1
/* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
2
* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
4
* Definitions required for Authorization plugin
6
* Copyright (C) 2010 Monty Taylor
8
* This program is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License as published by
10
* the Free Software Foundation; version 2 of the License.
12
* This program is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22
#ifndef DRIZZLED_PLUGIN_AUTHORIZATION_H
23
#define DRIZZLED_PLUGIN_AUTHORIZATION_H
25
#include "drizzled/plugin.h"
26
#include "drizzled/plugin/plugin.h"
27
#include "drizzled/security_context.h"
28
#include "drizzled/table_identifier.h"
39
class Authorization : public Plugin
42
Authorization(const Authorization &);
43
Authorization& operator=(const Authorization &);
45
explicit Authorization(std::string name_arg)
46
: Plugin(name_arg, "Authorization")
48
virtual ~Authorization() {}
51
* Should we restrict the current user's access to this schema?
53
* @param Current security context
54
* @param Database to check against
56
* @returns true if the user cannot access the schema
58
virtual bool restrictSchema(const SecurityContext &user_ctx,
59
const std::string &schema)= 0;
62
* Should we restrict the current user's access to this table?
64
* @param Current security context
65
* @param Database to check against
66
* @param Table to check against
68
* @returns true if the user cannot access the table
70
virtual bool restrictTable(const SecurityContext &user_ctx,
71
const std::string &schema,
72
const std::string &table);
75
* Should we restrict the current user's access to see this process?
77
* @param Current security context
78
* @param Database to check against
79
* @param Table to check against
81
* @returns true if the user cannot see the process
83
virtual bool restrictProcess(const SecurityContext &user_ctx,
84
const SecurityContext &session_ctx);
86
/** Server API method for checking schema authorization */
87
static bool isAuthorized(const SecurityContext &user_ctx,
88
const std::string &schema,
89
bool send_error= true);
91
/** Server API method for checking table authorization */
92
static bool isAuthorized(const SecurityContext &user_ctx,
93
const std::string &schema,
94
const std::string &table,
95
bool send_error= true);
97
/** Server API method for checking process authorization */
98
static bool isAuthorized(const SecurityContext &user_ctx,
99
const Session *session,
100
bool send_error= true);
103
* Server API helper method for applying authorization tests
104
* to a set of schema names (for use in the context of getSchemaNames
106
static void pruneSchemaNames(const SecurityContext &user_ctx,
107
std::set<std::string> &set_of_names);
110
* Standard plugin system registration hooks
112
static bool addPlugin(plugin::Authorization *auth);
113
static void removePlugin(plugin::Authorization *auth);
117
inline bool Authorization::restrictTable(const SecurityContext &user_ctx,
118
const std::string &schema,
121
return restrictSchema(user_ctx, schema);
124
inline bool Authorization::restrictProcess(const SecurityContext &,
125
const SecurityContext &)
130
} /* namespace plugin */
132
} /* namespace drizzled */
134
#endif /* DRIZZLED_PLUGIN_AUTHORIZATION_H */
added
removed
drizzled/plugin/authorization.h
