← Back to branch summary

~drizzle-trunk/drizzle/development

« back to all changes in this revision

Viewing changes to drizzled/plugin/authorization.cc

  • Committer: Brian Aker
  • Date: 2010-05-17 23:12:39 UTC
  • Revision ID: brian@gaz-20100517231239-kgcnn613z0gga7ie
Code shuffle on ReadRecord

Show diffs side-by-side

added added

removed removed

Lines of Context:
drizzled/plugin/authorization.cc
24
24
 
25
25
#include "drizzled/plugin/authorization.h"
26
26
#include "drizzled/security_context.h"
27
 
#include "drizzled/identifier.h"
 
27
#include "drizzled/table_identifier.h"
28
28
#include "drizzled/error.h"
29
29
#include "drizzled/session.h"
 
30
#include "drizzled/plugin/registry.h"
30
31
#include "drizzled/gettext.h"
31
32
 
 
33
using namespace std;
 
34
 
32
35
namespace drizzled
33
36
{
34
37
 
35
 
std::vector<plugin::Authorization *> authorization_plugins;
 
38
vector<plugin::Authorization *> authorization_plugins;
36
39
 
37
40
 
38
41
bool plugin::Authorization::addPlugin(plugin::Authorization *auth)
39
42
{
40
43
  if (auth != NULL)
41
44
    authorization_plugins.push_back(auth);
42
 
 
43
45
  return false;
44
46
}
45
47
 
47
49
{
48
50
  if (auth != NULL)
49
51
  {
50
 
    authorization_plugins.erase(std::find(authorization_plugins.begin(),
51
 
                                          authorization_plugins.end(),
52
 
                                          auth));
 
52
    authorization_plugins.erase(find(authorization_plugins.begin(),
 
53
                                     authorization_plugins.end(),
 
54
                                     auth));
53
55
  }
54
56
}
55
57
 
57
59
{
58
60
 
59
61
class RestrictDbFunctor :
60
 
  public std::unary_function<plugin::Authorization *, bool>
 
62
  public unary_function<plugin::Authorization *, bool>
61
63
{
62
64
  const SecurityContext &user_ctx;
63
 
  SchemaIdentifier::const_reference schema;
64
 
 
 
65
  SchemaIdentifier &schema;
65
66
public:
66
67
  RestrictDbFunctor(const SecurityContext &user_ctx_arg,
67
 
                    SchemaIdentifier::const_reference schema_arg) :
68
 
    std::unary_function<plugin::Authorization *, bool>(),
 
68
                    SchemaIdentifier &schema_arg) :
 
69
    unary_function<plugin::Authorization *, bool>(),
69
70
    user_ctx(user_ctx_arg),
70
71
    schema(schema_arg)
71
72
  { }
77
78
};
78
79
 
79
80
class RestrictTableFunctor :
80
 
  public std::unary_function<plugin::Authorization *, bool>
 
81
  public unary_function<plugin::Authorization *, bool>
81
82
{
82
83
  const SecurityContext &user_ctx;
83
84
  TableIdentifier &table;
84
85
public:
85
86
  RestrictTableFunctor(const SecurityContext &user_ctx_arg,
86
87
                       TableIdentifier &table_arg) :
87
 
    std::unary_function<plugin::Authorization *, bool>(),
 
88
    unary_function<plugin::Authorization *, bool>(),
88
89
    user_ctx(user_ctx_arg),
89
90
    table(table_arg)
90
91
  { }
96
97
};
97
98
 
98
99
class RestrictProcessFunctor :
99
 
  public std::unary_function<plugin::Authorization *, bool>
 
100
  public unary_function<plugin::Authorization *, bool>
100
101
{
101
102
  const SecurityContext &user_ctx;
102
103
  const SecurityContext &session_ctx;
103
104
public:
104
105
  RestrictProcessFunctor(const SecurityContext &user_ctx_arg,
105
106
                         const SecurityContext &session_ctx_arg) :
106
 
    std::unary_function<plugin::Authorization *, bool>(),
 
107
    unary_function<plugin::Authorization *, bool>(),
107
108
    user_ctx(user_ctx_arg),
108
109
    session_ctx(session_ctx_arg)
109
110
  { }
115
116
};
116
117
 
