/Users/deen/code/yugabyte-db/src/yb/common/roles_permissions.cc
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright (c) YugaByte, Inc. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except |
4 | | // in compliance with the License. You may obtain a copy of the License at |
5 | | // |
6 | | // http://www.apache.org/licenses/LICENSE-2.0 |
7 | | // |
8 | | // Unless required by applicable law or agreed to in writing, software distributed under the License |
9 | | // is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express |
10 | | // or implied. See the License for the specific language governing permissions and limitations |
11 | | // under the License. |
12 | | // |
13 | | |
14 | | #include "yb/common/roles_permissions.h" |
15 | | |
16 | | #include <glog/logging.h> |
17 | | |
18 | | #include "yb/gutil/strings/substitute.h" |
19 | | |
20 | | namespace yb { |
21 | | |
22 | | const std::unordered_map<string, vector<PermissionType>> all_permissions_by_resource = { |
23 | | {"KEYSPACE", {ALTER_PERMISSION, AUTHORIZE_PERMISSION, CREATE_PERMISSION, DROP_PERMISSION, |
24 | | MODIFY_PERMISSION, SELECT_PERMISSION}}, |
25 | | {"ALL_KEYSPACES", {ALTER_PERMISSION, AUTHORIZE_PERMISSION, CREATE_PERMISSION, DROP_PERMISSION, |
26 | | MODIFY_PERMISSION, SELECT_PERMISSION}}, |
27 | | {"TABLE", {ALTER_PERMISSION, AUTHORIZE_PERMISSION, DROP_PERMISSION, MODIFY_PERMISSION, |
28 | | SELECT_PERMISSION}}, |
29 | | {"ROLE", {ALTER_PERMISSION, AUTHORIZE_PERMISSION, DROP_PERMISSION}}, |
30 | | {"ALL_ROLES", {ALTER_PERMISSION, AUTHORIZE_PERMISSION, CREATE_PERMISSION, DESCRIBE_PERMISSION, |
31 | | DROP_PERMISSION}} |
32 | | }; |
33 | | |
34 | | const std::vector<PermissionType> empty_permissions; |
35 | | |
36 | 3.23k | const vector<PermissionType>& all_permissions_for_resource(ResourceType resource_type) { |
37 | 3.23k | const auto iter = all_permissions_by_resource.find(ResourceType_Name(resource_type)); |
38 | 3.23k | if (iter == all_permissions_by_resource.end()) { |
39 | 0 | return empty_permissions; |
40 | 0 | } |
41 | 3.23k | return iter->second; |
42 | 3.23k | } |
43 | | |
44 | 1.28k | bool valid_permission_for_resource(PermissionType permission, ResourceType resource_type) { |
45 | 1.28k | const vector<PermissionType>& all_permissions = all_permissions_for_resource(resource_type); |
46 | 4.37k | for (const auto& p : all_permissions) { |
47 | 4.37k | if (p == permission) { |
48 | 1.23k | return true; |
49 | 1.23k | } |
50 | 4.37k | } |
51 | 46 | return false; |
52 | 1.28k | } |
53 | | |
54 | 9.68k | std::string get_canonical_keyspace(const std::string &keyspace) { |
55 | 9.68k | return strings::Substitute("$0/$1", kRolesDataResource, keyspace); |
56 | 9.68k | } |
57 | | |
58 | 3.31k | std::string get_canonical_table(const std::string &keyspace, const std::string &table) { |
59 | 3.31k | return strings::Substitute("$0/$1/$2", kRolesDataResource, keyspace, table); |
60 | 3.31k | } |
61 | | |
62 | 3.52k | std::string get_canonical_role(const std::string &role) { |
63 | 3.52k | return strings::Substitute("$0/$1", kRolesRoleResource, role); |
64 | 3.52k | } |
65 | | |
66 | 4.60k | std::string PermissionName(const PermissionType permission) { |
67 | 4.60k | switch(permission) { |
68 | 816 | case PermissionType::ALTER_PERMISSION: return "ALTER"; |
69 | 534 | case PermissionType::CREATE_PERMISSION: return "CREATE"; |
70 | 963 | case PermissionType::DROP_PERMISSION: return "DROP"; |
71 | 611 | case PermissionType::SELECT_PERMISSION: return "SELECT"; |
72 | 780 | case PermissionType::MODIFY_PERMISSION: return "MODIFY"; |
73 | 889 | case PermissionType::AUTHORIZE_PERMISSION: return "AUTHORIZE"; |
74 | 11 | case PermissionType::DESCRIBE_PERMISSION: return "DESCRIBE"; |
75 | 0 | case PermissionType::ALL_PERMISSION: |
76 | 0 | LOG(DFATAL) << "Invalid use of ALL_PERMISSION"; |
77 | 0 | break; |
78 | 0 | } |
79 | 0 | return ""; |
80 | 0 | } |
81 | | } // namespace yb |