#include <SysCatalog.h>

Inheritance diagram for Catalog_Namespace::SysCatalog:

Collaboration diagram for Catalog_Namespace::SysCatalog:

Classes
struct	UpdateQuery

Public Member Functions
void	init (const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)

bool	isInitialized () const

std::shared_ptr< Catalog >	login (std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)

std::shared_ptr< Catalog >	switchDatabase (std::string &dbname, const std::string &username)

UserMetadata	createUser (std::string const &name, UserAlterations alts, bool is_temporary)

void	dropUser (const std::string &name, bool if_exists=false)

void	dropUserUnchecked (const std::string &name, const UserMetadata &user)

UserMetadata	alterUser (std::string const &name, UserAlterations alts)

void	renameUser (std::string const &old_name, std::string const &new_name)

void	createDatabase (const std::string &dbname, int owner)

void	renameDatabase (std::string const &old_name, std::string const &new_name)

void	changeDatabaseOwner (std::string const &dbname, const std::string &new_owner)

void	dropDatabase (const DBMetadata &db)

std::optional< UserMetadata >	getUser (std::string const &uname)

std::optional< UserMetadata >	getUser (int32_t const uid)

std::optional< DBMetadata >	getDB (std::string const &dbname)

std::optional< DBMetadata >	getDB (int32_t const dbid)

bool	getMetadataForUser (const std::string &name, UserMetadata &user)

bool	getMetadataForUserById (const int32_t idIn, UserMetadata &user)

bool	checkPasswordForUser (const std::string &passwd, std::string &name, UserMetadata &user)

bool	getMetadataForDB (const std::string &name, DBMetadata &db)

bool	getMetadataForDBById (const int32_t idIn, DBMetadata &db)

Data_Namespace::DataMgr &	getDataMgr () const

Calcite &	getCalciteMgr () const

const std::string &	getCatalogBasePath () const

SqliteConnector *	getSqliteConnector ()

std::list< DBMetadata >	getAllDBMetadata ()

std::list< UserMetadata >	getAllUserMetadata ()

std::list< UserMetadata >	getAllUserMetadata (const int64_t dbId)

DBSummaryList	getDatabaseListForUser (const UserMetadata &user)

void	createDBObject (const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)

void	renameDBObject (const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)

void	grantDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)

void	grantDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivileges (const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivilegesBatch (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivilegesFromAll (DBObject object, Catalog *catalog)

void	revokeDBObjectPrivilegesFromAll_unsafe (DBObject object, Catalog *catalog)

void	revokeDBObjectPrivilegesFromAllBatch (std::vector< DBObject > &objects, Catalog *catalog)

void	revokeDBObjectPrivilegesFromAllBatch_unsafe (std::vector< DBObject > &objects, Catalog *catalog)

void	getDBObjectPrivileges (const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const

bool	verifyDBObjectOwnership (const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)

void	changeDBObjectOwnership (const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)

void	createRole (const std::string &roleName, const bool user_private_role, const bool is_temporary=false)

void	dropRole (const std::string &roleName, const bool is_temporary=false)

void	grantRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	grantRole (const std::string &role, const std::string &grantee, const bool is_temporary=false)

void	revokeRoleBatch (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	revokeRole (const std::string &role, const std::string &grantee, const bool is_temporary=false)

bool	hasAnyPrivileges (const UserMetadata &user, std::vector< DBObject > &privObjects)

bool	checkPrivileges (const UserMetadata &user, const std::vector< DBObject > &privObjects) const

bool	checkPrivileges (const std::string &userName, const std::vector< DBObject > &privObjects) const

Grantee *	getGrantee (const std::string &name) const

Role *	getRoleGrantee (const std::string &name) const

User *	getUserGrantee (const std::string &name) const

std::vector < ObjectRoleDescriptor * >	getMetadataForObject (int32_t dbId, int32_t dbType, int32_t objectId) const

std::vector< ObjectRoleDescriptor >	getMetadataForAllObjects () const

bool	isRoleGrantedToGrantee (const std::string &granteeName, const std::string &roleName, bool only_direct) const

std::vector< std::string >	getRoles (const std::string &user_name, bool effective=true)

std::vector< std::string >	getRoles (bool include_user_private_role, bool is_super, const std::string &user_name, bool ignore_deleted_user=false)

std::vector< std::string >	getRoles (const std::string &userName, const int32_t dbId)

std::set< std::string >	getCreatedRoles () const

bool	isAggregator () const

void	populateRoleDbObjects (const std::vector< DBObject > &objects)

std::string	name () const

void	renameObjectsInDescriptorMap (DBObject &object, const Catalog_Namespace::Catalog &cat)

void	syncUserWithRemoteProvider (const std::string &user_name, std::vector< std::string > idp_roles, UserAlterations alts)

std::unordered_map < std::string, std::vector < std::string > >	getGranteesOfSharedDashboards (const std::vector< std::string > &dashboard_ids)

void	check_for_session_encryption (const std::string &pki_cert, std::string &session)

std::vector< Catalog * >	getCatalogsForAllDbs ()

std::shared_ptr< Catalog >	getDummyCatalog ()

std::shared_ptr< Catalog >	getCatalog (const std::string &dbName)

std::shared_ptr< Catalog >	getCatalog (const int32_t db_id)

std::shared_ptr< Catalog >	getCatalog (const DBMetadata &curDB, bool is_new_db)

void	removeCatalog (const std::string &dbName)

virtual	~SysCatalog ()

void	reassignObjectOwners (const std::map< int32_t, std::vector< DBObject >> &old_owner_db_objects, int32_t new_owner_id, const Catalog_Namespace::Catalog &catalog)

bool	hasExecutedMigration (const std::string &migration_name) const

void	checkDropRenderGroupColumnsMigration () const

Static Public Member Functions
static SysCatalog &	instance ()

static void	destroy ()

Public Attributes
std::unique_ptr < heavyai::DistributedSharedMutex >	dcatalogMutex_

std::unique_ptr < heavyai::DistributedSharedMutex >	dsqliteMutex_

std::mutex	sqliteMutex_

heavyai::shared_mutex	sharedMutex_

std::atomic< std::thread::id >	thread_holding_sqlite_lock

std::atomic< std::thread::id >	thread_holding_write_lock

std::shared_ptr< Catalog >	dummyCatalog_

std::unordered_map < std::string, std::shared_ptr < UserMetadata > >	temporary_users_by_name_

std::unordered_map< int32_t, std::shared_ptr< UserMetadata > >	temporary_users_by_id_

int32_t	next_temporary_user_id_ {shared::kTempUserIdRange}

Static Public Attributes
static thread_local bool	thread_holds_read_lock = false

Private Types
using	GranteeMap = std::map< std::string, std::unique_ptr< Grantee >>

using	ObjectRoleDescriptorMap = std::multimap< std::string, std::unique_ptr< ObjectRoleDescriptor >>

using	UpdateQueries = std::list< UpdateQuery >

using	dbid_to_cat_map = tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog >>

Private Member Functions
	SysCatalog ()

void	initDB ()

void	buildMaps (bool is_new_db=false)

void	buildMapsUnlocked (bool is_new_db=false)

void	buildRoleMapUnlocked ()

void	buildUserRoleMapUnlocked ()

void	buildObjectDescriptorMapUnlocked ()

void	rebuildObjectMapsUnlocked ()

void	checkAndExecuteMigrations ()

void	importDataFromOldMapdDB ()

void	createRoles ()

void	fixRolesMigration ()

void	addAdminUserRole ()

void	migratePrivileges ()

void	migratePrivileged_old ()

void	updateUserSchema ()

void	updatePasswordsToHashes ()

void	updateBlankPasswordsToRandom ()

void	updateSupportUserDeactivation ()

void	migrateDBAccessPrivileges ()

void	loginImpl (std::string &username, const std::string &password, UserMetadata &user_meta)

bool	checkPasswordForUserImpl (const std::string &passwd, std::string &name, UserMetadata &user)

void	checkDuplicateCaseInsensitiveDbNames () const

void	runUpdateQueriesAndChangeOwnership (const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, const UpdateQueries &update_queries, bool revoke_privileges=true)

void	grantDefaultPrivilegesToRole_unsafe (const std::string &name, bool issuper)

void	createRole_unsafe (const std::string &roleName, const bool userPrivateRole, const bool is_temporary)

void	dropRole_unsafe (const std::string &roleName, const bool is_temporary)

void	grantRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	grantRole_unsafe (const std::string &roleName, const std::string &granteeName, const bool is_temporary)

void	revokeRoleBatch_unsafe (const std::vector< std::string > &roles, const std::vector< std::string > &grantees)

void	revokeRole_unsafe (const std::string &roleName, const std::string &granteeName, const bool is_temporary)

void	updateObjectDescriptorMap (const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)

void	deleteObjectDescriptorMap (const std::string &roleName)

void	deleteObjectDescriptorMap (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &cat)

void	grantDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	grantDBObjectPrivileges_unsafe (const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivilegesBatch_unsafe (const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)

void	revokeDBObjectPrivileges_unsafe (const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)

void	grantAllOnDatabase_unsafe (const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)

void	revokeAllOnDatabase_unsafe (const std::string &roleName, int32_t dbId, Grantee *grantee)

bool	isDashboardSystemRole (const std::string &roleName) const

void	updateUserRoleName (const std::string &roleName, const std::string &newName)

void	getMetadataWithDefaultDB (std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)

bool	allowLocalLogin () const

template<typename F , typename... Args>
void	execInTransaction (F &&f, Args &&...args)

void	initializeInformationSchemaDb ()

void	recordExecutedMigration (const std::string &migration_name) const

bool	hasVersionHistoryTable () const

void	createVersionHistoryTable () const

auto	yieldTransactionStreamer ()

Private Member Functions inherited from Catalog_Namespace::CommonFileOperations
	CommonFileOperations (std::string const &base_path)

void	removeCatalogByFullPath (std::string const &full_path)

void	removeCatalogByName (std::string const &name)

auto	duplicateAndRenameCatalog (std::string const &current_name, std::string const &new_name)

auto	assembleCatalogName (std::string const &name)

Private Attributes
std::string	basePath_

GranteeMap	granteeMap_

ObjectRoleDescriptorMap	objectDescriptorMap_

std::unique_ptr< SqliteConnector >	sqliteConnector_

std::shared_ptr < Data_Namespace::DataMgr >	dataMgr_

std::unique_ptr< PkiServer >	pki_server_

const AuthMetadata *	authMetadata_

std::shared_ptr< Calcite >	calciteMgr_

std::vector< LeafHostInfo >	string_dict_hosts_

bool	aggregator_

dbid_to_cat_map	cat_map_

bool	is_initialized_ {false}

Static Private Attributes
static std::mutex	instance_mutex_

static std::unique_ptr < SysCatalog >	instance_

Detailed Description

Definition at line 166 of file SysCatalog.h.

Member Typedef Documentation

using Catalog_Namespace::SysCatalog::dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>

private

Definition at line 522 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::GranteeMap = std::map<std::string, std::unique_ptr<Grantee>>

private

Definition at line 397 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::ObjectRoleDescriptorMap = std::multimap<std::string, std::unique_ptr<ObjectRoleDescriptor>>

private

Definition at line 399 of file SysCatalog.h.

using Catalog_Namespace::SysCatalog::UpdateQueries = std::list<UpdateQuery>

private

Definition at line 435 of file SysCatalog.h.

Constructor & Destructor Documentation

Catalog_Namespace::SysCatalog::~SysCatalog ( )

virtual

Definition at line 305 of file SysCatalog.cpp.

References cat_map_, granteeMap_, and objectDescriptorMap_.

                         {
   // TODO(sy): Need to lock here to wait for other threads to complete before pulling out
   // the rug from under them. Unfortunately this lock was seen to deadlock because the
   // HeavyDB shutdown sequence needs cleanup. Do we even need these clear()'s anymore?
   // sys_write_lock write_lock(this);
   granteeMap_.clear();
   objectDescriptorMap_.clear();
   cat_map_.clear();
 }

Catalog_Namespace::SysCatalog::SysCatalog ( )

private

Definition at line 296 of file SysCatalog.cpp.

References basePath_.

Referenced by instance().

     : CommonFileOperations{basePath_}
     , aggregator_{false}
     , sqliteMutex_{}
     , sharedMutex_{}
     , thread_holding_sqlite_lock{std::thread::id()}
     , thread_holding_write_lock{std::thread::id()}
     , dummyCatalog_{std::make_shared<Catalog>()} {}

Here is the caller graph for this function:

Member Function Documentation

void Catalog_Namespace::SysCatalog::addAdminUserRole ( )

private

Definition at line 657 of file SysCatalog.cpp.

References createRole_unsafe(), shared::kRootUsername, and sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                   {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "SELECT roleName FROM mapd_object_permissions WHERE roleName = \'" +
         shared::kRootUsername + "\'");
     if (sqliteConnector_->getNumRows() != 0) {
       // already done
       sqliteConnector_->query("END TRANSACTION");
       return;
     }
 
     createRole_unsafe(
         shared::kRootUsername, /*userPrivateRole=*/true, /*is_temporary=*/false);
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::allowLocalLogin ( ) const

private

For servers configured to use external authentication providers, determine whether users will be allowed to fallback to local login accounts. If no external providers are configured, returns true.

UserMetadata Catalog_Namespace::SysCatalog::alterUser	(	std::string const &	name,
		UserAlterations	alts
	)

Definition at line 1224 of file SysCatalog.cpp.

Referenced by syncUserWithRemoteProvider().

                                                                            {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   UserMetadata user;
   if (!getMetadataForUser(name, user)) {
     std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
     throw runtime_error("Cannot alter user. User " + loggable + "does not exist.");
   }
   if (!alts.wouldChange(user)) {
     return user;
   }
 
   // Temporary user.
   if (user.is_temporary) {
     if (alts.passwd) {
       user.passwd_hash = hash_with_bcrypt(*alts.passwd);
     }
     if (alts.is_super) {
       user.isSuper = *alts.is_super;
     }
     if (alts.default_db) {
       if (!alts.default_db->empty()) {
         DBMetadata db;
         if (!getMetadataForDB(*alts.default_db, db)) {
           throw runtime_error(string("DEFAULT_DB ") + *alts.default_db + " not found.");
         }
         user.defaultDbId = db.dbId;
       } else {
         user.defaultDbId = -1;
       }
     }
     if (alts.can_login) {
       user.can_login = *alts.can_login;
     }
     *temporary_users_by_name_[name] = user;
     return user;
   }
 
   // Normal user.
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     string sql;
     std::vector<std::string> values;
     if (alts.passwd) {
       append_with_commas(sql, "passwd_hash = ?");
       values.push_back(hash_with_bcrypt(*alts.passwd));
     }
     if (alts.is_super) {
       append_with_commas(sql, "issuper = ?");
       values.push_back(std::to_string(*alts.is_super));
     }
     if (alts.default_db) {
       if (!alts.default_db->empty()) {
         append_with_commas(sql, "default_db = ?");
         DBMetadata db;
         if (!getMetadataForDB(*alts.default_db, db)) {
           throw runtime_error(string("DEFAULT_DB ") + *alts.default_db + " not found.");
         }
         values.push_back(std::to_string(db.dbId));
       } else {
         append_with_commas(sql, "default_db = NULL");
       }
     }
     if (alts.can_login) {
       append_with_commas(sql, "can_login = ?");
       values.push_back(std::to_string(*alts.can_login));
     }
 
     sql = "UPDATE mapd_users SET " + sql + " WHERE userid = ?";
     values.push_back(std::to_string(user.userId));
 
     sqliteConnector_->query_with_text_params(sql, values);
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   auto u = getUser(name);
   CHECK(u);
   VLOG(1) << "Altered user: " << u->userLoggable();
   return *u;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildMaps ( bool is_new_db = false )

private

Definition at line 243 of file SysCatalog.cpp.

                                          {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   buildMapsUnlocked(is_new_db);
 }

void Catalog_Namespace::SysCatalog::buildMapsUnlocked ( bool is_new_db = false )

private

Definition at line 250 of file SysCatalog.cpp.

References CHECK, shared::kSystemCatalogName, run_benchmark_import::result, to_upper(), Catalog_Namespace::UserMetadata::userName, and VLOG.

                                                  {
   VLOG(2) << "reloading catalog caches for: " << shared::kSystemCatalogName;
 
   // Store permissions for temporary users.
   std::map<std::string, std::vector<std::string>> tu_map;
   for (auto& pair : temporary_users_by_name_) {
     CHECK(pair.second);
     UserMetadata& user = *pair.second;
     auto it = granteeMap_.find(to_upper(user.userName));
     CHECK(it != granteeMap_.end()) << to_upper(user.userName) << " not found";
 
     auto user_rl = dynamic_cast<User*>(it->second.get());
     CHECK(user_rl);
     std::vector<std::string> current_roles = user_rl->getRoles();
     auto result = tu_map.emplace(user.userName, std::move(current_roles));
     CHECK(result.second);
   }
 
   // Forget permissions and reload them from file storage.
   buildRoleMapUnlocked();
   buildUserRoleMapUnlocked();
   buildObjectDescriptorMapUnlocked();
   if (!is_new_db) {
     // We don't want to create the information schema db during database initialization
     // because we don't have the appropriate context to intialize the tables.  For
     // instance if the server is intended to run in distributed mode, initializing the
     // table as part of initdb will be missing information such as the location of the
     // string dictionary server.
     initializeInformationSchemaDb();
   }
 
   // Restore permissions for temporary users that were stored above.
   for (auto& pair : temporary_users_by_name_) {
     CHECK(pair.second);
     UserMetadata& user = *pair.second;
 
     createRole_unsafe(user.userName, /*user_private_role*/ true, /*is_temporary*/ true);
 
     auto it = tu_map.find(user.userName);
     CHECK(it != tu_map.end()) << user.userName << " not found";
     for (const auto& r : it->second) {
       grantRole_unsafe(r, user.userName, /*is_temporary*/ true);
     }
   }
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::buildObjectDescriptorMapUnlocked ( )

private

Definition at line 2809 of file SysCatalog.cpp.

References objectDescriptorMap_, sqliteConnector_, and to_string().

Referenced by rebuildObjectMapsUnlocked().

                                                   {
   objectDescriptorMap_.clear();
   string objectQuery(
       "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
       "objectPermissions, objectOwnerId, objectName "
       "from mapd_object_permissions");
   sqliteConnector_->query(objectQuery);
   size_t numRows = sqliteConnector_->getNumRows();
   for (size_t r = 0; r < numRows; ++r) {
     auto od = std::make_unique<ObjectRoleDescriptor>();
     od->roleName = sqliteConnector_->getData<string>(r, 0);
     od->roleType = sqliteConnector_->getData<bool>(r, 1);
     od->objectType = sqliteConnector_->getData<int>(r, 2);
     od->dbId = sqliteConnector_->getData<int>(r, 3);
     od->objectId = sqliteConnector_->getData<int>(r, 4);
     od->privs.privileges = sqliteConnector_->getData<int>(r, 5);
     od->objectOwnerId = sqliteConnector_->getData<int>(r, 6);
     od->objectName = sqliteConnector_->getData<string>(r, 7);
     objectDescriptorMap_.insert(ObjectRoleDescriptorMap::value_type(
         std::to_string(od->dbId) + ":" + std::to_string(od->objectType) + ":" +
             std::to_string(od->objectId),
         std::move(od)));
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildRoleMapUnlocked ( )

private

Definition at line 2694 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::fromString(), getGrantee(), granteeMap_, name(), AccessPrivileges::privileges, sqliteConnector_, and to_upper().

