|
1317.1.5
by Monty Taylor
Added Authorization interface. |
1 |
/* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
|
2 |
* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
|
|
3 |
*
|
|
4 |
* Definitions required for Authorization plugin
|
|
5 |
*
|
|
6 |
* Copyright (C) 2010 Monty Taylor
|
|
7 |
*
|
|
8 |
* This program is free software; you can redistribute it and/or modify
|
|
9 |
* it under the terms of the GNU General Public License as published by
|
|
10 |
* the Free Software Foundation; version 2 of the License.
|
|
11 |
*
|
|
12 |
* This program is distributed in the hope that it will be useful,
|
|
13 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
14 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
15 |
* GNU General Public License for more details.
|
|
16 |
*
|
|
17 |
* You should have received a copy of the GNU General Public License
|
|
18 |
* along with this program; if not, write to the Free Software
|
|
19 |
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
20 |
*/
|
|
21 |
||
22 |
#ifndef DRIZZLED_PLUGIN_AUTHORIZATION_H
|
|
23 |
#define DRIZZLED_PLUGIN_AUTHORIZATION_H
|
|
24 |
||
25 |
#include "drizzled/plugin.h" |
|
26 |
#include "drizzled/plugin/plugin.h" |
|
27 |
#include "drizzled/security_context.h" |
|
|
1660.1.1
by Brian Aker
Merge in move identifier work. |
28 |
#include "drizzled/identifier.h" |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
29 |
|
30 |
#include <string> |
|
31 |
#include <set> |
|
32 |
||
33 |
namespace drizzled |
|
34 |
{
|
|
35 |
||
36 |
namespace plugin |
|
37 |
{
|
|
38 |
||
39 |
class Authorization : public Plugin |
|
40 |
{
|
|
41 |
Authorization(); |
|
42 |
Authorization(const Authorization &); |
|
43 |
Authorization& operator=(const Authorization &); |
|
44 |
public: |
|
45 |
explicit Authorization(std::string name_arg) |
|
46 |
: Plugin(name_arg, "Authorization") |
|
47 |
{}
|
|
48 |
virtual ~Authorization() {} |
|
49 |
||
50 |
/**
|
|
51 |
* Should we restrict the current user's access to this schema?
|
|
52 |
*
|
|
53 |
* @param Current security context
|
|
54 |
* @param Database to check against
|
|
55 |
*
|
|
56 |
* @returns true if the user cannot access the schema
|
|
57 |
*/
|
|
58 |
virtual bool restrictSchema(const SecurityContext &user_ctx, |
|
|
1471.2.2
by Monty Taylor
Updated Authorization plugin interface to use new Schema|TableIdentifier |
59 |
SchemaIdentifier &schema)= 0; |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
60 |
|
61 |
/**
|
|
62 |
* Should we restrict the current user's access to this table?
|
|
63 |
*
|
|
64 |
* @param Current security context
|
|
65 |
* @param Database to check against
|
|
66 |
* @param Table to check against
|
|
67 |
*
|
|
68 |
* @returns true if the user cannot access the table
|
|
69 |
*/
|
|
70 |
virtual bool restrictTable(const SecurityContext &user_ctx, |
|
|
1471.2.2
by Monty Taylor
Updated Authorization plugin interface to use new Schema|TableIdentifier |
71 |
TableIdentifier &table); |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
72 |
|
73 |
/**
|
|
74 |
* Should we restrict the current user's access to see this process?
|
|
75 |
*
|
|
76 |
* @param Current security context
|
|
77 |
* @param Database to check against
|
|
78 |
* @param Table to check against
|
|
79 |
*
|
|
80 |
* @returns true if the user cannot see the process
|
|
81 |
*/
|
|
82 |
virtual bool restrictProcess(const SecurityContext &user_ctx, |
|
83 |
const SecurityContext &session_ctx); |
|
84 |
||
85 |
/** Server API method for checking schema authorization */
|
|
86 |
static bool isAuthorized(const SecurityContext &user_ctx, |
|
|
1415
by Brian Aker
Mass overhaul to use schema_identifier. |
87 |
SchemaIdentifier &schema_identifier, |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
88 |
bool send_error= true); |
89 |
||
90 |
/** Server API method for checking table authorization */
|
|
91 |
static bool isAuthorized(const SecurityContext &user_ctx, |
|
|
1471.2.2
by Monty Taylor
Updated Authorization plugin interface to use new Schema|TableIdentifier |
92 |
TableIdentifier &table_identifier, |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
93 |
bool send_error= true); |
94 |
||
95 |
/** Server API method for checking process authorization */
|
|
96 |
static bool isAuthorized(const SecurityContext &user_ctx, |
|
97 |
const Session *session, |
|
98 |
bool send_error= true); |
|
99 |
||
100 |
/**
|
|
101 |
* Server API helper method for applying authorization tests
|
|
102 |
* to a set of schema names (for use in the context of getSchemaNames
|
|
103 |
*/
|
|
104 |
static void pruneSchemaNames(const SecurityContext &user_ctx, |
|
|
1966.2.3
by Brian Aker
Fix another style issue. |
105 |
SchemaIdentifier::vector &set_of_schemas); |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
106 |
|
107 |
/**
|
|
108 |
* Standard plugin system registration hooks
|
|
109 |
*/
|
|
110 |
static bool addPlugin(plugin::Authorization *auth); |
|
111 |
static void removePlugin(plugin::Authorization *auth); |
|
112 |
||
113 |
};
|
|
114 |
||
115 |
inline bool Authorization::restrictTable(const SecurityContext &user_ctx, |
|
|
1471.2.2
by Monty Taylor
Updated Authorization plugin interface to use new Schema|TableIdentifier |
116 |
TableIdentifier &table) |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
117 |
{
|
|
1471.2.2
by Monty Taylor
Updated Authorization plugin interface to use new Schema|TableIdentifier |
118 |
return restrictSchema(user_ctx, table); |
|
1317.1.5
by Monty Taylor
Added Authorization interface. |
119 |
}
|
120 |
||
121 |
inline bool Authorization::restrictProcess(const SecurityContext &, |
|
122 |
const SecurityContext &) |
|
123 |
{
|
|
124 |
return false; |
|
125 |
}
|
|
126 |
||
127 |
} /* namespace plugin */ |
|
128 |
||
129 |
} /* namespace drizzled */ |
|
130 |
||
131 |
#endif /* DRIZZLED_PLUGIN_AUTHORIZATION_H */ |