#pragma once #include #include #include #include #include namespace DB { class AccessControlManager; /// Stores read and parsed row policies. class RowPolicyCache { public: RowPolicyCache(const AccessControlManager & access_control_manager_); ~RowPolicyCache(); std::shared_ptr getEnabledRowPolicies(const UUID & user_id, const boost::container::flat_set & enabled_roles); private: using ParsedConditions = EnabledRowPolicies::ParsedConditions; struct PolicyInfo { PolicyInfo(const RowPolicyPtr & policy_) { setPolicy(policy_); } void setPolicy(const RowPolicyPtr & policy_); RowPolicyPtr policy; const ExtendedRoleSet * roles = nullptr; ParsedConditions parsed_conditions; }; void ensureAllRowPoliciesRead(); void rowPolicyAddedOrChanged(const UUID & policy_id, const RowPolicyPtr & new_policy); void rowPolicyRemoved(const UUID & policy_id); void mixConditions(); void mixConditionsFor(EnabledRowPolicies & enabled); const AccessControlManager & access_control_manager; std::unordered_map all_policies; bool all_policies_read = false; ext::scope_guard subscription; std::map> enabled_row_policies; std::mutex mutex; }; }