Referenced by rebuildObjectMapsUnlocked().

                                       {
   granteeMap_.clear();
   string roleQuery(
       "SELECT roleName, roleType, objectPermissionsType, dbId, objectId, "
       "objectPermissions, objectOwnerId, objectName "
       "from mapd_object_permissions");
   sqliteConnector_->query(roleQuery);
   size_t numRows = sqliteConnector_->getNumRows();
   std::vector<std::string> objectKeyStr(4);
   DBObjectKey objectKey;
   AccessPrivileges privs;
   bool userPrivateRole{false};
   for (size_t r = 0; r < numRows; ++r) {
     std::string roleName = sqliteConnector_->getData<string>(r, 0);
     userPrivateRole = sqliteConnector_->getData<bool>(r, 1);
     DBObjectType permissionType =
         static_cast<DBObjectType>(sqliteConnector_->getData<int>(r, 2));
     objectKeyStr[0] = sqliteConnector_->getData<string>(r, 2);
     objectKeyStr[1] = sqliteConnector_->getData<string>(r, 3);
     objectKeyStr[2] = sqliteConnector_->getData<string>(r, 4);
     objectKey = DBObjectKey::fromString(objectKeyStr, permissionType);
     privs.privileges = sqliteConnector_->getData<int>(r, 5);
     int32_t owner = sqliteConnector_->getData<int>(r, 6);
     std::string name = sqliteConnector_->getData<string>(r, 7);
 
     DBObject dbObject(objectKey, privs, owner);
     dbObject.setName(name);
     if (-1 == objectKey.objectId) {
       dbObject.setObjectType(DBObjectType::DatabaseDBObjectType);
     } else {
       dbObject.setObjectType(permissionType);
     }
 
     auto* rl = getGrantee(roleName);
     if (!rl) {
       std::unique_ptr<Grantee> g;
       if (userPrivateRole) {
         g.reset(new User(roleName));
       } else {
         g.reset(new Role(roleName));
       }
       rl = g.get();
       granteeMap_[to_upper(roleName)] = std::move(g);
     }
     rl->grantPrivileges(dbObject);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::buildUserRoleMapUnlocked ( )

private

Definition at line 2765 of file SysCatalog.cpp.

References getGrantee(), shared::kRootUsername, and sqliteConnector_.

                                           {
   std::vector<std::pair<std::string, std::string>> granteeRoles;
   string userRoleQuery("SELECT roleName, userName from mapd_roles");
   sqliteConnector_->query(userRoleQuery);
   size_t numRows = sqliteConnector_->getNumRows();
   for (size_t r = 0; r < numRows; ++r) {
     std::string roleName = sqliteConnector_->getData<string>(r, 0);
     std::string userName = sqliteConnector_->getData<string>(r, 1);
     // required for declared nomenclature before v4.0.0
     if ((boost::equals(roleName, "mapd_default_suser_role") &&
          boost::equals(userName, shared::kRootUsername)) ||
         (boost::equals(roleName, "mapd_default_user_role") &&
          !boost::equals(userName, "mapd_default_user_role"))) {
       // grouprole already exists with roleName==userName in mapd_roles table
       // ignore duplicate instances of userRole which exists before v4.0.0
       continue;
     }
     auto* rl = getGrantee(roleName);
     if (!rl) {
       throw runtime_error("Data inconsistency when building role map. Role " + roleName +
                           " from db not found in the map.");
     }
     std::pair<std::string, std::string> roleVecElem(roleName, userName);
     granteeRoles.push_back(roleVecElem);
   }
 
   for (const auto& [roleName, granteeName] : granteeRoles) {
     auto* grantee = getGrantee(granteeName);
     if (!grantee) {
       throw runtime_error("Data inconsistency when building role map. Grantee " +
                           granteeName + " not found in the map.");
     }
     if (granteeName == roleName) {
       continue;
     }
     Role* rl = dynamic_cast<Role*>(getGrantee(roleName));
     if (!rl) {
       throw runtime_error("Data inconsistency when building role map. Role " + roleName +
                           " not found in the map.");
     }
     grantee->grantRole(rl);
   }
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::changeDatabaseOwner	(	std::string const &	dbname,
		const std::string &	new_owner
	)

Definition at line 1399 of file SysCatalog.cpp.

References cat(), DatabaseDBObjectType, getCatalog(), getMetadataForDB(), getMetadataForUser(), getMetadataForUserById(), runUpdateQueriesAndChangeOwnership(), and to_string().

                                                                  {
   using namespace std::string_literals;
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   DBMetadata db;
   if (!getMetadataForDB(dbname, db)) {
     throw std::runtime_error("Database " + dbname + " does not exists.");
   }
 
   Catalog_Namespace::UserMetadata user, original_owner;
   if (!getMetadataForUser(new_owner, user)) {
     throw std::runtime_error("User with username \"" + new_owner + "\" does not exist. " +
                              "Database with name \"" + dbname +
                              "\" can not have owner changed.");
   }
 
   bool original_owner_exists = getMetadataForUserById(db.dbOwner, original_owner);
   auto cat = getCatalog(db, true);
   DBObject db_object(db.dbName, DBObjectType::DatabaseDBObjectType);
   runUpdateQueriesAndChangeOwnership(
       user,
       original_owner,
       db_object,
       *cat,
       UpdateQueries{{"UPDATE mapd_databases SET owner=?1 WHERE name=?2;",
                      {std::to_string(user.userId), db.dbName}}},
       original_owner_exists);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::changeDBObjectOwnership	(	const UserMetadata &	new_owner,
		const UserMetadata &	previous_owner,
		DBObject	object,
		const Catalog_Namespace::Catalog &	catalog,
		bool	revoke_privileges = `true`
	)

Change ownership of a DBObject

Parameters

new_owner	- new owner of DBObject
previous_owner	- previous owner of DBObject
object	- DBObject to change ownership of
catalog	- Catalog instance object exists in
revoke_privileges	- if true, revoke previous_owner's privileges

Definition at line 2237 of file SysCatalog.cpp.

References runUpdateQueriesAndChangeOwnership().

                                                                  {
   runUpdateQueriesAndChangeOwnership(
       new_owner, previous_owner, object, catalog, {}, revoke_privileges);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::check_for_session_encryption	(	const std::string &	pki_cert,
		std::string &	session
	)

Definition at line 979 of file SysCatalog.cpp.

References pki_server_.

                                                                   {
   if (!pki_server_->inUse()) {
     return;
   }
   pki_server_->encrypt_session(pki_cert, session);
 }

void Catalog_Namespace::SysCatalog::checkAndExecuteMigrations ( )

private

Definition at line 358 of file SysCatalog.cpp.

References addAdminUserRole(), checkDuplicateCaseInsensitiveDbNames(), createRoles(), fixRolesMigration(), migrateDBAccessPrivileges(), migratePrivileged_old(), migratePrivileges(), updateBlankPasswordsToRandom(), updatePasswordsToHashes(), updateSupportUserDeactivation(), and updateUserSchema().

                                            {
   migratePrivileged_old();
   createRoles();
   fixRolesMigration();
   migratePrivileges();
   migrateDBAccessPrivileges();
   updateUserSchema();  // must come before updatePasswordsToHashes()
   updatePasswordsToHashes();
   updateBlankPasswordsToRandom();  // must come after updatePasswordsToHashes()
   updateSupportUserDeactivation();
   addAdminUserRole();
   checkDuplicateCaseInsensitiveDbNames();
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::checkDropRenderGroupColumnsMigration ( ) const

Definition at line 3197 of file SysCatalog.cpp.

References Catalog_Namespace::Catalog::checkDropRenderGroupColumnsMigration(), logger::FATAL, getCatalogsForAllDbs(), hasExecutedMigration(), logger::INFO, instance(), LOG, and recordExecutedMigration().

Referenced by startHeavyDBServer().

                                                             {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   static const std::string drop_render_groups_migration{"drop_render_groups"};
   if (!hasExecutedMigration(drop_render_groups_migration)) {
     bool all_catalogs_migrated = true;
 
     LOG(INFO) << "Starting Drop-Render-Group-Columns Migration...";
     auto cats = Catalog_Namespace::SysCatalog::instance().getCatalogsForAllDbs();
     for (auto& cat : cats) {
       if (!cat->checkDropRenderGroupColumnsMigration()) {
         all_catalogs_migrated = false;
       }
     }
     LOG(INFO) << "Drop-Render-Group-Columns Migration complete";
 
     recordExecutedMigration(drop_render_groups_migration);
 
     if (!all_catalogs_migrated) {
       // we have marked the migration as having been attempted, but one or more tables did
       // not correctly migrate, so we fail here in order to alert the admin that they need
       // to be manually repaired or dropped on next startup
       LOG(FATAL) << "One or more tables in one or more databases failed "
                     "drop-render-group-columns migration. Check INFO and ERROR logs for "
                     "more details. This message will not be repeated unless the "
                     "migration record is manually reset.";
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::checkDuplicateCaseInsensitiveDbNames ( ) const

private

Definition at line 900 of file SysCatalog.cpp.

References hasExecutedMigration(), recordExecutedMigration(), and sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                                             {
   static const string duplicate_check_migration{
       "check_duplicate_case_insensitive_db_names"};
   if (hasExecutedMigration(duplicate_check_migration)) {
     return;
   }
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query(
       "SELECT UPPER(name) AS db_name, COUNT(*) AS name_count "
       "FROM mapd_databases GROUP BY db_name HAVING name_count > 1");
   auto num_rows = sqliteConnector_->getNumRows();
   if (num_rows > 0) {
     std::stringstream error_message;
     error_message << "Duplicate case insensitive database names encountered:\n";
     for (size_t row = 0; row < num_rows; row++) {
       error_message << sqliteConnector_->getData<string>(row, 0) << " ("
                     << sqliteConnector_->getData<int>(row, 1) << ")\n";
     }
     throw std::runtime_error{error_message.str()};
   }
   recordExecutedMigration(duplicate_check_migration);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPasswordForUser	(	const std::string &	passwd,
		std::string &	name,
		UserMetadata &	user
	)

Definition at line 1641 of file SysCatalog.cpp.

References checkPasswordForUserImpl().

Referenced by loginImpl().

                                                           {
   return checkPasswordForUserImpl(passwd, name, user);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPasswordForUserImpl	(	const std::string &	passwd,
		std::string &	name,
		UserMetadata &	user
	)

private

Definition at line 1647 of file SysCatalog.cpp.

References CHECK, getMetadataForUser(), LOG, Catalog_Namespace::UserMetadata::passwd_hash, and logger::WARNING.

Referenced by checkPasswordForUser().

                                                               {
   sys_read_lock read_lock(this);
   if (!getMetadataForUser(name, user)) {
     // Check password against some fake hash just to waste time so that response times
     // for invalid password and invalid user are similar and a caller can't say the
     // difference
     char fake_hash[BCRYPT_HASHSIZE];
     CHECK(bcrypt_gensalt(-1, fake_hash) == 0);
     bcrypt_checkpw(passwd.c_str(), fake_hash);
     LOG(WARNING) << "Local login failed";
     return false;
   }
   int pwd_check_result = bcrypt_checkpw(passwd.c_str(), user.passwd_hash.c_str());
   // if the check fails there is a good chance that data on disc is broken
   CHECK(pwd_check_result >= 0);
   return pwd_check_result == 0;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPrivileges	(	const UserMetadata &	user,
		const std::vector< DBObject > &	privObjects
	)		const

Definition at line 2522 of file SysCatalog.cpp.

References getUserGrantee(), instance(), Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::SessionInfo::checkDBAccessPrivileges(), checkPrivileges(), getDatabaseListForUser(), and switchDatabase().

                                                                                {
   sys_read_lock read_lock(this);
   if (user.isSuper) {
     return true;
   }
 
   auto* user_rl = instance().getUserGrantee(user.userName);
   if (!user_rl) {
     throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
                         " does not exist.");
   }
   for (auto& object : privObjects) {
     if (!user_rl->checkPrivileges(object)) {
       return false;
     }
   }
   return true;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::checkPrivileges	(	const std::string &	userName,
		const std::vector< DBObject > &	privObjects
	)		const

Definition at line 2542 of file SysCatalog.cpp.

References checkPrivileges(), Catalog_Namespace::g_log_user_id, getMetadataForUser(), and instance().

                                                                                {
   UserMetadata user;
   if (!instance().getMetadataForUser(userName, user)) {
     std::string const loggable = g_log_user_id ? std::string("") : userName + ' ';
     throw runtime_error("Request to check privileges for user " + loggable +
                         "failed because user with this name does not exist.");
   }
   return (checkPrivileges(user, privObjects));
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createDatabase	(	const std::string &	dbname,
		int	owner
	)

Definition at line 1475 of file SysCatalog.cpp.

References basePath_, cat(), CHECK, DatabaseDBObjectType, g_enable_fsi, getCatalog(), Catalog_Namespace::Catalog::getCustomExpressionsSchema(), Catalog_Namespace::Catalog::getForeignServerSchema(), Catalog_Namespace::Catalog::getForeignTableSchema(), getMetadataForDB(), getMetadataForUserById(), grantAllOnDatabase_unsafe(), shared::kCatalogDirectoryName, shared::kRootUserId, shared::kSystemCatalogName, removeCatalog(), sqliteConnector_, to_string(), to_upper(), and Catalog_Namespace::UserMetadata::userName.

Referenced by initDB(), and initializeInformationSchemaDb().

                                                              {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   DBMetadata db;
   if (getMetadataForDB(name, db)) {
     throw runtime_error("Database " + name + " already exists.");
   }
   if (to_upper(name) == to_upper(shared::kSystemCatalogName)) {
     throw runtime_error("Database name " + name + " is reserved.");
   }
 
   std::unique_ptr<SqliteConnector> dbConn(
       new SqliteConnector(name, basePath_ + "/" + shared::kCatalogDirectoryName + "/"));
   // NOTE(max): it's okay to run this in a separate transaction. If we fail later
   // we delete the database anyways.
   // If we run it in the same transaction as SysCatalog functions, then Catalog
   // constructor won't find the tables we have just created.
   dbConn->query("BEGIN TRANSACTION");
   try {
     dbConn->query(
         "CREATE TABLE mapd_tables (tableid integer primary key, name text unique, userid "
         "integer, ncolumns integer, "
         "isview boolean, "
         "fragments text, frag_type integer, max_frag_rows integer, max_chunk_size "
         "bigint, "
         "frag_page_size integer, "
         "max_rows bigint, partitions text, shard_column_id integer, shard integer, "
         "sort_column_id integer default 0, storage_type text default '', "
         "max_rollback_epochs integer default -1, "
         "is_system_table boolean default 0, "
         "num_shards integer, key_metainfo TEXT, version_num "
         "BIGINT DEFAULT 1) ");
     dbConn->query(
         "CREATE TABLE mapd_columns (tableid integer references mapd_tables, columnid "
         "integer, name text, coltype "
         "integer, colsubtype integer, coldim integer, colscale integer, is_notnull "
         "boolean, compression integer, "
         "comp_param integer, size integer, chunks text, is_systemcol boolean, "
         "is_virtualcol boolean, virtual_expr "
         "text, is_deletedcol boolean, version_num BIGINT, default_value text, "
         "primary key(tableid, columnid), unique(tableid, name))");
     dbConn->query(
         "CREATE TABLE mapd_views (tableid integer references mapd_tables, sql text)");
     dbConn->query(
         "CREATE TABLE mapd_dashboards (id integer primary key autoincrement, name text , "
         "userid integer references mapd_users, state text, image_hash text, update_time "
         "timestamp, "
         "metadata text, UNIQUE(userid, name) )");
     dbConn->query(
         "CREATE TABLE mapd_links (linkid integer primary key, userid integer references "
         "mapd_users, "
         "link text unique, view_state text, update_time timestamp, view_metadata text)");
     dbConn->query(
         "CREATE TABLE mapd_dictionaries (dictid integer primary key, name text unique, "
         "nbits int, is_shared boolean, "
         "refcount int, version_num BIGINT DEFAULT 1)");
     dbConn->query(
         "CREATE TABLE mapd_logical_to_physical(logical_table_id integer, "
         "physical_table_id "
         "integer)");
     dbConn->query("CREATE TABLE mapd_record_ownership_marker (dummy integer)");
     dbConn->query_with_text_params(
         "INSERT INTO mapd_record_ownership_marker (dummy) VALUES (?1)",
         std::vector<std::string>{std::to_string(owner)});
 
     if (g_enable_fsi) {
       dbConn->query(Catalog::getForeignServerSchema());
       dbConn->query(Catalog::getForeignTableSchema());
     }
     dbConn->query(Catalog::getCustomExpressionsSchema());
   } catch (const std::exception&) {
     dbConn->query("ROLLBACK TRANSACTION");
     boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                               name);
     throw;
   }
   dbConn->query("END TRANSACTION");
 
   std::shared_ptr<Catalog> cat;
   // Now update SysCatalog with privileges and the new database
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query_with_text_param(
         "INSERT INTO mapd_databases (name, owner) VALUES (?, " + std::to_string(owner) +
             ")",
         name);
     CHECK(getMetadataForDB(name, db));
 
     cat = getCatalog(db, true);
 
     if (owner != shared::kRootUserId) {
       DBObject object(name, DBObjectType::DatabaseDBObjectType);
       object.loadKey(*cat);
       UserMetadata user;
       CHECK(getMetadataForUserById(owner, user));
       grantAllOnDatabase_unsafe(user.userName, object, *cat);
     }
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                               name);
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 
   // force a migration on the new database
   removeCatalog(name);
   cat = getCatalog(db, false);
 
   if (g_enable_fsi) {
     try {
       cat->createDefaultServersIfNotExists();
     } catch (...) {
       boost::filesystem::remove(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                                 name);
       throw;
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createDBObject	(	const UserMetadata &	user,
		const std::string &	objectName,
		DBObjectType	type,
		const Catalog_Namespace::Catalog &	catalog,
		int32_t	objectId = `-1`
	)

Definition at line 1890 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, DashboardDBObjectType, getUserGrantee(), grantDBObjectPrivileges_unsafe(), Grantee::grantPrivileges(), instance(), Catalog_Namespace::UserMetadata::isSuper, ServerDBObjectType, sqliteConnector_, TableDBObjectType, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

Referenced by CreateForeignServerCommand::execute(), CreateForeignTableCommand::execute(), and EmbeddedDatabase::DBEngineImpl::importArrowTable().

                                                   {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   DBObject object =
       objectId == -1 ? DBObject(objectName, type) : DBObject(objectId, type);
   object.loadKey(catalog);
   switch (type) {
     case TableDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_TABLE);
       break;
     case DashboardDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
       break;
     case ServerDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_SERVER);
       break;
     default:
       object.setPrivileges(AccessPrivileges::ALL_DATABASE);
       break;
   }
   object.setOwner(user.userId);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     if (!user.isSuper) {  // no need to grant to suser, has all privs by default
       grantDBObjectPrivileges_unsafe(user.userName, object, catalog);
       auto* grantee = instance().getUserGrantee(user.userName);
       if (!grantee) {
         throw runtime_error("Cannot create DBObject. User " + user.userLoggable() +
                             " does not exist.");
       }
       grantee->grantPrivileges(object);
     }
   } catch (std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRole	(	const std::string &	roleName,
		const bool	user_private_role,
		const bool	is_temporary = `false`
	)

Definition at line 2848 of file SysCatalog.cpp.

References createRole_unsafe(), and execInTransaction().

                                                      {
   execInTransaction(
       &SysCatalog::createRole_unsafe, roleName, user_private_role, is_temporary);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::createRole_unsafe	(	const std::string &	roleName,
		const bool	userPrivateRole,
		const bool	is_temporary
	)

private

Definition at line 2268 of file SysCatalog.cpp.

References DatabaseDBObjectType, DBObjectKey::dbId, getGrantee(), granteeMap_, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kDefaultDbName, DBObjectKey::permissionType, DBObject::setObjectKey(), sqliteConnector_, and to_upper().

Referenced by addAdminUserRole(), createRole(), createUser(), and initDB().

                                                             {
   sys_write_lock write_lock(this);
 
   auto* grantee = getGrantee(roleName);
   if (grantee) {
     throw std::runtime_error("CREATE ROLE " + roleName +
                              " failed because grantee with this name already exists.");
   }
   std::unique_ptr<Grantee> g;
   if (user_private_role) {
     g.reset(new User(roleName));
   } else {
     g.reset(new Role(roleName));
   }
   grantee = g.get();
   granteeMap_[to_upper(roleName)] = std::move(g);
 
   // NOTE (max): Why create an empty privileges record for a role?
   /* grant none privileges to this role and add it to sqlite DB */
   DBObject dbObject(shared::kDefaultDbName, DatabaseDBObjectType);
   DBObjectKey objKey;
   // 0 is an id that does not exist
   objKey.dbId = 0;
   objKey.permissionType = DatabaseDBObjectType;
   dbObject.setObjectKey(objKey);
   grantee->grantPrivileges(dbObject);
 
   if (!is_temporary) {
     sys_sqlite_lock sqlite_lock(this);
     insertOrUpdateObjectPrivileges(
         sqliteConnector_, roleName, user_private_role, dbObject);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createRoles ( )

private

Definition at line 445 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                              {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "SELECT name FROM sqlite_master WHERE type='table' AND name='mapd_roles'");
     if (sqliteConnector_->getNumRows() != 0) {
       // already done
       sqliteConnector_->query("END TRANSACTION");
       return;
     }
     sqliteConnector_->query(
         "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
         "userName))");
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

UserMetadata Catalog_Namespace::SysCatalog::createUser	(	std::string const &	name,
		UserAlterations	alts,
		bool	is_temporary
	)

Definition at line 987 of file SysCatalog.cpp.

References Catalog_Namespace::UserAlterations::can_login, CHECK, createRole_unsafe(), Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::UserAlterations::default_db, Catalog_Namespace::g_log_user_id, g_read_only, getGrantee(), getMetadataForDB(), getMetadataForUser(), getUser(), anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), Catalog_Namespace::UserAlterations::is_super, name(), next_temporary_user_id_, Catalog_Namespace::UserAlterations::passwd, sqliteConnector_, temporary_users_by_id_, temporary_users_by_name_, to_string(), Catalog_Namespace::UserMetadata::userLoggable(), and VLOG.

Referenced by syncUserWithRemoteProvider().

                                                        {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   if (!alts.passwd) {
     alts.passwd = "";
   }
   if (!alts.is_super) {
     alts.is_super = false;
   }
   if (!alts.default_db) {
     alts.default_db = "";
   }
   if (!alts.can_login) {
     alts.can_login = true;
   }
 
   UserMetadata user;
   if (getMetadataForUser(name, user)) {
     throw runtime_error("User " + user.userLoggable() + " already exists.");
   }
   if (getGrantee(name)) {
     std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
     throw runtime_error(
         "User " + loggable +
         "is same as one of existing grantees. User and role names should be unique.");
   }
   DBMetadata db;
   if (!alts.default_db->empty()) {
     if (!getMetadataForDB(*alts.default_db, db)) {
       throw runtime_error("DEFAULT_DB " + *alts.default_db + " not found.");
     }
   }
 
   // Temporary user.
   if (is_temporary) {
     if (!g_read_only) {
       throw std::runtime_error("Temporary users require read-only mode.");
       // NOTE(sy): We can remove this restriction when we're confident that
       // nothing permanent can depend on a temporary user.
     }
     auto user2 = std::make_shared<UserMetadata>(next_temporary_user_id_++,
                                                 name,
                                                 hash_with_bcrypt(*alts.passwd),
                                                 *alts.is_super,
                                                 !alts.default_db->empty() ? db.dbId : -1,
                                                 *alts.can_login,
                                                 true);
     temporary_users_by_name_[name] = user2;
     temporary_users_by_id_[user2->userId] = user2;
     createRole_unsafe(name, /*userPrivateRole=*/true, /*is_temporary=*/true);
     VLOG(1) << "Created temporary user: " << user2->userLoggable();
     return *user2;
   }
 
   // Normal user.
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     std::vector<std::string> vals;
     if (!alts.default_db->empty()) {
       vals = {name,
               hash_with_bcrypt(*alts.passwd),
               std::to_string(*alts.is_super),
               std::to_string(db.dbId),
               std::to_string(*alts.can_login)};
       sqliteConnector_->query_with_text_params(
           "INSERT INTO mapd_users (name, passwd_hash, issuper, default_db, can_login) "
           "VALUES (?, ?, ?, ?, ?)",
           vals);
     } else {
       vals = {name,
               hash_with_bcrypt(*alts.passwd),
               std::to_string(*alts.is_super),
               std::to_string(*alts.can_login)};
       sqliteConnector_->query_with_text_params(
           "INSERT INTO mapd_users (name, passwd_hash, issuper, can_login) "
           "VALUES (?, ?, ?, ?)",
           vals);
     }
     createRole_unsafe(name, /*userPrivateRole=*/true, /*is_temporary=*/false);
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   auto u = getUser(name);
   CHECK(u);
   VLOG(1) << "Created user: " << u->userLoggable();
   return *u;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::createVersionHistoryTable ( ) const

private

Definition at line 3182 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by recordExecutedMigration().

                                                  {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query(
       "CREATE TABLE mapd_version_history(version integer, migration_history text "
       "unique)");
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap ( const std::string & roleName )

private

Definition at line 2470 of file SysCatalog.cpp.

References objectDescriptorMap_.

Referenced by dropUserUnchecked(), and revokeDBObjectPrivileges_unsafe().

                                                                     {
   sys_write_lock write_lock(this);
 
   for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
     if (d->second->roleName == roleName) {
       d = objectDescriptorMap_.erase(d);
     } else {
       d++;
     }
   }
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::deleteObjectDescriptorMap	(	const std::string &	roleName,
		DBObject &	object,
		const Catalog_Namespace::Catalog &	cat
	)

private

Definition at line 2483 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), objectDescriptorMap_, and to_string().

                                                                                 {
   sys_write_lock write_lock(this);
   auto range = objectDescriptorMap_.equal_range(
       std::to_string(cat.getCurrentDB().dbId) + ":" +
       std::to_string(object.getObjectKey().permissionType) + ":" +
       std::to_string(object.getObjectKey().objectId));
   for (auto d = range.first; d != range.second;) {
     // remove the entry
     if (d->second->roleName == roleName) {
       d = objectDescriptorMap_.erase(d);
     } else {
       d++;
     }
   }
 }

Here is the call graph for this function:

static void Catalog_Namespace::SysCatalog::destroy ( )

inlinestatic

Definition at line 351 of file SysCatalog.h.

References migrations::MigrationMgr::destroy(), instance_, and instance_mutex_.

Referenced by main(), EmbeddedDatabase::DBEngineImpl::reset(), and DBHandler::shutdown().

                         {
     std::unique_lock lk(instance_mutex_);
     instance_.reset();
     migrations::MigrationMgr::destroy();
   }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropDatabase ( const DBMetadata & db )

Definition at line 1596 of file SysCatalog.cpp.

References cat(), DashboardDBObjectType, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, getCatalog(), granteeMap_, removeCatalog(), revokeAllOnDatabase_unsafe(), revokeDBObjectPrivilegesFromAll_unsafe(), sqliteConnector_, TableDBObjectType, run_benchmark_import::tables, and to_string().

Referenced by initializeInformationSchemaDb().

                                                   {
   auto cat = getCatalog(db, false);
   cat->eraseDbPhysicalData();
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     // remove this database ID from any users that have it set as their default database
     sqliteConnector_->query_with_text_param(
         "UPDATE mapd_users SET default_db = NULL WHERE default_db = ?",
         std::to_string(db.dbId));
     /* revoke object privileges to all tables of the database being dropped */
     const auto tables = cat->getAllTableMetadata();
     for (const auto table : tables) {
       if (table->shard >= 0) {
         // skip shards, they're not standalone tables
         continue;
       }
       revokeDBObjectPrivilegesFromAll_unsafe(
           DBObject(table->tableName, TableDBObjectType), cat.get());
     }
     const auto dashboards = cat->getAllDashboardsMetadata();
     for (const auto dashboard : dashboards) {
       revokeDBObjectPrivilegesFromAll_unsafe(
           DBObject(dashboard->dashboardId, DashboardDBObjectType), cat.get());
     }
     /* revoke object privileges to the database being dropped */
     for (const auto& grantee : granteeMap_) {
       if (grantee.second->hasAnyPrivilegesOnDb(db.dbId, true)) {
         revokeAllOnDatabase_unsafe(
             grantee.second->getName(), db.dbId, grantee.second.get());
       }
     }
     sqliteConnector_->query_with_text_param("DELETE FROM mapd_databases WHERE dbid = ?",
                                             std::to_string(db.dbId));
     cat->eraseDbMetadata();
     removeCatalog(db.dbName);
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropRole	(	const std::string &	roleName,
		const bool	is_temporary = `false`
	)

Definition at line 2855 of file SysCatalog.cpp.

References dropRole_unsafe(), and execInTransaction().

                                                                             {
   execInTransaction(&SysCatalog::dropRole_unsafe, roleName, is_temporary);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::dropRole_unsafe	(	const std::string &	roleName,
		const bool	is_temporary
	)

private

Definition at line 2304 of file SysCatalog.cpp.

References granteeMap_, objectDescriptorMap_, sqliteConnector_, and to_upper().

Referenced by dropRole(), and dropUserUnchecked().

                                                                                    {
   sys_write_lock write_lock(this);
 
   for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
     if (d->second->roleName == roleName) {
       d = objectDescriptorMap_.erase(d);
     } else {
       d++;
     }
   }
   // it may very well be a user "role", so keep it generic
   granteeMap_.erase(to_upper(roleName));
 
   if (!is_temporary) {
     sys_sqlite_lock sqlite_lock(this);
     sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE roleName = ?",
                                             roleName);
     sqliteConnector_->query_with_text_param(
         "DELETE FROM mapd_object_permissions WHERE roleName = ?", roleName);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::dropUser	(	const std::string &	name,
		bool	if_exists = `false`
	)

Definition at line 1118 of file SysCatalog.cpp.

References dropUserUnchecked(), Catalog_Namespace::g_log_user_id, getAllDBMetadata(), getMetadataForUser(), shared::kRootUserId, and Catalog_Namespace::UserMetadata::userId.

                                                             {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   std::string const loggable = g_log_user_id ? std::string("") : name + ' ';
 
   UserMetadata user;
   if (!getMetadataForUser(name, user)) {
     if (if_exists) {
       return;
     } else {
       throw runtime_error("Cannot drop user. User " + loggable + "does not exist.");
     }
   }
 
   if (user.userId == shared::kRootUserId) {
     throw runtime_error("Cannot drop user. User " + loggable + "is required to exist.");
   }
 
   auto dbs = getAllDBMetadata();
   for (const auto& db : dbs) {
     if (db.dbOwner == user.userId) {
       throw runtime_error("Cannot drop user. User " + loggable + "owns database " +
                           db.dbName);
     }
   }
 
   dropUserUnchecked(name, user);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::dropUserUnchecked	(	const std::string &	name,
		const UserMetadata &	user
	)

Definition at line 1081 of file SysCatalog.cpp.

References CHECK, deleteObjectDescriptorMap(), dropRole_unsafe(), Catalog_Namespace::UserMetadata::is_temporary, sqliteConnector_, temporary_users_by_id_, temporary_users_by_name_, to_string(), and Catalog_Namespace::UserMetadata::userId.

Referenced by dropUser().

                                                                                   {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   // Temporary user.
   if (user.is_temporary) {
     auto it1 = temporary_users_by_name_.find(name);
     CHECK(it1 != temporary_users_by_name_.end());
     auto it2 = temporary_users_by_id_.find(it1->second->userId);
     CHECK(it2 != temporary_users_by_id_.end());
     dropRole_unsafe(name, /*is_temporary=*/true);
     deleteObjectDescriptorMap(name);
     temporary_users_by_name_.erase(it1);
     temporary_users_by_id_.erase(it2);
     return;
   }
 
   // Normal user.
 
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     dropRole_unsafe(name, /*is_temporary=*/false);
     deleteObjectDescriptorMap(name);
     const std::string& roleName(name);
     sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE userName = ?",
                                             roleName);
     sqliteConnector_->query("DELETE FROM mapd_users WHERE userid = " +
                             std::to_string(user.userId));
     sqliteConnector_->query("DELETE FROM mapd_privileges WHERE userid = " +
                             std::to_string(user.userId));
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

template<typename F , typename... Args>

void Catalog_Namespace::SysCatalog::execInTransaction	(	F &&	f,
		Args &&...	args
	)

private

Definition at line 2835 of file SysCatalog.cpp.

References run_benchmark_import::args, f(), and sqliteConnector_.

Referenced by createRole(), dropRole(), grantDBObjectPrivileges(), grantDBObjectPrivilegesBatch(), grantRole(), grantRoleBatch(), revokeDBObjectPrivileges(), revokeDBObjectPrivilegesBatch(), revokeDBObjectPrivilegesFromAll(), revokeDBObjectPrivilegesFromAllBatch(), revokeRole(), and revokeRoleBatch().

                                                         {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     (this->*f)(std::forward<Args>(args)...);
   } catch (std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::fixRolesMigration ( )

private

Definition at line 472 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                    {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query("SELECT name FROM mapd_users");
     auto num_rows = sqliteConnector_->getNumRows();
     std::vector<std::string> user_names;
     for (size_t i = 0; i < num_rows; ++i) {
       user_names.push_back(sqliteConnector_->getData<std::string>(i, 0));
     }
     for (const auto& user_name : user_names) {
       sqliteConnector_->query_with_text_param("DELETE FROM mapd_roles WHERE roleName = ?",
                                               user_name);
     }
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

list< DBMetadata > Catalog_Namespace::SysCatalog::getAllDBMetadata ( )

Definition at line 1729 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, and sqliteConnector_.

Referenced by dropUser(), getCatalogsForAllDbs(), and getDatabaseListForUser().

                                               {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("SELECT dbid, name, owner FROM mapd_databases");
   int numRows = sqliteConnector_->getNumRows();
   list<DBMetadata> db_list;
   for (int r = 0; r < numRows; ++r) {
     DBMetadata db;
     db.dbId = sqliteConnector_->getData<int>(r, 0);
     db.dbName = sqliteConnector_->getData<string>(r, 1);
     db.dbOwner = sqliteConnector_->getData<int>(r, 2);
     db_list.push_back(db);
   }
   return db_list;
 }

Here is the caller graph for this function:

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( )

Definition at line 1789 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), and sqliteConnector_.

Referenced by Catalog_Namespace::anonymous_namespace{Catalog.cpp}::get_user_id_to_user_name_map(), and getDatabaseListForUser().

                                                   {
   sys_sqlite_lock sqlite_lock(this);
   return get_users(*this, sqliteConnector_);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

list< UserMetadata > Catalog_Namespace::SysCatalog::getAllUserMetadata ( const int64_t dbId )

return the users associated with the given DB

Definition at line 1782 of file SysCatalog.cpp.

References Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), and sqliteConnector_.

                                                                     {
   // this call is to return users that have some form of permissions to objects in the db
   // sadly mapd_object_permissions table is also misused to manage user roles.
   sys_sqlite_lock sqlite_lock(this);
   return get_users(*this, sqliteConnector_, dbId);
 }

Here is the call graph for this function:

Calcite& Catalog_Namespace::SysCatalog::getCalciteMgr ( ) const

inline

Definition at line 235 of file SysCatalog.h.

References calciteMgr_.

235 { return *calciteMgr_; }

Catalog_Namespace::SysCatalog::calciteMgr_

std::shared_ptr< Calcite > calciteMgr_

Definition: SysCatalog.h:514

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const std::string & dbName )

Definition at line 3022 of file SysCatalog.cpp.

References cat_map_, getMetadataForDB(), and to_upper().

                                                                      {
   dbid_to_cat_map::const_accessor cata;
   if (cat_map_.find(cata, to_upper(dbName))) {
     return cata->second;
   } else {
     Catalog_Namespace::DBMetadata db_meta;
     if (getMetadataForDB(dbName, db_meta)) {
       return getCatalog(db_meta, false);
     } else {
       return nullptr;
     }
   }
 }

Here is the call graph for this function:

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog ( const int32_t db_id )

Definition at line 3036 of file SysCatalog.cpp.

References cat_map_.

                                                                  {
   dbid_to_cat_map::const_accessor cata;
   for (dbid_to_cat_map::iterator cat_it = cat_map_.begin(); cat_it != cat_map_.end();
        ++cat_it) {
     if (cat_it->second->getDatabaseId() == db_id) {
       return cat_it->second;
     }
   }
   return nullptr;
 }

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::getCatalog	(	const DBMetadata &	curDB,
		bool	is_new_db
	)

Definition at line 3047 of file SysCatalog.cpp.

References basePath_, calciteMgr_, cat(), cat_map_, dataMgr_, Catalog_Namespace::DBMetadata::dbName, string_dict_hosts_, and to_upper().

