~drizzle-trunk/drizzle/development

« back to all changes in this revision

Viewing changes to drizzled/plugin/authorization.h

Committer: Brian Aker
Date: 2010-12-18 10:14:05 UTC
mfrom: (2008.1.3 clean)
Revision ID: brian@tangent.org-20101218101405-qjbse29shi9coklg

Merge of user identifier work

files added:
drizzled/identifier/user.cc

drizzled/identifier/user.h

plugin/utility_functions/tests/t/execute.test

files removed:
drizzled/security_context.h

files renamed:
plugin/utility_functions/tests/t/execute.test => plugin/utility_functions/tests/t/execute_complex.disabled

files modified:
drizzled/db.cc

drizzled/execute.cc

drizzled/identifier.h

drizzled/include.am

drizzled/plugin/authentication.cc

drizzled/plugin/authentication.h

drizzled/plugin/authorization.cc

drizzled/plugin/authorization.h

drizzled/plugin/schema_engine.cc

drizzled/session.cc

drizzled/session.h

drizzled/sql_base.cc

drizzled/statement/create_schema.cc

drizzled/table.cc

plugin/auth_file/auth_file.cc

plugin/auth_http/auth_http.cc

plugin/auth_ldap/auth_ldap.cc

plugin/auth_pam/auth_pam.cc

plugin/auth_test/auth_test.cc

plugin/console/console.cc

plugin/drizzle_protocol/drizzle_protocol.cc

plugin/innobase/handler/ha_innodb.cc

plugin/logging_stats/logging_stats.cc

plugin/logging_stats/scoreboard.cc

plugin/mysql_protocol/mysql_protocol.cc

plugin/session_dictionary/processlist.cc

plugin/simple_user_policy/policy.h

plugin/user_locks/barriers.h

plugin/user_locks/create_barrier.cc

plugin/user_locks/get_lock.cc

plugin/user_locks/get_locks.cc

plugin/user_locks/is_free_lock.cc

plugin/user_locks/is_used_lock.cc

plugin/user_locks/key.h

plugin/user_locks/release_barrier.cc

plugin/user_locks/release_lock.cc

plugin/user_locks/release_wait.cc

plugin/user_locks/signal.cc

plugin/user_locks/wait.cc

plugin/user_locks/wait_for_lock.cc

plugin/user_locks/wait_until.cc

plugin/utility_functions/tests/r/execute.result

plugin/utility_functions/user.cc

support-files/drizzle.spec.in

unittests/plugin/authentication_test.cc

unittests/plugin/plugin_stubs.h

Show diffs side-by-side

added added

removed removed

drizzled/plugin/authorization.h

#include "drizzled/plugin.h"

#include "drizzled/plugin/plugin.h"

#include "drizzled/security_context.h"

#include "drizzled/identifier.h"

#include <string>

* @returns true if the user cannot access the schema

virtual bool restrictSchema(const SecurityContext &user_ctx,

virtual bool restrictSchema(const drizzled::identifier::User &user_ctx,

SchemaIdentifier::const_reference schema)= 0;

/**

* @returns true if the user cannot access the table

virtual bool restrictTable(const SecurityContext &user_ctx,

virtual bool restrictTable(const drizzled::identifier::User &user_ctx,

TableIdentifier &table);

/**

* @returns true if the user cannot see the process

virtual bool restrictProcess(const SecurityContext &user_ctx,

const SecurityContext &session_ctx);

virtual bool restrictProcess(const drizzled::identifier::User &user_ctx,

const drizzled::identifier::User &session_ctx);

/** Server API method for checking schema authorization */

static bool isAuthorized(const SecurityContext &user_ctx,

static bool isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,

SchemaIdentifier::const_reference schema_identifier,

bool send_error= true);

/** Server API method for checking table authorization */

static bool isAuthorized(const SecurityContext &user_ctx,

static bool isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,

TableIdentifier &table_identifier,

bool send_error= true);

/** Server API method for checking process authorization */

static bool isAuthorized(const SecurityContext &user_ctx,

static bool isAuthorized(drizzled::identifier::User::const_shared_ptr user_ctx,

const Session *session,

bool send_error= true);

101

100

* Server API helper method for applying authorization tests

102

101

* to a set of schema names (for use in the context of getSchemaNames

103

102

104

static void pruneSchemaNames(const SecurityContext &user_ctx,

103

static void pruneSchemaNames(drizzled::identifier::User::const_shared_ptr user_ctx,

105

104

SchemaIdentifier::vector &set_of_schemas);

106

105

107

106

/**

112

111

113

112

};

114

113

115

inline bool Authorization::restrictTable(const SecurityContext &user_ctx,

114

inline bool Authorization::restrictTable(const drizzled::identifier::User &user_ctx,

116

115

TableIdentifier &table)

117

116

{

118

117

return restrictSchema(user_ctx, table);

119

118

}

120

119

121

inline bool Authorization::restrictProcess(const SecurityContext &,

122

const SecurityContext &)

120

inline bool Authorization::restrictProcess(const drizzled::identifier::User &,

121

const drizzled::identifier::User &)

123

122

{

124

123

return false;

125

124

}

Older »