MySQL 8.4.2
Source Code Documentation
|
DB Restrictions representation in memory. More...
#include <partial_revokes.h>
Public Member Functions | |
DB_restrictions () | |
DB Restrictions constructor. More... | |
~DB_restrictions () override | |
Destructor. More... | |
db_revocations & | operator() (void) |
DB_restrictions (const DB_restrictions &restrictions) | |
Copy constructor for DB Restrictions. More... | |
DB_restrictions (DB_restrictions &&restrictions)=delete | |
DB_restrictions & | operator= (const DB_restrictions &restrictions) |
Assignment operator. More... | |
DB_restrictions & | operator= (DB_restrictions &&restrictions) |
Assignment operator. More... | |
bool | operator== (const DB_restrictions &restrictions) const |
Compare the two restrictions. More... | |
void | add (const std::string &db_name, const Access_bitmask revoke_privs) |
Add given privileges as restricted for the database. More... | |
void | add (const DB_restrictions &restrictions) |
Add restriction information from source DB_restrictions. More... | |
bool | add (const Json_object &json_object) |
Deserializer. More... | |
void | remove (const std::string &db_name, const Access_bitmask revoke_privs) |
Remove given set of privilegs for a database from restriction list. More... | |
void | remove (const Access_bitmask revoke_privs) |
Remove given set of privs from restricted list for all databases. More... | |
bool | find (const std::string &db_name, Access_bitmask &access) const |
Get restricted access information for given database. More... | |
bool | is_empty () const override |
Status function to check if restriction list is empty. More... | |
size_t | size () const override |
Status function to get number of entries in restriction list. More... | |
void | clear () override |
Clear restriction list. More... | |
void | get_as_json (Json_array &restrictions_array) const |
Serializer. More... | |
const db_revocations & | get () const |
bool | has_more_restrictions (const DB_restrictions &, Access_bitmask) const |
Compare is two restriction list for given privileges. More... | |
Public Member Functions inherited from Abstract_restrictions | |
Abstract_restrictions () | |
Abstract restriction constructor. More... | |
virtual | ~Abstract_restrictions () |
Abstract restriction destructor. More... | |
Private Member Functions | |
db_revocations & | db_restrictions () |
void | remove (const Access_bitmask remove_restrictions, Access_bitmask &restrictions_mask) const noexcept |
Private function: Remove given set of privs from restricted list. More... | |
db_revocations * | create_restrictions_if_needed () |
void | copy_restrictions (const DB_restrictions &other) |
Private Attributes | |
db_revocations * | m_restrictions = nullptr |
Database restrictions. More... | |
DB Restrictions representation in memory.
Note that an instance of this class is owned by the security context. Many of the usage pattern of the security context has complex life cycle, it may be using memory allocated through MEM_ROOT. That may lead to an unwarranted memory growth in some circumstances. Therefore, we wish to own the life cycle of the non POD type members in this class. Please allocate them dynamically otherwise you may cause some difficult to find memory leaks.
@note : non POD members are allocated when needed but not in constructor to avoid unnecessary memory allocations since it is frequently accessed code path. Onus is on the user to call the APIs safely that is to make sure that if the accessed member in the API is allocated if it was supposed to be.
DB_restrictions also provides functions to:
DB_restrictions::DB_restrictions | ( | ) |
DB Restrictions constructor.
|
override |
Destructor.
DB_restrictions::DB_restrictions | ( | const DB_restrictions & | other | ) |
Copy constructor for DB Restrictions.
[in] | other | Source DB restrictions |
|
delete |
void DB_restrictions::add | ( | const DB_restrictions & | restrictions | ) |
Add restriction information from source DB_restrictions.
[in] | restrictions | List of <database, privileges> |
bool DB_restrictions::add | ( | const Json_object & | json_object | ) |
Deserializer.
Converts a JSON object to <database, privileges> list.
[in] | json_object | Restrictions represented by JSON |
true | Error in deserializing the data. |
false | All good. |
void DB_restrictions::add | ( | const std::string & | db_name, |
const Access_bitmask | revoke_privs | ||
) |
Add given privileges as restricted for the database.
[in] | db_name | Database information |
[in] | revoke_privs | Privileges to be restricted |
|
overridevirtual |
Clear restriction list.
Implements Abstract_restrictions.
|
inlineprivate |
|
inlineprivate |
|
inlineprivate |
bool DB_restrictions::find | ( | const std::string & | db_name, |
Access_bitmask & | access | ||
) | const |
Get restricted access information for given database.
[in] | db_name | Database information |
[out] | access | Restricted access |
true | Entry found. |
false | Entry not found. Do not rely on access. |
|
inline |
void DB_restrictions::get_as_json | ( | Json_array & | restrictions_array | ) | const |
Serializer.
Converts restriction list to JSON format.
This is used while storing restriction list in ACL table.
bool DB_restrictions::has_more_restrictions | ( | const DB_restrictions & | other, |
Access_bitmask | access | ||
) | const |
Compare is two restriction list for given privileges.
[in] | other | DB_restrictions to compare against |
[in] | access | Privilege filter |
false | Other restriction list has less or equal restrictions |
true | Otherwise |
|
overridevirtual |
Status function to check if restriction list is empty.
m_restrictions may not be initialized yet, that also indicates that the restrictions are empty.
Implements Abstract_restrictions.
|
inline |
DB_restrictions & DB_restrictions::operator= | ( | const DB_restrictions & | other | ) |
Assignment operator.
[in] | other | Source DB restrictions |
DB_restrictions & DB_restrictions::operator= | ( | DB_restrictions && | restrictions | ) |
Assignment operator.
[in] | restrictions | Source DB restrictions |
bool DB_restrictions::operator== | ( | const DB_restrictions & | restrictions | ) | const |
Compare the two restrictions.
[in] | restrictions | DB_restrictions object to be compared with this |
true | If both DB_restrictions are same |
false | Otherwise |
|
privatenoexcept |
Private function: Remove given set of privs from restricted list.
[in] | remove_restrictions | Restriction to be removed |
[out] | restriction_mask | Resultant value to be returned |
void DB_restrictions::remove | ( | const Access_bitmask | revoke_privs | ) |
Remove given set of privs from restricted list for all databases.
If it turns out to be no restrictions on a DB after removal of the restrictions, then remove the db_name entry from the internal container as well.
[in] | revoke_privs | Privileges to be removed |
void DB_restrictions::remove | ( | const std::string & | db_name, |
const Access_bitmask | revoke_privs | ||
) |
Remove given set of privilegs for a database from restriction list.
[in] | db_name | Database information |
[in] | revoke_privs | List of privileges to remove |
|
overridevirtual |
Status function to get number of entries in restriction list.
Implements Abstract_restrictions.
|
private |
Database restrictions.
Dynamically allocating the memory everytime in constructor would be expensive because this is frequently accessed code path. Therefore, we shall allocate the memory when needed later on.