MySQL  8.0.23
Source Code Documentation
DB_restrictions_aggregator_db_grant Class Referencefinal

Restriction aggregator for GRANT statement over database privileges. More...

#include <partial_revokes.h>

Inheritance diagram for DB_restrictions_aggregator_db_grant:
DB_restrictions_aggregator Restrictions_aggregator

Private Member Functions

 DB_restrictions_aggregator_db_grant (const Auth_id &grantor, const Auth_id grantee, const ulong grantor_global_access, const ulong grantee_global_access, const ulong grantor_db_access, const ulong grantee_db_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const ulong requested_access, bool is_grant_all, const std::string &db_name, const Security_context *sctx)
 Constructor. More...
 
void aggregate (DB_restrictions &restrictions) override
 Aggregate restriction lists. More...
 
Status validate () override
 Validation function for database level grant statement. More...
 

Private Attributes

const ulong m_grantor_db_access
 Grantor's database privileges. More...
 
const ulong m_grantee_db_access
 Grantee's database privileges. More...
 
const bool m_is_grant_all
 Flag for GRANT ALL ON <db>. More...
 
const std::string m_db_name
 Target database of GRANT. More...
 

Friends

class Restrictions_aggregator_factory
 Aggregator needs to access class members. More...
 

Additional Inherited Members

- Public Member Functions inherited from DB_restrictions_aggregator
bool generate (Abstract_restrictions &restrictions) override
 Driver function to aggregate restriction lists. More...
 
- Public Member Functions inherited from Restrictions_aggregator
virtual ~Restrictions_aggregator ()
 Destructor. More...
 
- Protected Types inherited from DB_restrictions_aggregator
enum  SQL_OP { SQL_OP::SET_ROLE, SQL_OP::GLOBAL_GRANT }
 
using Status = Restrictions_aggregator::Status
 
- Protected Types inherited from Restrictions_aggregator
enum  Status {
  Status::Error, Status::Warning, Status::Validated, Status::Aggregated,
  Status::No_op
}
 
- Protected Member Functions inherited from DB_restrictions_aggregator
 DB_restrictions_aggregator (const Auth_id &grantor, const Auth_id grantee, const ulong grantor_global_access, const ulong grantee_global_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const ulong requested_access, const Security_context *sctx)
 Constructor for database level restrictions aggregator. More...
 
bool find_if_require_next_level_operation (ulong &rights) const override
 Get list of privileges that are not restricted through restriction list. More...
 
bool check_db_access_and_restrictions_collision (const ulong grantee_db_access, const ulong grantee_restrictions, const std::string &db_name) noexcept
 Check possible descrepancy between DB access being granted and existing restrictions. More...
 
void set_if_db_level_operation (const ulong requested_access, const ulong restrictions_mask) noexcept
 Set privileges that needs to be processed further. More...
 
void aggregate_restrictions (SQL_OP sql_op, const Db_access_map *m_db_map, DB_restrictions &restrictions)
 A helper method that aggregates the restrictions for global_grant and set_role operations since both are similar in nature. More...
 
ulong get_grantee_db_access (const std::string &db_name) const
 Fetches the grantee's DB access on the specified DB If security context of current user exists and has some active roles then probe the security context since current user must be grantee. More...
 
void get_grantee_db_access (const std::string &db_name, ulong &access) const
 Fetches the grantee's DB access on the specified DB If security context of current user exists and has some active roles then probe the security context since current user must be grantee. More...
 
- Protected Member Functions inherited from Restrictions_aggregator
 Restrictions_aggregator (const Auth_id &grantor, const Auth_id grantee, const ulong grantor_global_access, const ulong grantee_global_access, const ulong requested_access)
 Constructor. More...
 
 Restrictions_aggregator (const Restrictions_aggregator &)=delete
 
Restrictions_aggregatoroperator= (const Restrictions_aggregator &)=delete
 
 Restrictions_aggregator (const Restrictions_aggregator &&)=delete
 
Restrictions_aggregatoroperator= (const Restrictions_aggregator &&)=delete
 
- Protected Attributes inherited from DB_restrictions_aggregator
ulong m_privs_not_processed = 0
 Privileges that needs to be checked further through DB grants. More...
 
DB_restrictions m_grantor_rl
 Database restrictions for grantor. More...
 
DB_restrictions m_grantee_rl
 Database restrictions for grantee. More...
 
const Security_contextm_sctx
 Security context of the current user. More...
 
- Protected Attributes inherited from Restrictions_aggregator
const Auth_id m_grantor
 Grantor information. More...
 
const Auth_id m_grantee
 Grantee information. More...
 
const ulong m_grantor_global_access
 Global static privileges of grantor. More...
 
const ulong m_grantee_global_access
 Global static privileges of grantee. More...
 
const ulong m_requested_access
 Privileges that are being granted or revoked. More...
 
Status m_status
 Internal status of aggregation process. More...
 

Detailed Description

Restriction aggregator for GRANT statement over database privileges.

Constructor & Destructor Documentation

◆ DB_restrictions_aggregator_db_grant()

DB_restrictions_aggregator_db_grant::DB_restrictions_aggregator_db_grant ( const Auth_id grantor,
const Auth_id  grantee,
const ulong  grantor_global_access,
const ulong  grantee_global_access,
const ulong  grantor_db_access,
const ulong  grantee_db_access,
const DB_restrictions grantor_db_restrictions,
const DB_restrictions grantee_db_restrictions,
const ulong  requested_access,
bool  is_grant_all,
const std::string &  db_name,
const Security_context sctx 
)
private

Constructor.

Parameters
[in]grantorGrantor information
[in]granteeGrantee information
[in]grantor_global_accessGlobal static access of grantor
[in]grantee_global_accessGlobal static access of grantee
[in]grantor_db_accessDatabase access of grantor
[in]grantee_db_accessDatabase access of grantee
[in]grantor_db_restrictionsDB_restrictions of grantor
[in]grantee_db_restrictionsDB_restrictions of grantee
[in]requested_accessRequested privileges to be granted
[in]is_grant_allFlag for GRANT ALL
[in]db_nameDatabase information
[in]sctxSecurity_context of current user. Default value is nullptr

Member Function Documentation

◆ aggregate()

void DB_restrictions_aggregator_db_grant::aggregate ( DB_restrictions restrictions)
overrideprivatevirtual

Aggregate restriction lists.

Parameters
[out]restrictionsDatabase restrictions

Implements DB_restrictions_aggregator.

◆ validate()

Restrictions_aggregator::Status DB_restrictions_aggregator_db_grant::validate ( )
overrideprivatevirtual

Validation function for database level grant statement.

Implements DB_restrictions_aggregator.

Friends And Related Function Documentation

◆ Restrictions_aggregator_factory

friend class Restrictions_aggregator_factory
friend

Aggregator needs to access class members.

Member Data Documentation

◆ m_db_name

const std::string DB_restrictions_aggregator_db_grant::m_db_name
private

Target database of GRANT.

◆ m_grantee_db_access

const ulong DB_restrictions_aggregator_db_grant::m_grantee_db_access
private

Grantee's database privileges.

◆ m_grantor_db_access

const ulong DB_restrictions_aggregator_db_grant::m_grantor_db_access
private

Grantor's database privileges.

◆ m_is_grant_all

const bool DB_restrictions_aggregator_db_grant::m_is_grant_all
private

Flag for GRANT ALL ON <db>.

  • TO ...

The documentation for this class was generated from the following files: