1 | #pragma once |
---|---|
2 | |
3 | #include <Access/RowPolicyContext.h> |
4 | #include <Access/IAccessStorage.h> |
5 | #include <mutex> |
6 | #include <unordered_map> |
7 | #include <unordered_set> |
8 | |
9 | |
10 | namespace DB |
11 | { |
12 | class AccessControlManager; |
13 | |
14 | |
15 | /// Stores read and parsed row policies. |
16 | class RowPolicyContextFactory |
17 | { |
18 | public: |
19 | RowPolicyContextFactory(const AccessControlManager & access_control_manager_); |
20 | ~RowPolicyContextFactory(); |
21 | |
22 | RowPolicyContextPtr createContext(const String & user_name); |
23 | |
24 | private: |
25 | using ParsedConditions = RowPolicyContext::ParsedConditions; |
26 | |
27 | struct PolicyInfo |
28 | { |
29 | PolicyInfo(const RowPolicyPtr & policy_) { setPolicy(policy_); } |
30 | void setPolicy(const RowPolicyPtr & policy_); |
31 | bool canUseWithContext(const RowPolicyContext & context) const; |
32 | |
33 | RowPolicyPtr policy; |
34 | std::unordered_set<String> roles; |
35 | bool all_roles = false; |
36 | std::unordered_set<String> except_roles; |
37 | ParsedConditions parsed_conditions; |
38 | }; |
39 | |
40 | void ensureAllRowPoliciesRead(); |
41 | void rowPolicyAddedOrChanged(const UUID & policy_id, const RowPolicyPtr & new_policy); |
42 | void rowPolicyRemoved(const UUID & policy_id); |
43 | void mixConditionsForAllContexts(); |
44 | void mixConditionsForContext(RowPolicyContext & context); |
45 | |
46 | const AccessControlManager & access_control_manager; |
47 | std::unordered_map<UUID, PolicyInfo> all_policies; |
48 | bool all_policies_read = false; |
49 | IAccessStorage::SubscriptionPtr subscription; |
50 | std::vector<std::weak_ptr<RowPolicyContext>> contexts; |
51 | std::mutex mutex; |
52 | }; |
53 | |
54 | } |
55 |