25 #include <drizzled/plugin/authorization.h>
26 #include <drizzled/identifier.h>
27 #include <drizzled/error.h>
28 #include <drizzled/session.h>
29 #include <drizzled/gettext.h>
34 std::vector<plugin::Authorization *> authorization_plugins;
40 authorization_plugins.push_back(auth);
49 authorization_plugins.erase(std::find(authorization_plugins.begin(),
50 authorization_plugins.end(),
58 class RestrictDbFunctor :
59 public std::unary_function<plugin::Authorization *, bool>
61 const identifier::User &user_ctx;
62 const identifier::Schema& schema;
65 RestrictDbFunctor(
const identifier::User &user_ctx_arg,
66 const identifier::Schema& schema_arg) :
67 std::unary_function<
plugin::Authorization *, bool>(),
68 user_ctx(user_ctx_arg),
72 inline result_type operator()(argument_type auth)
74 return auth->restrictSchema(user_ctx, schema);
78 class RestrictTableFunctor :
79 public std::unary_function<plugin::Authorization *, bool>
81 const identifier::User& user_ctx;
82 const identifier::Table& table;
84 RestrictTableFunctor(
const identifier::User& user_ctx_arg,
85 const identifier::Table& table_arg) :
86 std::unary_function<
plugin::Authorization *, bool>(),
87 user_ctx(user_ctx_arg),
91 inline result_type operator()(argument_type auth)
93 return auth->restrictTable(user_ctx, table);
97 class RestrictProcessFunctor :
98 public std::unary_function<plugin::Authorization *, bool>
100 const identifier::User &user_ctx;
101 const identifier::User &session_ctx;
103 RestrictProcessFunctor(
const identifier::User &user_ctx_arg,
104 const identifier::User &session_ctx_arg) :
105 std::unary_function<
plugin::Authorization *, bool>(),
106 user_ctx(user_ctx_arg),
107 session_ctx(session_ctx_arg)
110 inline result_type operator()(argument_type auth)
112 return auth->restrictProcess(user_ctx, session_ctx);
116 class PruneSchemaFunctor :
117 public std::unary_function<identifier::Schema&, bool>
122 std::unary_function<identifier::
Schema&, bool>(),
123 user_ctx(user_ctx_arg)
126 inline result_type operator()(argument_type auth)
139 if (authorization_plugins.empty())
143 std::vector<plugin::Authorization *>::const_iterator iter=
144 std::find_if(authorization_plugins.begin(),
145 authorization_plugins.end(),
146 RestrictDbFunctor(user_ctx, schema_identifier));
154 if (iter != authorization_plugins.end())
158 error::access(user_ctx, schema_identifier);
170 if (authorization_plugins.empty())
174 std::vector<plugin::Authorization *>::const_iterator iter=
175 std::find_if(authorization_plugins.begin(),
176 authorization_plugins.end(),
177 RestrictTableFunctor(user_ctx, table_identifier));
184 if (iter != authorization_plugins.end())
188 error::access(user_ctx, table_identifier);
200 if (authorization_plugins.empty())
205 drizzled::identifier::user::ptr session_ctx= session.user();
209 std::vector<plugin::Authorization *>::const_iterator iter=
210 std::find_if(authorization_plugins.begin(),
211 authorization_plugins.end(),
212 RestrictProcessFunctor(user_ctx, *session_ctx));
220 if (iter != authorization_plugins.end())
224 my_error(ER_KILL_DENIED_ERROR, MYF(0), session.thread_id);
233 identifier::schema::vector &set_of_schemas)
236 if (authorization_plugins.empty())
239 set_of_schemas.erase(std::remove_if(set_of_schemas.begin(),
240 set_of_schemas.end(),
241 PruneSchemaFunctor(user_ctx)),
242 set_of_schemas.end());
A set of Session members describing the current authenticated user.
TODO: Rename this file - func.h is stupid.
static bool isAuthorized(const drizzled::identifier::User &user_ctx, const identifier::Schema &schema_identifier, bool send_error=true)
static bool addPlugin(plugin::Authorization *auth)
static void pruneSchemaNames(const drizzled::identifier::User &user_ctx, identifier::schema::vector &set_of_schemas)