00001 /* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*- 00002 * vim:expandtab:shiftwidth=2:tabstop=2:smarttab: 00003 * 00004 * Copyright (C) 2010 Monty Taylor <mordred@inaugust.com> 00005 * 00006 * This program is free software; you can redistribute it and/or modify 00007 * it under the terms of the GNU General Public License as published by 00008 * the Free Software Foundation; version 2 of the License. 00009 * 00010 * This program is distributed in the hope that it will be useful, 00011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00013 * GNU General Public License for more details. 00014 * 00015 * You should have received a copy of the GNU General Public License 00016 * along with this program; if not, write to the Free Software 00017 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 00018 */ 00019 00020 00021 #pragma once 00022 00023 #include <iostream> 00024 00025 #include <drizzled/plugin/authorization.h> 00026 00027 namespace simple_user_policy 00028 { 00029 00030 class Policy : 00031 public drizzled::plugin::Authorization 00032 { 00033 public: 00034 Policy() : 00035 drizzled::plugin::Authorization("Simple User Policy") 00036 { } 00037 00038 virtual bool restrictSchema(const drizzled::identifier::User &user_ctx, 00039 drizzled::identifier::Schema::const_reference schema); 00040 00041 virtual bool restrictProcess(const drizzled::identifier::User &user_ctx, 00042 const drizzled::identifier::User &session_ctx); 00043 }; 00044 00045 inline bool Policy::restrictSchema(const drizzled::identifier::User &user_ctx, 00046 drizzled::identifier::Schema::const_reference schema) 00047 { 00048 if ((user_ctx.username() == "root") 00049 || schema.compare("data_dictionary") 00050 || schema.compare("information_schema")) 00051 { 00052 return false; 00053 } 00054 00055 return not schema.compare(user_ctx.username()); 00056 } 00057 00058 inline bool Policy::restrictProcess(const drizzled::identifier::User &user_ctx, 00059 const drizzled::identifier::User &session_ctx) 00060 { 00061 if (user_ctx.username() == "root") 00062 return false; 00063 00064 return user_ctx.username() != session_ctx.username(); 00065 } 00066 00067 } /* namespace simple_user_policy */ 00068