MySQL 9.1.0
Source Code Documentation
Protected Member Functions | Private Member Functions | Friends | List of all members
DB_restrictions_aggregator_global_revoke Class Reference

#include <partial_revokes.h>

Inheritance diagram for DB_restrictions_aggregator_global_revoke:
[legend]

Protected Member Functions

 DB_restrictions_aggregator_global_revoke (const Auth_id &grantor, const Auth_id grantee, const Access_bitmask grantor_global_access, const Access_bitmask grantee_global_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const Access_bitmask requested_access, const Security_context *sctx)
 DB_restrictions_aggregator_global_revoke constructor. More...
 
Status validate_if_grantee_rl_not_empty ()
 If grantee restrictions_list is not empty then check the following. More...
 
- Protected Member Functions inherited from DB_restrictions_aggregator
 DB_restrictions_aggregator (const Auth_id &grantor, const Auth_id grantee, const Access_bitmask grantor_global_access, const Access_bitmask grantee_global_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const Access_bitmask requested_access, const Security_context *sctx)
 Constructor for database level restrictions aggregator. More...
 
bool find_if_require_next_level_operation (Access_bitmask &rights) const override
 Get list of privileges that are not restricted through restriction list. More...
 
bool check_db_access_and_restrictions_collision (const Access_bitmask grantee_db_access, const Access_bitmask grantee_restrictions, const std::string &db_name) noexcept
 Check possible descrepancy between DB access being granted and existing restrictions. More...
 
void set_if_db_level_operation (const Access_bitmask requested_access, const Access_bitmask restrictions_mask) noexcept
 Set privileges that needs to be processed further. More...
 
void aggregate_restrictions (SQL_OP sql_op, const Db_access_map *m_db_map, DB_restrictions &restrictions)
 A helper method that aggregates the restrictions for global_grant and set_role operations since both are similar in nature. More...
 
Access_bitmask get_grantee_db_access (const std::string &db_name) const
 Fetches the grantee's DB access on the specified DB If security context of current user exists and has some active roles then probe the security context since current user must be grantee. More...
 
void get_grantee_db_access (const std::string &db_name, Access_bitmask &access) const
 Fetches the grantee's DB access on the specified DB If security context of current user exists and has some active roles then probe the security context since current user must be grantee. More...
 
- Protected Member Functions inherited from Restrictions_aggregator
 Restrictions_aggregator (const Auth_id &grantor, const Auth_id grantee, const Access_bitmask grantor_global_access, const Access_bitmask grantee_global_access, const Access_bitmask requested_access)
 Constructor. More...
 
 Restrictions_aggregator (const Restrictions_aggregator &)=delete
 
Restrictions_aggregatoroperator= (const Restrictions_aggregator &)=delete
 
 Restrictions_aggregator (const Restrictions_aggregator &&)=delete
 
Restrictions_aggregatoroperator= (const Restrictions_aggregator &&)=delete
 

Private Member Functions

Status validate () override
 Evaluates the restrictions list of grantor and grantee, as well as requested privilege. More...
 
void aggregate (DB_restrictions &restrictions) override
 

Friends

class Restrictions_aggregator_factory
 

Additional Inherited Members

- Public Member Functions inherited from DB_restrictions_aggregator
bool generate (Abstract_restrictions &restrictions) override
 Driver function to aggregate restriction lists. More...
 
- Public Member Functions inherited from Restrictions_aggregator
virtual ~Restrictions_aggregator ()
 Destructor. More...
 
- Protected Types inherited from DB_restrictions_aggregator
enum class  SQL_OP { SET_ROLE , GLOBAL_GRANT }
 
using Status = Restrictions_aggregator::Status
 
- Protected Types inherited from Restrictions_aggregator
enum class  Status {
  Error , Warning , Validated , Aggregated ,
  No_op
}
 
- Protected Attributes inherited from DB_restrictions_aggregator
Access_bitmask m_privs_not_processed = 0
 Privileges that needs to be checked further through DB grants. More...
 
DB_restrictions m_grantor_rl
 Database restrictions for grantor. More...
 
DB_restrictions m_grantee_rl
 Database restrictions for grantee. More...
 
const Security_contextm_sctx
 Security context of the current user. More...
 
- Protected Attributes inherited from Restrictions_aggregator
const Auth_id m_grantor
 Grantor information. More...
 
const Auth_id m_grantee
 Grantee information. More...
 
const Access_bitmask m_grantor_global_access
 Global static privileges of grantor. More...
 
const Access_bitmask m_grantee_global_access
 Global static privileges of grantee. More...
 
const Access_bitmask m_requested_access
 Privileges that are being granted or revoked. More...
 
Status m_status
 Internal status of aggregation process. More...
 

Constructor & Destructor Documentation

◆ DB_restrictions_aggregator_global_revoke()

DB_restrictions_aggregator_global_revoke::DB_restrictions_aggregator_global_revoke ( const Auth_id grantor,
const Auth_id  grantee,
const Access_bitmask  grantor_global_access,
const Access_bitmask  grantee_global_access,
const DB_restrictions grantor_db_restrictions,
const DB_restrictions grantee_db_restrictions,
const Access_bitmask  requested_access,
const Security_context sctx 
)
protected

DB_restrictions_aggregator_global_revoke constructor.

Parameters
[in]grantorGrantor's user name and host info
[in]granteeGrantee's user name and host info
[in]grantor_global_accessCurrent privileges mask of grantor
[in]grantee_global_accessCurrent privileges mask of grantee
[in]grantor_db_restrictionsDB_restrictions of grantor
[in]grantee_db_restrictionsDB_restrictions of grantee
[in]requested_accessRequested privileges mask in the SQL statement
[in]sctxSecurity_context of current user. Default value is nullptr

Member Function Documentation

◆ aggregate()

void DB_restrictions_aggregator_global_revoke::aggregate ( DB_restrictions restrictions)
overrideprivatevirtual
  • If grantee has the restriction list
    • Remove only requested restrictions from restriction_list
Parameters
[out]restrictionsFills the parater with the aggregated DB_restrictions

Implements DB_restrictions_aggregator.

Reimplemented in DB_restrictions_aggregator_global_revoke_all.

◆ validate()

Restrictions_aggregator::Status DB_restrictions_aggregator_global_revoke::validate ( )
overrideprivatevirtual

Evaluates the restrictions list of grantor and grantee, as well as requested privilege.

Returns
Status Moves the object in the appropriate status. For instance :
  • Validated, if validation was performed successfully
  • NO_op, if there is no aggregation of privileges required.
  • Error, if an error encountered

Implements DB_restrictions_aggregator.

Reimplemented in DB_restrictions_aggregator_global_revoke_all.

◆ validate_if_grantee_rl_not_empty()

Restrictions_aggregator::Status DB_restrictions_aggregator_global_revoke::validate_if_grantee_rl_not_empty ( )
protected

If grantee restrictions_list is not empty then check the following.

  • Don't allow revoke if grantor has same restrictions access on a database which is present in grantee's restrictions_list as well.
  • Check if grantee has same DB level privilege as well as restriction list on the database
Returns
Status Moves the object in the appropriate status. For instance :
  • Validated, if validation was performed successfully
  • NO_op, if there is no aggregation of privileges required.
  • Error, if an error encountered

Friends And Related Function Documentation

◆ Restrictions_aggregator_factory

friend class Restrictions_aggregator_factory
friend
The documentation for this class was generated from the following files: