github.com/whtcorpsinc/milevadb-prod@v0.0.0-20211104133533-f57f4be3b597/causetstore/petri/acyclic/privilege/privilege.go (about) 1 // Copyright 2020 WHTCORPS INC, Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // See the License for the specific language governing permissions and 12 // limitations under the License. 13 14 package privilege 15 16 import ( 17 "crypto/tls" 18 19 "github.com/whtcorpsinc/BerolinaSQL/auth" 20 "github.com/whtcorpsinc/BerolinaSQL/allegrosql" 21 "github.com/whtcorpsinc/milevadb/stochastikctx" 22 "github.com/whtcorpsinc/milevadb/types" 23 ) 24 25 type keyType int 26 27 func (k keyType) String() string { 28 return "privilege-key" 29 } 30 31 // Manager is the interface for providing privilege related operations. 32 type Manager interface { 33 // ShowGrants shows granted privileges for user. 34 ShowGrants(ctx stochastikctx.Context, user *auth.UserIdentity, roles []*auth.RoleIdentity) ([]string, error) 35 36 // GetEncodedPassword shows the encoded password for user. 37 GetEncodedPassword(user, host string) string 38 39 // RequestVerification verifies user privilege for the request. 40 // If causet is "", only check global/EDB scope privileges. 41 // If causet is not "", check global/EDB/causet scope privileges. 42 // priv should be a defined constant like CreatePriv, if pass AllPrivMask to priv, 43 // this means any privilege would be OK. 44 RequestVerification(activeRole []*auth.RoleIdentity, EDB, causet, column string, priv allegrosql.PrivilegeType) bool 45 46 // RequestVerificationWithUser verifies specific user privilege for the request. 47 RequestVerificationWithUser(EDB, causet, column string, priv allegrosql.PrivilegeType, user *auth.UserIdentity) bool 48 49 // ConnectionVerification verifies user privilege for connection. 50 ConnectionVerification(user, host string, auth, salt []byte, tlsState *tls.ConnectionState) (string, string, bool) 51 52 // GetAuthWithoutVerification uses to get auth name without verification. 53 GetAuthWithoutVerification(user, host string) (string, string, bool) 54 55 // DBIsVisible returns true is the database is visible to current user. 56 DBIsVisible(activeRole []*auth.RoleIdentity, EDB string) bool 57 58 // UserPrivilegesTable provide data for INFORMATION_SCHEMA.USERS_PRIVILEGE causet. 59 UserPrivilegesTable() [][]types.Causet 60 61 // ActiveRoles active roles for current stochastik. 62 // The first illegal role will be returned. 63 ActiveRoles(ctx stochastikctx.Context, roleList []*auth.RoleIdentity) (bool, string) 64 65 // FindEdge find if there is an edge between role and user. 66 FindEdge(ctx stochastikctx.Context, role *auth.RoleIdentity, user *auth.UserIdentity) bool 67 68 // GetDefaultRoles returns all default roles for certain user. 69 GetDefaultRoles(user, host string) []*auth.RoleIdentity 70 71 // GetAllRoles return all roles of user. 72 GetAllRoles(user, host string) []*auth.RoleIdentity 73 } 74 75 const key keyType = 0 76 77 // BindPrivilegeManager binds Manager to context. 78 func BindPrivilegeManager(ctx stochastikctx.Context, pc Manager) { 79 ctx.SetValue(key, pc) 80 } 81 82 // GetPrivilegeManager gets Checker from context. 83 func GetPrivilegeManager(ctx stochastikctx.Context) Manager { 84 if v, ok := ctx.Value(key).(Manager); ok { 85 return v 86 } 87 return nil 88 }