RowPolicyContextFactory.h source code [ClickHouse/dbms/src/Access/RowPolicyContextFactory.h]

1	#pragma once
2
3	#include <Access/RowPolicyContext.h>
4	#include <Access/IAccessStorage.h>
5	#include <mutex>
6	#include <unordered_map>
7	#include <unordered_set>
8
9
10	namespace DB
11	{
12	class AccessControlManager;
13
14
15	/// Stores read and parsed row policies.
16	class RowPolicyContextFactory
17	{
18	public:
19	RowPolicyContextFactory(const AccessControlManager & access_control_manager_);
20	~RowPolicyContextFactory();
21
22	RowPolicyContextPtr createContext(const String & user_name);
23
24	private:
25	using ParsedConditions = RowPolicyContext::ParsedConditions;
26
27	struct PolicyInfo
28	{
29	PolicyInfo(const RowPolicyPtr & policy_) { setPolicy(policy_); }
30	void setPolicy(const RowPolicyPtr & policy_);
31	bool canUseWithContext(const RowPolicyContext & context) const;
32
33	RowPolicyPtr policy;
34	std::unordered_set<String> roles;
35	bool all_roles = false;
36	std::unordered_set<String> except_roles;
37	ParsedConditions parsed_conditions;
38	};
39
40	void ensureAllRowPoliciesRead();
41	void rowPolicyAddedOrChanged(const UUID & policy_id, const RowPolicyPtr & new_policy);
42	void rowPolicyRemoved(const UUID & policy_id);
43	void mixConditionsForAllContexts();
44	void mixConditionsForContext(RowPolicyContext & context);
45
46	const AccessControlManager & access_control_manager;
47	std::unordered_map<UUID, PolicyInfo> all_policies;
48	bool all_policies_read = false;
49	IAccessStorage::SubscriptionPtr subscription;
50	std::vector<std::weak_ptr<RowPolicyContext>> contexts;
51	std::mutex mutex;
52	};
53
54	}
55

Browse the source code of ClickHouse/dbms/src/Access/RowPolicyContextFactory.h