                                                                                      {
   const auto key = to_upper(curDB.dbName);
   {
     dbid_to_cat_map::const_accessor cata;
     if (cat_map_.find(cata, key)) {
       return cata->second;
     }
   }
 
   // Catalog doesnt exist
   // has to be made outside of lock as migration uses cat
   auto cat = std::make_shared<Catalog>(
       basePath_, curDB, dataMgr_, string_dict_hosts_, calciteMgr_, is_new_db);
 
   dbid_to_cat_map::accessor cata;
 
   if (cat_map_.find(cata, key)) {
     return cata->second;
   }
 
   cat_map_.insert(cata, key);
   cata->second = cat;
 
   return cat;
 }

Here is the call graph for this function:

const std::string& Catalog_Namespace::SysCatalog::getCatalogBasePath ( ) const

inline

Definition at line 236 of file SysCatalog.h.

References basePath_.

236 { return basePath_; }

Catalog_Namespace::SysCatalog::basePath_

std::string basePath_

Definition: SysCatalog.h:506

std::vector< Catalog * > Catalog_Namespace::SysCatalog::getCatalogsForAllDbs ( )

Definition at line 1148 of file SysCatalog.cpp.

References getAllDBMetadata(), and getCatalog().

Referenced by checkDropRenderGroupColumnsMigration(), and ReassignOwnedCommand::execute().

                                                      {
   std::vector<Catalog*> catalogs{};
   const auto& db_metadata_list = getAllDBMetadata();
   for (const auto& db_metadata : db_metadata_list) {
     catalogs.emplace_back(getCatalog(db_metadata, false).get());
   }
   return catalogs;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::set< std::string > Catalog_Namespace::SysCatalog::getCreatedRoles ( ) const

Definition at line 2683 of file SysCatalog.cpp.

References granteeMap_, and isDashboardSystemRole().

                                                     {
   sys_read_lock read_lock(this);
   std::set<std::string> roles;  // Sorted for human readers.
   for (const auto& [key, grantee] : granteeMap_) {
     if (!grantee->isUser() && !isDashboardSystemRole(grantee->getName())) {
       roles.emplace(grantee->getName());
     }
   }
   return roles;
 }

Here is the call graph for this function:

DBSummaryList Catalog_Namespace::SysCatalog::getDatabaseListForUser ( const UserMetadata & user )

Definition at line 1861 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, checkPrivileges(), DatabaseDBObjectType, Catalog_Namespace::DBSummary::dbName, getAllDBMetadata(), getAllUserMetadata(), DBObject::loadKey(), DBObject::setPrivileges(), Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

Referenced by ShowDatabasesCommand::execute().

                                                                          {
   DBSummaryList ret;
 
   std::list<Catalog_Namespace::DBMetadata> db_list = getAllDBMetadata();
   std::list<Catalog_Namespace::UserMetadata> user_list = getAllUserMetadata();
 
   std::map<int32_t, std::string> user_id_to_name_map;
   for (const auto& user : user_list) {
     user_id_to_name_map.emplace(user.userId, user.userName);
   }
 
   for (auto d : db_list) {
     DBObject dbObject(d.dbName, DatabaseDBObjectType);
     dbObject.loadKey();
     dbObject.setPrivileges(AccessPrivileges::ACCESS);
     if (!checkPrivileges(user, std::vector<DBObject>{dbObject})) {
       continue;
     }
 
     if (auto it = user_id_to_name_map.find(d.dbOwner); it != user_id_to_name_map.end()) {
       ret.emplace_back(DBSummary{d.dbName, it->second});
     } else {
       ret.emplace_back(DBSummary{d.dbName, "<DELETED>"});
     }
   }
 
   return ret;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

Data_Namespace::DataMgr& Catalog_Namespace::SysCatalog::getDataMgr ( ) const

inline

Definition at line 234 of file SysCatalog.h.

References dataMgr_.

Referenced by Executor::clearMemory(), Executor::getExecutor(), foreign_storage::InternalMemoryStatsDataWrapper::initializeObjectsForTable(), foreign_storage::InternalStorageStatsDataWrapper::initializeObjectsForTable(), ResultSet::radixSortOnGpu(), and anonymous_namespace{RelAlgExecutor.cpp}::set_parallelism_hints().

234 { return *dataMgr_; }

Catalog_Namespace::SysCatalog::dataMgr_

std::shared_ptr< Data_Namespace::DataMgr > dataMgr_

Definition: SysCatalog.h:511

Here is the caller graph for this function:

std::optional<DBMetadata> Catalog_Namespace::SysCatalog::getDB ( std::string const & dbname )

inline

Definition at line 215 of file SysCatalog.h.

References getMetadataForDB().

                                                          {
     if (DBMetadata db; getMetadataForDB(dbname, db)) {
       return db;
     }
     return {};
   }

Here is the call graph for this function:

std::optional<DBMetadata> Catalog_Namespace::SysCatalog::getDB ( int32_t const dbid )

inline

Definition at line 221 of file SysCatalog.h.

References getMetadataForDBById().

                                                     {
     if (DBMetadata db; getMetadataForDBById(dbid, db)) {
       return db;
     }
     return {};
   }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::getDBObjectPrivileges	(	const std::string &	granteeName,
		DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)		const

Definition at line 2246 of file SysCatalog.cpp.

References getGrantee(), getMetadataForUser(), instance(), and Catalog_Namespace::UserMetadata::isSuper.

                                                                                       {
   sys_read_lock read_lock(this);
   UserMetadata user_meta;
 
   if (instance().getMetadataForUser(granteeName, user_meta)) {
     if (user_meta.isSuper) {
       throw runtime_error(
           "Request to show privileges from " + granteeName +
           " failed because user is super user and has all privileges by default.");
     }
   }
   auto* grantee = instance().getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to show privileges for " + granteeName +
                         " failed because role or user with this name does not exist.");
   }
   object.loadKey(catalog);
   grantee->getPrivileges(object, true);
 }

Here is the call graph for this function:

std::shared_ptr<Catalog> Catalog_Namespace::SysCatalog::getDummyCatalog ( )

inline

Definition at line 369 of file SysCatalog.h.

References dummyCatalog_.

Referenced by Catalog_Namespace::Catalog::getObjForLock().

369 { return dummyCatalog_; }

Catalog_Namespace::SysCatalog::dummyCatalog_

std::shared_ptr< Catalog > dummyCatalog_

Definition: SysCatalog.h:542

Here is the caller graph for this function:

Grantee * Catalog_Namespace::SysCatalog::getGrantee ( const std::string & name ) const

Definition at line 2553 of file SysCatalog.cpp.

References granteeMap_, and to_upper().

Referenced by buildRoleMapUnlocked(), buildUserRoleMapUnlocked(), createRole_unsafe(), createUser(), getDBObjectPrivileges(), getRoleGrantee(), getRoles(), getUserGrantee(), grantDBObjectPrivileges_unsafe(), grantRole_unsafe(), renameDBObject(), renameUser(), revokeDBObjectPrivileges_unsafe(), and revokeRole_unsafe().

                                                            {
   sys_read_lock read_lock(this);
   auto grantee = granteeMap_.find(to_upper(name));
   if (grantee == granteeMap_.end()) {  // check to make sure role exists
     return nullptr;
   }
   return grantee->second.get();  // returns pointer to role
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::unordered_map< std::string, std::vector< std::string > > Catalog_Namespace::SysCatalog::getGranteesOfSharedDashboards ( const std::vector< std::string > & dashboard_ids )

Definition at line 2991 of file SysCatalog.cpp.

References DashboardDBObjectType, sqliteConnector_, and to_string().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

                                                                                    {
   sys_sqlite_lock sqlite_lock(this);
   std::unordered_map<std::string, std::vector<std::string>> active_grantees;
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     for (auto dash : dashboard_ids) {
       std::vector<std::string> grantees = {};
       sqliteConnector_->query_with_text_params(
           "SELECT roleName FROM mapd_object_permissions WHERE objectPermissions NOT IN "
           "(0,1) AND objectPermissionsType = ? AND objectId = ?",
           std::vector<std::string>{
               std::to_string(static_cast<int32_t>(DashboardDBObjectType)), dash});
       int num_rows = sqliteConnector_->getNumRows();
       if (num_rows == 0) {
         // no grantees
         continue;
       } else {
         for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
           grantees.push_back(sqliteConnector_->getData<string>(i, 0));
         }
         active_grantees[dash] = grantees;
       }
     }
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   return active_grantees;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::vector< ObjectRoleDescriptor > Catalog_Namespace::SysCatalog::getMetadataForAllObjects ( ) const

Definition at line 2584 of file SysCatalog.cpp.

References isDashboardSystemRole(), and objectDescriptorMap_.

                                                                            {
   sys_read_lock read_lock(this);
   std::vector<ObjectRoleDescriptor> objects;
   for (const auto& entry : objectDescriptorMap_) {
     auto object_role = entry.second.get();
     if (object_role->dbId != 0 && !isDashboardSystemRole(object_role->roleName)) {
       objects.emplace_back(*object_role);
     }
   }
   return objects;
 }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForDB	(	const std::string &	name,
		DBMetadata &	db
	)

Definition at line 1830 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, sqliteConnector_, and to_upper().

Referenced by alterUser(), changeDatabaseOwner(), createDatabase(), createUser(), getCatalog(), getDB(), getMetadataWithDefaultDB(), initializeInformationSchemaDb(), migrateDBAccessPrivileges(), renameDatabase(), and Catalog_Namespace::UserAlterations::wouldChange().

                                                                     {
   sys_read_lock read_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT dbid, name, owner FROM mapd_databases WHERE UPPER(name) = ?",
       to_upper(name));
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     return false;
   }
   db.dbId = sqliteConnector_->getData<int>(0, 0);
   db.dbName = sqliteConnector_->getData<string>(0, 1);
   db.dbOwner = sqliteConnector_->getData<int>(0, 2);
   return true;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForDBById	(	const int32_t	idIn,
		DBMetadata &	db
	)

Definition at line 1846 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, sqliteConnector_, and to_string().

Referenced by getDB(), and getMetadataWithDefaultDB().

                                                                         {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT dbid, name, owner FROM mapd_databases WHERE dbid = ?",
       std::to_string(idIn));
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     return false;
   }
   db.dbId = sqliteConnector_->getData<int>(0, 0);
   db.dbName = sqliteConnector_->getData<string>(0, 1);
   db.dbOwner = sqliteConnector_->getData<int>(0, 2);
   return true;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::vector< ObjectRoleDescriptor * > Catalog_Namespace::SysCatalog::getMetadataForObject	(	int32_t	dbId,
		int32_t	dbType,
		int32_t	objectId
	)		const

Definition at line 2571 of file SysCatalog.cpp.

References objectDescriptorMap_, and to_string().

Referenced by renameDBObject().

                                                                                      {
   sys_read_lock read_lock(this);
   std::vector<ObjectRoleDescriptor*> objectsList;
 
   auto range = objectDescriptorMap_.equal_range(std::to_string(dbId) + ":" +
                                                 std::to_string(dbType) + ":" +
                                                 std::to_string(objectId));
   for (auto d = range.first; d != range.second; ++d) {
     objectsList.push_back(d->second.get());
   }
   return objectsList;  // return pointers to objects
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUser	(	const std::string &	name,
		UserMetadata &	user
	)

Definition at line 1690 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite(), sqliteConnector_, and temporary_users_by_name_.

Referenced by alterUser(), changeDatabaseOwner(), checkPasswordForUserImpl(), checkPrivileges(), createUser(), dropUser(), getDBObjectPrivileges(), getMetadataWithDefaultDB(), getRoles(), getUser(), grantDBObjectPrivileges_unsafe(), grantRoleBatch_unsafe(), login(), renameUser(), revokeDBObjectPrivileges_unsafe(), and revokeRoleBatch_unsafe().

                                                                           {
   sys_read_lock read_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
       "WHERE name = ?",
       name);
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     auto userit = temporary_users_by_name_.find(name);
     if (userit != temporary_users_by_name_.end()) {
       user = *userit->second;
       return true;
     } else {
       return false;
     }
   }
   return parseUserMetadataFromSQLite(sqliteConnector_, user, 0);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::getMetadataForUserById	(	const int32_t	idIn,
		UserMetadata &	user
	)

Definition at line 1710 of file SysCatalog.cpp.

References Catalog_Namespace::parseUserMetadataFromSQLite(), sqliteConnector_, temporary_users_by_id_, and to_string().

Referenced by changeDatabaseOwner(), createDatabase(), getUser(), populateRoleDbObjects(), and reassignObjectOwners().

                                                                               {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_param(
       "SELECT userid, name, passwd_hash, issuper, default_db, can_login FROM mapd_users "
       "WHERE userid = ?",
       std::to_string(idIn));
   int numRows = sqliteConnector_->getNumRows();
   if (numRows == 0) {
     auto userit = temporary_users_by_id_.find(idIn);
     if (userit != temporary_users_by_id_.end()) {
       user = *userit->second;
       return true;
     } else {
       return false;
     }
   }
   return parseUserMetadataFromSQLite(sqliteConnector_, user, 0);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::getMetadataWithDefaultDB	(	std::string &	dbname,
		const std::string &	username,
		Catalog_Namespace::DBMetadata &	db_meta,
		UserMetadata &	user_meta
	)

private

Definition at line 1794 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::UserMetadata::defaultDbId, Catalog_Namespace::g_log_user_id, getMetadataForDB(), getMetadataForDBById(), getMetadataForUser(), shared::kDefaultDbName, to_string(), Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

Referenced by login(), and switchDatabase().

                                                                    {
   sys_read_lock read_lock(this);
   if (!getMetadataForUser(username, user_meta)) {
     throw std::runtime_error("Invalid credentials.");
   }
 
   if (!dbname.empty()) {
     if (!getMetadataForDB(dbname, db_meta)) {
       throw std::runtime_error("Database name " + dbname + " does not exist.");
     }
     // loaded the requested database
   } else {
     if (user_meta.defaultDbId != -1) {
       if (!getMetadataForDBById(user_meta.defaultDbId, db_meta)) {
         std::string loggable = g_log_user_id ? std::string("") : ' ' + user_meta.userName;
         throw std::runtime_error(
             "Server error: User #" + std::to_string(user_meta.userId) + loggable +
             " has invalid default_db #" + std::to_string(user_meta.defaultDbId) +
             " which does not exist.");
       }
       dbname = db_meta.dbName;
       // loaded the user's default database
     } else {
       if (!getMetadataForDB(shared::kDefaultDbName, db_meta)) {
         throw std::runtime_error(std::string("Database ") + shared::kDefaultDbName +
                                  " does not exist.");
       }
       dbname = shared::kDefaultDbName;
       // loaded the mapd database by default
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

Role * Catalog_Namespace::SysCatalog::getRoleGrantee ( const std::string & name ) const

Definition at line 2562 of file SysCatalog.cpp.

References getGrantee().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles(), grantRole_unsafe(), isRoleGrantedToGrantee(), revokeRole_unsafe(), and syncUserWithRemoteProvider().

                                                             {
   return dynamic_cast<Role*>(getGrantee(name));
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles	(	const std::string &	user_name,
		bool	effective = `true`
	)

Definition at line 2622 of file SysCatalog.cpp.

References getGrantee().

                                                               {
   sys_read_lock read_lock(this);
   auto* grantee = getGrantee(user_name);
   if (!grantee) {
     throw std::runtime_error("user or role not found");
   }
   return grantee->getRoles(/*only_direct=*/!effective);
 }

Here is the call graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles	(	bool	include_user_private_role,
		bool	is_super,
		const std::string &	user_name,
		bool	ignore_deleted_user = `false`
	)

Definition at line 2653 of file SysCatalog.cpp.

References getMetadataForUser(), granteeMap_, isDashboardSystemRole(), and isRoleGrantedToGrantee().

                                                                         {
   sys_read_lock read_lock(this);
   if (ignore_deleted_user) {
     // In certain cases, it is possible to concurrently call this method while the user is
     // being dropped. In such a case, return an empty result.
     UserMetadata user;
     if (!getMetadataForUser(user_name, user)) {
       return {};
     }
   }
   std::vector<std::string> roles;
   for (auto& grantee : granteeMap_) {
     if (!include_user_private_role && grantee.second->isUser()) {
       continue;
     }
     if (!is_super &&
         !isRoleGrantedToGrantee(user_name, grantee.second->getName(), false)) {
       continue;
     }
     if (isDashboardSystemRole(grantee.second->getName())) {
       continue;
     }
     roles.push_back(grantee.second->getName());
   }
   return roles;
 }

Here is the call graph for this function:

std::vector< std::string > Catalog_Namespace::SysCatalog::getRoles	(	const std::string &	userName,
		const int32_t	dbId
	)

Definition at line 2632 of file SysCatalog.cpp.

References isDashboardSystemRole(), isRoleGrantedToGrantee(), sqliteConnector_, and to_string().

                                                                   {
   sys_sqlite_lock sqlite_lock(this);
   std::string sql =
       "SELECT DISTINCT roleName FROM mapd_object_permissions WHERE "
       "objectPermissions<>0 "
       "AND roleType=0 AND dbId=" +
       std::to_string(dbId);
   sqliteConnector_->query(sql);
   int numRows = sqliteConnector_->getNumRows();
   std::vector<std::string> roles(0);
   for (int r = 0; r < numRows; ++r) {
     auto roleName = sqliteConnector_->getData<string>(r, 0);
     if (isRoleGrantedToGrantee(userName, roleName, false) &&
         !isDashboardSystemRole(roleName)) {
       roles.push_back(roleName);
     }
   }
   return roles;
 }

Here is the call graph for this function:

SqliteConnector* Catalog_Namespace::SysCatalog::getSqliteConnector ( )

inline

Definition at line 237 of file SysCatalog.h.

References sqliteConnector_.

237 { return sqliteConnector_.get(); }

Catalog_Namespace::SysCatalog::sqliteConnector_

std::unique_ptr< SqliteConnector > sqliteConnector_

Definition: SysCatalog.h:509

std::optional<UserMetadata> Catalog_Namespace::SysCatalog::getUser ( std::string const & uname )

inline

Definition at line 203 of file SysCatalog.h.

References getMetadataForUser().

Referenced by alterUser(), createUser(), and syncUserWithRemoteProvider().

                                                             {
     if (UserMetadata user; getMetadataForUser(uname, user)) {
       return user;
     }
     return {};
   }

Here is the call graph for this function:

Here is the caller graph for this function:

std::optional<UserMetadata> Catalog_Namespace::SysCatalog::getUser ( int32_t const uid )

inline

Definition at line 209 of file SysCatalog.h.

References getMetadataForUserById().

                                                        {
     if (UserMetadata user; getMetadataForUserById(uid, user)) {
       return user;
     }
     return {};
   }

Here is the call graph for this function:

User * Catalog_Namespace::SysCatalog::getUserGrantee ( const std::string & name ) const

Definition at line 2566 of file SysCatalog.cpp.

References getGrantee().

Referenced by checkPrivileges(), createDBObject(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), hasAnyPrivileges(), isRoleGrantedToGrantee(), populateRoleDbObjects(), syncUserWithRemoteProvider(), and verifyDBObjectOwnership().

                                                             {
   return dynamic_cast<User*>(getGrantee(name));
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantAllOnDatabase_unsafe	(	const std::string &	roleName,
		DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 2011 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, g_enable_fsi, grantDBObjectPrivileges_unsafe(), ServerDBObjectType, DBObject::setPermissionType(), DBObject::setPrivileges(), TableDBObjectType, AccessPrivileges::VIEW_SQL_EDITOR, and ViewDBObjectType.