117
118
class PruneSchemaFunctor :
118
 
  public std::unary_function<SchemaIdentifier&, bool>
 
119
  public unary_function<SchemaIdentifier&, bool>
119
120
{
120
121
  const SecurityContext &user_ctx;
121
122
public:
122
123
  PruneSchemaFunctor(const SecurityContext &user_ctx_arg) :
123
 
    std::unary_function<SchemaIdentifier&, bool>(),
 
124
    unary_function<SchemaIdentifier&, bool>(),
124
125
    user_ctx(user_ctx_arg)
125
126
  { }
126
127
 
133
134
} /* namespace */
134
135
 
135
136
bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,
136
 
                                         SchemaIdentifier::const_reference schema_identifier,
 
137
                                         SchemaIdentifier &schema_identifier,
137
138
                                         bool send_error)
138
139
{
139
140
  /* If we never loaded any authorization plugins, just return true */
141
142
    return true;
142
143
 
143
144
  /* Use find_if instead of foreach so that we can collect return codes */
144
 
  std::vector<plugin::Authorization *>::const_iterator iter=
145
 
    std::find_if(authorization_plugins.begin(),
146
 
                 authorization_plugins.end(),
147
 
                 RestrictDbFunctor(user_ctx, schema_identifier));
 
145
  vector<plugin::Authorization *>::const_iterator iter=
 
146
    find_if(authorization_plugins.begin(),
 
147
            authorization_plugins.end(),
 
148
            RestrictDbFunctor(user_ctx, schema_identifier));
148
149
 
149
150
 
150
151
  /*
156
157
  {
157
158
    if (send_error)
158
159
    {
159
 
      std::string path;
160
 
      schema_identifier.getSQLPath(path);
161
 
 
162
160
      my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
163
161
               user_ctx.getUser().c_str(),
164
162
               user_ctx.getIp().c_str(),
165
 
               path.c_str());
 
163
               schema_identifier.getSQLPath().c_str());
166
164
    }
167
165
    return false;
168
166
  }
178
176
    return true;
179
177
 
180
178
  /* Use find_if instead of foreach so that we can collect return codes */
181
 
  std::vector<plugin::Authorization *>::const_iterator iter=
182
 
    std::find_if(authorization_plugins.begin(),
 
179
  vector<plugin::Authorization *>::const_iterator iter=
 
180
    find_if(authorization_plugins.begin(),
183
181
            authorization_plugins.end(),
184
182
            RestrictTableFunctor(user_ctx, table));
185
183
 
192
190
  {
193
191
    if (send_error)
194
192
    {
195
 
      std::string path;
196
 
      table.getSQLPath(path);
197
 
 
198
193
      my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
199
194
               user_ctx.getUser().c_str(),
200
195
               user_ctx.getIp().c_str(),
201
 
               path.c_str());
 
196
               table.getSQLPath().c_str());
202
197
    }
203
198
    return false;
204
199
  }
216
211
    return true;
217
212
 
218
213
  /* Use find_if instead of foreach so that we can collect return codes */
219
 
  std::vector<plugin::Authorization *>::const_iterator iter=
220
 
    std::find_if(authorization_plugins.begin(),
221
 
                 authorization_plugins.end(),
222
 
                 RestrictProcessFunctor(user_ctx, session_ctx));
 
214
  vector<plugin::Authorization *>::const_iterator iter=
 
215
    find_if(authorization_plugins.begin(),
 
216
            authorization_plugins.end(),
 
217
            RestrictProcessFunctor(user_ctx, session_ctx));
223
218
 
224
219
  /*
225
220
   * If iter is == end() here, that means that all of the plugins returned
239
234
}
240
235
 
241
236
void plugin::Authorization::pruneSchemaNames(const SecurityContext &user_ctx,
242
 
                                             SchemaIdentifier::vector &set_of_schemas)
 
237
                                             SchemaIdentifierList &set_of_schemas)
243
238
{
244
239
  /* If we never loaded any authorization plugins, just return true */
245
240
  if (authorization_plugins.empty())
246
241
    return;
247
242
 
248
 
  set_of_schemas.erase(std::remove_if(set_of_schemas.begin(),
249
 
                                      set_of_schemas.end(),
250
 
                                      PruneSchemaFunctor(user_ctx)),
 
243
  set_of_schemas.erase(remove_if(set_of_schemas.begin(),
 
244
                                 set_of_schemas.end(),
 
245
                                 PruneSchemaFunctor(user_ctx)),
251
246
                       set_of_schemas.end());
252
247
}
253
248