/Users/deen/code/yugabyte-db/src/yb/master/yql_auth_role_permissions_vtable.cc
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright (c) YugaByte, Inc. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except |
4 | | // in compliance with the License. You may obtain a copy of the License at |
5 | | // |
6 | | // http://www.apache.org/licenses/LICENSE-2.0 |
7 | | // |
8 | | // Unless required by applicable law or agreed to in writing, software distributed under the License |
9 | | // is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express |
10 | | // or implied. See the License for the specific language governing permissions and limitations |
11 | | // under the License. |
12 | | // |
13 | | |
14 | | #include "yb/master/yql_auth_role_permissions_vtable.h" |
15 | | |
16 | | #include "yb/common/common.pb.h" |
17 | | #include "yb/common/ql_type.h" |
18 | | #include "yb/common/roles_permissions.h" |
19 | | #include "yb/common/schema.h" |
20 | | |
21 | | #include "yb/gutil/strings/substitute.h" |
22 | | |
23 | | #include "yb/master/permissions_manager.h" |
24 | | |
25 | | #include "yb/util/status_log.h" |
26 | | |
27 | | namespace yb { |
28 | | namespace master { |
29 | | |
30 | | YQLAuthRolePermissionsVTable::YQLAuthRolePermissionsVTable(const TableName& table_name, |
31 | | const NamespaceName& namespace_name, |
32 | | Master* const master) |
33 | 3.00k | : YQLVirtualTable(table_name, namespace_name, master, CreateSchema()) { |
34 | 3.00k | } |
35 | | |
36 | | Result<std::shared_ptr<QLRowBlock>> YQLAuthRolePermissionsVTable::RetrieveData( |
37 | 135 | const QLReadRequestPB& request) const { |
38 | 135 | auto vtable = std::make_shared<QLRowBlock>(schema()); |
39 | 135 | std::vector<scoped_refptr<RoleInfo>> roles; |
40 | 135 | catalog_manager().permissions_manager()->GetAllRoles(&roles); |
41 | 371 | for (const auto& rp : roles) { |
42 | 371 | auto l = rp->LockForRead(); |
43 | 371 | const auto& pb = l->pb; |
44 | 813 | for (const auto& resource : pb.resources()) { |
45 | 813 | QLRow& row = vtable->Extend(); |
46 | 813 | RETURN_NOT_OK(SetColumnValue(kRole, pb.role(), &row)); |
47 | 813 | RETURN_NOT_OK(SetColumnValue(kResource, resource.canonical_resource(), &row)); |
48 | | |
49 | 813 | QLValuePB permissions; |
50 | 813 | QLSeqValuePB* list_value = permissions.mutable_list_value(); |
51 | | |
52 | 4.61k | for (int j = 0; j < resource.permissions_size(); j++3.79k ) { |
53 | 3.79k | const auto& permission = resource.permissions(j); |
54 | 3.79k | string permission_name = PermissionName(permission); |
55 | 3.79k | if (permission_name.empty()) { |
56 | 0 | return STATUS(InvalidArgument, |
57 | 0 | strings::Substitute("Unknown Permission $0", |
58 | 0 | PermissionType_Name(permission))); |
59 | 3.79k | } else { |
60 | 3.79k | (*list_value->add_elems()).set_string_value(permission_name); |
61 | 3.79k | } |
62 | 3.79k | } |
63 | 813 | RETURN_NOT_OK(SetColumnValue(kPermissions, permissions, &row)); |
64 | 813 | } |
65 | 371 | } |
66 | | |
67 | 135 | return vtable; |
68 | 135 | } |
69 | | |
70 | | |
71 | 3.00k | Schema YQLAuthRolePermissionsVTable::CreateSchema() const { |
72 | 3.00k | SchemaBuilder builder; |
73 | 3.00k | CHECK_OK(builder.AddHashKeyColumn(kRole, DataType::STRING)); |
74 | 3.00k | CHECK_OK(builder.AddColumn(kResource, QLType::Create(DataType::STRING))); |
75 | 3.00k | CHECK_OK(builder.AddColumn(kPermissions, QLType::CreateTypeList(DataType::STRING))); |
76 | 3.00k | return builder.Build(); |
77 | 3.00k | } |
78 | | |
79 | | } // namespace master |
80 | | } // namespace yb |