~drizzle-trunk/drizzle/development

« back to all changes in this revision

Viewing changes to drizzled/plugin/authorization.cc

Committer: Marisa Plumb
Date: 2011-02-16 22:57:39 UTC
mfrom: (2173 staging)
mto: (2173.1.1 build) (2184.1.2 build) (2193.1.1 build) (2215.1.1 build) (2227.1.3 build) (2235.2.4 build)
mto: This revision was merged to the branch mainline in revision 2174.
Revision ID: marisa.plumb@gmail.com-20110216225739-u15qjiksnv3we9uz

updating to trunk

files added:
drizzled/daemon.h

files removed:
drizzled/tzfile.h

files renamed:
drizzled/daemon.c => drizzled/daemon.cc

drizzled/db.cc => drizzled/schema.cc

drizzled/db.h => drizzled/schema.h

files modified:
client/drizzledump.cc

client/drizzletest.cc

docs/alter_schema.rst

docs/clients/drizzledump.rst

docs/clients/errors.rst

docs/create_index.rst

docs/date_time_data_types.rst

docs/delete.rst

docs/distinct.rst

docs/dynamic.rst

docs/functions/aggregatefunctions.rst

docs/functions/count.rst

docs/functions/extract_date.rst

docs/functions/scalarfunctions.rst

docs/groupby.rst

docs/having.rst

docs/include.am

docs/insert.rst

docs/installing/from_source.rst

docs/installing/redhat.rst

docs/orderby.rst

docs/queries.rst

docs/replace.rst

docs/replication.rst

docs/savepoints.rst

docs/truncate.rst

docs/update.rst

docs/where.rst

drizzled/calendar.h

drizzled/ctype-bin.cc

drizzled/definitions.h

drizzled/drizzled.cc

drizzled/error.cc

drizzled/error.h

drizzled/error_t.h

drizzled/field.cc

drizzled/field.h

drizzled/field/date.h

drizzled/field/datetime.h

drizzled/field/enum.cc

drizzled/field/int64.h

drizzled/field/null.h

drizzled/field/size.h

drizzled/field/time.cc

drizzled/field/time.h

drizzled/function/time/date_format.cc

drizzled/function/time/dayname.cc

drizzled/function/time/month.cc

drizzled/function/time/unix_timestamp.cc

drizzled/generator/all_tables.h

drizzled/generator/schema.cc

drizzled/generator/table.h

drizzled/global_charset_info.h

drizzled/identifier/user.cc

drizzled/identifier/user.h

drizzled/include.am

drizzled/item.cc

drizzled/item/insert_value.cc

drizzled/item/sum.cc

drizzled/join.cc

drizzled/main.cc

drizzled/message.cc

drizzled/optimizer/range.cc

drizzled/parser.h

drizzled/plugin/authentication.cc

drizzled/plugin/authentication.h

drizzled/plugin/authorization.cc

drizzled/plugin/authorization.h

drizzled/plugin/schema_engine.cc

drizzled/plugin/storage_engine.cc

drizzled/plugin/storage_engine.h

drizzled/session.cc

drizzled/session/table_messages.h

drizzled/show.cc

drizzled/sql_base.cc

drizzled/sql_load.cc

drizzled/sql_parse.cc

drizzled/sql_table.cc

drizzled/statement/alter_schema.cc

drizzled/statement/alter_table.cc

drizzled/statement/change_schema.cc

drizzled/statement/create_index.cc

drizzled/statement/create_schema.cc

drizzled/statement/create_table.cc

drizzled/statement/drop_index.cc

drizzled/statement/drop_schema.cc

drizzled/statement/rename_table.cc

drizzled/strfunc.cc

drizzled/strfunc.h

drizzled/structs.h

drizzled/sys_var.cc

drizzled/sys_var.h

drizzled/table.cc

drizzled/table.h

drizzled/table/instance/base.cc

