ClickHouse/dbms/Access/RowPolicyCache.h

#pragma once

#include <Access/EnabledRowPolicies.h>
#include <ext/scope_guard.h>
#include <mutex>
#include <map>
#include <unordered_map>


namespace DB
{
class AccessControlManager;

/// Stores read and parsed row policies.
class RowPolicyCache
{
public:
    RowPolicyCache(const AccessControlManager & access_control_manager_);
    ~RowPolicyCache();

    std::shared_ptr<const EnabledRowPolicies> getEnabledRowPolicies(const UUID & user_id, const std::vector<UUID> & enabled_roles);

private:
    using ParsedConditions = EnabledRowPolicies::ParsedConditions;

    struct PolicyInfo
    {
        PolicyInfo(const RowPolicyPtr & policy_) { setPolicy(policy_); }
        void setPolicy(const RowPolicyPtr & policy_);

        RowPolicyPtr policy;
        const ExtendedRoleSet * roles = nullptr;
        ParsedConditions parsed_conditions;
    };

    void ensureAllRowPoliciesRead();
    void rowPolicyAddedOrChanged(const UUID & policy_id, const RowPolicyPtr & new_policy);
    void rowPolicyRemoved(const UUID & policy_id);
    void mixConditions();
    void mixConditionsFor(EnabledRowPolicies & enabled);

    const AccessControlManager & access_control_manager;
    std::unordered_map<UUID, PolicyInfo> all_policies;
    bool all_policies_read = false;
    ext::scope_guard subscription;
    std::map<EnabledRowPolicies::Params, std::weak_ptr<EnabledRowPolicies>> enabled_row_policies;
    std::mutex mutex;
};

}
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`#pragma once`

Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`#include <Access/EnabledRowPolicies.h>`
Use the generic class ext::scope_guard for subscriptions in IAccessStorage instead of a special class. 2020-01-29 15:51:12 +00:00			`#include <ext/scope_guard.h>`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`#include <mutex>`
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`#include <map>`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`#include <unordered_map>`


			`namespace DB`
			`{`
			`class AccessControlManager;`

			`/// Stores read and parsed row policies.`
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`class RowPolicyCache`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`{`
			`public:`
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`RowPolicyCache(const AccessControlManager & access_control_manager_);`
			`~RowPolicyCache();`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`std::shared_ptr<const EnabledRowPolicies> getEnabledRowPolicies(const UUID & user_id, const std::vector<UUID> & enabled_roles);`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00
			`private:`
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`using ParsedConditions = EnabledRowPolicies::ParsedConditions;`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00
			`struct PolicyInfo`
			`{`
			`PolicyInfo(const RowPolicyPtr & policy_) { setPolicy(policy_); }`
			`void setPolicy(const RowPolicyPtr & policy_);`

			`RowPolicyPtr policy;`
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`const ExtendedRoleSet * roles = nullptr;`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`ParsedConditions parsed_conditions;`
			`};`

			`void ensureAllRowPoliciesRead();`
			`void rowPolicyAddedOrChanged(const UUID & policy_id, const RowPolicyPtr & new_policy);`
			`void rowPolicyRemoved(const UUID & policy_id);`
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`void mixConditions();`
			`void mixConditionsFor(EnabledRowPolicies & enabled);`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00
			`const AccessControlManager & access_control_manager;`
			`std::unordered_map<UUID, PolicyInfo> all_policies;`
			`bool all_policies_read = false;`
Use the generic class ext::scope_guard for subscriptions in IAccessStorage instead of a special class. 2020-01-29 15:51:12 +00:00			`ext::scope_guard subscription;`
Mass rename: AccessRightsContext -> ContextAccess, QuotaContext -> EnabledQuota, RoleContext -> EnabledRoles, and so on. 2020-03-07 17:37:38 +00:00			`std::map<EnabledRowPolicies::Params, std::weak_ptr<EnabledRowPolicies>> enabled_row_policies;`
Rework RowPolicy based on IAccessEntity. 2019-11-17 11:57:02 +00:00			`std::mutex mutex;`
			`};`

			`}`