#pragma once
#include
#include
#include
#include
#include
#include
namespace DB
{
/// Represents a set of access types granted on databases, tables, columns, etc.
/// For example, "GRANT SELECT, UPDATE ON db.*, GRANT INSERT ON db2.mytbl2" are access rights.
class AccessRights
{
public:
AccessRights();
explicit AccessRights(const AccessFlags & access);
explicit AccessRights(const AccessRightsElement & element);
explicit AccessRights(const AccessRightsElements & elements);
~AccessRights();
AccessRights(const AccessRights & src);
AccessRights & operator =(const AccessRights & src);
AccessRights(AccessRights && src) noexcept;
AccessRights & operator =(AccessRights && src) noexcept;
bool isEmpty() const;
/// Revokes everything. It's the same as revoke(AccessType::ALL).
void clear();
/// Returns the information about all the access granted as a string.
String toString() const;
/// Returns the information about all the access granted.
AccessRightsElements getElements() const;
/// Grants access on a specified database/table/column.
/// Does nothing if the specified access has been already granted.
void grant(const AccessFlags & flags);
void grant(const AccessFlags & flags, std::string_view database);
void grant(const AccessFlags & flags, std::string_view database, std::string_view table);
void grant(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
void grant(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns);
void grant(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
void grant(const AccessRightsElement & element);
void grant(const AccessRightsElements & elements);
void grantWildcard(const AccessFlags & flags);
void grantWildcard(const AccessFlags & flags, std::string_view database);
void grantWildcard(const AccessFlags & flags, std::string_view database, std::string_view table);
void grantWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
void grantWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns);
void grantWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
void grantWithGrantOption(const AccessFlags & flags);
void grantWithGrantOption(const AccessFlags & flags, std::string_view database);
void grantWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table);
void grantWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
void grantWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns);
void grantWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
void grantWithGrantOption(const AccessRightsElement & element);
void grantWithGrantOption(const AccessRightsElements & elements);
void grantWildcardWithGrantOption(const AccessFlags & flags);
void grantWildcardWithGrantOption(const AccessFlags & flags, std::string_view database);
void grantWildcardWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table);
void grantWildcardWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
void grantWildcardWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns);
void grantWildcardWithGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
/// Revokes a specified access granted earlier on a specified database/table/column.
/// For example, revoke(AccessType::ALL) revokes all grants at all, just like clear();
void revoke(const AccessFlags & flags);
void revoke(const AccessFlags & flags, std::string_view database);
void revoke(const AccessFlags & flags, std::string_view database, std::string_view table);
void revoke(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
void revoke(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns);
void revoke(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
void revoke(const AccessRightsElement & element);
void revoke(const AccessRightsElements & elements);
void revokeWildcard(const AccessFlags & flags);
void revokeWildcard(const AccessFlags & flags, std::string_view database);
void revokeWildcard(const AccessFlags & flags, std::string_view database, std::string_view table);
void revokeWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
void revokeWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns);
void revokeWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
void revokeGrantOption(const AccessFlags & flags);
void revokeGrantOption(const AccessFlags & flags, std::string_view database);
void revokeGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table);
void revokeGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
void revokeGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns);
void revokeGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
void revokeGrantOption(const AccessRightsElement & element);
void revokeGrantOption(const AccessRightsElements & elements);
void revokeWildcardGrantOption(const AccessFlags & flags);
void revokeWildcardGrantOption(const AccessFlags & flags, std::string_view database);
void revokeWildcardGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table);
void revokeWildcardGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column);
void revokeWildcardGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns);
void revokeWildcardGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns);
/// Whether a specified access granted.
bool isGranted(const AccessFlags & flags) const;
bool isGranted(const AccessFlags & flags, std::string_view database) const;
bool isGranted(const AccessFlags & flags, std::string_view database, std::string_view table) const;
bool isGranted(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column) const;
bool isGranted(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns) const;
bool isGranted(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns) const;
bool isGranted(const AccessRightsElement & element) const;
bool isGranted(const AccessRightsElements & elements) const;
bool isGrantedWildcard(const AccessFlags & flags) const;
bool isGrantedWildcard(const AccessFlags & flags, std::string_view database) const;
bool isGrantedWildcard(const AccessFlags & flags, std::string_view database, std::string_view table) const;
bool isGrantedWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column) const;
bool isGrantedWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns) const;
bool isGrantedWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns) const;
bool hasGrantOption(const AccessFlags & flags) const;
bool hasGrantOption(const AccessFlags & flags, std::string_view database) const;
bool hasGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table) const;
bool hasGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column) const;
bool hasGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns) const;
bool hasGrantOption(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns) const;
bool hasGrantOption(const AccessRightsElement & element) const;
bool hasGrantOption(const AccessRightsElements & elements) const;
bool hasGrantOptionWildcard(const AccessFlags & flags) const;
bool hasGrantOptionWildcard(const AccessFlags & flags, std::string_view database) const;
bool hasGrantOptionWildcard(const AccessFlags & flags, std::string_view database, std::string_view table) const;
bool hasGrantOptionWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, std::string_view column) const;
bool hasGrantOptionWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, const std::vector & columns) const;
bool hasGrantOptionWildcard(const AccessFlags & flags, std::string_view database, std::string_view table, const Strings & columns) const;
/// Checks if a given `access_rights` is a subset for the current access rights.
bool contains(const AccessRights & access_rights) const;
bool containsWithGrantOption(const AccessRights & access_rights) const;
/// Merges two sets of access rights together.
/// It's used to combine access rights from multiple roles.
void makeUnion(const AccessRights & other);
/// Makes an intersection of access rights.
void makeIntersection(const AccessRights & other);
/// Makes a difference (relative complement) of access rights.
void makeDifference(const AccessRights & other);
/// Traverse the tree and modify each access flags.
using ModifyFlagsFunction = std::function;
void modifyFlags(const ModifyFlagsFunction & function);
friend bool operator ==(const AccessRights & left, const AccessRights & right);
friend bool operator !=(const AccessRights & left, const AccessRights & right) { return !(left == right); }
/// Makes full access rights (GRANT ALL ON *.* WITH GRANT OPTION).
static AccessRights getFullAccess();
/// Methods for tests
void dumpTree(WriteBuffer & buffer) const;
std::vector dumpNodes() const;
private:
template
void grantImpl(const AccessFlags & flags, const Args &... args);
template
void grantImpl(const AccessRightsElement & element);
template
void grantImpl(const AccessRightsElements & elements);
template
void grantImplHelper(const AccessRightsElement & element);
template
void revokeImpl(const AccessFlags & flags, const Args &... args);
template
void revokeImpl(const AccessRightsElement & element);
template
void revokeImpl(const AccessRightsElements & elements);
template
void revokeImplHelper(const AccessRightsElement & element);
template
bool isGrantedImpl(const AccessFlags & flags, const Args &... args) const;
template
bool isGrantedImpl(const AccessRightsElement & element) const;
template
bool isGrantedImpl(const AccessRightsElements & elements) const;
template
bool containsImpl(const AccessRights & other) const;
template
bool isGrantedImplHelper(const AccessRightsElement & element) const;
struct Node;
std::unique_ptr root;
std::unique_ptr root_with_grant_option;
};
}