Drizzled Public API Documentation

policy.h
1 /* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
2  * vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
3  *
4  * Copyright (C) 2010 Monty Taylor <mordred@inaugust.com>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; version 2 of the License.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18  */
19 
20 
21 #pragma once
22 
23 #include <iosfwd>
24 
25 #include <drizzled/plugin/authorization.h>
26 
27 namespace simple_user_policy
28 {
29 
30 extern std::string remap_dot_to;
31 
32 class Policy :
34 {
35 public:
36  Policy() :
37  drizzled::plugin::Authorization("simple_user_policy")
38  { }
39 
40  virtual bool restrictSchema(const drizzled::identifier::User &user_ctx,
41  const drizzled::identifier::Schema& schema);
42 
43  virtual bool restrictProcess(const drizzled::identifier::User &user_ctx,
44  const drizzled::identifier::User &session_ctx);
45 };
46 
48  const drizzled::identifier::Schema& schema)
49 {
50  if ((user_ctx.username() == "root")
51  || schema.compare("data_dictionary")
52  || schema.compare("information_schema"))
53  {
54  return false;
55  }
56 
57  std::string username(user_ctx.username());
58  size_t found;
59 
60  found=username.find_first_of('.');
61  while (found!=std::string::npos)
62  {
63  username.replace(found, 1, remap_dot_to);
64  found=username.find_first_of('.',found+1);
65  }
66 
67  return not schema.compare(username);
68 }
69 
71  const drizzled::identifier::User &session_ctx)
72 {
73  if (user_ctx.username() == "root")
74  return false;
75 
76  return user_ctx.username() != session_ctx.username();
77 }
78 
79 } /* namespace simple_user_policy */
80