#pragma once #include #include #include #include #include namespace DB { class AccessControl; struct RolesOrUsersSet; struct RowPolicy; using RowPolicyPtr = std::shared_ptr; /// Stores read and parsed row policies. class RowPolicyCache { public: explicit RowPolicyCache(const AccessControl & access_control_); ~RowPolicyCache(); std::shared_ptr getEnabledRowPolicies(const UUID & user_id, const boost::container::flat_set & enabled_roles); private: struct PolicyInfo { explicit PolicyInfo(const RowPolicyPtr & policy_) { setPolicy(policy_); } void setPolicy(const RowPolicyPtr & policy_); bool isDatabase() const { return policy->isDatabase(); } RowPolicyPtr policy; const RolesOrUsersSet * roles = nullptr; std::shared_ptr> database_and_table_name; ASTPtr parsed_filters[static_cast(RowPolicyFilterType::MAX)]; }; void ensureAllRowPoliciesRead(); void rowPolicyAddedOrChanged(const UUID & policy_id, const RowPolicyPtr & new_policy); void rowPolicyRemoved(const UUID & policy_id); void mixFilters(); void mixFiltersFor(EnabledRowPolicies & enabled); const AccessControl & access_control; std::unordered_map all_policies; bool all_policies_read = false; scope_guard subscription; std::map> enabled_row_policies; std::mutex mutex; }; }