← Back to branch summary

~drizzle-trunk/drizzle/development

« back to all changes in this revision

Viewing changes to drizzled/plugin/authorization.cc

  • Committer: Brian Aker
  • Date: 2010-12-03 18:46:31 UTC
  • mto: This revision was merged to the branch mainline in revision 1973.
  • Revision ID: brian@tangent.org-20101203184631-rk40syiqbaitq9h8
Remove the use of "using std" from the plugin interface .cc files.

Show diffs side-by-side

added added

removed removed

Lines of Context:
drizzled/plugin/authorization.cc
18
18
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
19
19
 */
20
20
 
21
 
#include <config.h>
 
21
#include "config.h"
22
22
 
23
23
#include <vector>
24
24
 
25
 
#include <drizzled/plugin/authorization.h>
26
 
#include <drizzled/identifier.h>
27
 
#include <drizzled/error.h>
28
 
#include <drizzled/session.h>
29
 
#include <drizzled/gettext.h>
 
25
#include "drizzled/plugin/authorization.h"
 
26
#include "drizzled/security_context.h"
 
27
#include "drizzled/identifier.h"
 
28
#include "drizzled/error.h"
 
29
#include "drizzled/session.h"
 
30
#include "drizzled/gettext.h"
30
31
 
31
32
namespace drizzled
32
33
{
38
39
{
39
40
  if (auth != NULL)
40
41
    authorization_plugins.push_back(auth);
41
 
 
42
42
  return false;
43
43
}
44
44
 
46
46
{
47
47
  if (auth != NULL)
48
48
  {
49
 
    authorization_plugins.erase(std::find(authorization_plugins.begin(),
50
 
                                          authorization_plugins.end(),
51
 
                                          auth));
 
49
    authorization_plugins.erase(find(authorization_plugins.begin(),
 
50
                                     authorization_plugins.end(),
 
51
                                     auth));
52
52
  }
53
53
}
54
54
 
58
58
class RestrictDbFunctor :
59
59
  public std::unary_function<plugin::Authorization *, bool>
60
60
{
61
 
  const identifier::User &user_ctx;
62
 
  identifier::Schema::const_reference schema;
63
 
 
 
61
  const SecurityContext &user_ctx;
 
62
  SchemaIdentifier &schema;
64
63
public:
65
 
  RestrictDbFunctor(const identifier::User &user_ctx_arg,
66
 
                    identifier::Schema::const_reference schema_arg) :
 
64
  RestrictDbFunctor(const SecurityContext &user_ctx_arg,
 
65
                    SchemaIdentifier &schema_arg) :
67
66
    std::unary_function<plugin::Authorization *, bool>(),
68
67
    user_ctx(user_ctx_arg),
69
68
    schema(schema_arg)
78
77
class RestrictTableFunctor :
79
78
  public std::unary_function<plugin::Authorization *, bool>
80
79
{
81
 
  identifier::User::const_reference user_ctx;
82
 
  identifier::Table::const_reference table;
 
80
  const SecurityContext &user_ctx;
 
81
  TableIdentifier &table;
83
82
public:
84
 
  RestrictTableFunctor(identifier::User::const_reference user_ctx_arg,
85
 
                       identifier::Table::const_reference table_arg) :
 
83
  RestrictTableFunctor(const SecurityContext &user_ctx_arg,
 
84
                       TableIdentifier &table_arg) :
86
85
    std::unary_function<plugin::Authorization *, bool>(),
87
86
    user_ctx(user_ctx_arg),
88
87
    table(table_arg)
97
96
class RestrictProcessFunctor :
98
97
  public std::unary_function<plugin::Authorization *, bool>
99
98
{
100
 
  const identifier::User &user_ctx;
101
 
  const identifier::User &session_ctx;
 
99
  const SecurityContext &user_ctx;
 
100
  const SecurityContext &session_ctx;
102
101
public:
103
 
  RestrictProcessFunctor(const identifier::User &user_ctx_arg,
104
 
                         const identifier::User &session_ctx_arg) :
 
102
  RestrictProcessFunctor(const SecurityContext &user_ctx_arg,
 
103
                         const SecurityContext &session_ctx_arg) :
105
104
    std::unary_function<plugin::Authorization *, bool>(),
106
105
    user_ctx(user_ctx_arg),
107
106
    session_ctx(session_ctx_arg)
114
113
};
115
114
 
116
115
class PruneSchemaFunctor :
117
 
  public std::unary_function<identifier::Schema&, bool>
 
116
  public std::unary_function<SchemaIdentifier&, bool>
118
117
{
119
 
  drizzled::identifier::User::const_reference user_ctx;
 
118
  const SecurityContext &user_ctx;
120
119
public:
121
 
  PruneSchemaFunctor(drizzled::identifier::User::const_reference user_ctx_arg) :
122
 
    std::unary_function<identifier::Schema&, bool>(),
 
120
  PruneSchemaFunctor(const SecurityContext &user_ctx_arg) :
 
121
    std::unary_function<SchemaIdentifier&, bool>(),
123
122
    user_ctx(user_ctx_arg)
124
123
  { }
125
124
 
131
130
 
132
131
} /* namespace */
133
132
 
134
 
bool plugin::Authorization::isAuthorized(identifier::User::const_reference user_ctx,
135
 
                                         identifier::Schema::const_reference schema_identifier,
 
133
bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,
 
134
                                         SchemaIdentifier &schema_identifier,
136
135
                                         bool send_error)
137
136
{
138
137
  /* If we never loaded any authorization plugins, just return true */
155
154
  {
156
155
    if (send_error)
157
156
    {
158
 
      error::access(user_ctx, schema_identifier);
159
 
    }
160
 
    return false;
161
 
  }
162
 
  return true;
163
 
}
164
 
 
165
 
bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_reference user_ctx,
166
 
                                         identifier::Table::const_reference table_identifier,
167
 
                                         bool send_error)
168
 
{
169
 
  /* If we never loaded any authorization plugins, just return true */
170
 
  if (authorization_plugins.empty())
171
 
    return true;
172
 
 
173
 
  /* Use find_if instead of foreach so that we can collect return codes */
174
 
  std::vector<plugin::Authorization *>::const_iterator iter=
175
 
    std::find_if(authorization_plugins.begin(),
176
 
            authorization_plugins.end(),
177
 
            RestrictTableFunctor(user_ctx, table_identifier));
178
 
 
179
 
  /*
180
 
   * If iter is == end() here, that means that all of the plugins returned
181
 
   * false, which means that that each of them believe the user is authorized
182
 
   * to view the resource in question.
183
 
   */
184
 
  if (iter != authorization_plugins.end())
185
 
  {
186
 
    if (send_error)
187
 
    {
188
 
      error::access(user_ctx, table_identifier);
189
 
    }
190
 
    return false;
191
 
  }
192
 
  return true;
193
 
}
194
 
 
195
 
bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_reference user_ctx,
196
 
                                         Session::const_reference session,
197
 
                                         bool send_error)
198
 
{
199
 
  /* If we never loaded any authorization plugins, just return true */
200
 
  if (authorization_plugins.empty())
201
 
    return true;
202
 
  
203
 
  // To make sure we hold the user structure we need to have a shred_ptr so
204
 
  // that we increase the count on the object.
205
 
  drizzled::identifier::User::const_shared_ptr session_ctx= session.user();
206
 
 
207
 
 
208
 
  /* Use find_if instead of foreach so that we can collect return codes */
209
 
  std::vector<plugin::Authorization *>::const_iterator iter=
210
 
    std::find_if(authorization_plugins.begin(),
211
 
                 authorization_plugins.end(),
212
 
                 RestrictProcessFunctor(user_ctx, *session_ctx));
213
 
 
214
 
  /*
215
 
   * If iter is == end() here, that means that all of the plugins returned
216
 
   * false, which means that that each of them believe the user is authorized
217
 
   * to view the resource in question.
218
 
   */
219
 
 
220
 
  if (iter != authorization_plugins.end())
221
 
  {
222
 
    if (send_error)
223
 
    {
224
 
      my_error(ER_KILL_DENIED_ERROR, MYF(0), session.thread_id);
225
 
    }
226
 
    return false;
227
 
  }
228
 
 
229
 
  return true;
230
 
}
231
 
 
232
 
void plugin::Authorization::pruneSchemaNames(drizzled::identifier::User::const_reference user_ctx,
233
 
