00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022 #pragma once
00023
00024 #include <drizzled/plugin.h>
00025 #include <drizzled/plugin/plugin.h>
00026 #include <drizzled/identifier.h>
00027
00028 #include <string>
00029 #include <set>
00030
00031 #include <drizzled/visibility.h>
00032
00033 namespace drizzled
00034 {
00035
00036 namespace plugin
00037 {
00038
00039 class DRIZZLED_API Authorization : public Plugin
00040 {
00041 Authorization();
00042 Authorization(const Authorization &);
00043 Authorization& operator=(const Authorization &);
00044 public:
00045 explicit Authorization(std::string name_arg)
00046 : Plugin(name_arg, "Authorization")
00047 {}
00048 virtual ~Authorization() {}
00049
00058 virtual bool restrictSchema(const drizzled::identifier::User &user_ctx,
00059 identifier::Schema::const_reference schema)= 0;
00060
00070 virtual bool restrictTable(drizzled::identifier::User::const_reference user_ctx,
00071 drizzled::identifier::Table::const_reference table);
00072
00082 virtual bool restrictProcess(const drizzled::identifier::User &user_ctx,
00083 const drizzled::identifier::User &session_ctx);
00084
00086 static bool isAuthorized(drizzled::identifier::User::const_reference user_ctx,
00087 identifier::Schema::const_reference schema_identifier,
00088 bool send_error= true);
00089
00091 static bool isAuthorized(drizzled::identifier::User::const_reference user_ctx,
00092 drizzled::identifier::Table::const_reference table_identifier,
00093 bool send_error= true);
00094
00096 static bool isAuthorized(drizzled::identifier::User::const_reference user_ctx,
00097 const Session &session,
00098 bool send_error= true);
00099
00104 static void pruneSchemaNames(drizzled::identifier::User::const_reference user_ctx,
00105 identifier::Schema::vector &set_of_schemas);
00106
00110 static bool addPlugin(plugin::Authorization *auth);
00111 static void removePlugin(plugin::Authorization *auth);
00112
00113 };
00114
00115 inline bool Authorization::restrictTable(drizzled::identifier::User::const_reference user_ctx,
00116 drizzled::identifier::Table::const_reference table)
00117 {
00118 return restrictSchema(user_ctx, table);
00119 }
00120
00121 inline bool Authorization::restrictProcess(const drizzled::identifier::User &,
00122 const drizzled::identifier::User &)
00123 {
00124 return false;
00125 }
00126
00127 }
00128
00129 }
00130