DB_restrictions_aggregator_db_grant Class Reference

Restriction aggregator for GRANT statement over database privileges. More...

#include <partial_revokes.h>

Inheritance diagram for DB_restrictions_aggregator_db_grant:

Private Member Functions
	DB_restrictions_aggregator_db_grant (const Auth_id &grantor, const Auth_id grantee, const Access_bitmask grantor_global_access, const Access_bitmask grantee_global_access, const Access_bitmask grantor_db_access, const Access_bitmask grantee_db_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const Access_bitmask requested_access, bool is_grant_all, const std::string &db_name, const Security_context *sctx)
	Constructor. More...
void	aggregate (DB_restrictions &restrictions) override
	Aggregate restriction lists. More...
Status	validate () override
	Validation function for database level grant statement. More...

Private Attributes
const Access_bitmask	m_grantor_db_access
	Grantor's database privileges. More...
const Access_bitmask	m_grantee_db_access
	Grantee's database privileges. More...
const bool	m_is_grant_all
	Flag for GRANT ALL ON <db>. More...
const std::string	m_db_name
	Target database of GRANT. More...

Friends
class	Restrictions_aggregator_factory
	Aggregator needs to access class members. More...

Additional Inherited Members
Public Member Functions inherited from DB_restrictions_aggregator
bool	generate (Abstract_restrictions &restrictions) override
	Driver function to aggregate restriction lists. More...
Public Member Functions inherited from Restrictions_aggregator
virtual	~Restrictions_aggregator ()
	Destructor. More...
Protected Types inherited from DB_restrictions_aggregator
enum class	SQL_OP { SET_ROLE , GLOBAL_GRANT }
using	Status = Restrictions_aggregator::Status
Protected Types inherited from Restrictions_aggregator
enum class	Status {   Error , Warning , Validated , Aggregated ,   No_op }
Protected Member Functions inherited from DB_restrictions_aggregator
	DB_restrictions_aggregator (const Auth_id &grantor, const Auth_id grantee, const Access_bitmask grantor_global_access, const Access_bitmask grantee_global_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const Access_bitmask requested_access, const Security_context *sctx)
	Constructor for database level restrictions aggregator. More...
bool	find_if_require_next_level_operation (Access_bitmask &rights) const override
	Get list of privileges that are not restricted through restriction list. More...
bool	check_db_access_and_restrictions_collision (const Access_bitmask grantee_db_access, const Access_bitmask grantee_restrictions, const std::string &db_name) noexcept
	Check possible descrepancy between DB access being granted and existing restrictions. More...
void	set_if_db_level_operation (const Access_bitmask requested_access, const Access_bitmask restrictions_mask) noexcept
	Set privileges that needs to be processed further. More...
void	aggregate_restrictions (SQL_OP sql_op, const Db_access_map *m_db_map, DB_restrictions &restrictions)
	A helper method that aggregates the restrictions for global_grant and set_role operations since both are similar in nature. More...
Access_bitmask	get_grantee_db_access (const std::string &db_name) const
	Fetches the grantee's DB access on the specified DB If security context of current user exists and has some active roles then probe the security context since current user must be grantee. More...
void	get_grantee_db_access (const std::string &db_name, Access_bitmask &access) const
	Fetches the grantee's DB access on the specified DB If security context of current user exists and has some active roles then probe the security context since current user must be grantee. More...
Protected Member Functions inherited from Restrictions_aggregator
	Restrictions_aggregator (const Auth_id &grantor, const Auth_id grantee, const Access_bitmask grantor_global_access, const Access_bitmask grantee_global_access, const Access_bitmask requested_access)
	Constructor. More...
	Restrictions_aggregator (const Restrictions_aggregator &)=delete
Restrictions_aggregator &	operator= (const Restrictions_aggregator &)=delete
	Restrictions_aggregator (const Restrictions_aggregator &&)=delete
Restrictions_aggregator &	operator= (const Restrictions_aggregator &&)=delete
Protected Attributes inherited from DB_restrictions_aggregator
Access_bitmask	m_privs_not_processed = 0
	Privileges that needs to be checked further through DB grants. More...
DB_restrictions	m_grantor_rl
	Database restrictions for grantor. More...
DB_restrictions	m_grantee_rl
	Database restrictions for grantee. More...
const Security_context *	m_sctx
	Security context of the current user. More...
Protected Attributes inherited from Restrictions_aggregator
const Auth_id	m_grantor
	Grantor information. More...
const Auth_id	m_grantee
	Grantee information. More...
const Access_bitmask	m_grantor_global_access
	Global static privileges of grantor. More...
const Access_bitmask	m_grantee_global_access
	Global static privileges of grantee. More...
const Access_bitmask	m_requested_access
	Privileges that are being granted or revoked. More...
Status	m_status
	Internal status of aggregation process. More...

Detailed Description

Restriction aggregator for GRANT statement over database privileges.

Constructor & Destructor Documentation

DB_restrictions_aggregator_db_grant()

DB_restrictions_aggregator_db_grant::DB_restrictions_aggregator_db_grant ( const Auth_id &  grantor, const Auth_id  grantee, const Access_bitmask  grantor_global_access, const Access_bitmask  grantee_global_access, const Access_bitmask  grantor_db_access, const Access_bitmask  grantee_db_access, const DB_restrictions &  grantor_db_restrictions, const DB_restrictions &  grantee_db_restrictions, const Access_bitmask  requested_access, bool  is_grant_all, const std::string &  db_name, const Security_context *  sctx  )

private

Constructor.

Parameters

[in]	grantor	Grantor information
[in]	grantee	Grantee information
[in]	grantor_global_access	Global static access of grantor
[in]	grantee_global_access	Global static access of grantee
[in]	grantor_db_access	Database access of grantor
[in]	grantee_db_access	Database access of grantee
[in]	grantor_db_restrictions	DB_restrictions of grantor
[in]	grantee_db_restrictions	DB_restrictions of grantee
[in]	requested_access	Requested privileges to be granted
[in]	is_grant_all	Flag for GRANT ALL
[in]	db_name	Database information
[in]	sctx	Security_context of current user. Default value is nullptr

Member Function Documentation

aggregate()

void DB_restrictions_aggregator_db_grant::aggregate ( DB_restrictions &  restrictions )

overrideprivatevirtual

Aggregate restriction lists.

Parameters

[out]

restrictions

Database restrictions

Implements DB_restrictions_aggregator.

validate()

Restrictions_aggregator::Status DB_restrictions_aggregator_db_grant::validate ( )

overrideprivatevirtual

Validation function for database level grant statement.

Implements DB_restrictions_aggregator.

Friends And Related Function Documentation

Restrictions_aggregator_factory

friend class Restrictions_aggregator_factory

friend

Aggregator needs to access class members.

Member Data Documentation

m_db_name

const std::string DB_restrictions_aggregator_db_grant::m_db_name

private

Target database of GRANT.

m_grantee_db_access

const Access_bitmask DB_restrictions_aggregator_db_grant::m_grantee_db_access

private

Grantee's database privileges.

m_grantor_db_access

const Access_bitmask DB_restrictions_aggregator_db_grant::m_grantor_db_access

private

Grantor's database privileges.

m_is_grant_all

const bool DB_restrictions_aggregator_db_grant::m_is_grant_all

private

Flag for GRANT ALL ON <db>.

• TO ...

---

The documentation for this class was generated from the following files:

• sql/auth/partial_revokes.h
• sql/auth/partial_revokes.cc