Referenced by createDatabase(), and grantDBObjectPrivileges_unsafe().

                                                                                     {
   // It's a separate use case because it's easier for implementation to convert ALL ON
   // DATABASE into ALL ON DASHBOARDS, ALL ON VIEWS and ALL ON TABLES
   // Add DB Access privileges
   DBObject tmp_object = object;
   tmp_object.setPrivileges(AccessPrivileges::ACCESS);
   tmp_object.setPermissionType(DatabaseDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   tmp_object.setPrivileges(AccessPrivileges::VIEW_SQL_EDITOR);
   tmp_object.setPermissionType(DatabaseDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   tmp_object.setPrivileges(AccessPrivileges::ALL_TABLE);
   tmp_object.setPermissionType(TableDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   tmp_object.setPrivileges(AccessPrivileges::ALL_VIEW);
   tmp_object.setPermissionType(ViewDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
 
   if (g_enable_fsi) {
     tmp_object.setPrivileges(AccessPrivileges::ALL_SERVER);
     tmp_object.setPermissionType(ServerDBObjectType);
     grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   }
 
   tmp_object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
   tmp_object.setPermissionType(DashboardDBObjectType);
   grantDBObjectPrivileges_unsafe(roleName, tmp_object, catalog);
   return;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges	(	const std::string &	grantee,
		const DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2881 of file SysCatalog.cpp.

References execInTransaction(), and grantDBObjectPrivileges_unsafe().

                                                                                   {
   execInTransaction(
       &SysCatalog::grantDBObjectPrivileges_unsafe, grantee, object, catalog);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivileges_unsafe	(	const std::string &	granteeName,
		const DBObject	object,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 1969 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, CHECK, DatabaseDBObjectType, getGrantee(), getMetadataForUser(), grantAllOnDatabase_unsafe(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), instance(), Catalog_Namespace::UserMetadata::is_temporary, Catalog_Namespace::UserMetadata::isSuper, sqliteConnector_, and updateObjectDescriptorMap().

Referenced by createDBObject(), grantAllOnDatabase_unsafe(), grantDBObjectPrivileges(), grantDBObjectPrivilegesBatch_unsafe(), and runUpdateQueriesAndChangeOwnership().

                                              {
   object.loadKey(catalog);
   CHECK(object.valid());
   if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
       object.getObjectKey().permissionType == DatabaseDBObjectType) {
     return grantAllOnDatabase_unsafe(granteeName, object, catalog);
   }
 
   sys_write_lock write_lock(this);
 
   UserMetadata user_meta;
   bool is_temporary_user{false};
   if (instance().getMetadataForUser(granteeName, user_meta)) {
     if (user_meta.isSuper) {
       // super doesn't have explicit privileges so nothing to do
       return;
     }
     is_temporary_user = user_meta.is_temporary;
   }
   auto* grantee = instance().getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to grant privileges to " + granteeName +
                         " failed because role or user with this name does not exist.");
   }
   grantee->grantPrivileges(object);
 
   /* apply grant privileges statement to sqlite DB */
   std::vector<std::string> objectKey = object.toString();
   object.resetPrivileges();
   grantee->getPrivileges(object, true);
 
   if (!is_temporary_user) {
     sys_sqlite_lock sqlite_lock(this);
     insertOrUpdateObjectPrivileges(
         sqliteConnector_, granteeName, grantee->isUser(), object);
   }
   updateObjectDescriptorMap(granteeName, object, grantee->isUser(), catalog);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch	(	const std::vector< std::string > &	grantees,
		const std::vector< DBObject > &	objects,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2888 of file SysCatalog.cpp.

References execInTransaction(), and grantDBObjectPrivilegesBatch_unsafe().

                                                                                        {
   execInTransaction(
       &SysCatalog::grantDBObjectPrivilegesBatch_unsafe, grantees, objects, catalog);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::grantDBObjectPrivilegesBatch_unsafe	(	const std::vector< std::string > &	grantees,
		const std::vector< DBObject > &	objects,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 1957 of file SysCatalog.cpp.

References grantDBObjectPrivileges_unsafe().

Referenced by grantDBObjectPrivilegesBatch(), and reassignObjectOwners().

                                              {
   for (const auto& grantee : grantees) {
     for (const auto& object : objects) {
       grantDBObjectPrivileges_unsafe(grantee, object, catalog);
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantDefaultPrivilegesToRole_unsafe	(	const std::string &	name,
		bool	issuper
	)

private

void Catalog_Namespace::SysCatalog::grantRole	(	const std::string &	role,
		const std::string &	grantee,
		const bool	is_temporary = `false`
	)

Definition at line 2864 of file SysCatalog.cpp.

References execInTransaction(), and grantRole_unsafe().

Referenced by syncUserWithRemoteProvider().

                                                     {
   execInTransaction(&SysCatalog::grantRole_unsafe, role, grantee, is_temporary);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRole_unsafe	(	const std::string &	roleName,
		const std::string &	granteeName,
		const bool	is_temporary
	)

private

Definition at line 2341 of file SysCatalog.cpp.

References getGrantee(), getRoleGrantee(), and sqliteConnector_.

Referenced by grantRole(), and grantRoleBatch_unsafe().

                                                            {
   auto* rl = getRoleGrantee(roleName);
   if (!rl) {
     throw runtime_error("Request to grant role " + roleName +
                         " failed because role with this name does not exist.");
   }
   auto* grantee = getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to grant role " + roleName + " failed because grantee " +
                         granteeName + " does not exist.");
   }
   sys_write_lock write_lock(this);
   if (!grantee->hasRole(rl, true)) {
     grantee->grantRole(rl);
     if (!is_temporary) {
       sys_sqlite_lock sqlite_lock(this);
       sqliteConnector_->query_with_text_params(
           "INSERT INTO mapd_roles(roleName, userName) VALUES (?, ?)",
           std::vector<std::string>{rl->getName(), grantee->getName()});
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRoleBatch	(	const std::vector< std::string > &	roles,
		const std::vector< std::string > &	grantees
	)

Definition at line 2859 of file SysCatalog.cpp.

References execInTransaction(), and grantRoleBatch_unsafe().

Referenced by Catalog_Namespace::Catalog::createDashboardSystemRoles().

                                                                       {
   execInTransaction(&SysCatalog::grantRoleBatch_unsafe, roles, grantees);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::grantRoleBatch_unsafe	(	const std::vector< std::string > &	roles,
		const std::vector< std::string > &	grantees
	)

private

Definition at line 2326 of file SysCatalog.cpp.

References getMetadataForUser(), grantRole_unsafe(), and Catalog_Namespace::UserMetadata::is_temporary.

Referenced by grantRoleBatch().

                                                                              {
   for (const auto& role : roles) {
     for (const auto& grantee : grantees) {
       bool is_temporary_user{false};
       UserMetadata user;
       if (getMetadataForUser(grantee, user)) {
         is_temporary_user = user.is_temporary;
       }
       grantRole_unsafe(role, grantee, is_temporary_user);
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::hasAnyPrivileges	(	const UserMetadata &	user,
		std::vector< DBObject > &	privObjects
	)

Definition at line 2501 of file SysCatalog.cpp.

References getUserGrantee(), instance(), Catalog_Namespace::UserMetadata::isSuper, Catalog_Namespace::UserMetadata::userLoggable(), and Catalog_Namespace::UserMetadata::userName.

                                                                     {
   sys_read_lock read_lock(this);
   if (user.isSuper) {
     return true;
   }
   auto* user_rl = instance().getUserGrantee(user.userName);
   if (!user_rl) {
     throw runtime_error("Cannot check privileges. User " + user.userLoggable() +
                         " does not exist.");
   }
   for (std::vector<DBObject>::iterator objectIt = privObjects.begin();
        objectIt != privObjects.end();
        ++objectIt) {
     if (!user_rl->hasAnyPrivileges(*objectIt, false)) {
       return false;
     }
   }
   return true;
 }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::hasExecutedMigration ( const std::string & migration_name ) const

Definition at line 3153 of file SysCatalog.cpp.

References hasVersionHistoryTable(), and sqliteConnector_.

Referenced by checkDropRenderGroupColumnsMigration(), checkDuplicateCaseInsensitiveDbNames(), and initializeInformationSchemaDb().

                                                                            {
   if (hasVersionHistoryTable()) {
     sys_sqlite_lock sqlite_lock(this);
     sqliteConnector_->query_with_text_params(
         "SELECT migration_history FROM mapd_version_history WHERE migration_history = ?",
         std::vector<std::string>{migration_name});
     return (sqliteConnector_->getNumRows() > 0);
   }
   return false;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::hasVersionHistoryTable ( ) const

private

Definition at line 3174 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by hasExecutedMigration(), and recordExecutedMigration().

                                               {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query(
       "select name from sqlite_master WHERE type='table' AND "
       "name='mapd_version_history'");
   return (sqliteConnector_->getNumRows() > 0);
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::importDataFromOldMapdDB ( )

private

Definition at line 396 of file SysCatalog.cpp.

References basePath_, report::conn, logger::ERROR, logger::INFO, shared::kCatalogDirectoryName, shared::kSystemCatalogName, LOG, and sqliteConnector_.

                                          {
   sys_sqlite_lock sqlite_lock(this);
   std::string mapd_db_path = basePath_ + "/" + shared::kCatalogDirectoryName + "/mapd";
   sqliteConnector_->query("ATTACH DATABASE `" + mapd_db_path + "` as old_cat");
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     LOG(INFO) << "Moving global metadata into a separate catalog";
     auto moveTableIfExists = [conn = sqliteConnector_.get()](const std::string& tableName,
                                                              bool deleteOld = true) {
       conn->query("SELECT sql FROM old_cat.sqlite_master WHERE type='table' AND name='" +
                   tableName + "'");
       if (conn->getNumRows() != 0) {
         conn->query(conn->getData<string>(0, 0));
         conn->query("INSERT INTO " + tableName + " SELECT * FROM old_cat." + tableName);
         if (deleteOld) {
           conn->query("DROP TABLE old_cat." + tableName);
         }
       }
     };
     moveTableIfExists("mapd_users");
     moveTableIfExists("mapd_databases");
     moveTableIfExists("mapd_roles");
     moveTableIfExists("mapd_object_permissions");
     moveTableIfExists("mapd_privileges");
     moveTableIfExists("mapd_version_history", false);
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     LOG(ERROR) << "Failed to move global metadata into a separate catalog: " << e.what();
     try {
       sqliteConnector_->query("DETACH DATABASE old_cat");
     } catch (const std::exception&) {
       // nothing to do here
     }
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   const std::string sys_catalog_path =
       basePath_ + "/" + shared::kCatalogDirectoryName + "/" + shared::kSystemCatalogName;
   LOG(INFO) << "Global metadata has been successfully moved into a separate catalog: "
             << sys_catalog_path
             << ". Using this database with an older version of heavydb "
                "is now impossible.";
   try {
     sqliteConnector_->query("DETACH DATABASE old_cat");
   } catch (const std::exception&) {
     // nothing to do here
   }
 }

void Catalog_Namespace::SysCatalog::init	(	const std::string &	basePath,
		std::shared_ptr< Data_Namespace::DataMgr >	dataMgr,
		const AuthMetadata &	authMetadata,
		std::shared_ptr< Calcite >	calcite,
		bool	is_new_db,
		bool	aggregator,
		const std::vector< LeafHostInfo > &	string_dict_hosts
	)

Definition at line 191 of file SysCatalog.cpp.

References anonymous_namespace{SysCatalog.cpp}::copy_catalog_if_read_only(), Catalog_Namespace::dsqliteMutex_(), g_multi_instance, shared::kCatalogDirectoryName, shared::kLockfilesDirectoryName, shared::kSystemCatalogName, migrations::MigrationMgr::migrationEnabled(), migrations::MigrationMgr::relaxMigrationLock(), and migrations::MigrationMgr::takeMigrationLock().

                                                                         {
   basePath_ = !g_multi_instance ? copy_catalog_if_read_only(basePath).string() : basePath;
   sqliteConnector_.reset(new SqliteConnector(
       shared::kSystemCatalogName, basePath_ + "/" + shared::kCatalogDirectoryName + "/"));
   dcatalogMutex_ = std::make_unique<heavyai::DistributedSharedMutex>(
       std::filesystem::path(basePath_) / shared::kLockfilesDirectoryName /
           shared::kCatalogDirectoryName / (shared::kSystemCatalogName + ".lockfile"),
       [this](size_t) {
         heavyai::unique_lock<heavyai::DistributedSharedMutex> dsqlite_lock(
             *dsqliteMutex_);
         buildMapsUnlocked();
       });
   dsqliteMutex_ = std::make_unique<heavyai::DistributedSharedMutex>(
       std::filesystem::path(basePath_) / shared::kLockfilesDirectoryName /
       shared::kCatalogDirectoryName / (shared::kSystemCatalogName + ".sqlite.lockfile"));
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   dataMgr_ = dataMgr;
   authMetadata_ = &authMetadata;
   pki_server_.reset(new PkiServer(*authMetadata_));
   calciteMgr_ = calcite;
   string_dict_hosts_ = string_dict_hosts;
   aggregator_ = aggregator;
   migrations::MigrationMgr::takeMigrationLock(basePath_);
   if (is_new_db) {
     initDB();
   } else {
     bool db_exists =
         boost::filesystem::exists(basePath_ + "/" + shared::kCatalogDirectoryName + "/" +
                                   shared::kSystemCatalogName);
     if (!db_exists) {
       importDataFromOldMapdDB();
     }
     if (migrations::MigrationMgr::migrationEnabled()) {
       checkAndExecuteMigrations();
       migrations::MigrationMgr::relaxMigrationLock();
     }
   }
   buildMaps(is_new_db);
   is_initialized_ = true;
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::initDB ( )

private

Definition at line 315 of file SysCatalog.cpp.

References createDatabase(), createRole_unsafe(), g_read_only, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), shared::kDefaultDbName, shared::kDefaultRootPasswd, shared::kRootUserId, shared::kRootUserIdStr, shared::kRootUsername, and sqliteConnector_.

                         {
   if (g_read_only) {
     throw std::runtime_error("can't init a new database in read-only mode");
   }
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "CREATE TABLE mapd_users (userid integer primary key, name text unique, "
         "passwd_hash text, issuper boolean, default_db integer references "
         "mapd_databases, can_login boolean)");
     sqliteConnector_->query_with_text_params(
         "INSERT INTO mapd_users VALUES (?, ?, ?, 1, NULL, 1)",
         std::vector<std::string>{shared::kRootUserIdStr,
                                  shared::kRootUsername,
                                  hash_with_bcrypt(shared::kDefaultRootPasswd)});
     sqliteConnector_->query(
         "CREATE TABLE mapd_databases (dbid integer primary key, name text unique, owner "
         "integer references mapd_users)");
     sqliteConnector_->query(
         "CREATE TABLE mapd_roles(roleName text, userName text, UNIQUE(roleName, "
         "userName))");
     sqliteConnector_->query(
         "CREATE TABLE mapd_object_permissions ("
         "roleName text, "
         "roleType bool, "
         "dbId integer references mapd_databases, "
         "objectName text, "
         "objectId integer, "
         "objectPermissionsType integer, "
         "objectPermissions integer, "
         "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
         "objectId))");
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   createDatabase(shared::kDefaultDbName, shared::kRootUserId);
   createRole_unsafe(
       shared::kRootUsername, /*userPrivateRole=*/true, /*is_temporary=*/false);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::initializeInformationSchemaDb ( )

private

Definition at line 3132 of file SysCatalog.cpp.

References createDatabase(), dropDatabase(), g_enable_system_tables, getMetadataForDB(), hasExecutedMigration(), shared::kInfoSchemaDbName, shared::kInfoSchemaMigrationName, shared::kRootUserId, LOG, recordExecutedMigration(), and logger::WARNING.

                                                {
   if (g_enable_system_tables && !hasExecutedMigration(shared::kInfoSchemaMigrationName)) {
     sys_write_lock write_lock(this);
     DBMetadata db_metadata;
     if (getMetadataForDB(shared::kInfoSchemaDbName, db_metadata)) {
       LOG(WARNING) << "A database with name \"" << shared::kInfoSchemaDbName
                    << "\" already exists. System table creation will be skipped. Rename "
                       "this database in order to use system tables.";
     } else {
       createDatabase(shared::kInfoSchemaDbName, shared::kRootUserId);
       try {
         recordExecutedMigration(shared::kInfoSchemaMigrationName);
       } catch (...) {
         getMetadataForDB(shared::kInfoSchemaDbName, db_metadata);
         dropDatabase(db_metadata);
         throw;
       }
     }
   }
 }

Here is the call graph for this function:

static SysCatalog& Catalog_Namespace::SysCatalog::instance ( )

inlinestatic

Definition at line 343 of file SysCatalog.h.

References instance_, instance_mutex_, and SysCatalog().

                                 {
     std::unique_lock lk(instance_mutex_);
     if (!instance_) {
       instance_.reset(new SysCatalog());
     }
     return *instance_;
   }

Here is the call graph for this function:

bool Catalog_Namespace::SysCatalog::isAggregator ( ) const

inline

Definition at line 342 of file SysCatalog.h.

References aggregator_.

Referenced by Parser::create_stmt_for_query(), ShowCreateTableCommand::execute(), Parser::LocalQueryConnector::getOuterFragmentCount(), and DBHandler::processCalciteRequest().

342 { return aggregator_; }

Catalog_Namespace::SysCatalog::aggregator_

bool aggregator_

Definition: SysCatalog.h:516

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::isDashboardSystemRole ( const std::string & roleName ) const

private

Definition at line 2618 of file SysCatalog.cpp.

References SYSTEM_ROLE_TAG().

Referenced by getCreatedRoles(), getMetadataForAllObjects(), and getRoles().

                                                                       {
   return boost::algorithm::ends_with(roleName, SYSTEM_ROLE_TAG);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::isInitialized ( ) const

Definition at line 239 of file SysCatalog.cpp.

                                      {
   return is_initialized_;
 };

bool Catalog_Namespace::SysCatalog::isRoleGrantedToGrantee	(	const std::string &	granteeName,
		const std::string &	roleName,
		bool	only_direct
	)		const

Definition at line 2596 of file SysCatalog.cpp.

References CHECK, getRoleGrantee(), getUserGrantee(), Grantee::hasRole(), and instance().

Referenced by getRoles().

                                                                 {
   sys_read_lock read_lock(this);
   if (roleName == granteeName) {
     return true;
   }
   bool is_role_granted = false;
   auto* target_role = instance().getRoleGrantee(roleName);
   auto has_role = [&](auto grantee_rl) {
     is_role_granted = target_role && grantee_rl->hasRole(target_role, only_direct);
   };
   if (auto* user_role = instance().getUserGrantee(granteeName); user_role) {
     has_role(user_role);
   } else if (auto* role = instance().getRoleGrantee(granteeName); role) {
     has_role(role);
   } else {
     CHECK(false);
   }
   return is_role_granted;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::login	(	std::string &	db,
		std::string &	username,
		const std::string &	password,
		UserMetadata &	user_meta,
		bool	check_password = `true`
	)

logins (connects) a user against a database.

throws a std::exception in all error cases! (including wrong password)

Definition at line 923 of file SysCatalog.cpp.

References Catalog_Namespace::UserMetadata::can_login, getCatalog(), getMetadataForUser(), getMetadataWithDefaultDB(), and loginImpl().

                                                                 {
   // NOTE(sy): The dbname isn't const because getMetadataWithDefaultDB()
   // can reset it. The username isn't const because SamlServer's
   // login()/authenticate_user() can reset it.
 
   if (check_password) {
     loginImpl(username, password, user_meta);
   } else {  // not checking for password so user must exist
     if (!getMetadataForUser(username, user_meta)) {
       throw std::runtime_error("Invalid credentials.");
     }
   }
   // we should have a user and user_meta by now
   if (!user_meta.can_login) {
     throw std::runtime_error("Unauthorized Access: User " + username + " is deactivated");
   }
   Catalog_Namespace::DBMetadata db_meta;
   getMetadataWithDefaultDB(dbname, username, db_meta, user_meta);
   return getCatalog(db_meta, false);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::loginImpl	(	std::string &	username,
		const std::string &	password,
		UserMetadata &	user_meta
	)

private

Definition at line 949 of file SysCatalog.cpp.

References checkPasswordForUser().

Referenced by login().

                                                     {
   if (!checkPasswordForUser(password, username, user_meta)) {
     throw std::runtime_error("Authentication failure");
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migrateDBAccessPrivileges ( )

private

Definition at line 805 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, CHECK, DatabaseDBObjectType, DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::DBMetadata::dbName, Catalog_Namespace::DBMetadata::dbOwner, logger::ERROR, getMetadataForDB(), logger::INFO, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kRootUserId, LOG, MAPD_VERSION, DBObjectKey::permissionType, DBObject::setName(), DBObject::setObjectType(), sqliteConnector_, to_string(), DBObject::updatePrivileges(), and AccessPrivileges::VIEW_SQL_EDITOR.

Referenced by checkAndExecuteMigrations().

                                            {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "select name from sqlite_master WHERE type='table' AND "
         "name='mapd_version_history'");
     if (sqliteConnector_->getNumRows() == 0) {
       sqliteConnector_->query(
           "CREATE TABLE mapd_version_history(version integer, migration_history text "
           "unique)");
     } else {
       sqliteConnector_->query(
           "select * from mapd_version_history where migration_history = "
           "'db_access_privileges'");
       if (sqliteConnector_->getNumRows() != 0) {
         // both privileges migrated
         // no need for further execution
         sqliteConnector_->query("END TRANSACTION");
         return;
       }
     }
     // Insert check for migration
     sqliteConnector_->query_with_text_params(
         "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
         std::vector<std::string>{std::to_string(MAPD_VERSION), "db_access_privileges"});
 
     sqliteConnector_->query("select dbid, name from mapd_databases");
     std::unordered_map<int, string> databases;
     for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
       databases[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
     }
 
     sqliteConnector_->query("select userid, name from mapd_users");
     std::unordered_map<int, string> users;
     for (size_t i = 0; i < sqliteConnector_->getNumRows(); ++i) {
       users[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
     }
 
     // All existing users by default will be granted DB Access permissions
     // and view sql editor privileges
     DBMetadata dbmeta;
     for (auto db_ : databases) {
       CHECK(getMetadataForDB(db_.second, dbmeta));
       for (auto user : users) {
         if (user.first != shared::kRootUserId) {
           {
             DBObjectKey key;
             key.permissionType = DBObjectType::DatabaseDBObjectType;
             key.dbId = dbmeta.dbId;
 
             // access permission;
             DBObject object_access(key, AccessPrivileges::ACCESS, dbmeta.dbOwner);
             object_access.setObjectType(DBObjectType::DatabaseDBObjectType);
             object_access.setName(dbmeta.dbName);
             // sql_editor permission
             DBObject object_editor(
                 key, AccessPrivileges::VIEW_SQL_EDITOR, dbmeta.dbOwner);
             object_editor.setObjectType(DBObjectType::DatabaseDBObjectType);
             object_editor.setName(dbmeta.dbName);
             object_editor.updatePrivileges(object_access);
             insertOrUpdateObjectPrivileges(
                 sqliteConnector_, user.second, true, object_editor);
           }
         }
       }
     }
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     LOG(ERROR) << "Failed to migrate db access privileges: " << e.what();
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   LOG(INFO) << "Successfully migrated db access privileges";
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migratePrivileged_old ( )

private

Definition at line 883 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                        {
   sys_sqlite_lock sqlite_lock(this);
 
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "CREATE TABLE IF NOT EXISTS mapd_privileges (userid integer references "
         "mapd_users, dbid integer references "
         "mapd_databases, select_priv boolean, insert_priv boolean, UNIQUE(userid, "
         "dbid))");
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::migratePrivileges ( )

private

Definition at line 547 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD_MIGRATE, AccessPrivileges::ALL_TABLE_MIGRATE, AccessPrivileges::ALL_VIEW_MIGRATE, DashboardDBObjectType, DatabaseDBObjectType, Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), shared::kRootUserId, AccessPrivileges::NONE, sqliteConnector_, TableDBObjectType, run_benchmark_import::type, and ViewDBObjectType.

Referenced by checkAndExecuteMigrations().

                                    {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "SELECT name FROM sqlite_master WHERE type='table' AND "
         "name='mapd_object_permissions'");
     if (sqliteConnector_->getNumRows() != 0) {
       // already done
       sqliteConnector_->query("END TRANSACTION");
       return;
     }
 
     sqliteConnector_->query(
         "CREATE TABLE IF NOT EXISTS mapd_object_permissions ("
         "roleName text, "
         "roleType bool, "
         "dbId integer references mapd_databases, "
         "objectName text, "
         "objectId integer, "
         "objectPermissionsType integer, "
         "objectPermissions integer, "
         "objectOwnerId integer, UNIQUE(roleName, objectPermissionsType, dbId, "
         "objectId))");
 
     // get the list of databases and their grantees
     sqliteConnector_->query(
         "SELECT userid, dbid FROM mapd_privileges WHERE select_priv = 1 and insert_priv "
         "= 1");
     size_t numRows = sqliteConnector_->getNumRows();
     vector<pair<int, int>> db_grantees(numRows);
     for (size_t i = 0; i < numRows; ++i) {
       db_grantees[i].first = sqliteConnector_->getData<int>(i, 0);
       db_grantees[i].second = sqliteConnector_->getData<int>(i, 1);
     }
     // map user names to user ids
     sqliteConnector_->query("select userid, name from mapd_users");
     numRows = sqliteConnector_->getNumRows();
     std::unordered_map<int, string> users_by_id;
     std::unordered_map<int, bool> user_has_privs;
     for (size_t i = 0; i < numRows; ++i) {
       users_by_id[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
       user_has_privs[sqliteConnector_->getData<int>(i, 0)] = false;
     }
     // map db names to db ids
     sqliteConnector_->query("select dbid, name from mapd_databases");
     numRows = sqliteConnector_->getNumRows();
     std::unordered_map<int, string> dbs_by_id;
     for (size_t i = 0; i < numRows; ++i) {
       dbs_by_id[sqliteConnector_->getData<int>(i, 0)] =
           sqliteConnector_->getData<string>(i, 1);
     }
     // migrate old privileges to new privileges: if user had insert access to database, he
     // was a grantee
     for (const auto& grantee : db_grantees) {
       user_has_privs[grantee.first] = true;
       auto dbName = dbs_by_id[grantee.second];
       {
         // table level permissions
         auto type = DBObjectType::TableDBObjectType;
         DBObjectKey key{type, grantee.second};
         DBObject object(
             dbName, type, key, AccessPrivileges::ALL_TABLE_MIGRATE, shared::kRootUserId);
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, users_by_id[grantee.first], true, object);
       }
 
       {
         // dashboard level permissions
         auto type = DBObjectType::DashboardDBObjectType;
         DBObjectKey key{type, grantee.second};
         DBObject object(dbName,
                         type,
                         key,
                         AccessPrivileges::ALL_DASHBOARD_MIGRATE,
                         shared::kRootUserId);
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, users_by_id[grantee.first], true, object);
       }
 
       {
         // view level permissions
         auto type = DBObjectType::ViewDBObjectType;
         DBObjectKey key{type, grantee.second};
         DBObject object(
             dbName, type, key, AccessPrivileges::ALL_VIEW_MIGRATE, shared::kRootUserId);
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, users_by_id[grantee.first], true, object);
       }
     }
     for (auto user : user_has_privs) {
       auto dbName = dbs_by_id[0];
       if (user.second == false && user.first != shared::kRootUserId) {
         {
           auto type = DBObjectType::DatabaseDBObjectType;
           DBObjectKey key{type, 0};
           DBObject object(dbName, type, key, AccessPrivileges::NONE, shared::kRootUserId);
           insertOrUpdateObjectPrivileges(
               sqliteConnector_, users_by_id[user.first], true, object);
         }
       }
     }
   } catch (const std::exception&) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::string Catalog_Namespace::SysCatalog::name ( ) const

inline

Definition at line 358 of file SysCatalog.h.

References shared::kSystemCatalogName.

Referenced by alterUser(), buildRoleMapUnlocked(), createUser(), and Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users().

358 { return shared::kSystemCatalogName; }

shared::kSystemCatalogName

const std::string kSystemCatalogName

Definition: SysDefinitions.h:26

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::populateRoleDbObjects ( const std::vector< DBObject > & objects )

Definition at line 2742 of file SysCatalog.cpp.

References CHECK, getMetadataForUserById(), getUserGrantee(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), sqliteConnector_, and Catalog_Namespace::UserMetadata::userName.

Referenced by Catalog_Namespace::Catalog::recordOwnershipOfObjectsInObjectPermissions().

                                                                          {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     for (auto dbobject : objects) {
       UserMetadata user;
       CHECK(getMetadataForUserById(dbobject.getOwner(), user));
       auto* grantee = getUserGrantee(user.userName);
       if (grantee) {
         insertOrUpdateObjectPrivileges(
             sqliteConnector_, grantee->getName(), true, dbobject);
         grantee->grantPrivileges(dbobject);
       }
     }
 
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::reassignObjectOwners	(	const std::map< int32_t, std::vector< DBObject >> &	old_owner_db_objects,
		int32_t	new_owner_id,
		const Catalog_Namespace::Catalog &	catalog
	)

Reassigns database object ownership from a set of users (old owners) to another user (new owner).

Parameters

old_owner_db_objects	- map of user ids and database objects whose ownership will be reassigned
new_owner_id	- id of user who will own reassigned database objects
catalog	- catalog for database where ownership reassignment occurred

Definition at line 3077 of file SysCatalog.cpp.

References CHECK, shared::contains(), Catalog_Namespace::Catalog::getDatabaseId(), getMetadataForUserById(), grantDBObjectPrivilegesBatch_unsafe(), granteeMap_, Catalog_Namespace::UserMetadata::isSuper, objectDescriptorMap_, rebuildObjectMapsUnlocked(), revokeDBObjectPrivilegesBatch_unsafe(), sqliteConnector_, to_string(), and Catalog_Namespace::UserMetadata::userName.

                                              {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     UserMetadata new_owner;
     CHECK(getMetadataForUserById(new_owner_id, new_owner));
     for (const auto& [old_owner_id, db_objects] : old_owner_db_objects) {
       UserMetadata old_owner;
       CHECK(getMetadataForUserById(old_owner_id, old_owner));
       if (!old_owner.isSuper) {
         revokeDBObjectPrivilegesBatch_unsafe({old_owner.userName}, db_objects, catalog);
       }
       if (!new_owner.isSuper) {
         grantDBObjectPrivilegesBatch_unsafe({new_owner.userName}, db_objects, catalog);
       }
     }
 
     std::set<int32_t> old_owner_ids;
     for (const auto& [old_owner_id, db_objects] : old_owner_db_objects) {
       old_owner_ids.emplace(old_owner_id);
     }
 
     auto db_id = catalog.getDatabaseId();
     for (const auto old_user_id : old_owner_ids) {
       sqliteConnector_->query_with_text_params(
           "UPDATE mapd_object_permissions SET objectOwnerId = ? WHERE objectOwnerId = ? "
           "AND dbId = ? AND objectId != -1",
           std::vector<std::string>{std::to_string(new_owner_id),
                                    std::to_string(old_user_id),
                                    std::to_string(db_id)});
     }
 
     for (const auto& [user_or_role, grantee] : granteeMap_) {
       grantee->reassignObjectOwners(old_owner_ids, new_owner_id, db_id);
     }
 
     for (const auto& [object_key, object_descriptor] : objectDescriptorMap_) {
       if (object_descriptor->objectId != -1 && object_descriptor->dbId == db_id &&
           shared::contains(old_owner_ids, object_descriptor->objectOwnerId)) {
         object_descriptor->objectOwnerId = new_owner_id;
       }
     }
   } catch (std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     rebuildObjectMapsUnlocked();
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::rebuildObjectMapsUnlocked ( )

private

Definition at line 3189 of file SysCatalog.cpp.

References buildObjectDescriptorMapUnlocked(), buildRoleMapUnlocked(), granteeMap_, and objectDescriptorMap_.

Referenced by reassignObjectOwners(), and runUpdateQueriesAndChangeOwnership().

                                            {
   // Rebuild updated maps from storage
   granteeMap_.clear();
   buildRoleMapUnlocked();
   objectDescriptorMap_.clear();
   buildObjectDescriptorMapUnlocked();
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::recordExecutedMigration ( const std::string & migration_name ) const

private

Definition at line 3164 of file SysCatalog.cpp.

References createVersionHistoryTable(), hasVersionHistoryTable(), MAPD_VERSION, sqliteConnector_, and to_string().

Referenced by checkDropRenderGroupColumnsMigration(), checkDuplicateCaseInsensitiveDbNames(), and initializeInformationSchemaDb().

                                                                               {
   if (!hasVersionHistoryTable()) {
     createVersionHistoryTable();
   }
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query_with_text_params(
       "INSERT INTO mapd_version_history(version, migration_history) values(?, ?)",
       std::vector<std::string>{std::to_string(MAPD_VERSION), migration_name});
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::removeCatalog ( const std::string & dbName )

Definition at line 3073 of file SysCatalog.cpp.

References cat_map_, and to_upper().

Referenced by createDatabase(), dropDatabase(), and renameDatabase().

                                                       {
   cat_map_.erase(to_upper(dbName));
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameDatabase	(	std::string const &	old_name,
		std::string const &	new_name
	)

Definition at line 1430 of file SysCatalog.cpp.

References DatabaseDBObjectType, Catalog_Namespace::CommonFileOperations::duplicateAndRenameCatalog(), getMetadataForDB(), shared::kSystemCatalogName, removeCatalog(), Catalog_Namespace::CommonFileOperations::removeCatalogByFullPath(), sqliteConnector_, to_string(), to_upper(), and yieldTransactionStreamer().

Referenced by AlterDatabaseCommand::rename().

                                                            {
   using namespace std::string_literals;
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   DBMetadata new_db;
   if (getMetadataForDB(new_name, new_db)) {
     throw std::runtime_error("Database " + new_name + " already exists.");
   }
   if (to_upper(new_name) == to_upper(shared::kSystemCatalogName)) {
     throw std::runtime_error("Database name " + new_name + "is reserved.");
   }
 
   DBMetadata old_db;
   if (!getMetadataForDB(old_name, old_db)) {
     throw std::runtime_error("Database " + old_name + " does not exists.");
   }
 
   removeCatalog(old_db.dbName);
 
   std::string old_catalog_path, new_catalog_path;
   std::tie(old_catalog_path, new_catalog_path) =
       duplicateAndRenameCatalog(old_db.dbName, new_name);
 
   auto transaction_streamer = yieldTransactionStreamer();
   auto failure_handler = [this, new_catalog_path] {
     removeCatalogByFullPath(new_catalog_path);
   };
   auto success_handler = [this, old_catalog_path] {
     removeCatalogByFullPath(old_catalog_path);
   };
 
   auto q1 = {
       "UPDATE mapd_databases SET name=?1 WHERE name=?2;"s, new_name, old_db.dbName};
   auto q2 = {
       "UPDATE mapd_object_permissions SET objectName=?1 WHERE objectNAME=?2 and (objectPermissionsType=?3 or objectId = -1) and dbId=?4;"s,
       new_name,
       old_db.dbName,
       std::to_string(static_cast<int>(DBObjectType::DatabaseDBObjectType)),
       std::to_string(old_db.dbId)};
 
   transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameDBObject	(	const std::string &	objectName,
		const std::string &	newName,
		DBObjectType	type,
		int32_t	objectId,
		const Catalog_Namespace::Catalog &	catalog
	)

Renames an DBObject

Parameters

objectName	- original DBObject name
newName	- new name of DBObject
type	- type of DBObject
objectId	- original DBObject ID
catalog	- Catalog instance object exists in

Definition at line 1934 of file SysCatalog.cpp.

References DBObjectKey::dbId, Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), getGrantee(), getMetadataForObject(), DBObjectKey::objectId, DBObjectKey::permissionType, Grantee::renameDbObject(), renameObjectsInDescriptorMap(), DBObject::setObjectKey(), and run_benchmark_import::type.

                                                                          {
   sys_write_lock write_lock(this);
   DBObject new_object(newName, type);
   DBObjectKey key;
   key.dbId = catalog.getCurrentDB().dbId;
   key.objectId = objectId;
   key.permissionType = type;
   new_object.setObjectKey(key);
   auto objdescs =
       getMetadataForObject(key.dbId, static_cast<int32_t>(type), key.objectId);
   for (auto obj : objdescs) {
     Grantee* grnt = getGrantee(obj->roleName);
     if (grnt) {
       grnt->renameDbObject(new_object);
     }
   }
   renameObjectsInDescriptorMap(new_object, catalog);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::renameObjectsInDescriptorMap	(	DBObject &	object,
		const Catalog_Namespace::Catalog &	cat
	)

Definition at line 2441 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), objectDescriptorMap_, sqliteConnector_, and to_string().

Referenced by renameDBObject().

                                                                                    {
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
   auto range = objectDescriptorMap_.equal_range(
       std::to_string(cat.getCurrentDB().dbId) + ":" +
       std::to_string(object.getObjectKey().permissionType) + ":" +
       std::to_string(object.getObjectKey().objectId));
   for (auto d = range.first; d != range.second; ++d) {
     // rename object
     d->second->objectName = object.getName();
   }
 
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query_with_text_params(
         "UPDATE mapd_object_permissions SET objectName = ?1 WHERE "
         "dbId = ?2 AND objectId = ?3",
         std::vector<std::string>{object.getName(),
                                  std::to_string(cat.getCurrentDB().dbId),
                                  std::to_string(object.getObjectKey().objectId)});
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::renameUser	(	std::string const &	old_name,
		std::string const &	new_name
	)

Definition at line 1350 of file SysCatalog.cpp.

References CHECK, Catalog_Namespace::g_log_user_id, getGrantee(), getMetadataForUser(), sqliteConnector_, temporary_users_by_name_, updateUserRoleName(), and yieldTransactionStreamer().

                                                                                 {
   using namespace std::string_literals;
   sys_write_lock write_lock(this);
   sys_sqlite_lock sqlite_lock(this);
 
   UserMetadata old_user;
   if (!getMetadataForUser(old_name, old_user)) {
     std::string const loggable = g_log_user_id ? std::string("") : old_name + ' ';
     throw std::runtime_error("User " + loggable + "doesn't exist.");
   }
 
   UserMetadata new_user;
   if (getMetadataForUser(new_name, new_user)) {
     throw std::runtime_error("User " + new_user.userLoggable() + " already exists.");
   }
 
   if (getGrantee(new_name)) {
     std::string const loggable = g_log_user_id ? std::string("") : new_name + ' ';
     throw runtime_error(
         "Username " + loggable +
         "is same as one of existing grantees. User and role names should be unique.");
   }
 
   // Temporary user.
   if (old_user.is_temporary) {
     auto userit = temporary_users_by_name_.find(old_name);
     CHECK(userit != temporary_users_by_name_.end());
     auto node = temporary_users_by_name_.extract(userit);
     node.key() = new_name;
     temporary_users_by_name_.insert(std::move(node));
     userit->second->userName = new_name;
     updateUserRoleName(old_name, new_name);
     return;
   }
 
   // Normal user.
   auto transaction_streamer = yieldTransactionStreamer();
   auto failure_handler = [] {};
   auto success_handler = [this, &old_name, &new_name] {
     updateUserRoleName(old_name, new_name);
   };
   auto q1 = {"UPDATE mapd_users SET name=?1 where name=?2;"s, new_name, old_name};
   auto q2 = {"UPDATE mapd_object_permissions set roleName=?1 WHERE roleName=?2;"s,
              new_name,
              old_name};
   auto q3 = {"UPDATE mapd_roles set userName=?1 WHERE userName=?2;"s, new_name, old_name};
   transaction_streamer(sqliteConnector_, success_handler, failure_handler, q1, q2, q3);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeAllOnDatabase_unsafe	(	const std::string &	roleName,
		int32_t	dbId,
		Grantee *	grantee
	)

private

Definition at line 2107 of file SysCatalog.cpp.

References objectDescriptorMap_, Grantee::revokeAllOnDatabase(), sqliteConnector_, temporary_users_by_name_, and to_string().

Referenced by dropDatabase(), and revokeDBObjectPrivileges_unsafe().

                                                               {
   bool is_temporary =
       (temporary_users_by_name_.find(roleName) != temporary_users_by_name_.end());
   if (!is_temporary) {
     sys_sqlite_lock sqlite_lock(this);
     sqliteConnector_->query_with_text_params(
         "DELETE FROM mapd_object_permissions WHERE roleName = ?1 and dbId = ?2",
         std::vector<std::string>{roleName, std::to_string(dbId)});
   }
   grantee->revokeAllOnDatabase(dbId);
   for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end();) {
     if (d->second->roleName == roleName && d->second->dbId == dbId) {
       d = objectDescriptorMap_.erase(d);
     } else {
       d++;
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivileges	(	const std::string &	grantee,
		const DBObject &	object,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2895 of file SysCatalog.cpp.

References execInTransaction(), and revokeDBObjectPrivileges_unsafe().

                                                                                    {
   execInTransaction(
       &SysCatalog::revokeDBObjectPrivileges_unsafe, grantee, object, catalog);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivileges_unsafe	(	const std::string &	granteeName,
		DBObject	object,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 2063 of file SysCatalog.cpp.

References DatabasePrivileges::ALL, DatabaseDBObjectType, deleteObjectDescriptorMap(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::deleteObjectPrivileges(), getGrantee(), getMetadataForUser(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::insertOrUpdateObjectPrivileges(), instance(), Catalog_Namespace::UserMetadata::is_temporary, Catalog_Namespace::UserMetadata::isSuper, revokeAllOnDatabase_unsafe(), sqliteConnector_, and updateObjectDescriptorMap().

Referenced by revokeDBObjectPrivileges(), revokeDBObjectPrivilegesBatch_unsafe(), revokeDBObjectPrivilegesFromAll_unsafe(), and runUpdateQueriesAndChangeOwnership().

                                              {
   sys_write_lock write_lock(this);
 
   UserMetadata user_meta;
   bool is_temporary_user{false};
   if (instance().getMetadataForUser(granteeName, user_meta)) {
     if (user_meta.isSuper) {
       // super doesn't have explicit privileges so nothing to do
       return;
     }
     is_temporary_user = user_meta.is_temporary;
   }
   auto* grantee = getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to revoke privileges from " + granteeName +
                         " failed because role or user with this name does not exist.");
   }
   object.loadKey(catalog);
 
   if (object.getPrivileges().hasPermission(DatabasePrivileges::ALL) &&
       object.getObjectKey().permissionType == DatabaseDBObjectType) {
     return revokeAllOnDatabase_unsafe(granteeName, object.getObjectKey().dbId, grantee);
   }
 
   auto ret_object = grantee->revokePrivileges(object);
   if (ret_object) {
     if (!is_temporary_user) {
       sys_sqlite_lock sqlite_lock(this);
       insertOrUpdateObjectPrivileges(
           sqliteConnector_, granteeName, grantee->isUser(), *ret_object);
     }
     updateObjectDescriptorMap(granteeName, *ret_object, grantee->isUser(), catalog);
   } else {
     if (!is_temporary_user) {
       sys_sqlite_lock sqlite_lock(this);
       deleteObjectPrivileges(sqliteConnector_, granteeName, grantee->isUser(), object);
     }
     deleteObjectDescriptorMap(granteeName, object, catalog);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesBatch	(	const std::vector< std::string > &	grantees,
		const std::vector< DBObject > &	objects,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2902 of file SysCatalog.cpp.

References execInTransaction(), and revokeDBObjectPrivilegesBatch_unsafe().

                                              {
   execInTransaction(
       &SysCatalog::revokeDBObjectPrivilegesBatch_unsafe, grantees, objects, catalog);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesBatch_unsafe	(	const std::vector< std::string > &	grantees,
		const std::vector< DBObject > &	objects,
		const Catalog_Namespace::Catalog &	catalog
	)

private

Definition at line 2043 of file SysCatalog.cpp.

References revokeDBObjectPrivileges_unsafe().

Referenced by reassignObjectOwners(), and revokeDBObjectPrivilegesBatch().

                                              {
   for (const auto& grantee : grantees) {
     for (const auto& object : objects) {
       revokeDBObjectPrivileges_unsafe(grantee, object, catalog);
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAll	(	DBObject	object,
		Catalog *	catalog
	)

Definition at line 2910 of file SysCatalog.cpp.

References execInTransaction(), and revokeDBObjectPrivilegesFromAll_unsafe().

Referenced by DropForeignServerCommand::execute().

                                                                                   {
   execInTransaction(&SysCatalog::revokeDBObjectPrivilegesFromAll_unsafe, object, catalog);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAll_unsafe	(	DBObject	object,
		Catalog *	catalog
	)

Definition at line 2128 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_TABLE, DashboardDBObjectType, DBObject::getObjectKey(), granteeMap_, DBObject::loadKey(), DBObjectKey::permissionType, revokeDBObjectPrivileges_unsafe(), DBObject::setPrivileges(), and TableDBObjectType.

Referenced by dropDatabase(), revokeDBObjectPrivilegesFromAll(), and revokeDBObjectPrivilegesFromAllBatch_unsafe().

                                                                           {
   sys_write_lock write_lock(this);
   dbObject.loadKey(*catalog);
   auto privs = (dbObject.getObjectKey().permissionType == TableDBObjectType)
                    ? AccessPrivileges::ALL_TABLE
                : (dbObject.getObjectKey().permissionType == DashboardDBObjectType)
                    ? AccessPrivileges::ALL_DASHBOARD
                    : AccessPrivileges::ALL_TABLE;
   dbObject.setPrivileges(privs);
   for (const auto& grantee : granteeMap_) {
     if (grantee.second->findDbObject(dbObject.getObjectKey(), true)) {
       revokeDBObjectPrivileges_unsafe(grantee.second->getName(), dbObject, *catalog);
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAllBatch	(	std::vector< DBObject > &	objects,
		Catalog *	catalog
	)

Definition at line 2914 of file SysCatalog.cpp.

References execInTransaction(), and revokeDBObjectPrivilegesFromAllBatch_unsafe().

                                                                         {
   execInTransaction(
       &SysCatalog::revokeDBObjectPrivilegesFromAllBatch_unsafe, objects, catalog);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeDBObjectPrivilegesFromAllBatch_unsafe	(	std::vector< DBObject > &	objects,
		Catalog *	catalog
	)

Definition at line 2054 of file SysCatalog.cpp.

References revokeDBObjectPrivilegesFromAll_unsafe().

Referenced by revokeDBObjectPrivilegesFromAllBatch().

                                        {
   for (const auto& object : objects) {
     revokeDBObjectPrivilegesFromAll_unsafe(object, catalog);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeRole	(	const std::string &	role,
		const std::string &	grantee,
		const bool	is_temporary = `false`
	)

Definition at line 2875 of file SysCatalog.cpp.

References execInTransaction(), and revokeRole_unsafe().

Referenced by syncUserWithRemoteProvider().

                                                      {
   execInTransaction(&SysCatalog::revokeRole_unsafe, role, grantee, is_temporary);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeRole_unsafe	(	const std::string &	roleName,
		const std::string &	granteeName,
		const bool	is_temporary
	)

private

Definition at line 2381 of file SysCatalog.cpp.

References getGrantee(), getRoleGrantee(), and sqliteConnector_.

Referenced by revokeRole(), and revokeRoleBatch_unsafe().

                                                             {
   auto* rl = getRoleGrantee(roleName);
   if (!rl) {
     throw runtime_error("Request to revoke role " + roleName +
                         " failed because role with this name does not exist.");
   }
   auto* grantee = getGrantee(granteeName);
   if (!grantee) {
     throw runtime_error("Request to revoke role from " + granteeName +
                         " failed because grantee with this name does not exist.");
   }
   sys_write_lock write_lock(this);
   grantee->revokeRole(rl);
   if (!is_temporary) {
     sys_sqlite_lock sqlite_lock(this);
     sqliteConnector_->query_with_text_params(
         "DELETE FROM mapd_roles WHERE roleName = ? AND userName = ?",
         std::vector<std::string>{rl->getName(), grantee->getName()});
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::revokeRoleBatch	(	const std::vector< std::string > &	roles,
		const std::vector< std::string > &	grantees
	)

Definition at line 2870 of file SysCatalog.cpp.

References execInTransaction(), and revokeRoleBatch_unsafe().

                                                                        {
   execInTransaction(&SysCatalog::revokeRoleBatch_unsafe, roles, grantees);
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::revokeRoleBatch_unsafe	(	const std::vector< std::string > &	roles,
		const std::vector< std::string > &	grantees
	)

private

Definition at line 2366 of file SysCatalog.cpp.

References getMetadataForUser(), Catalog_Namespace::UserMetadata::is_temporary, and revokeRole_unsafe().

Referenced by revokeRoleBatch().

                                                                               {
   for (const auto& role : roles) {
     for (const auto& grantee : grantees) {
       bool is_temporary_user{false};
       UserMetadata user;
       if (getMetadataForUser(grantee, user)) {
         is_temporary_user = user.is_temporary;
       }
       revokeRole_unsafe(role, grantee, is_temporary_user);
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::runUpdateQueriesAndChangeOwnership	(	const UserMetadata &	new_owner,
		const UserMetadata &	previous_owner,
		DBObject	object,
		const Catalog_Namespace::Catalog &	catalog,
		const UpdateQueries &	update_queries,
		bool	revoke_privileges = `true`
	)

private

Definition at line 2161 of file SysCatalog.cpp.

References AccessPrivileges::ALL_DASHBOARD, AccessPrivileges::ALL_DATABASE, AccessPrivileges::ALL_SERVER, AccessPrivileges::ALL_TABLE, AccessPrivileges::ALL_VIEW, DashboardDBObjectType, DatabaseDBObjectType, grantDBObjectPrivileges_unsafe(), granteeMap_, Catalog_Namespace::UserMetadata::is_temporary, Catalog_Namespace::UserMetadata::isSuper, objectDescriptorMap_, rebuildObjectMapsUnlocked(), revokeDBObjectPrivileges_unsafe(), ServerDBObjectType, sqliteConnector_, TableDBObjectType, to_string(), UNREACHABLE, Catalog_Namespace::UserMetadata::userId, Catalog_Namespace::UserMetadata::userName, and ViewDBObjectType.

Referenced by changeDatabaseOwner(), and changeDBObjectOwnership().

                             {
   sys_write_lock write_lock(this);
   if (new_owner.is_temporary || previous_owner.is_temporary) {
     throw std::runtime_error("ownership change not allowed for temporary user(s)");
   }
   sys_sqlite_lock sqlite_lock(this);
   object.loadKey(catalog);
   switch (object.getType()) {
     case TableDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_TABLE);
       break;
     case DashboardDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_DASHBOARD);
       break;
     case ServerDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_SERVER);
       break;
     case DatabaseDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_DATABASE);
       break;
     case ViewDBObjectType:
       object.setPrivileges(AccessPrivileges::ALL_VIEW);
       break;
     default:
       UNREACHABLE();  // unkown object type
       break;
   }
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     if (!new_owner.isSuper) {  // no need to grant to suser, has all privs by default
       grantDBObjectPrivileges_unsafe(new_owner.userName, object, catalog);
     }
     if (!previous_owner.isSuper && revoke_privileges) {  // no need to revoke from suser
       revokeDBObjectPrivileges_unsafe(previous_owner.userName, object, catalog);
     }
 
     // run update queries if specified
     for (const auto& update_query : update_queries) {
       sqliteConnector_->query_with_text_params(update_query.query,
                                                update_query.text_params);
     }
 
     auto object_key = object.getObjectKey();
     sqliteConnector_->query_with_text_params(
         "UPDATE mapd_object_permissions SET objectOwnerId = ? WHERE dbId = ? AND "
         "objectId = ? AND objectPermissionsType = ?",
         std::vector<std::string>{std::to_string(new_owner.userId),
                                  std::to_string(object_key.dbId),
                                  std::to_string(object_key.objectId),
                                  std::to_string(object_key.permissionType)});
 
     for (const auto& [user_or_role, grantee] : granteeMap_) {
       grantee->reassignObjectOwner(object_key, new_owner.userId);
     }
 
     for (const auto& [map_object_key, map_object_descriptor] : objectDescriptorMap_) {
       if (map_object_descriptor->objectId == object_key.objectId &&
           map_object_descriptor->objectType == object_key.permissionType &&
           map_object_descriptor->dbId == object_key.dbId) {
         map_object_descriptor->objectOwnerId = new_owner.userId;
       }
     }
   } catch (std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     rebuildObjectMapsUnlocked();
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

std::shared_ptr< Catalog > Catalog_Namespace::SysCatalog::switchDatabase	(	std::string &	dbname,
		const std::string &	username
	)

Definition at line 957 of file SysCatalog.cpp.

References AccessPrivileges::ACCESS, cat(), checkPrivileges(), DatabaseDBObjectType, getCatalog(), getMetadataWithDefaultDB(), DBObject::loadKey(), DBObject::setPrivileges(), and Catalog_Namespace::UserMetadata::userLoggable().

                                                                                {
   DBMetadata db_meta;
   UserMetadata user_meta;
 
   getMetadataWithDefaultDB(dbname, username, db_meta, user_meta);
 
   // NOTE(max): register database in Catalog that early to allow ldap
   // and saml create default user and role privileges on databases
   auto cat = getCatalog(db_meta, false);
 
   DBObject dbObject(dbname, DatabaseDBObjectType);
   dbObject.loadKey();
   dbObject.setPrivileges(AccessPrivileges::ACCESS);
   if (!checkPrivileges(user_meta, std::vector<DBObject>{dbObject})) {
     throw std::runtime_error("Unauthorized Access: user " + user_meta.userLoggable() +
                              " is not allowed to access database " + dbname + ".");
   }
 
   return cat;
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::syncUserWithRemoteProvider	(	const std::string &	user_name,
		std::vector< std::string >	idp_roles,
		UserAlterations	alts
	)

Definition at line 2920 of file SysCatalog.cpp.

References alterUser(), createUser(), g_enable_idp_temporary_users, g_read_only, generate_random_string(), getRoleGrantee(), getUser(), getUserGrantee(), grantRole(), logger::INFO, join(), LOG, Catalog_Namespace::UserAlterations::passwd, revokeRole(), to_upper(), Catalog_Namespace::UserAlterations::toString(), shared::transform(), Catalog_Namespace::read_lock< T >::unlock(), logger::WARNING, and Catalog_Namespace::UserAlterations::wouldChange().

                                                                   {
   // need to escalate to a write lock
   // need to unlock the read lock
   sys_read_lock read_lock(this);
   read_lock.unlock();
   sys_write_lock write_lock(this);
   bool enable_idp_temporary_users{g_enable_idp_temporary_users && g_read_only};
   if (auto user = getUser(user_name); !user) {
     if (!alts.passwd) {
       alts.passwd = generate_random_string(72);
     }
     user = createUser(user_name, alts, /*is_temporary=*/enable_idp_temporary_users);
     LOG(INFO) << "Remote identity provider created user [" << user->userLoggable()
               << "] with (" << alts.toString() << ")";
   } else if (alts.wouldChange(*user)) {
     user = alterUser(user->userName, alts);
     LOG(INFO) << "Remote identity provider altered user [" << user->userLoggable()
               << "] with (" << alts.toString() << ")";
   }
   std::vector<std::string> current_roles = {};
   auto* user_rl = getUserGrantee(user_name);
   if (user_rl) {
     current_roles = user_rl->getRoles();
   }
   std::transform(
       current_roles.begin(), current_roles.end(), current_roles.begin(), to_upper);
   std::transform(idp_roles.begin(), idp_roles.end(), idp_roles.begin(), to_upper);
   std::list<std::string> roles_revoked, roles_granted;
   // first remove obsolete ones
   for (auto& current_role_name : current_roles) {
     if (std::find(idp_roles.begin(), idp_roles.end(), current_role_name) ==
         idp_roles.end()) {
       revokeRole(current_role_name,
                  user_name,
                  /*is_temporary=*/enable_idp_temporary_users);
       roles_revoked.push_back(current_role_name);
     }
   }
   for (auto& role_name : idp_roles) {
     if (std::find(current_roles.begin(), current_roles.end(), role_name) ==
         current_roles.end()) {
       auto* rl = getRoleGrantee(role_name);
       if (rl) {
         grantRole(role_name,
                   user_name,
                   /*is_temporary=*/enable_idp_temporary_users);
         roles_granted.push_back(role_name);
       } else {
         LOG(WARNING) << "Error synchronizing roles for user " << user_name << ": role "
                      << role_name << " does not exist";
       }
     }
   }
   if (roles_granted.empty() && roles_revoked.empty()) {
     LOG(INFO) << "Roles for user " << user_name
               << " are up to date with remote identity provider";
   } else {
     if (!roles_revoked.empty()) {
       LOG(INFO) << "Roles revoked during synchronization with identity provider for user "
                 << user_name << ": " << join(roles_revoked, " ");
     }
     if (!roles_granted.empty()) {
       LOG(INFO) << "Roles granted during synchronization with identity provider for user "
                 << user_name << ": " << join(roles_granted, " ");
     }
   }
 }

Here is the call graph for this function:

void Catalog_Namespace::SysCatalog::updateBlankPasswordsToRandom ( )

private

Definition at line 731 of file SysCatalog.cpp.

References CHECK, logger::ERROR, generate_random_string(), anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), LOG, MAPD_VERSION, sqliteConnector_, to_string(), and logger::WARNING.

Referenced by checkAndExecuteMigrations().

                                               {
   const std::string UPDATE_BLANK_PASSWORDS_TO_RANDOM = "update_blank_passwords_to_random";
   sqliteConnector_->query_with_text_params(
       "SELECT migration_history FROM mapd_version_history WHERE migration_history = ?",
       std::vector<std::string>{UPDATE_BLANK_PASSWORDS_TO_RANDOM});
   if (sqliteConnector_->getNumRows()) {
     return;
   }
 
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "SELECT userid, passwd_hash, name FROM mapd_users WHERE name <> 'mapd'");
     auto numRows = sqliteConnector_->getNumRows();
     vector<std::string> users, passwords, names;
     for (size_t i = 0; i < numRows; i++) {
       users.push_back(sqliteConnector_->getData<std::string>(i, 0));
       passwords.push_back(sqliteConnector_->getData<std::string>(i, 1));
       names.push_back(sqliteConnector_->getData<std::string>(i, 2));
     }
     for (size_t i = 0; i < users.size(); ++i) {
       int pwd_check_result = bcrypt_checkpw("", passwords[i].c_str());
       // if the check fails there is a good chance that data on disc is broken
       CHECK(pwd_check_result >= 0);
       if (pwd_check_result != 0) {
         continue;
       }
       LOG(WARNING) << "resetting blank password for user " << names[i] << " (" << users[i]
                    << ") to a random password";
       sqliteConnector_->query_with_text_params(
           "UPDATE mapd_users SET passwd_hash = ? WHERE userid = ?",
           std::vector<std::string>{hash_with_bcrypt(generate_random_string(72)),
                                    users[i]});
     }
     sqliteConnector_->query_with_text_params(
         "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
         std::vector<std::string>{std::to_string(MAPD_VERSION),
                                  UPDATE_BLANK_PASSWORDS_TO_RANDOM});
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     LOG(ERROR) << "Failed to fix blank passwords: " << e.what();
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::updateObjectDescriptorMap	(	const std::string &	roleName,
		DBObject &	object,
		bool	roleType,
		const Catalog_Namespace::Catalog &	cat
	)

private

Definition at line 2405 of file SysCatalog.cpp.

References Catalog_Namespace::DBMetadata::dbId, Catalog_Namespace::Catalog::getCurrentDB(), objectDescriptorMap_, and to_string().

Referenced by grantDBObjectPrivileges_unsafe(), and revokeDBObjectPrivileges_unsafe().

                                                                                 {
   bool present = false;
   auto privs = object.getPrivileges();
   sys_write_lock write_lock(this);
   auto range = objectDescriptorMap_.equal_range(
       std::to_string(cat.getCurrentDB().dbId) + ":" +
       std::to_string(object.getObjectKey().permissionType) + ":" +
       std::to_string(object.getObjectKey().objectId));
   for (auto d = range.first; d != range.second; ++d) {
     if (d->second->roleName == roleName) {
       // overwrite permissions
       d->second->privs = privs;
       present = true;
     }
   }
   if (!present) {
     auto od = std::make_unique<ObjectRoleDescriptor>();
     od->roleName = roleName;
     od->roleType = roleType;
     od->objectType = object.getObjectKey().permissionType;
     od->dbId = object.getObjectKey().dbId;
     od->objectId = object.getObjectKey().objectId;
     od->privs = object.getPrivileges();
     od->objectOwnerId = object.getOwner();
     od->objectName = object.getName();
     objectDescriptorMap_.insert(ObjectRoleDescriptorMap::value_type(
         std::to_string(od->dbId) + ":" + std::to_string(od->objectType) + ":" +
             std::to_string(od->objectId),
         std::move(od)));
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::updatePasswordsToHashes ( )

private

Definition at line 679 of file SysCatalog.cpp.

References logger::ERROR, anonymous_namespace{SysCatalog.cpp}::hash_with_bcrypt(), logger::INFO, LOG, and sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                          {
   sys_sqlite_lock sqlite_lock(this);
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "SELECT name FROM sqlite_master WHERE type='table' AND name='mapd_users'");
     if (sqliteConnector_->getNumRows() == 0) {
       // Nothing to update
       sqliteConnector_->query("END TRANSACTION");
       return;
     }
     sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
     for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
       const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
       if (col_name == "passwd_hash") {
         sqliteConnector_->query("END TRANSACTION");
         return;
       }
     }
     // Alas, SQLite can't drop columns so we have to recreate the table
     // (or, optionally, add the new column and reset the old one to a bunch of nulls)
     sqliteConnector_->query("SELECT userid, passwd FROM mapd_users");
     auto numRows = sqliteConnector_->getNumRows();
     vector<std::string> users, passwords;
     for (size_t i = 0; i < numRows; i++) {
       users.push_back(sqliteConnector_->getData<std::string>(i, 0));
       passwords.push_back(sqliteConnector_->getData<std::string>(i, 1));
     }
     sqliteConnector_->query(
         "CREATE TABLE mapd_users_tmp (userid integer primary key, name text unique, "
         "passwd_hash text, issuper boolean, default_db integer references "
         "mapd_databases)");
     sqliteConnector_->query(
         "INSERT INTO mapd_users_tmp(userid, name, passwd_hash, issuper, default_db) "
         "SELECT userid, name, null, issuper, default_db FROM mapd_users");
     for (size_t i = 0; i < users.size(); ++i) {
       sqliteConnector_->query_with_text_params(
           "UPDATE mapd_users_tmp SET passwd_hash = ? WHERE userid = ?",
           std::vector<std::string>{hash_with_bcrypt(passwords[i]), users[i]});
     }
     sqliteConnector_->query("DROP TABLE mapd_users");
     sqliteConnector_->query("ALTER TABLE mapd_users_tmp RENAME TO mapd_users");
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     LOG(ERROR) << "Failed to hash passwords: " << e.what();
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
   sqliteConnector_->query("VACUUM");  // physically delete plain text passwords
   LOG(INFO) << "Passwords were successfully hashed";
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::updateSupportUserDeactivation ( )

private

Definition at line 778 of file SysCatalog.cpp.

References logger::ERROR, LOG, MAPD_VERSION, sqliteConnector_, and to_string().

Referenced by checkAndExecuteMigrations().

                                                {
   const std::string UPDATE_SUPPORT_USER_DEACTIVATION = "update_support_user_deactivation";
   sys_sqlite_lock sqlite_lock(this);
   // check to see if the new column already exists
   sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
   for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
     const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
     if (col_name == "can_login") {
       return;  // new column already exists
     }
   }
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query("ALTER TABLE mapd_users ADD COLUMN can_login BOOLEAN");
     sqliteConnector_->query("UPDATE mapd_users SET can_login = true");
     sqliteConnector_->query_with_text_params(
         "INSERT INTO mapd_version_history(version, migration_history) values(?,?)",
         std::vector<std::string>{std::to_string(MAPD_VERSION),
                                  UPDATE_SUPPORT_USER_DEACTIVATION});
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     LOG(ERROR) << "Failed to add support for user deactivation: " << e.what();
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::updateUserRoleName	(	const std::string &	roleName,
		const std::string &	newName
	)

private

Definition at line 1331 of file SysCatalog.cpp.

References granteeMap_, objectDescriptorMap_, gpu_enabled::swap(), and to_upper().

Referenced by renameUser().

                                                               {
   sys_write_lock write_lock(this);
 
   auto it = granteeMap_.find(to_upper(roleName));
   if (it != granteeMap_.end()) {
     it->second->setName(newName);
     std::swap(granteeMap_[to_upper(newName)], it->second);
     granteeMap_.erase(it);
   }
 
   // Also rename in objectDescriptorMap_
   for (auto d = objectDescriptorMap_.begin(); d != objectDescriptorMap_.end(); ++d) {
     if (d->second->roleName == roleName) {
       d->second->roleName = newName;
     }
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

void Catalog_Namespace::SysCatalog::updateUserSchema ( )

private

Definition at line 372 of file SysCatalog.cpp.

References sqliteConnector_.

Referenced by checkAndExecuteMigrations().

                                   {
   sys_sqlite_lock sqlite_lock(this);
 
   // check to see if the new column already exists
   sqliteConnector_->query("PRAGMA TABLE_INFO(mapd_users)");
   for (size_t i = 0; i < sqliteConnector_->getNumRows(); i++) {
     const auto& col_name = sqliteConnector_->getData<std::string>(i, 1);
     if (col_name == "default_db") {
       return;  // new column already exists
     }
   }
 
   // create the new column
   sqliteConnector_->query("BEGIN TRANSACTION");
   try {
     sqliteConnector_->query(
         "ALTER TABLE mapd_users ADD COLUMN default_db INTEGER REFERENCES mapd_databases");
   } catch (const std::exception& e) {
     sqliteConnector_->query("ROLLBACK TRANSACTION");
     throw;
   }
   sqliteConnector_->query("END TRANSACTION");
 }

Here is the caller graph for this function:

bool Catalog_Namespace::SysCatalog::verifyDBObjectOwnership	(	const UserMetadata &	user,
		DBObject	object,
		const Catalog_Namespace::Catalog &	catalog
	)

Definition at line 2145 of file SysCatalog.cpp.

References Grantee::findDbObject(), getUserGrantee(), instance(), Catalog_Namespace::UserMetadata::userId, and Catalog_Namespace::UserMetadata::userName.

                                                                                   {
   sys_read_lock read_lock(this);
 
   auto* grantee = instance().getUserGrantee(user.userName);
   if (grantee) {
     object.loadKey(catalog);
     auto* found_object = grantee->findDbObject(object.getObjectKey(), false);
     if (found_object && found_object->getOwner() == user.userId) {
       return true;
     }
   }
   return false;
 }

Here is the call graph for this function:

auto Catalog_Namespace::SysCatalog::yieldTransactionStreamer ( )

private

Definition at line 1308 of file SysCatalog.cpp.

Referenced by renameDatabase(), and renameUser().

                                           {
   return
       [](auto& db_connector, auto on_success, auto on_failure, auto&&... query_requests) {
         auto query_runner = [&db_connector](auto&&... query_reqs) {
           [[gnu::unused]] int throw_away[] = {
               (db_connector->query_with_text_params(
                    std::forward<decltype(query_reqs)>(query_reqs)),
                0)...};
         };
 
         db_connector->query("BEGIN TRANSACTION");
         try {
           query_runner(std::forward<decltype(query_requests)>(query_requests)...);
           on_success();
         } catch (std::exception&) {
           db_connector->query("ROLLBACK TRANSACTION");
           on_failure();
           throw;
         }
         db_connector->query("END TRANSACTION");
       };
 }

Here is the caller graph for this function:

Member Data Documentation

bool Catalog_Namespace::SysCatalog::aggregator_

private

Definition at line 516 of file SysCatalog.h.

Referenced by isAggregator().

const AuthMetadata* Catalog_Namespace::SysCatalog::authMetadata_

private

Definition at line 513 of file SysCatalog.h.

std::string Catalog_Namespace::SysCatalog::basePath_

private

Definition at line 506 of file SysCatalog.h.

Referenced by createDatabase(), getCatalog(), getCatalogBasePath(), importDataFromOldMapdDB(), and SysCatalog().

std::shared_ptr<Calcite> Catalog_Namespace::SysCatalog::calciteMgr_

private

Definition at line 514 of file SysCatalog.h.

Referenced by getCalciteMgr(), and getCatalog().

dbid_to_cat_map Catalog_Namespace::SysCatalog::cat_map_

private

Definition at line 523 of file SysCatalog.h.

Referenced by getCatalog(), removeCatalog(), and ~SysCatalog().

std::shared_ptr<Data_Namespace::DataMgr> Catalog_Namespace::SysCatalog::dataMgr_

private

Definition at line 511 of file SysCatalog.h.

Referenced by getCatalog(), and getDataMgr().

std::unique_ptr<heavyai::DistributedSharedMutex> Catalog_Namespace::SysCatalog::dcatalogMutex_

mutable

Definition at line 534 of file SysCatalog.h.

std::unique_ptr<heavyai::DistributedSharedMutex> Catalog_Namespace::SysCatalog::dsqliteMutex_

mutable

Definition at line 535 of file SysCatalog.h.

std::shared_ptr<Catalog> Catalog_Namespace::SysCatalog::dummyCatalog_

Definition at line 542 of file SysCatalog.h.

Referenced by getDummyCatalog().

GranteeMap Catalog_Namespace::SysCatalog::granteeMap_

private

Definition at line 507 of file SysCatalog.h.

Referenced by buildRoleMapUnlocked(), createRole_unsafe(), dropDatabase(), dropRole_unsafe(), getCreatedRoles(), getGrantee(), getRoles(), reassignObjectOwners(), rebuildObjectMapsUnlocked(), revokeDBObjectPrivilegesFromAll_unsafe(), runUpdateQueriesAndChangeOwnership(), updateUserRoleName(), and ~SysCatalog().

std::unique_ptr< SysCatalog > Catalog_Namespace::SysCatalog::instance_

staticprivate

Definition at line 526 of file SysCatalog.h.

Referenced by destroy(), and instance().

std::mutex Catalog_Namespace::SysCatalog::instance_mutex_

staticprivate

Definition at line 525 of file SysCatalog.h.

Referenced by destroy(), and instance().

bool Catalog_Namespace::SysCatalog::is_initialized_ {false}

private

Definition at line 531 of file SysCatalog.h.

int32_t Catalog_Namespace::SysCatalog::next_temporary_user_id_ {shared::kTempUserIdRange}

Definition at line 545 of file SysCatalog.h.

Referenced by createUser().

ObjectRoleDescriptorMap Catalog_Namespace::SysCatalog::objectDescriptorMap_

private

Definition at line 508 of file SysCatalog.h.

Referenced by buildObjectDescriptorMapUnlocked(), deleteObjectDescriptorMap(), dropRole_unsafe(), getMetadataForAllObjects(), getMetadataForObject(), reassignObjectOwners(), rebuildObjectMapsUnlocked(), renameObjectsInDescriptorMap(), revokeAllOnDatabase_unsafe(), runUpdateQueriesAndChangeOwnership(), updateObjectDescriptorMap(), updateUserRoleName(), and ~SysCatalog().

std::unique_ptr<PkiServer> Catalog_Namespace::SysCatalog::pki_server_

private

Definition at line 512 of file SysCatalog.h.

Referenced by check_for_session_encryption().

heavyai::shared_mutex Catalog_Namespace::SysCatalog::sharedMutex_

mutable

Definition at line 537 of file SysCatalog.h.

std::unique_ptr<SqliteConnector> Catalog_Namespace::SysCatalog::sqliteConnector_

private

Definition at line 509 of file SysCatalog.h.

Referenced by addAdminUserRole(), alterUser(), buildObjectDescriptorMapUnlocked(), buildRoleMapUnlocked(), buildUserRoleMapUnlocked(), checkDuplicateCaseInsensitiveDbNames(), createDatabase(), createDBObject(), createRole_unsafe(), createRoles(), createUser(), createVersionHistoryTable(), dropDatabase(), dropRole_unsafe(), dropUserUnchecked(), execInTransaction(), fixRolesMigration(), getAllDBMetadata(), getAllUserMetadata(), getGranteesOfSharedDashboards(), getMetadataForDB(), getMetadataForDBById(), getMetadataForUser(), getMetadataForUserById(), getRoles(), getSqliteConnector(), grantDBObjectPrivileges_unsafe(), grantRole_unsafe(), hasExecutedMigration(), hasVersionHistoryTable(), importDataFromOldMapdDB(), initDB(), migrateDBAccessPrivileges(), migratePrivileged_old(), migratePrivileges(), populateRoleDbObjects(), reassignObjectOwners(), recordExecutedMigration(), renameDatabase(), renameObjectsInDescriptorMap(), renameUser(), revokeAllOnDatabase_unsafe(), revokeDBObjectPrivileges_unsafe(), revokeRole_unsafe(), runUpdateQueriesAndChangeOwnership(), updateBlankPasswordsToRandom(), updatePasswordsToHashes(), updateSupportUserDeactivation(), and updateUserSchema().

std::mutex Catalog_Namespace::SysCatalog::sqliteMutex_

mutable

Definition at line 536 of file SysCatalog.h.

std::vector<LeafHostInfo> Catalog_Namespace::SysCatalog::string_dict_hosts_

private

Definition at line 515 of file SysCatalog.h.

Referenced by getCatalog().

std::unordered_map<int32_t, std::shared_ptr<UserMetadata> > Catalog_Namespace::SysCatalog::temporary_users_by_id_

Definition at line 544 of file SysCatalog.h.

Referenced by createUser(), dropUserUnchecked(), Catalog_Namespace::anonymous_namespace{SysCatalog.cpp}::get_users(), and getMetadataForUserById().

std::unordered_map<std::string, std::shared_ptr<UserMetadata> > Catalog_Namespace::SysCatalog::temporary_users_by_name_

Definition at line 543 of file SysCatalog.h.

Referenced by alterUser(), createUser(), dropUserUnchecked(), getMetadataForUser(), renameUser(), and revokeAllOnDatabase_unsafe().

std::atomic<std::thread::id> Catalog_Namespace::SysCatalog::thread_holding_sqlite_lock

mutable

Definition at line 538 of file SysCatalog.h.

std::atomic<std::thread::id> Catalog_Namespace::SysCatalog::thread_holding_write_lock

mutable

Definition at line 539 of file SysCatalog.h.

thread_local bool Catalog_Namespace::SysCatalog::thread_holds_read_lock = false

static

Definition at line 540 of file SysCatalog.h.

The documentation for this class was generated from the following files:

/home/jenkins-slave/workspace/core-os-doxygen/Catalog/SysCatalog.h
/home/jenkins-slave/workspace/core-os-doxygen/Catalog/SysCatalog.cpp

Classes

Public Member Functions

Static Public Member Functions

Public Attributes

Static Public Attributes

Private Types

Private Member Functions

Private Attributes

Static Private Attributes

Detailed Description

Member Typedef Documentation

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation