Documentation ¶
Index ¶
- Variables
- func ValidatePrivileges(privileges List, objectType ObjectType) error
- type Kind
- type List
- func (pl List) Contains(k Kind) bool
- func (pl List) Format(buf *bytes.Buffer)
- func (pl List) Len() int
- func (pl List) Less(i, j int) bool
- func (pl List) ListToACL(grantOptions List, objectType ObjectType) string
- func (pl List) SortedNames() []string
- func (pl List) SortedString() string
- func (pl List) String() string
- func (pl List) Swap(i, j int)
- func (pl List) ToBitField() uint32
- type ObjectType
- type Privilege
Constants ¶
This section is empty.
Variables ¶
var ( AllPrivileges = List{ALL, CONNECT, CREATE, DROP, GRANT, SELECT, INSERT, DELETE, UPDATE, USAGE, ZONECONFIG} ReadData = List{GRANT, SELECT} ReadWriteData = List{GRANT, SELECT, INSERT, DELETE, UPDATE} DBPrivileges = List{ALL, CONNECT, CREATE, DROP, GRANT, ZONECONFIG} TablePrivileges = List{ALL, CREATE, DROP, GRANT, SELECT, INSERT, DELETE, UPDATE, ZONECONFIG} SchemaPrivileges = List{ALL, GRANT, CREATE, USAGE} TypePrivileges = List{ALL, GRANT, USAGE} )
Predefined sets of privileges.
var ByName = map[string]Kind{ "ALL": ALL, "CONNECT": CONNECT, "CREATE": CREATE, "DROP": DROP, "GRANT": GRANT, "SELECT": SELECT, "INSERT": INSERT, "DELETE": DELETE, "UPDATE": UPDATE, "ZONECONFIG": ZONECONFIG, "USAGE": USAGE, "RULE": RULE, }
ByName is a map of string -> kind value.
var ByValue = [...]Kind{ ALL, CREATE, DROP, GRANT, SELECT, INSERT, DELETE, UPDATE, USAGE, ZONECONFIG, CONNECT, RULE, }
ByValue is just an array of privilege kinds sorted by value.
Functions ¶
func ValidatePrivileges ¶
func ValidatePrivileges(privileges List, objectType ObjectType) error
ValidatePrivileges returns an error if any privilege in privileges cannot be granted on the given objectType.
Types ¶
type Kind ¶
type Kind uint32
Kind defines a privilege. This is output by the parser, and used to generate the privilege bitfields in the PrivilegeDescriptor.
const ( ALL Kind = 1 CREATE Kind = 2 DROP Kind = 3 GRANT Kind = 4 SELECT Kind = 5 INSERT Kind = 6 DELETE Kind = 7 UPDATE Kind = 8 USAGE Kind = 9 ZONECONFIG Kind = 10 CONNECT Kind = 11 RULE Kind = 12 )
List of privileges. ALL is specifically encoded so that it will automatically pick up new privileges. Do not change values of privileges. These correspond to the position of the privilege in a bit field and are expected to stay constant.
type List ¶
type List []Kind
List is a list of privileges.
func GetValidPrivilegesForObject ¶
func GetValidPrivilegesForObject(objectType ObjectType) List
GetValidPrivilegesForObject returns the list of valid privileges for the specified object type.
func ListFromBitField ¶
func ListFromBitField(m uint32, objectType ObjectType) List
ListFromBitField takes a bitfield of privileges and a ObjectType returns a List. It is ordered in increasing value of privilege.Kind.
func ListFromStrings ¶
ListFromStrings takes a list of strings and attempts to build a list of Kind. We convert each string to uppercase and search for it in the ByName map. If an entry is not found in ByName, an error is returned.
func (List) Format ¶
Format prints out the list in a buffer. This keeps the existing order and uses ", " as separator.
func (List) ListToACL ¶
func (pl List) ListToACL(grantOptions List, objectType ObjectType) string
ListToACL converts a list of privileges to a list of Postgres ACL items. See: https://www.postgresql.org/docs/13/ddl-priv.html#PRIVILEGE-ABBREVS-TABLE
for privileges and their ACL abbreviations.
func (List) SortedNames ¶
SortedNames returns a list of privilege names in sorted order.
func (List) SortedString ¶
SortedString is similar to String() but returns privileges sorted by name and uses "," as separator.
func (List) String ¶
String implements the Stringer interface. This keeps the existing order and uses ", " as separator.
func (List) ToBitField ¶
ToBitField returns the bitfield representation of a list of privileges.
type ObjectType ¶
type ObjectType string
ObjectType represents objects that can have privileges.
const ( // Any represents any object type. Any ObjectType = "any" // Database represents a database object. Database ObjectType = "database" // Schema represents a schema object. Schema ObjectType = "schema" // Table represents a table object. Table ObjectType = "table" // Type represents a type object. Type ObjectType = "type" )
type Privilege ¶
type Privilege struct { Kind Kind // Each privilege Kind has an optional "grant option" flag associated with // it. A role can only grant a privilege on an object to others if it is the // owner of the object or if it itself holds that privilege WITH GRANT OPTION // on the object. This replaces the CockroachDB-specific GRANT privilege. GrantOption bool }
Privilege represents a privilege parsed from an Access Privilege Inquiry Function's privilege string argument.
func PrivilegesFromBitFields ¶
func PrivilegesFromBitFields( kindBits uint32, grantOptionBits uint32, objectType ObjectType, ) []Privilege
PrivilegesFromBitFields takes a bitfield of privilege kinds, a bitfield of grant options, and an ObjectType returns a List. It is ordered in increasing value of privilege.Kind.