DeveelDB  20151217
complete SQL database system, primarly developed for .NET/Mono frameworks
QueryContext.Security.cs
Go to the documentation of this file.
1 using System;
2 using System.Linq;
3 
4 using Deveel.Data.Routines;
5 using Deveel.Data.Services;
6 using Deveel.Data.Sql;
7 using Deveel.Data.Sql.Expressions;
8 using Deveel.Data.Sql.Query;
9 using Deveel.Data.Sql.Tables;
10 
11 namespace Deveel.Data.Security {
12  public static class QueryContext {
13  private static IUserManager UserManager(this IQueryContext context) {
14  return context.ResolveService<IUserManager>();
15  }
16 
17  private static IPrivilegeManager PrivilegeManager(this IQueryContext context) {
18  return context.ResolveService<IPrivilegeManager>();
19  }
20 
21  #region Group Management
22 
23  public static void CreateUserGroup(this IQueryContext context, string groupName) {
24  if (!context.UserCanManageGroups())
25  throw new InvalidOperationException(String.Format("User '{0}' has not enough privileges to create a group.", context.UserName()));
26 
27  context.ForSystemUser().UserManager().CreateUserGroup(groupName);
28  }
29 
30  #endregion
31 
32  #region User Management
33 
34  public static User GetUser(this IQueryContext context, string userName) {
35  if (context.UserName().Equals(userName, StringComparison.OrdinalIgnoreCase))
36  return new User(context, userName);
37 
38  if (!context.UserCanAccessUsers())
39  throw new MissingPrivilegesException(context.UserName(), new ObjectName(userName), Privileges.Select,
40  String.Format("The user '{0}' has not enough rights to access other users information.", context.UserName()));
41 
42  if (!context.ForSystemUser().UserManager().UserExists(userName))
43  return null;
44 
45  return new User(context, userName);
46  }
47 
48  public static void SetUserStatus(this IQueryContext queryContext, string username, UserStatus status) {
49  if (!queryContext.UserCanManageUsers())
50  throw new MissingPrivilegesException(queryContext.UserName(), new ObjectName(username), Privileges.Alter,
51  String.Format("User '{0}' cannot change the status of user '{1}'", queryContext.UserName(), username));
52 
53  queryContext.ForSystemUser().UserManager().SetUserStatus(username, status);
54  }
55 
56  public static UserStatus GetUserStatus(this IQueryContext queryContext, string userName) {
57  if (!queryContext.UserName().Equals(userName) &&
58  !queryContext.UserCanAccessUsers())
59  throw new MissingPrivilegesException(queryContext.UserName(), new ObjectName(userName), Privileges.Select,
60  String.Format("The user '{0}' has not enough rights to access other users information.", queryContext.UserName()));
61 
62  return queryContext.ForSystemUser().UserManager().GetUserStatus(userName);
63  }
64 
65  public static void SetUserGroups(this IQueryContext context, string userName, string[] groups) {
66  if (!context.UserCanManageUsers())
67  throw new MissingPrivilegesException(context.UserName(), new ObjectName(userName), Privileges.Alter,
68  String.Format("The user '{0}' has not enough rights to modify other users information.", context.UserName()));
69 
70  // TODO: Check if the user exists?
71 
72  var userGroups = context.ForSystemUser().UserManager().GetUserGroups(userName);
73  foreach (var userGroup in userGroups) {
74  context.ForSystemUser().UserManager().RemoveUserFromGroup(userName, userGroup);
75  }
76 
77  foreach (var userGroup in groups) {
78  context.ForSystemUser().UserManager().AddUserToGroup(userName, userGroup, false);
79  }
80  }
81 
82  public static bool UserExists(this IQueryContext context, string userName) {
83  return context.ForSystemUser().UserManager().UserExists(userName);
84  }
85 
86  public static void CreatePublicUser(this IQueryContext context) {
87  if (!context.User().IsSystem)
88  throw new InvalidOperationException("The @PUBLIC user can be created only by the SYSTEM");
89 
90  var userName = User.PublicName;
91  var userId = UserIdentification.PlainText;
92  var userInfo = new UserInfo(userName, userId);
93 
94  context.ForSystemUser().UserManager().CreateUser(userInfo, "####");
95  }
96 
97  public static User CreateUser(this IQueryContext context, string userName, string password) {
98  if (String.IsNullOrEmpty(userName))
99  throw new ArgumentNullException("userName");
100  if (String.IsNullOrEmpty(password))
101  throw new ArgumentNullException("password");
102 
103  if (!context.UserCanCreateUsers())
104  throw new MissingPrivilegesException(userName, new ObjectName(userName), Privileges.Create,
105  String.Format("User '{0}' cannot create users.", context.UserName()));
106 
107  if (String.Equals(userName, User.PublicName, StringComparison.OrdinalIgnoreCase))
108  throw new ArgumentException(
109  String.Format("User name '{0}' is reserved and cannot be registered.", User.PublicName), "userName");
110 
111  if (userName.Length <= 1)
112  throw new ArgumentException("User name must be at least one character.");
113  if (password.Length <= 1)
114  throw new ArgumentException("The password must be at least one character.");
115 
116  var c = userName[0];
117  if (c == '#' || c == '@' || c == '$' || c == '&')
118  throw new ArgumentException(
119  String.Format("User name '{0}' is invalid: cannot start with '{1}' character.", userName, c), "userName");
120 
121  var userId = UserIdentification.PlainText;
122  var userInfo = new UserInfo(userName, userId);
123 
124  context.ForSystemUser().UserManager().CreateUser(userInfo, password);
125 
126  return new User(context, userName);
127  }
128 
129  public static void AlterUserPassword(this IQueryContext queryContext, string username, string password) {
130  if (!queryContext.UserCanAlterUser(username))
131  throw new MissingPrivilegesException(queryContext.UserName(), new ObjectName(username), Privileges.Alter);
132 
133  var userId = UserIdentification.PlainText;
134  var userInfo = new UserInfo(username, userId);
135 
136  queryContext.ForSystemUser().UserManager().AlterUser(userInfo, password);
137  }
138 
139  public static bool DeleteUser(this IQueryContext context, string userName) {
140  if (String.IsNullOrEmpty(userName))
141  throw new ArgumentNullException("userName");
142 
143  if (!context.UserCanDropUser(userName))
144  throw new MissingPrivilegesException(context.UserName(), new ObjectName(userName), Privileges.Drop);
145 
146  return context.ForSystemUser().UserManager().DropUser(userName);
147  }
148 
149  public static void RemoveUserFromAllGroups(this IQueryContext context, string username) {
150  var userExpr = SqlExpression.Constant(DataObject.String(username));
151 
152  var table = context.GetMutableTable(SystemSchema.UserGroupTableName);
153  var c1 = table.GetResolvedColumnName(0);
154  var t = table.SimpleSelect(context, c1, SqlExpressionType.Equal, userExpr);
155  table.Delete(t);
156  }
157 
173  public static User Authenticate(this IQueryContext queryContext, string username, string password) {
174  try {
175  if (String.IsNullOrEmpty(username))
176  throw new ArgumentNullException("username");
177  if (String.IsNullOrEmpty(password))
178  throw new ArgumentNullException("password");
179 
180  var userInfo = queryContext.ForSystemUser().UserManager().GetUser(username);
181 
182  if (userInfo == null)
183  return null;
184 
185  var userId = userInfo.Identification;
186 
187  if (userId.Method != "plain")
188  throw new NotImplementedException();
189 
190  if (!queryContext.ForSystemUser().UserManager().CheckIdentifier(username, password))
191  return null;
192 
193  // Successfully authenticated...
194  return new User(queryContext, username);
195  } catch (SecurityException) {
196  throw;
197  } catch (Exception ex) {
198  throw new SecurityException("Could not authenticate user.", ex);
199  }
200  }
201 
202  #region User Grants Management
203 
204  public static void AddUserToGroup(this IQueryContext queryContext, string username, string group, bool asAdmin = false) {
205  if (String.IsNullOrEmpty(@group))
206  throw new ArgumentNullException("group");
207  if (String.IsNullOrEmpty(username))
208  throw new ArgumentNullException("username");
209 
210  if (!queryContext.UserCanAddToGroup(group))
211  throw new SecurityException();
212 
213  queryContext.ForSystemUser().UserManager().AddUserToGroup(username, group, asAdmin);
214  }
215 
216  public static void GrantToUserOn(this IQueryContext context, ObjectName objectName, string grantee, Privileges privileges, bool withOption = false) {
217  var obj = context.FindObject(objectName);
218  if (obj == null)
219  throw new ObjectNotFoundException(objectName);
220 
221  context.GrantToUserOn(obj.ObjectType, obj.FullName, grantee, privileges, withOption);
222  }
223 
224  public static void GrantToUserOn(this IQueryContext context, DbObjectType objectType, ObjectName objectName, string grantee, Privileges privileges, bool withOption = false) {
225  if (String.Equals(grantee, User.SystemName)) // The @SYSTEM user does not need any other
226  return;
227 
228  if (!context.ObjectExists(objectType, objectName))
229  throw new ObjectNotFoundException(objectName);
230 
231  if (!context.UserHasGrantOption(objectType, objectName, privileges))
232  throw new MissingPrivilegesException(context.UserName(), objectName, privileges);
233 
234  var granter = context.UserName();
235  var grant = new Grant(privileges, objectName, objectType, granter, withOption);
236  context.ForSystemUser().PrivilegeManager().GrantToUser(grantee, grant);
237  }
238 
239  public static void GrantToUserOnSchema(this IQueryContext context, string schemaName, string grantee, Privileges privileges, bool withOption = false) {
240  context.GrantToUserOn(DbObjectType.Schema, new ObjectName(schemaName), grantee, privileges, withOption);
241  }
242 
243  public static void GrantToGroupOn(this IQueryContext context, DbObjectType objectType, ObjectName objectName, string groupName, Privileges privileges, bool withOption = false) {
244  if (SystemGroups.IsSystemGroup(groupName))
245  throw new InvalidOperationException("Cannot grant to a system group.");
246 
247  if (!context.UserCanManageGroups())
248  throw new MissingPrivilegesException(context.UserName(), new ObjectName(groupName));
249 
250  if (!context.ObjectExists(objectType, objectName))
251  throw new ObjectNotFoundException(objectName);
252 
253  var granter = context.UserName();
254  var grant = new Grant(privileges, objectName, objectType, granter, withOption);
255  context.ForSystemUser().PrivilegeManager().GrantToGroup(groupName, grant);
256  }
257 
258  public static void GrantTo(this IQueryContext context, string groupOrUserName, DbObjectType objectType, ObjectName objectName, Privileges privileges, bool withOption = false) {
259  if (context.ForSystemUser().UserManager().UserGroupExists(groupOrUserName)) {
260  if (withOption)
261  throw new SecurityException("User groups cannot be granted with grant option.");
262 
263  context.GrantToGroupOn(objectType, objectName, groupOrUserName, privileges);
264  } else if (context.ForSystemUser().UserManager().UserExists(groupOrUserName)) {
265  context.GrantToUserOn(objectType, objectName, groupOrUserName, privileges, withOption);
266  } else {
267  throw new SecurityException(String.Format("User or group '{0}' was not found.", groupOrUserName));
268  }
269  }
270 
271  public static void RevokeAllGrantsOnTable(this IQueryContext context, ObjectName objectName) {
272  RevokeAllGrantsOn(context, DbObjectType.Table, objectName);
273  }
274 
275  public static void RevokeAllGrantsOnView(this IQueryContext context, ObjectName objectName) {
276  context.RevokeAllGrantsOn(DbObjectType.View, objectName);
277  }
278 
279  public static void RevokeAllGrantsOn(this IQueryContext context, DbObjectType objectType, ObjectName objectName) {
280  var grantTable = context.GetMutableTable(SystemSchema.UserGrantsTableName);
281 
282  var objectTypeColumn = grantTable.GetResolvedColumnName(1);
283  var objectNameColumn = grantTable.GetResolvedColumnName(2);
284  // All that match the given object
285  var t1 = grantTable.SimpleSelect(context, objectTypeColumn, SqlExpressionType.Equal,
286  SqlExpression.Constant(DataObject.Integer((int)objectType)));
287  // All that match the given parameter
288  t1 = t1.SimpleSelect(context, objectNameColumn, SqlExpressionType.Equal,
289  SqlExpression.Constant(DataObject.String(objectName.FullName)));
290 
291  // Remove these rows from the table
292  grantTable.Delete(t1);
293  }
294 
295  public static void GrantToUserOnTable(this IQueryContext context, ObjectName tableName, string grantee, Privileges privileges) {
296  context.GrantToUserOn(DbObjectType.Table, tableName, grantee, privileges);
297  }
298 
299  #endregion
300 
301  #endregion
302 
303  #region User Grants Query
304 
305  public static string[] GetGroupsUserBelongsTo(this IQueryContext queryContext, string username) {
306  return queryContext.ForSystemUser().UserManager().GetUserGroups(username);
307  }
308 
309  public static bool UserBelongsToGroup(this IQueryContext queryContext, string group) {
310  return UserBelongsToGroup(queryContext, queryContext.UserName(), group);
311  }
312 
313  public static bool UserBelongsToGroup(this IQueryContext context, string username, string groupName) {
314  return context.ForSystemUser().UserManager().IsUserInGroup(username, groupName);
315  }
316 
317  public static bool UserCanManageGroups(this IQueryContext context) {
318  return context.User().IsSystem || context.UserHasSecureAccess();
319  }
320 
321  public static bool UserHasSecureAccess(this IQueryContext context) {
322  if (context.User().IsSystem)
323  return true;
324 
325  return context.UserBelongsToSecureGroup();
326  }
327 
328  public static bool UserBelongsToSecureGroup(this IQueryContext context) {
329  return context.UserBelongsToGroup(SystemGroups.SecureGroup);
330  }
331 
332  public static bool UserHasGrantOption(this IQueryContext context, DbObjectType objectType, ObjectName objectName, Privileges privileges) {
333  var user = context.User();
334  if (user.IsSystem)
335  return true;
336 
337  if (context.UserBelongsToSecureGroup())
338  return true;
339 
340  var grant = context.ForSystemUser().PrivilegeManager().GetUserPrivileges(user.Name, objectType, objectName, true);
341  return (grant & privileges) != 0;
342  }
343 
344  public static bool UserHasPrivilege(this IQueryContext context, DbObjectType objectType, ObjectName objectName, Privileges privileges) {
345  var user = context.User();
346  if (user.IsSystem)
347  return true;
348 
349  if (context.UserBelongsToSecureGroup())
350  return true;
351 
352  var userName = user.Name;
353  var grant = context.ForSystemUser().PrivilegeManager().GetUserPrivileges(userName, objectType, objectName, false);
354  return (grant & privileges) != 0;
355  }
356 
357  public static bool UserCanCreateUsers(this IQueryContext context) {
358  return context.UserHasSecureAccess() ||
359  context.UserBelongsToGroup(SystemGroups.UserManagerGroup);
360  }
361 
362  public static bool UserCanDropUser(this IQueryContext context, string userToDrop) {
363  return context.UserHasSecureAccess() ||
364  context.UserBelongsToGroup(SystemGroups.UserManagerGroup) ||
365  context.UserName().Equals(userToDrop, StringComparison.OrdinalIgnoreCase);
366  }
367 
368  public static bool UserCanAlterUser(this IQueryContext context, string userName) {
369  if (context.UserName().Equals(userName))
370  return true;
371 
372  if (userName.Equals(User.PublicName, StringComparison.OrdinalIgnoreCase))
373  return false;
374 
375  return context.UserHasSecureAccess();
376  }
377 
378  public static bool UserCanManageUsers(this IQueryContext context) {
379  return context.UserHasSecureAccess() || context.UserBelongsToGroup(SystemGroups.UserManagerGroup);
380  }
381 
382  public static bool UserCanAccessUsers(this IQueryContext context) {
383  return context.UserHasSecureAccess() || context.UserBelongsToGroup(SystemGroups.UserManagerGroup);
384  }
385 
386  public static bool UserHasTablePrivilege(this IQueryContext context, ObjectName tableName, Privileges privileges) {
387  return context.UserHasPrivilege(DbObjectType.Table, tableName, privileges);
388  }
389 
390  public static bool UserHasSchemaPrivilege(this IQueryContext context, string schemaName, Privileges privileges) {
391  if (context.UserHasPrivilege(DbObjectType.Schema, new ObjectName(schemaName), privileges))
392  return true;
393 
394  return context.UserHasSecureAccess();
395  }
396 
397  public static bool UserCanCreateSchema(this IQueryContext context) {
398  return context.UserHasSecureAccess();
399  }
400 
401  public static bool UserCanCreateInSchema(this IQueryContext context, string schemaName) {
402  return context.UserHasSchemaPrivilege(schemaName, Privileges.Create);
403  }
404 
405  public static bool UserCanCreateTable(this IQueryContext context, ObjectName tableName) {
406  var schema = tableName.Parent;
407  if (schema == null)
408  return context.UserHasSecureAccess();
409 
410  return context.UserCanCreateInSchema(schema.FullName);
411  }
412 
413  public static bool UserCanAlterInSchema(this IQueryContext context, string schemaName) {
414  if (context.UserHasSchemaPrivilege(schemaName, Privileges.Alter))
415  return true;
416 
417  return context.UserHasSecureAccess();
418  }
419 
420  public static bool UserCanAlterTable(this IQueryContext context, ObjectName tableName) {
421  var schema = tableName.Parent;
422  if (schema == null)
423  return false;
424 
425  return context.UserCanAlterInSchema(schema.FullName);
426  }
427 
428  public static bool UserCanSelectFromTable(this IQueryContext context, ObjectName tableName) {
429  return UserCanSelectFromTable(context, tableName, new string[0]);
430  }
431 
432  public static bool UserCanReferenceTable(this IQueryContext context, ObjectName tableName) {
433  return context.UserHasTablePrivilege(tableName, Privileges.References);
434  }
435 
436  public static bool UserCanSelectFromPlan(this IQueryContext context, IQueryPlanNode queryPlan) {
437  var selectedTables = queryPlan.DiscoverTableNames();
438  return selectedTables.All(context.UserCanSelectFromTable);
439  }
440 
441  public static bool UserCanSelectFromTable(this IQueryContext context, ObjectName tableName, params string[] columnNames) {
442  // TODO: Column-level select will be implemented in the future
443  return context.UserHasTablePrivilege(tableName, Privileges.Select);
444  }
445 
446  public static bool UserCanUpdateTable(this IQueryContext context, ObjectName tableName, params string[] columnNames) {
447  // TODO: Column-level select will be implemented in the future
448  return context.UserHasTablePrivilege(tableName, Privileges.Update);
449  }
450 
451  public static bool UserCanInsertIntoTable(this IQueryContext context, ObjectName tableName, params string[] columnNames) {
452  // TODO: Column-level select will be implemented in the future
453  return context.UserHasTablePrivilege(tableName, Privileges.Insert);
454  }
455 
456  public static bool UserCanExecute(this IQueryContext context, RoutineType routineType, Invoke invoke) {
457  if (routineType == RoutineType.Function &&
458  context.IsSystemFunction(invoke)) {
459  return true;
460  }
461 
462  if (context.UserHasSecureAccess())
463  return true;
464 
465  return context.UserHasPrivilege(DbObjectType.Routine, invoke.RoutineName, Privileges.Execute);
466  }
467 
468  public static bool UserCanExecuteFunction(this IQueryContext context, Invoke invoke) {
469  return context.UserCanExecute(RoutineType.Function, invoke);
470  }
471 
472  public static bool UserCanExecuteProcedure(this IQueryContext context, Invoke invoke) {
473  return context.UserCanExecute(RoutineType.Procedure, invoke);
474  }
475 
476  public static bool UserCanCreateObject(this IQueryContext context, DbObjectType objectType, ObjectName objectName) {
477  return context.UserHasPrivilege(objectType, objectName, Privileges.Create);
478  }
479 
480  public static bool UserCanDropObject(this IQueryContext context, DbObjectType objectType, ObjectName objectName) {
481  return context.UserHasPrivilege(objectType, objectName, Privileges.Drop);
482  }
483 
484  public static bool UserCanAlterObject(this IQueryContext context, DbObjectType objectType, ObjectName objectName) {
485  return context.UserHasPrivilege(objectType, objectName, Privileges.Alter);
486  }
487 
488  public static bool UserCanAccessObject(this IQueryContext context, DbObjectType objectType, ObjectName objectName) {
489  return context.UserHasPrivilege(objectType, objectName, Privileges.Select);
490  }
491 
492  public static bool UserCanDeleteFromTable(this IQueryContext context, ObjectName tableName) {
493  return context.UserHasTablePrivilege(tableName, Privileges.Delete);
494  }
495 
496  public static bool UserCanAddToGroup(this IQueryContext context, string groupName) {
497  if (context.User().IsSystem)
498  return true;
499 
500  if (context.UserBelongsToSecureGroup() ||
501  context.UserBelongsToGroup(SystemGroups.UserManagerGroup))
502  return true;
503 
504  return context.ForSystemUser().UserManager().IsUserGroupAdmin(context.UserName(), groupName);
505  }
506 
507  #endregion
508  }
509 }
Deveel.Data.Security.QueryContext.UserCanDeleteFromTable
static bool UserCanDeleteFromTable(this IQueryContext context, ObjectName tableName)
Definition: QueryContext.Security.cs:492
Deveel.Data.Security.QueryContext.UserCanDropObject
static bool UserCanDropObject(this IQueryContext context, DbObjectType objectType, ObjectName objectName)
Definition: QueryContext.Security.cs:480
Deveel.Data.Security.QueryContext.RevokeAllGrantsOnTable
static void RevokeAllGrantsOnTable(this IQueryContext context, ObjectName objectName)
Definition: QueryContext.Security.cs:271
Deveel.Data.Security.QueryContext.UserBelongsToGroup
static bool UserBelongsToGroup(this IQueryContext context, string username, string groupName)
Definition: QueryContext.Security.cs:313
Deveel.Data.DataObject.Integer
static DataObject Integer(int value)
Definition: DataObject.cs:576
Deveel.Data.Security.QueryContext.UserCanExecuteProcedure
static bool UserCanExecuteProcedure(this IQueryContext context, Invoke invoke)
Definition: QueryContext.Security.cs:472
Deveel.Data.Security.SystemGroups.IsSystemGroup
static bool IsSystemGroup(string groupName)
Definition: SystemGroups.cs:64
Deveel.Data.Security.QueryContext.GrantToGroupOn
static void GrantToGroupOn(this IQueryContext context, DbObjectType objectType, ObjectName objectName, string groupName, Privileges privileges, bool withOption=false)
Definition: QueryContext.Security.cs:243
Deveel.Data.Security.QueryContext.UserHasTablePrivilege
static bool UserHasTablePrivilege(this IQueryContext context, ObjectName tableName, Privileges privileges)
Definition: QueryContext.Security.cs:386
Deveel.Data.Security.QueryContext.RevokeAllGrantsOnView
static void RevokeAllGrantsOnView(this IQueryContext context, ObjectName objectName)
Definition: QueryContext.Security.cs:275
Deveel.Data.Security.QueryContext.UserCanSelectFromPlan
static bool UserCanSelectFromPlan(this IQueryContext context, IQueryPlanNode queryPlan)
Definition: QueryContext.Security.cs:436
Deveel.Data.Security.QueryContext.UserCanCreateSchema
static bool UserCanCreateSchema(this IQueryContext context)
Definition: QueryContext.Security.cs:397
Deveel.Data.Security.QueryContext.CreateUser
static User CreateUser(this IQueryContext context, string userName, string password)
Definition: QueryContext.Security.cs:97
Deveel.Data.Security.QueryContext.UserExists
static bool UserExists(this IQueryContext context, string userName)
Definition: QueryContext.Security.cs:82
Deveel.Data.Security.User.PublicName
const string PublicName
The name of the PUBLIC special user.
Definition: User.cs:47
Deveel.Data.Security.QueryContext.UserCanCreateTable
static bool UserCanCreateTable(this IQueryContext context, ObjectName tableName)
Definition: QueryContext.Security.cs:405
Deveel.Data.Security.QueryContext.AlterUserPassword
static void AlterUserPassword(this IQueryContext queryContext, string username, string password)
Definition: QueryContext.Security.cs:129
Deveel.Data.Security.QueryContext.SetUserGroups
static void SetUserGroups(this IQueryContext context, string userName, string[] groups)
Definition: QueryContext.Security.cs:65
Deveel.Data.Security.QueryContext.UserCanAccessObject
static bool UserCanAccessObject(this IQueryContext context, DbObjectType objectType, ObjectName objectName)
Definition: QueryContext.Security.cs:488
Deveel.Data.Security.QueryContext.GetUser
static User GetUser(this IQueryContext context, string userName)
Definition: QueryContext.Security.cs:34
Deveel.Data.Security.QueryContext.GrantToUserOnSchema
static void GrantToUserOnSchema(this IQueryContext context, string schemaName, string grantee, Privileges privileges, bool withOption=false)
Definition: QueryContext.Security.cs:239
Deveel.Data.Security.QueryContext.RemoveUserFromAllGroups
static void RemoveUserFromAllGroups(this IQueryContext context, string username)
Definition: QueryContext.Security.cs:149
Deveel.Data.Security.QueryContext.AddUserToGroup
static void AddUserToGroup(this IQueryContext queryContext, string username, string group, bool asAdmin=false)
Definition: QueryContext.Security.cs:204
Deveel.Data.Security.QueryContext.UserCanManageUsers
static bool UserCanManageUsers(this IQueryContext context)
Definition: QueryContext.Security.cs:378
Deveel.Data.Security.QueryContext.UserManager
static IUserManager UserManager(this IQueryContext context)
Definition: QueryContext.Security.cs:13
Deveel.Data.Security.QueryContext.Authenticate
static User Authenticate(this IQueryContext queryContext, string username, string password)
Authenticates the specified user using the provided credentials.
Definition: QueryContext.Security.cs:173
Deveel.Data.IQueryContext
Provides a context for executing queries, accessing the system resources and evaluation context...
Definition: IQueryContext.cs:26
Deveel.Data.Sql.ObjectName
Describes the name of an object within a database.
Definition: ObjectName.cs:44
Deveel.Data.DataObject.String
static DataObject String(string s)
Definition: DataObject.cs:592
Deveel.Data.Security.QueryContext.UserCanAlterUser
static bool UserCanAlterUser(this IQueryContext context, string userName)
Definition: QueryContext.Security.cs:368
Deveel.Data.Security.QueryContext.GrantToUserOnTable
static void GrantToUserOnTable(this IQueryContext context, ObjectName tableName, string grantee, Privileges privileges)
Definition: QueryContext.Security.cs:295
Deveel.Data.Sql.Expressions.SqlExpressionType
SqlExpressionType
All the possible type of SqlExpression supported
Definition: SqlExpressionType.cs:23
Deveel.Data.Sql.Query.IQueryPlanNode
A node element of a query plan tree. /summary>
Definition: IQueryPlanNode.cs:31
Deveel.Data.Security.QueryContext.GetUserStatus
static UserStatus GetUserStatus(this IQueryContext queryContext, string userName)
Definition: QueryContext.Security.cs:56
Deveel.Data.Security.QueryContext.UserCanUpdateTable
static bool UserCanUpdateTable(this IQueryContext context, ObjectName tableName, params string[] columnNames)
Definition: QueryContext.Security.cs:446
Deveel.Data.Security.QueryContext.UserCanExecuteFunction
static bool UserCanExecuteFunction(this IQueryContext context, Invoke invoke)
Definition: QueryContext.Security.cs:468
Deveel.Data.Security.QueryContext.UserCanDropUser
static bool UserCanDropUser(this IQueryContext context, string userToDrop)
Definition: QueryContext.Security.cs:362
Deveel.Data.Routines.RoutineType
RoutineType
The type of routine program.
Definition: RoutineType.cs:23
Deveel.Data.Security.QueryContext.PrivilegeManager
static IPrivilegeManager PrivilegeManager(this IQueryContext context)
Definition: QueryContext.Security.cs:17
Deveel.Data.Security.QueryContext.DeleteUser
static bool DeleteUser(this IQueryContext context, string userName)
Definition: QueryContext.Security.cs:139
Deveel.Data.Security.QueryContext.UserHasGrantOption
static bool UserHasGrantOption(this IQueryContext context, DbObjectType objectType, ObjectName objectName, Privileges privileges)
Definition: QueryContext.Security.cs:332
Deveel.Data.SystemSchema.UserGroupTableName
static readonly ObjectName UserGroupTableName
Definition: SystemSchema.cs:208
Deveel.Data.Security.SystemGroups.UserManagerGroup
const string UserManagerGroup
The name of the user manager group.
Definition: SystemGroups.cs:55
Deveel.Data.Security.QueryContext.GrantTo
static void GrantTo(this IQueryContext context, string groupOrUserName, DbObjectType objectType, ObjectName objectName, Privileges privileges, bool withOption=false)
Definition: QueryContext.Security.cs:258
Deveel.Data.DataObject
Represents a dynamic object that encapsulates a defined SqlType and a compatible constant ISqlObject ...
Definition: DataObject.cs:35
Deveel.Data.Security.QueryContext.UserCanAlterObject
static bool UserCanAlterObject(this IQueryContext context, DbObjectType objectType, ObjectName objectName)
Definition: QueryContext.Security.cs:484
Deveel.Data.Security.QueryContext.CreatePublicUser
static void CreatePublicUser(this IQueryContext context)
Definition: QueryContext.Security.cs:86
Deveel.Data.Security.QueryContext.GetGroupsUserBelongsTo
static string[] GetGroupsUserBelongsTo(this IQueryContext queryContext, string username)
Definition: QueryContext.Security.cs:305
Deveel.Data.Routines.Invoke
The information about the invocation of a routine, including the full name and arguments (as SqlExpre...
Definition: Invoke.cs:30
Deveel.Data.Security.QueryContext.UserCanAccessUsers
static bool UserCanAccessUsers(this IQueryContext context)
Definition: QueryContext.Security.cs:382
Deveel.Data.Security.QueryContext.UserBelongsToGroup
static bool UserBelongsToGroup(this IQueryContext queryContext, string group)
Definition: QueryContext.Security.cs:309
Deveel.Data.Security.QueryContext.UserCanAlterInSchema
static bool UserCanAlterInSchema(this IQueryContext context, string schemaName)
Definition: QueryContext.Security.cs:413
Deveel.Data.Security.QueryContext.UserCanAlterTable
static bool UserCanAlterTable(this IQueryContext context, ObjectName tableName)
Definition: QueryContext.Security.cs:420
Deveel.Data.SystemSchema
Provides utilities and properties for handling the SYSTEN schema of a database.
Definition: SystemSchema.cs:37
Deveel.Data.Sql.ObjectName.FullName
string FullName
Gets the full reference name formatted.
Definition: ObjectName.cs:114
Deveel.Data.Security.QueryContext.RevokeAllGrantsOn
static void RevokeAllGrantsOn(this IQueryContext context, DbObjectType objectType, ObjectName objectName)
Definition: QueryContext.Security.cs:279
Deveel.Data.Security.QueryContext.UserHasPrivilege
static bool UserHasPrivilege(this IQueryContext context, DbObjectType objectType, ObjectName objectName, Privileges privileges)
Definition: QueryContext.Security.cs:344
Deveel.Data.Security.QueryContext.UserCanAddToGroup
static bool UserCanAddToGroup(this IQueryContext context, string groupName)
Definition: QueryContext.Security.cs:496
Deveel.Data.Security.QueryContext.CreateUserGroup
static void CreateUserGroup(this IQueryContext context, string groupName)
Definition: QueryContext.Security.cs:23
Deveel.Data.Security.QueryContext.UserCanSelectFromTable
static bool UserCanSelectFromTable(this IQueryContext context, ObjectName tableName)
Definition: QueryContext.Security.cs:428
Deveel.Data.Sql.ObjectName.Parent
ObjectName Parent
Gets the parent reference of the current one, if any or null if none.
