YugabyteDB (2.13.1.0-b60, 21121d69985fbf76aa6958d8f04a9bfa936293b5)

Coverage Report

Created: 2022-03-22 16:43

/Users/deen/code/yugabyte-db/src/yb/common/roles_permissions.cc
Line
Count
Source (jump to first uncovered line)
1
// Copyright (c) YugaByte, Inc.
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
4
// in compliance with the License.  You may obtain a copy of the License at
5
//
6
// http://www.apache.org/licenses/LICENSE-2.0
7
//
8
// Unless required by applicable law or agreed to in writing, software distributed under the License
9
// is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
10
// or implied.  See the License for the specific language governing permissions and limitations
11
// under the License.
12
//
13
14
#include "yb/common/roles_permissions.h"
15
16
#include <glog/logging.h>
17
18
#include "yb/gutil/strings/substitute.h"
19
20
namespace yb {
21
22
const std::unordered_map<string, vector<PermissionType>> all_permissions_by_resource = {
23
    {"KEYSPACE", {ALTER_PERMISSION, AUTHORIZE_PERMISSION, CREATE_PERMISSION, DROP_PERMISSION,
24
                  MODIFY_PERMISSION, SELECT_PERMISSION}},
25
    {"ALL_KEYSPACES", {ALTER_PERMISSION, AUTHORIZE_PERMISSION, CREATE_PERMISSION, DROP_PERMISSION,
26
                       MODIFY_PERMISSION, SELECT_PERMISSION}},
27
    {"TABLE", {ALTER_PERMISSION, AUTHORIZE_PERMISSION, DROP_PERMISSION, MODIFY_PERMISSION,
28
               SELECT_PERMISSION}},
29
    {"ROLE", {ALTER_PERMISSION, AUTHORIZE_PERMISSION, DROP_PERMISSION}},
30
    {"ALL_ROLES", {ALTER_PERMISSION, AUTHORIZE_PERMISSION, CREATE_PERMISSION, DESCRIBE_PERMISSION,
31
                   DROP_PERMISSION}}
32
};
33
34
const std::vector<PermissionType> empty_permissions;
35
36
3.23k
const vector<PermissionType>& all_permissions_for_resource(ResourceType resource_type) {
37
3.23k
  const auto iter = all_permissions_by_resource.find(ResourceType_Name(resource_type));
38
3.23k
  if (iter == all_permissions_by_resource.end()) {
39
0
    return empty_permissions;
40
0
  }
41
3.23k
  return iter->second;
42
3.23k
}
43
44
1.28k
bool valid_permission_for_resource(PermissionType permission, ResourceType resource_type) {
45
1.28k
  const vector<PermissionType>& all_permissions = all_permissions_for_resource(resource_type);
46
4.37k
  for (const auto& p : all_permissions) {
47
4.37k
    if (p == permission) {
48
1.23k
      return true;
49
1.23k
    }
50
4.37k
  }
51
46
  return false;
52
1.28k
}
53
54
9.72k
std::string get_canonical_keyspace(const std::string &keyspace) {
55
9.72k
  return strings::Substitute("$0/$1", kRolesDataResource, keyspace);
56
9.72k
}
57
58
6.44k
std::string get_canonical_table(const std::string &keyspace, const std::string &table) {
59
6.44k
  return strings::Substitute("$0/$1/$2", kRolesDataResource, keyspace, table);
60
6.44k
}
61
62
3.52k
std::string get_canonical_role(const std::string &role) {
63
3.52k
  return strings::Substitute("$0/$1", kRolesRoleResource, role);
64
3.52k
}
65
66
4.60k
std::string PermissionName(const PermissionType permission) {
67
4.60k
  switch(permission) {
68
816
    case PermissionType::ALTER_PERMISSION: return "ALTER";
69
534
    case PermissionType::CREATE_PERMISSION: return "CREATE";
70
963
    case PermissionType::DROP_PERMISSION: return "DROP";
71
615
    case PermissionType::SELECT_PERMISSION: return "SELECT";
72
778
    case PermissionType::MODIFY_PERMISSION: return "MODIFY";
73
888
    case PermissionType::AUTHORIZE_PERMISSION: return "AUTHORIZE";
74
11
    case PermissionType::DESCRIBE_PERMISSION: return "DESCRIBE";
75
0
    case PermissionType::ALL_PERMISSION:
76
0
      LOG(DFATAL) << "Invalid use of ALL_PERMISSION";
77
0
      break;
78
4.60k
  }
79
0
  return "";
80
4.60k
}
81
} // namespace yb