Drizzled Public API Documentation

policy.h

00001 /* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
00002  *  vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
00003  *
00004  *  Copyright (C) 2010 Monty Taylor <mordred@inaugust.com>
00005  *
00006  *  This program is free software; you can redistribute it and/or modify
00007  *  it under the terms of the GNU General Public License as published by
00008  *  the Free Software Foundation; version 2 of the License.
00009  *
00010  *  This program is distributed in the hope that it will be useful,
00011  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00012  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00013  *  GNU General Public License for more details.
00014  *
00015  *  You should have received a copy of the GNU General Public License
00016  *  along with this program; if not, write to the Free Software
00017  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
00018  */
00019 
00020 
00021 #pragma once
00022 
00023 #include <iostream>
00024 
00025 #include <drizzled/plugin/authorization.h>
00026 
00027 namespace simple_user_policy
00028 {
00029 
00030 class Policy :
00031   public drizzled::plugin::Authorization
00032 {
00033 public:
00034   Policy() :
00035     drizzled::plugin::Authorization("Simple User Policy")
00036   { }
00037 
00038   virtual bool restrictSchema(const drizzled::identifier::User &user_ctx,
00039                               drizzled::identifier::Schema::const_reference schema);
00040 
00041   virtual bool restrictProcess(const drizzled::identifier::User &user_ctx,
00042                                const drizzled::identifier::User &session_ctx);
00043 };
00044 
00045 inline bool Policy::restrictSchema(const drizzled::identifier::User &user_ctx,
00046                                    drizzled::identifier::Schema::const_reference schema)
00047 {
00048   if ((user_ctx.username() == "root")
00049       || schema.compare("data_dictionary")
00050       || schema.compare("information_schema"))
00051   {
00052     return false;
00053   }
00054 
00055   return not schema.compare(user_ctx.username());
00056 }
00057 
00058 inline bool Policy::restrictProcess(const drizzled::identifier::User &user_ctx,
00059                                     const drizzled::identifier::User &session_ctx)
00060 {
00061   if (user_ctx.username() == "root")
00062     return false;
00063 
00064   return user_ctx.username() != session_ctx.username();
00065 }
00066 
00067 } /* namespace simple_user_policy */
00068