2020-01-12 21:00:55 +00:00
|
|
|
#pragma once
|
|
|
|
|
|
2021-10-02 07:13:14 +00:00
|
|
|
#include <base/types.h>
|
2021-10-31 08:51:20 +00:00
|
|
|
#include <Access/Common/AccessRightsElement.h>
|
2021-11-02 13:05:33 +00:00
|
|
|
#include <functional>
|
2020-01-12 21:00:55 +00:00
|
|
|
#include <memory>
|
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
namespace DB
|
|
|
|
|
{
|
|
|
|
|
/// Represents a set of access types granted on databases, tables, columns, etc.
|
|
|
|
|
/// For example, "GRANT SELECT, UPDATE ON db.*, GRANT INSERT ON db2.mytbl2" are access rights.
|
|
|
|
|
class AccessRights
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
AccessRights();
|
2022-03-11 15:52:15 +00:00
|
|
|
explicit AccessRights(const AccessFlags & access);
|
2022-06-18 22:01:08 +00:00
|
|
|
explicit AccessRights(const AccessRightsElement & element);
|
|
|
|
|
explicit AccessRights(const AccessRightsElements & elements);
|
|
|
|
|
|
2020-01-12 21:00:55 +00:00
|
|
|
~AccessRights();
|
|
|
|
|
AccessRights(const AccessRights & src);
|
|
|
|
|
AccessRights & operator =(const AccessRights & src);
|
2022-02-25 19:04:48 +00:00
|
|
|
AccessRights(AccessRights && src) noexcept;
|
|
|
|
|
AccessRights & operator =(AccessRights && src) noexcept;
|
2020-01-12 21:00:55 +00:00
|
|
|
|
|
|
|
|
bool isEmpty() const;
|
|
|
|
|
|
2020-03-05 17:02:11 +00:00
|
|
|
/// Revokes everything. It's the same as revoke(AccessType::ALL).
|
2020-01-12 21:00:55 +00:00
|
|
|
void clear();
|
|
|
|
|
|
2020-06-20 22:44:52 +00:00
|
|
|
/// Returns the information about all the access granted as a string.
|
|
|
|
|
String toString() const;
|
|
|
|
|
|
|
|
|
|
/// Returns the information about all the access granted.
|
2021-02-26 22:37:00 +00:00
|
|
|
AccessRightsElements getElements() const;
|
2020-06-20 22:44:52 +00:00
|
|
|
|
2020-01-12 21:00:55 +00:00
|
|
|
/// Grants access on a specified database/table/column.
|
|
|
|
|
/// Does nothing if the specified access has been already granted.
|
2020-03-07 17:37:38 +00:00
|
|
|
void grant(const AccessFlags & flags);
|
2022-07-14 16:11:35 +00:00
|
|
|
void grant(const AccessFlags & flags, std::string_view database);
|
|
|
|
|
void grant(const AccessFlags & flags, std::string_view database, std::string_view table);
|
|
|
|
|
void grant(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
|
|
|
|
|
void grant(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector<std::string_view> & columns);
|
|
|
|
|
void grant(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
|
2020-06-20 22:44:52 +00:00
|
|
|
void grant(const AccessRightsElement & element);
|
|
|
|
|
void grant(const AccessRightsElements & elements);
|
|
|
|
|
|
|
|
|
|
void grantWithGrantOption(const AccessFlags & flags);
|
2022-07-14 16:11:35 +00:00
|
|
|
void grantWithGrantOption(const AccessFlags & flags, std::string_view database);
|
|
|
|
|
void grantWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table);
|
|
|
|
|
void grantWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
|
|
|
|
|
void grantWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector<std::string_view> & columns);
|
|
|
|
|
void grantWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
|
2020-06-20 22:44:52 +00:00
|
|
|
void grantWithGrantOption(const AccessRightsElement & element);
|
|
|
|
|
void grantWithGrantOption(const AccessRightsElements & elements);
|
2020-01-12 21:00:55 +00:00
|
|
|
|
|
|
|
|
/// Revokes a specified access granted earlier on a specified database/table/column.
|
2020-03-05 17:02:11 +00:00
|
|
|
/// For example, revoke(AccessType::ALL) revokes all grants at all, just like clear();
|
2020-03-07 17:37:38 +00:00
|
|
|
void revoke(const AccessFlags & flags);
|
2022-07-14 16:11:35 +00:00
|
|
|
void revoke(const AccessFlags & flags, std::string_view database);
|
|
|
|
|
void revoke(const AccessFlags & flags, std::string_view database, std::string_view table);
|
|
|
|
|
void revoke(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
|
|
|
|
|
void revoke(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector<std::string_view> & columns);
|
|
|
|
|
void revoke(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
|
2020-06-20 22:44:52 +00:00
|
|
|
void revoke(const AccessRightsElement & element);
|
|
|
|
|
void revoke(const AccessRightsElements & elements);
|
|
|
|
|
|
|
|
|
|
void revokeGrantOption(const AccessFlags & flags);
|
2022-07-14 16:11:35 +00:00
|
|
|
void revokeGrantOption(const AccessFlags & flags, std::string_view database);
|
|
|
|
|
void revokeGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table);
|
|
|
|
|
void revokeGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
|
|
|
|
|
void revokeGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector<std::string_view> & columns);
|
|
|
|
|
void revokeGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
|
2020-06-20 22:44:52 +00:00
|
|
|
void revokeGrantOption(const AccessRightsElement & element);
|
|
|
|
|
void revokeGrantOption(const AccessRightsElements & elements);
|
2020-01-12 21:00:55 +00:00
|
|
|
|
|
|
|
|
/// Whether a specified access granted.
|
2020-03-05 17:02:11 +00:00
|
|
|
bool isGranted(const AccessFlags & flags) const;
|
2022-07-14 16:11:35 +00:00
|
|
|
bool isGranted(const AccessFlags & flags, std::string_view database) const;
|
|
|
|
|
bool isGranted(const AccessFlags & flags, std::string_view database, std::string_view table) const;
|
|
|
|
|
bool isGranted(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column) const;
|
|
|
|
|
bool isGranted(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector<std::string_view> & columns) const;
|
|
|
|
|
bool isGranted(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns) const;
|
2020-06-20 22:44:52 +00:00
|
|
|
bool isGranted(const AccessRightsElement & element) const;
|
|
|
|
|
bool isGranted(const AccessRightsElements & elements) const;
|
|
|
|
|
|
|
|
|
|
bool hasGrantOption(const AccessFlags & flags) const;
|
2022-07-14 16:11:35 +00:00
|
|
|
bool hasGrantOption(const AccessFlags & flags, std::string_view database) const;
|
|
|
|
|
bool hasGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table) const;
|
|
|
|
|
bool hasGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column) const;
|
|
|
|
|
bool hasGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector<std::string_view> & columns) const;
|
|
|
|
|
bool hasGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns) const;
|
2020-06-20 22:44:52 +00:00
|
|
|
bool hasGrantOption(const AccessRightsElement & element) const;
|
|
|
|
|
bool hasGrantOption(const AccessRightsElements & elements) const;
|
2020-01-12 21:00:55 +00:00
|
|
|
|
|
|
|
|
/// Merges two sets of access rights together.
|
|
|
|
|
/// It's used to combine access rights from multiple roles.
|
2020-07-02 00:09:57 +00:00
|
|
|
void makeUnion(const AccessRights & other);
|
|
|
|
|
|
2020-07-07 10:00:49 +00:00
|
|
|
/// Makes an intersection of access rights.
|
2020-07-02 00:09:57 +00:00
|
|
|
void makeIntersection(const AccessRights & other);
|
2020-01-12 21:00:55 +00:00
|
|
|
|
2020-07-07 10:00:49 +00:00
|
|
|
/// Traverse the tree and modify each access flags.
|
|
|
|
|
using ModifyFlagsFunction = std::function<AccessFlags(
|
|
|
|
|
const AccessFlags & flags,
|
|
|
|
|
const AccessFlags & min_flags_with_children,
|
|
|
|
|
const AccessFlags & max_flags_with_children,
|
2022-07-14 16:11:35 +00:00
|
|
|
std::string_view database,
|
|
|
|
|
std::string_view table,
|
2022-07-07 17:17:07 +00:00
|
|
|
std::string_view column,
|
|
|
|
|
bool grant_option)>;
|
2020-07-07 10:00:49 +00:00
|
|
|
void modifyFlags(const ModifyFlagsFunction & function);
|
|
|
|
|
|
2020-06-20 22:44:52 +00:00
|
|
|
friend bool operator ==(const AccessRights & left, const AccessRights & right);
|
|
|
|
|
friend bool operator !=(const AccessRights & left, const AccessRights & right) { return !(left == right); }
|
|
|
|
|
|
2020-07-07 10:00:49 +00:00
|
|
|
/// Makes full access rights (GRANT ALL ON *.* WITH GRANT OPTION).
|
2020-06-20 22:44:52 +00:00
|
|
|
static AccessRights getFullAccess();
|
|
|
|
|
|
2020-01-12 21:00:55 +00:00
|
|
|
private:
|
2020-06-20 22:44:52 +00:00
|
|
|
template <bool with_grant_option, typename... Args>
|
2020-03-05 17:02:11 +00:00
|
|
|
void grantImpl(const AccessFlags & flags, const Args &... args);
|
2020-01-12 21:00:55 +00:00
|
|
|
|
2021-02-26 22:37:00 +00:00
|
|
|
template <bool with_grant_option>
|
2020-06-20 22:44:52 +00:00
|
|
|
void grantImpl(const AccessRightsElement & element);
|
|
|
|
|
|
2021-02-26 22:37:00 +00:00
|
|
|
template <bool with_grant_option>
|
2020-06-20 22:44:52 +00:00
|
|
|
void grantImpl(const AccessRightsElements & elements);
|
|
|
|
|
|
2021-02-26 22:37:00 +00:00
|
|
|
template <bool with_grant_option>
|
|
|
|
|
void grantImplHelper(const AccessRightsElement & element);
|
|
|
|
|
|
2020-06-20 22:44:52 +00:00
|
|
|
template <bool grant_option, typename... Args>
|
2020-03-05 17:02:11 +00:00
|
|
|
void revokeImpl(const AccessFlags & flags, const Args &... args);
|
2020-01-12 21:00:55 +00:00
|
|
|
|
2020-06-20 22:44:52 +00:00
|
|
|
template <bool grant_option>
|
|
|
|
|
void revokeImpl(const AccessRightsElement & element);
|
2020-01-12 21:00:55 +00:00
|
|
|
|
2020-06-20 22:44:52 +00:00
|
|
|
template <bool grant_option>
|
|
|
|
|
void revokeImpl(const AccessRightsElements & elements);
|
|
|
|
|
|
2021-02-26 22:37:00 +00:00
|
|
|
template <bool grant_option>
|
|
|
|
|
void revokeImplHelper(const AccessRightsElement & element);
|
|
|
|
|
|
2020-06-20 22:44:52 +00:00
|
|
|
template <bool grant_option, typename... Args>
|
|
|
|
|
bool isGrantedImpl(const AccessFlags & flags, const Args &... args) const;
|
2020-01-12 21:00:55 +00:00
|
|
|
|
2020-06-20 22:44:52 +00:00
|
|
|
template <bool grant_option>
|
|
|
|
|
bool isGrantedImpl(const AccessRightsElement & element) const;
|
2020-01-12 21:00:55 +00:00
|
|
|
|
2020-06-20 22:44:52 +00:00
|
|
|
template <bool grant_option>
|
|
|
|
|
bool isGrantedImpl(const AccessRightsElements & elements) const;
|
2020-04-20 22:07:00 +00:00
|
|
|
|
2021-02-26 22:37:00 +00:00
|
|
|
template <bool grant_option>
|
|
|
|
|
bool isGrantedImplHelper(const AccessRightsElement & element) const;
|
|
|
|
|
|
2020-03-05 17:02:11 +00:00
|
|
|
void logTree() const;
|
2020-02-04 21:36:28 +00:00
|
|
|
|
2020-01-12 21:00:55 +00:00
|
|
|
struct Node;
|
|
|
|
|
std::unique_ptr<Node> root;
|
2020-06-20 22:44:52 +00:00
|
|
|
std::unique_ptr<Node> root_with_grant_option;
|
2020-01-12 21:00:55 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
}
|
