1// Copyright (c) 2014 Couchbase, Inc. 2// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file 3// except in compliance with the License. You may obtain a copy of the License at 4// http://www.apache.org/licenses/LICENSE-2.0 5// Unless required by applicable law or agreed to in writing, software distributed under the 6// License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 7// either express or implied. See the License for the specific language governing permissions 8// and limitations under the License. 9 10package algebra 11 12import ( 13 "encoding/json" 14 15 "github.com/couchbase/query/auth" 16 "github.com/couchbase/query/errors" 17 "github.com/couchbase/query/expression" 18 "github.com/couchbase/query/value" 19) 20 21type GrantRole struct { 22 statementBase 23 24 roles []string `json:"roles"` 25 keyspaces []string `json:"keyspaces"` 26 users []string `json:"users"` 27} 28 29/* 30The function NewGrantRole returns a pointer to the 31GrantRole struct with the input argument values as fields. 32*/ 33func NewGrantRole(roles []string, keyspaces []string, users []string) *GrantRole { 34 rv := &GrantRole{ 35 roles: roles, 36 keyspaces: keyspaces, 37 users: users, 38 } 39 40 rv.stmt = rv 41 return rv 42} 43 44/* 45It calls the VisitGrantRole method by passing 46in the receiver and returns the interface. It is a 47visitor pattern. 48*/ 49func (this *GrantRole) Accept(visitor Visitor) (interface{}, error) { 50 return visitor.VisitGrantRole(this) 51} 52 53/* 54Returns nil. 55*/ 56func (this *GrantRole) Signature() value.Value { 57 return nil 58} 59 60/* 61Returns nil. 62*/ 63func (this *GrantRole) Formalize() error { 64 return nil 65} 66 67/* 68This method maps all the constituent clauses, namely the expression, 69partition and where clause within a create index statement. 70*/ 71func (this *GrantRole) MapExpressions(mapper expression.Mapper) (err error) { 72 return nil 73} 74 75/* 76Return expr from the statement. 77*/ 78func (this *GrantRole) Expressions() expression.Expressions { 79 return nil 80} 81 82/* 83Returns all required privileges. 84*/ 85func (this *GrantRole) Privileges() (*auth.Privileges, errors.Error) { 86 privs := auth.NewPrivileges() 87 // Currently our privileges always attach to buckets. In this case, 88 // the data being updated isn't a bucket, it's system security data, 89 // so the code is leaving the bucket name blank. 90 // This works because no bucket name is needed for this type of authorization. 91 // If we absolutely had to provide a table name, it would make sense to use system:user_info, 92 // because that's the virtual table where the data can be accessed. 93 privs.Add("", auth.PRIV_SECURITY_WRITE) 94 return privs, nil 95} 96 97/* 98Returns the list of users to whom roles are being assigned. 99*/ 100func (this *GrantRole) Users() []string { 101 return this.users 102} 103 104/* 105Returns the list of roles being assigned. 106*/ 107func (this *GrantRole) Roles() []string { 108 return this.roles 109} 110 111/* 112Returns the list of keyspaces that qualify the roles being assigned. 113*/ 114func (this *GrantRole) Keyspaces() []string { 115 return this.keyspaces 116} 117 118/* 119Marshals input receiver into byte array. 120*/ 121func (this *GrantRole) MarshalJSON() ([]byte, error) { 122 r := map[string]interface{}{"type": "grantRole"} 123 r["users"] = this.users 124 r["keyspaces"] = this.keyspaces 125 r["roles"] = this.roles 126 127 return json.Marshal(r) 128} 129 130func (this *GrantRole) Type() string { 131 return "GRANT_ROLE" 132} 133