                                             identifier::Schema::vector &set_of_schemas)
 
157
      std::string path;
 
158
      schema_identifier.getSQLPath(path);
 
159
 
 
160
      my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
 
161
               user_ctx.getUser().c_str(),
 
162
               user_ctx.getIp().c_str(),
 
163
               path.c_str());
 
164
    }
 
165
    return false;
 
166
  }
 
167
  return true;
 
168
}
 
169
 
 
170
bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,
 
171
                                         TableIdentifier &table,
 
172
                                         bool send_error)
 
173
{
 
174
  /* If we never loaded any authorization plugins, just return true */
 
175
  if (authorization_plugins.empty())
 
176
    return true;
 
177
 
 
178
  /* Use find_if instead of foreach so that we can collect return codes */
 
179
  std::vector<plugin::Authorization *>::const_iterator iter=
 
180
    find_if(authorization_plugins.begin(),
 
181
            authorization_plugins.end(),
 
182
            RestrictTableFunctor(user_ctx, table));
 
183
 
 
184
  /*
 
185
   * If iter is == end() here, that means that all of the plugins returned
 
186
   * false, which means that that each of them believe the user is authorized
 
187
   * to view the resource in question.
 
188
   */
 
189
  if (iter != authorization_plugins.end())
 
190
  {
 
191
    if (send_error)
 
192
    {
 
193
      std::string path;
 
194
      table.getSQLPath(path);
 
195
 
 
196
      my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
 
197
               user_ctx.getUser().c_str(),
 
198
               user_ctx.getIp().c_str(),
 
199
               path.c_str());
 
200
    }
 
201
    return false;
 
202
  }
 
203
  return true;
 
204
}
 
205
 
 
206
bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,
 
207
                                         const Session *session,
 
208
                                         bool send_error)
 
209
{
 
210
  const SecurityContext &session_ctx= session->getSecurityContext();
 
211
 
 
212
  /* If we never loaded any authorization plugins, just return true */
 
213
  if (authorization_plugins.empty())
 
214
    return true;
 
215
 
 
216
  /* Use find_if instead of foreach so that we can collect return codes */
 
217
  std::vector<plugin::Authorization *>::const_iterator iter=
 
218
    find_if(authorization_plugins.begin(),
 
219
            authorization_plugins.end(),
 
220
            RestrictProcessFunctor(user_ctx, session_ctx));
 
221
 
 
222
  /*
 
223
   * If iter is == end() here, that means that all of the plugins returned
 
224
   * false, which means that that each of them believe the user is authorized
 
225
   * to view the resource in question.
 
226
   */
 
227
 
 
228
  if (iter != authorization_plugins.end())
 
229
  {
 
230
    if (send_error)
 
231
    {
 
232
      my_error(ER_KILL_DENIED_ERROR, MYF(0), session->thread_id);
 
233
    }
 
234
    return false;
 
235
  }
 
236
  return true;
 
237
}
 
238
 
 
239
void plugin::Authorization::pruneSchemaNames(const SecurityContext &user_ctx,
 
240
                                             SchemaIdentifier::vector &set_of_schemas)
234
241
{
235
242
  /* If we never loaded any authorization plugins, just return true */
236
243
  if (authorization_plugins.empty())
237
244
    return;
238
245
 
239
 
  set_of_schemas.erase(std::remove_if(set_of_schemas.begin(),
240
 
                                      set_of_schemas.end(),
241
 
                                      PruneSchemaFunctor(user_ctx)),
 
246
  set_of_schemas.erase(remove_if(set_of_schemas.begin(),
 
247
                                 set_of_schemas.end(),
 
248
                                 PruneSchemaFunctor(user_ctx)),
242
249
                       set_of_schemas.end());
243
250
}
244
251