drizzled/table/instance/base.h

drizzled/table_proto_write.cc

drizzled/temporal.cc

drizzled/temporal.h

drizzled/transaction_services.cc

drizzled/transaction_services.h

drizzled/type/decimal.h

drizzled/type/time.h

drizzled/typelib.h

drizzled/tztime.cc

drizzled/tztime.h

drizzled/util/backtrace.h

m4/pandora_warnings.m4

plugin/archive/concurrency_test.cc

plugin/auth_file/tests/r/basic.result

plugin/auth_test/tests/r/basic.result

plugin/debug/plugin.ini

plugin/function_engine/function.cc

plugin/function_engine/function.h

plugin/haildb/haildb_engine.cc

plugin/haildb/tests/r/alter_table.result

plugin/haildb/tests/r/basic_create_with_index.result

plugin/haildb/tests/r/config_lru_old_blocks_pct.result

plugin/haildb/tests/r/rename.result

plugin/haildb/tests/r/truncate.result

plugin/haildb/tests/r/type_blob.result

plugin/haildb/tests/r/type_date.result

plugin/haildb/tests/r/type_datetime.result

plugin/haildb/tests/t/index_read_res_check.test

plugin/haildb/tests/t/type_blob.test

plugin/haildb/tests/t/type_date.test

plugin/haildb/tests/t/type_datetime.test

plugin/memory/heap_priv.h

plugin/memory/hp_record.cc

plugin/mysql_protocol/options.h

plugin/schema_engine/schema.cc

plugin/schema_engine/schema.h

plugin/show_dictionary/show_columns.cc

plugin/show_dictionary/show_create_schema.cc

plugin/show_dictionary/show_create_schema.h

plugin/show_dictionary/show_create_table.cc

plugin/show_dictionary/show_indexes.cc

plugin/show_schema_proto/show_schema_proto.cc

plugin/simple_user_policy/tests/r/basic.result

po/Makefile.in.in

po/POTFILES.in

po/ar.po

po/bn.po

po/ca.po

po/cs.po

po/cy.po

po/da.po

po/de.po

po/el.po

po/en_AU.po

po/en_GB.po

po/eo.po

po/es.po

po/eu.po

po/fo.po

po/fr.po

po/gl.po

po/he.po

po/hi.po

po/hu.po

po/id.po

po/it.po

po/ja.po

po/ko.po

po/ml.po

po/mr.po

po/ms.po

po/mt.po

po/nb.po

po/nl.po

po/oc.po

po/pl.po

po/pt.po

po/pt_BR.po

po/ro.po

po/ru.po

po/sk.po

po/sq.po

po/sv.po

po/ta.po

po/te.po

po/tr.po

po/uk.po

po/zh_CN.po

po/zh_HK.po

tests/r/data_dictionary_like_info.result

Show diffs side-by-side

added added

removed removed

drizzled/plugin/authorization.cc

class RestrictTableFunctor :

public std::unary_function<plugin::Authorization *, bool>

{

const identifier::User &user_ctx;

identifier::Table &table;

identifier::User::const_reference user_ctx;

identifier::Table::const_reference table;

public:

RestrictTableFunctor(const identifier::User &user_ctx_arg,

identifier::Table &table_arg) :

RestrictTableFunctor(identifier::User::const_reference user_ctx_arg,

identifier::Table::const_reference table_arg) :

std::unary_function<plugin::Authorization *, bool>(),

user_ctx(user_ctx_arg),

table(table_arg)

116

class PruneSchemaFunctor :

117

public std::unary_function<identifier::Schema&, bool>

118

{

119

drizzled::identifier::User::const_shared_ptr user_ctx;

119

drizzled::identifier::User::const_reference user_ctx;

120

public:

121

PruneSchemaFunctor(drizzled::identifier::User::const_shared_ptr user_ctx_arg) :

121

PruneSchemaFunctor(drizzled::identifier::User::const_reference user_ctx_arg) :