Definition: ObjectName.cs:99
Deveel.Data.Security.QueryContext.SetUserStatus
static void SetUserStatus(this IQueryContext queryContext, string username, UserStatus status)
Definition: QueryContext.Security.cs:48
Deveel.Data.Security.QueryContext.UserCanCreateInSchema
static bool UserCanCreateInSchema(this IQueryContext context, string schemaName)
Definition: QueryContext.Security.cs:401
Deveel.Data.Security.QueryContext.UserCanCreateUsers
static bool UserCanCreateUsers(this IQueryContext context)
Definition: QueryContext.Security.cs:357
Deveel.Data.Security.QueryContext.UserCanInsertIntoTable
static bool UserCanInsertIntoTable(this IQueryContext context, ObjectName tableName, params string[] columnNames)
Definition: QueryContext.Security.cs:451
Deveel.Data.Security.QueryContext.UserBelongsToSecureGroup
static bool UserBelongsToSecureGroup(this IQueryContext context)
Definition: QueryContext.Security.cs:328
Deveel.Data.SystemSchema.UserGrantsTableName
static readonly ObjectName UserGrantsTableName
Definition: SystemSchema.cs:210
Deveel.Data.Routines.Invoke.RoutineName
ObjectName RoutineName
Gets the fully qualified name of the routine to invoke.
Definition: Invoke.cs:58
Deveel.Data.Security.QueryContext.GrantToUserOn
static void GrantToUserOn(this IQueryContext context, ObjectName objectName, string grantee, Privileges privileges, bool withOption=false)
Definition: QueryContext.Security.cs:216
Deveel.Data.Security.SystemGroups.SecureGroup
const string SecureGroup
THe name of the secure access group.
Definition: SystemGroups.cs:46
Deveel.Data.Security.QueryContext.UserHasSecureAccess
static bool UserHasSecureAccess(this IQueryContext context)
Definition: QueryContext.Security.cs:321
Deveel.Data.Security.QueryContext.UserCanCreateObject
static bool UserCanCreateObject(this IQueryContext context, DbObjectType objectType, ObjectName objectName)
Definition: QueryContext.Security.cs:476
Deveel.Data.Security.QueryContext.UserHasSchemaPrivilege
static bool UserHasSchemaPrivilege(this IQueryContext context, string schemaName, Privileges privileges)
Definition: QueryContext.Security.cs:390
Deveel.Data.Sql.Expressions.SqlExpression
Defines the base class for instances that represent SQL expression tree nodes.
Definition: SqlExpression.cs:35
Deveel.Data.Sql.Expressions.SqlExpression.Constant
static SqlConstantExpression Constant(object value)
Definition: SqlExpression.cs:256
Deveel.Data.Sql.DbObjectType
DbObjectType
The kind of objects that can be handled by a database system and its managers
Definition: DbObjectType.cs:27
Deveel.Data.Security.User
Provides the information for a user in a database system
Definition: User.cs:27
Deveel.Data.Security.QueryContext.UserCanExecute
static bool UserCanExecute(this IQueryContext context, RoutineType routineType, Invoke invoke)
Definition: QueryContext.Security.cs:456
Deveel.Data.Security.QueryContext.UserCanSelectFromTable
static bool UserCanSelectFromTable(this IQueryContext context, ObjectName tableName, params string[] columnNames)
Definition: QueryContext.Security.cs:441
Deveel.Data.Security.QueryContext.UserCanManageGroups
static bool UserCanManageGroups(this IQueryContext context)
Definition: QueryContext.Security.cs:317
Deveel.Data.Security.QueryContext.GrantToUserOn
static void GrantToUserOn(this IQueryContext context, DbObjectType objectType, ObjectName objectName, string grantee, Privileges privileges, bool withOption=false)
Definition: QueryContext.Security.cs:224
Deveel.Data.Security.Grant
The entity that holds the access control granted to an user or a group to a specific object in a data...
Definition: Grant.cs:26
Deveel.Data.Security.QueryContext.UserCanReferenceTable
static bool UserCanReferenceTable(this IQueryContext context, ObjectName tableName)
Definition: QueryContext.Security.cs:432
Deveel.Data.Security.User.SystemName
const string SystemName
The name of the SYSTEM special user.
Definition: User.cs:52
Generated by   doxygen 1.8.10