mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-29 19:12:03 +00:00
97f2a2213e
* Move some code outside dbms/src folder * Fix paths
102 lines
5.0 KiB
C++
102 lines
5.0 KiB
C++
#pragma once
|
|
|
|
#include <Core/Types.h>
|
|
#include <Access/AccessRightsElement.h>
|
|
#include <memory>
|
|
#include <vector>
|
|
|
|
|
|
namespace DB
|
|
{
|
|
/// Represents a set of access types granted on databases, tables, columns, etc.
|
|
/// For example, "GRANT SELECT, UPDATE ON db.*, GRANT INSERT ON db2.mytbl2" are access rights.
|
|
class AccessRights
|
|
{
|
|
public:
|
|
AccessRights();
|
|
AccessRights(const AccessFlags & access);
|
|
~AccessRights();
|
|
AccessRights(const AccessRights & src);
|
|
AccessRights & operator =(const AccessRights & src);
|
|
AccessRights(AccessRights && src);
|
|
AccessRights & operator =(AccessRights && src);
|
|
|
|
bool isEmpty() const;
|
|
|
|
/// Revokes everything. It's the same as revoke(AccessType::ALL).
|
|
void clear();
|
|
|
|
/// Grants access on a specified database/table/column.
|
|
/// Does nothing if the specified access has been already granted.
|
|
void grant(const AccessFlags & flags);
|
|
void grant(const AccessFlags & flags, const std::string_view & database);
|
|
void grant(const AccessFlags & flags, const std::string_view & database, const std::string_view & table);
|
|
void grant(const AccessFlags & flags, const std::string_view & database, const std::string_view & table, const std::string_view & column);
|
|
void grant(const AccessFlags & flags, const std::string_view & database, const std::string_view & table, const std::vector<std::string_view> & columns);
|
|
void grant(const AccessFlags & flags, const std::string_view & database, const std::string_view & table, const Strings & columns);
|
|
void grant(const AccessRightsElement & element, std::string_view current_database = {});
|
|
void grant(const AccessRightsElements & elements, std::string_view current_database = {});
|
|
|
|
/// Revokes a specified access granted earlier on a specified database/table/column.
|
|
/// For example, revoke(AccessType::ALL) revokes all grants at all, just like clear();
|
|
void revoke(const AccessFlags & flags);
|
|
void revoke(const AccessFlags & flags, const std::string_view & database);
|
|
void revoke(const AccessFlags & flags, const std::string_view & database, const std::string_view & table);
|
|
void revoke(const AccessFlags & flags, const std::string_view & database, const std::string_view & table, const std::string_view & column);
|
|
void revoke(const AccessFlags & flags, const std::string_view & database, const std::string_view & table, const std::vector<std::string_view> & columns);
|
|
void revoke(const AccessFlags & flags, const std::string_view & database, const std::string_view & table, const Strings & columns);
|
|
void revoke(const AccessRightsElement & element, std::string_view current_database = {});
|
|
void revoke(const AccessRightsElements & elements, std::string_view current_database = {});
|
|
|
|
/// Returns the information about all the access granted.
|
|
struct Elements
|
|
{
|
|
AccessRightsElements grants;
|
|
AccessRightsElements partial_revokes;
|
|
};
|
|
Elements getElements() const;
|
|
|
|
/// Returns the information about all the access granted as a string.
|
|
String toString() const;
|
|
|
|
/// Whether a specified access granted.
|
|
bool isGranted(const AccessFlags & flags) const;
|
|
bool isGranted(const AccessFlags & flags, const std::string_view & database) const;
|
|
bool isGranted(const AccessFlags & flags, const std::string_view & database, const std::string_view & table) const;
|
|
bool isGranted(const AccessFlags & flags, const std::string_view & database, const std::string_view & table, const std::string_view & column) const;
|
|
bool isGranted(const AccessFlags & flags, const std::string_view & database, const std::string_view & table, const std::vector<std::string_view> & columns) const;
|
|
bool isGranted(const AccessFlags & flags, const std::string_view & database, const std::string_view & table, const Strings & columns) const;
|
|
bool isGranted(const AccessRightsElement & element, std::string_view current_database = {}) const;
|
|
bool isGranted(const AccessRightsElements & elements, std::string_view current_database = {}) const;
|
|
|
|
friend bool operator ==(const AccessRights & left, const AccessRights & right);
|
|
friend bool operator !=(const AccessRights & left, const AccessRights & right) { return !(left == right); }
|
|
|
|
/// Merges two sets of access rights together.
|
|
/// It's used to combine access rights from multiple roles.
|
|
void merge(const AccessRights & other);
|
|
|
|
private:
|
|
template <typename... Args>
|
|
void grantImpl(const AccessFlags & flags, const Args &... args);
|
|
|
|
template <typename... Args>
|
|
void revokeImpl(const AccessFlags & flags, const Args &... args);
|
|
|
|
template <typename... Args>
|
|
bool isGrantedImpl(const AccessFlags & flags, const Args &... args) const;
|
|
|
|
bool isGrantedImpl(const AccessRightsElement & element, std::string_view current_database) const;
|
|
bool isGrantedImpl(const AccessRightsElements & elements, std::string_view current_database) const;
|
|
|
|
template <typename... Args>
|
|
AccessFlags getAccessImpl(const Args &... args) const;
|
|
|
|
void logTree() const;
|
|
|
|
struct Node;
|
|
std::unique_ptr<Node> root;
|
|
};
|
|
|
|
}
|