namespace DB
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/** Represents a row level security policy for a table.
|
|
|
|
|
*/
|
|
|
|
|
struct RowPolicy : public IAccessEntity
|
|
|
|
|
{
|
2020-05-02 22:30:28 +00:00
|
|
|
void setShortName(const String & short_name);
|
|
|
|
|
void setDatabase(const String & database);
|
|
|
|
|
void setTableName(const String & table_name);
|
2021-11-18 07:45:52 +00:00
|
|
|
void setFullName(const String & short_name, const String & database, const String & table_name);
|
|
|
|
|
void setFullName(const RowPolicyName & full_name_);
|
2020-05-02 22:30:28 +00:00
|
|
|
|
2021-11-18 07:45:52 +00:00
|
|
|
const String & getDatabase() const { return full_name.database; }
|
|
|
|
|
const String & getTableName() const { return full_name.table_name; }
|
|
|
|
|
const String & getShortName() const { return full_name.short_name; }
|
|
|
|
|
const RowPolicyName & getFullName() const { return full_name; }
|
2020-05-02 22:30:28 +00:00
|
|
|
|
2021-11-18 13:04:42 +00:00
|
|
|
/// A SQL conditional expression used to figure out which rows should be visible
|
|
|
|
|
/// for user or available for modification.
|
|
|
|
|
std::array<String, static_cast<size_t>(RowPolicyFilterType::MAX)> filters;
|
2019-11-17 11:57:02 +00:00
|
|
|
|
2022-03-21 05:41:33 +00:00
|
|
|
/// Sets that the policy is permissive.
|
|
|
|
|
/// A row is only accessible if at least one of the permissive policies passes,
|
|
|
|
|
/// in addition to all the restrictive policies.
|
|
|
|
|
void setPermissive(bool permissive_ = true) { setRestrictive(!permissive_); }
|
|
|
|
|
bool isPermissive() const { return !isRestrictive(); }
|
|
|
|
|
|
|
|
|
|
/// Sets that the policy is restrictive.
|
|
|
|
|
/// A row is only accessible if at least one of the permissive policies passes,
|
|
|
|
|
/// in addition to all the restrictive policies.
|
|
|
|
|
void setRestrictive(bool restrictive_ = true) { restrictive = restrictive_; }
|
|
|
|
|
bool isRestrictive() const { return restrictive; }
|
2019-11-17 11:57:02 +00:00
|
|
|
|
|
|
|
|
bool equal(const IAccessEntity & other) const override;
|
|
|
|
|
std::shared_ptr<IAccessEntity> clone() const override { return cloneImpl<RowPolicy>(); }
|
2021-11-18 20:54:18 +00:00
|
|
|
static constexpr const auto TYPE = AccessEntityType::ROW_POLICY;
|
|
|
|
|
AccessEntityType getType() const override { return TYPE; }
|
2019-11-17 11:57:02 +00:00
|
|
|
|
2022-06-15 18:25:13 +00:00
|
|
|
std::vector<UUID> findDependencies() const override;
|
|
|
|
|
void replaceDependencies(const std::unordered_map<UUID, UUID> & old_to_new_ids) override;
|
2022-06-19 10:49:50 +00:00
|
|
|
bool isBackupAllowed() const override { return true; }
|
2022-06-15 18:25:13 +00:00
|
|
|
|
2020-02-10 02:26:56 +00:00
|
|
|
/// Which roles or users should use this row policy.
|
2020-05-30 20:10:45 +00:00
|
|
|
RolesOrUsersSet to_roles;
|
2019-11-17 11:57:02 +00:00
|
|
|
|
|
|
|
|
private:
|
2021-11-18 07:45:52 +00:00
|
|
|
void setName(const String &) override;
|
2020-05-02 22:30:28 +00:00
|
|
|
|
2021-11-18 07:45:52 +00:00
|
|
|
RowPolicyName full_name;
|
2022-03-21 05:41:33 +00:00
|
|
|
bool restrictive = false;
|
2019-11-17 11:57:02 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
using RowPolicyPtr = std::shared_ptr<const RowPolicy>;
|
2020-05-07 02:45:27 +00:00
|
|
|
|
2019-11-17 11:57:02 +00:00
|
|
|
}
|