122

std::unary_function<identifier::Schema&, bool>(),

123

user_ctx(user_ctx_arg)

124

{ }

131

132

} /* namespace */

133

134

bool plugin::Authorization::isAuthorized(identifier::User::const_shared_ptr user_ctx,

134

bool plugin::Authorization::isAuthorized(identifier::User::const_reference user_ctx,

135

identifier::Schema::const_reference schema_identifier,

136

bool send_error)

137

{

143

std::vector<plugin::Authorization *>::const_iterator iter=

144

std::find_if(authorization_plugins.begin(),

145

authorization_plugins.end(),

146

RestrictDbFunctor(*user_ctx, schema_identifier));

146

RestrictDbFunctor(user_ctx, schema_identifier));

147

148

149

155

{

156

if (send_error)

157

{

158

std::string path;

159

schema_identifier.getSQLPath(path);

160

161

my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),

162

user_ctx->username().c_str(),

163

user_ctx->address().c_str(),

164

path.c_str());

158

error::access(user_ctx, schema_identifier);

165

159

}

166

160

return false;

167

161

}

168

162

return true;

169

163

}

170

164

171

bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,

172

identifier::Table &table,

165

bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_reference user_ctx,

166

identifier::Table::const_reference table_identifier,

173

167

bool send_error)

174

168

{

175

169

/* If we never loaded any authorization plugins, just return true */

180

174

std::vector<plugin::Authorization *>::const_iterator iter=

181

175

std::find_if(authorization_plugins.begin(),

182

176

authorization_plugins.end(),

183

RestrictTableFunctor(*user_ctx, table));

177

RestrictTableFunctor(user_ctx, table_identifier));

184

178

185

179

186

180

* If iter is == end() here, that means that all of the plugins returned

191

185

{

192

186

if (send_error)

193

187

{

194

std::string path;

195

table.getSQLPath(path);

196

197

my_error(ER_DBACCESS_DENIED_ERROR, MYF(0),

198

user_ctx->username().c_str(),

199

user_ctx->address().c_str(),

200

path.c_str());

188

error::access(user_ctx, table_identifier);

201

189

}

202

190

return false;

203

191

}

204

192

return true;

205

193

}

206

194

207

bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,

208

const Session *session,

209

bool send_error)

210

{

211

return isAuthorized(*user_ctx, session, send_error);

212

}

213

214

195

bool plugin::Authorization::isAuthorized(drizzled::identifier::User::const_reference user_ctx,

215

const Session *session,

196

Session::const_reference session,

216

197

bool send_error)

217

198

{

218

drizzled::identifier::User::const_shared_ptr session_ctx= session->user();

219

220

199

/* If we never loaded any authorization plugins, just return true */

221

200

if (authorization_plugins.empty())

222

201

return true;

202

203

// To make sure we hold the user structure we need to have a shred_ptr so

204

// that we increase the count on the object.

205

drizzled::identifier::User::const_shared_ptr session_ctx= session.user();

206

223

207

224

208

/* Use find_if instead of foreach so that we can collect return codes */

225

209

std::vector<plugin::Authorization *>::const_iterator iter=

237

221

{

238

222

if (send_error)

239

223

{

240

my_error(ER_KILL_DENIED_ERROR, MYF(0), session->thread_id);

224

my_error(ER_KILL_DENIED_ERROR, MYF(0), session.thread_id);

241

225

}

242

226

return false;

243

227

}

245

229

return true;

246

230

}

247

231

248

void plugin::Authorization::pruneSchemaNames(drizzled::identifier::User::const_shared_ptr user_ctx,

232

void plugin::Authorization::pruneSchemaNames(drizzled::identifier::User::const_reference user_ctx,

249

233

identifier::Schema::vector &set_of_schemas)

250

234

{

251

235

/* If we never loaded any authorization plugins, just return true */

Older »