← Back to branch summary

~drizzle-trunk/drizzle/development

« back to all changes in this revision

Viewing changes to drizzled/plugin/authorization.cc

merged with up to date trunk

Show diffs side-by-side

added added

removed removed

Lines of Context:
drizzled/plugin/authorization.cc
23
23
#include <vector>
24
24
 
25
25
#include "drizzled/plugin/authorization.h"
26
 
#include "drizzled/security_context.h"
27
26
#include "drizzled/identifier.h"
28
27
#include "drizzled/error.h"
29
28
#include "drizzled/session.h"
59
58
class RestrictDbFunctor :
60
59
  public std::unary_function<plugin::Authorization *, bool>
61
60
{
62
 
  const SecurityContext &user_ctx;
63
 
  SchemaIdentifier &schema;
 
61
  const identifier::User &user_ctx;
 
62
  SchemaIdentifier::const_reference schema;
 
63
 
64
64
public:
65
 
  RestrictDbFunctor(const SecurityContext &user_ctx_arg,
66
 
                    SchemaIdentifier &schema_arg) :
 
65
  RestrictDbFunctor(const identifier::User &user_ctx_arg,
 
66
                    SchemaIdentifier::const_reference schema_arg) :
67
67
    std::unary_function<plugin::Authorization *, bool>(),
68
68
    user_ctx(user_ctx_arg),
69
69
    schema(schema_arg)
78
78
class RestrictTableFunctor :
79
79
  public std::unary_function<plugin::Authorization *, bool>
80
80
{
81
 
  const SecurityContext &user_ctx;
 
81
  const identifier::User &user_ctx;
82
82
  TableIdentifier &table;
83
83
public:
84
 
  RestrictTableFunctor(const SecurityContext &user_ctx_arg,
 
84
  RestrictTableFunctor(const identifier::User &user_ctx_arg,
85
85
                       TableIdentifier &table_arg) :
86
86
    std::unary_function<plugin::Authorization *, bool>(),
87
87
    user_ctx(user_ctx_arg),
97
97
class RestrictProcessFunctor :
98
98
  public std::unary_function<plugin::Authorization *, bool>
99
99
{
100
 
  const SecurityContext &user_ctx;
101
 
  const SecurityContext &session_ctx;
 
100
  const identifier::User &user_ctx;
 
101
  const identifier::User &session_ctx;
102
102
public:
103
 
  RestrictProcessFunctor(const SecurityContext &user_ctx_arg,
104
 
                         const SecurityContext &session_ctx_arg) :
 
103
  RestrictProcessFunctor(const identifier::User &user_ctx_arg,
 
104
                         const identifier::User &session_ctx_arg) :
105
105
    std::unary_function<plugin::Authorization *, bool>(),
106
106
    user_ctx(user_ctx_arg),
107
107
    session_ctx(session_ctx_arg)
116
116
class PruneSchemaFunctor :
117
117
  public std::unary_function<SchemaIdentifier&, bool>
118
118
{
119
 
  const SecurityContext &user_ctx;
 
119
  drizzled::identifier::User::const_shared_ptr user_ctx;
120
120
public:
121
 
  PruneSchemaFunctor(const SecurityContext &user_ctx_arg) :
 
121
  PruneSchemaFunctor(drizzled::identifier::User::const_shared_ptr user_ctx_arg) :
122
122
    std::unary_function<SchemaIdentifier&, bool>(),
123
123
    user_ctx(user_ctx_arg)
124
124
  { }
131
131
 
132
132
} /* namespace */
133
133
 
134
 
bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,
135
 
                                         SchemaIdentifier &schema_identifier,
 
134
bool plugin::Authorization::isAuthorized(identifier::User::const_shared_ptr user_ctx,
 
135
                                         SchemaIdentifier::const_reference schema_identifier,
136
136
                                         bool send_error)
137
137
{
138
138
  /* If we never loaded any authorization plugins, just return true */
143
143
  std::vector<plugin::Authorization *>::const_iterator iter=
144
144
    std::find_if(authorization_plugins.begin(),
145
145
                 authorization_plugins.end(),
146
 
                 RestrictDbFunctor(user_ctx, schema_identifier));
 
146
                 RestrictDbFunctor(*user_ctx, schema_identifier));
147
147
 
148
148
 
149
149
  /*
159
159
      schema_identifier.getSQLPath(path);
160
160
 
161
161
      my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
162
 
               user_ctx.getUser().c_str(),
163
 
               user_ctx.getIp().c_str(),
 
162
               user_ctx->username().c_str(),
 
163
               user_ctx->address().c_str(),
164
164
               path.c_str());
165
165
    }
166
166
    return false;
168
168
  return true;
169
169
}
170
170
 
171
 
bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,
 
171
bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,
172
172
                                         TableIdentifier &table,
173
173
                                         bool send_error)
174
174
{
180
180
  std::vector<plugin::Authorization *>::const_iterator iter=
181
181
    std::find_if(authorization_plugins.begin(),
182
182
            authorization_plugins.end(),
183
 
            RestrictTableFunctor(user_ctx, table));
 
183
            RestrictTableFunctor(*user_ctx, table));
184
184
 
185
185
  /*
186
186
   * If iter is == end() here, that means that all of the plugins returned
195
195
      table.getSQLPath(path);
196
196
 
197
197
      my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),
198
 
               user_ctx.getUser().c_str(),
199
 
               user_ctx.getIp().c_str(),
 
198
               user_ctx->username().c_str(),
 
199
               user_ctx->address().c_str(),
200
200
               path.c_str());
201
201
    }
202
202
    return false;
204
204
  return true;
205
205
}
206
206
 
207
 
bool plugin::Authorization::isAuthorized(const SecurityContext &user_ctx,
208
 
                                         const Session *session,
209
 
                                         bool send_error)
210
 
{
211
 
  const SecurityContext &session_ctx= session->getSecurityContext();
 
207
bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,
 
208
                                         const Session *session,
 
209
                                         bool send_error)
 
210
{
 
211
  return isAuthorized(*user_ctx, session, send_error);
 
212
}
 
213
 
 
214
bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_reference user_ctx,
 
215
                                         const Session *session,
 
216
                                         bool send_error)
 
217
{
 
218
  drizzled::identifier::User::const_shared_ptr session_ctx= session->user();
212
219
 
213
220
  /* If we never loaded any authorization plugins, just return true */
214
221
  if (authorization_plugins.empty())
218
225
  std::vector<plugin::Authorization *>::const_iterator iter=
219
226
    std::find_if(authorization_plugins.begin(),
220
227
                 authorization_plugins.end(),
221
 
                 RestrictProcessFunctor(user_ctx, session_ctx));
 
228
                 RestrictProcessFunctor(user_ctx, *session_ctx));
222
229
 
223
230
  /*
224
231
   * If iter is == end() here, that means that all of the plugins returned
234
241
    }
235
242
    return false;
236
243
  }
 
244
 
237
245
  return true;
238
246
}
239
247
 
240
 
void plugin::Authorization::pruneSchemaNames(const SecurityContext &user_ctx,
 
248
void plugin::Authorization::pruneSchemaNames(drizzled::identifier::User::const_shared_ptr user_ctx,
241
249
                                             SchemaIdentifier::vector &set_of_schemas)
242
250
{
243
251
  /* If we never loaded any authorization plugins, just return true */