1#pragma once
2
3#include <Access/RowPolicyContext.h>
4#include <Access/IAccessStorage.h>
5#include <mutex>
6#include <unordered_map>
7#include <unordered_set>
8
9
10namespace DB
11{
12class AccessControlManager;
13
14
15/// Stores read and parsed row policies.
16class RowPolicyContextFactory
17{
18public:
19 RowPolicyContextFactory(const AccessControlManager & access_control_manager_);
20 ~RowPolicyContextFactory();
21
22 RowPolicyContextPtr createContext(const String & user_name);
23
24private:
25 using ParsedConditions = RowPolicyContext::ParsedConditions;
26
27 struct PolicyInfo
28 {
29 PolicyInfo(const RowPolicyPtr & policy_) { setPolicy(policy_); }
30 void setPolicy(const RowPolicyPtr & policy_);
31 bool canUseWithContext(const RowPolicyContext & context) const;
32
33 RowPolicyPtr policy;
34 std::unordered_set<String> roles;
35 bool all_roles = false;
36 std::unordered_set<String> except_roles;
37 ParsedConditions parsed_conditions;
38 };
39
40 void ensureAllRowPoliciesRead();
41 void rowPolicyAddedOrChanged(const UUID & policy_id, const RowPolicyPtr & new_policy);
42 void rowPolicyRemoved(const UUID & policy_id);
43 void mixConditionsForAllContexts();
44 void mixConditionsForContext(RowPolicyContext & context);
45
46 const AccessControlManager & access_control_manager;
47 std::unordered_map<UUID, PolicyInfo> all_policies;
48 bool all_policies_read = false;
49 IAccessStorage::SubscriptionPtr subscription;
50 std::vector<std::weak_ptr<RowPolicyContext>> contexts;
51 std::mutex mutex;
52};
53
54}
55