ClickHouse/src/Access/RowPolicyCache.h

#pragma once

#include <Access/EnabledRowPolicies.h>
#include <base/scope_guard.h>
#include <mutex>
#include <map>
#include <unordered_map>


namespace DB
{
class AccessControl;
struct RolesOrUsersSet;
struct RowPolicy;
using RowPolicyPtr = std::shared_ptr<const RowPolicy>;

/// Stores read and parsed row policies.
class RowPolicyCache
{
public:
    RowPolicyCache(const AccessControl & access_control_);
    ~RowPolicyCache();

    std::shared_ptr<const EnabledRowPolicies> getEnabledRowPolicies(const UUID & user_id, const boost::container::flat_set<UUID> & enabled_roles);

private:
    struct PolicyInfo
    {
        PolicyInfo(const RowPolicyPtr & policy_) { setPolicy(policy_); }
        void setPolicy(const RowPolicyPtr & policy_);

        RowPolicyPtr policy;
        const RolesOrUsersSet * roles = nullptr;
        std::shared_ptr<const std::pair<String, String>> database_and_table_name;
        ASTPtr parsed_filters[static_cast<size_t>(RowPolicyFilterType::MAX)];
    };

    void ensureAllRowPoliciesRead();
    void rowPolicyAddedOrChanged(const UUID & policy_id, const RowPolicyPtr & new_policy);
    void rowPolicyRemoved(const UUID & policy_id);
    void mixFilters();
    void mixFiltersFor(EnabledRowPolicies & enabled);

    const AccessControl & access_control;
    std::unordered_map<UUID, PolicyInfo> all_policies;
    bool all_policies_read = false;
    scope_guard subscription;
    std::map<EnabledRowPolicies::Params, std::weak_ptr<EnabledRowPolicies>> enabled_row_policies;
    std::mutex mutex;
};

}
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`#pragma once`

Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`#include <Access/EnabledRowPolicies.h>`
Rename "common" to "base" 2021-10-02 07:13:14 +00:00			`#include <base/scope_guard.h>`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`#include <mutex>`
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`#include <map>`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`#include <unordered_map>`


			`namespace DB`
			`{`
Rename AccessControlManager -> AccessControl. 2021-11-02 11:06:20 +00:00			`class AccessControl;`
Rename RowPolicy::ConditionType -> RowPolicyFilterType and move it to Access/Common. 2021-11-18 13:04:42 +00:00			`struct RolesOrUsersSet;`
			`struct RowPolicy;`
			`using RowPolicyPtr = std::shared_ptr<const RowPolicy>;`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00
			`/// Stores read and parsed row policies.`
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`class RowPolicyCache`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`{`
			`public:`
Rename AccessControlManager -> AccessControl. 2021-11-02 11:06:20 +00:00			`RowPolicyCache(const AccessControl & access_control_);`
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`~RowPolicyCache();`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00
Use boost::flat_set instead of vector to store current and enabled roles. 2020-04-29 19:35:56 +00:00			`std::shared_ptr<const EnabledRowPolicies> getEnabledRowPolicies(const UUID & user_id, const boost::container::flat_set<UUID> & enabled_roles);`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00
			`private:`
			`struct PolicyInfo`
			`{`
			`PolicyInfo(const RowPolicyPtr & policy_) { setPolicy(policy_); }`
			`void setPolicy(const RowPolicyPtr & policy_);`

			`RowPolicyPtr policy;`
Rename ExtendedRoleSet => RolesOrUsersSet. 2020-05-30 20:10:45 +00:00			`const RolesOrUsersSet * roles = nullptr;`
Improve system table for row policies. Remove function currentRowPolicies(). 2020-05-07 02:45:27 +00:00			`std::shared_ptr<const std::pair<String, String>> database_and_table_name;`
Rename RowPolicy::ConditionType -> RowPolicyFilterType and move it to Access/Common. 2021-11-18 13:04:42 +00:00			`ASTPtr parsed_filters[static_cast<size_t>(RowPolicyFilterType::MAX)];`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`};`

			`void ensureAllRowPoliciesRead();`
			`void rowPolicyAddedOrChanged(const UUID & policy_id, const RowPolicyPtr & new_policy);`
			`void rowPolicyRemoved(const UUID & policy_id);`
Rename RowPolicy::ConditionType -> RowPolicyFilterType and move it to Access/Common. 2021-11-18 13:04:42 +00:00			`void mixFilters();`
			`void mixFiltersFor(EnabledRowPolicies & enabled);`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00
Rename AccessControlManager -> AccessControl. 2021-11-02 11:06:20 +00:00			`const AccessControl & access_control;`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`std::unordered_map<UUID, PolicyInfo> all_policies;`
			`bool all_policies_read = false;`
Merge ext into common 2021-06-15 19:55:21 +00:00			`scope_guard subscription;`
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`std::map<EnabledRowPolicies::Params, std::weak_ptr<EnabledRowPolicies>> enabled_row_policies;`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`std::mutex mutex;`
			`};`

			`}`