From 32068d67edf7856c236f0d9dfd00c5b9f02e4442 Mon Sep 17 00:00:00 2001
From: Dmitry Rodionov <d.rodionov@picodata.io>
Date: Wed, 25 Oct 2023 17:52:04 +0300
Subject: [PATCH] refactor: rename schema_object_type to box_schema_object_type
This patch makes schema_object_type to be exported.
NO_DOC=picodata internal patch
NO_CHANGELOG=picodata internal patch
NO_TEST=picodata internal patch
---
src/box/alter.cc | 96 ++++++++++----------
src/box/alter.h | 2 +-
src/box/box.cc | 4 +-
src/box/box.h | 3 +-
src/box/call.c | 4 +-
src/box/func.c | 5 +-
src/box/schema.cc | 24 ++---
src/box/schema.h | 30 +++---
src/box/schema_def.c | 42 ++++-----
src/box/schema_def.h | 49 ++++++----
src/box/sequence.c | 8 +-
src/box/session.c | 6 +-
src/box/session.h | 2 +-
src/box/space.c | 8 +-
src/box/sysview.c | 6 +-
src/box/user.cc | 35 +++----
src/box/user.h | 6 +-
src/box/user_def.c | 2 +-
src/box/user_def.h | 6 +-
test/app-luatest/module_api_luatest_test.lua | 25 ++++-
20 files changed, 206 insertions(+), 157 deletions(-)
diff --git a/src/box/alter.cc b/src/box/alter.cc
index 58f09d0f17..314bab595e 100644
--- a/src/box/alter.cc
+++ b/src/box/alter.cc
@@ -72,7 +72,7 @@ box_schema_version_bump(void)
int
access_check_ddl(const char *name, uint32_t object_id, uint32_t owner_uid,
- enum schema_object_type type,
+ enum box_schema_object_type type,
enum box_privilege_type priv_type)
{
struct credentials *cr = effective_user();
@@ -118,7 +118,7 @@ access_check_ddl(const char *name, uint32_t object_id, uint32_t owner_uid,
const char *object_name;
const char *pname;
if (access & BOX_PRIVILEGE_USAGE) {
- object_name = schema_object_name(SC_UNIVERSE);
+ object_name = schema_object_name(BOX_SC_UNIVERSE);
pname = priv_name(BOX_PRIVILEGE_USAGE);
name = "";
} else {
@@ -2236,8 +2236,9 @@ on_replace_dd_space(struct trigger * /* trigger */, void *event)
return -1;
auto def_guard =
make_scoped_guard([=] { space_def_delete(def); });
- if (access_check_ddl(def->name, def->id, def->uid, SC_SPACE,
- BOX_PRIVILEGE_CREATE) != 0)
+ if (access_check_ddl(def->name, def->id, def->uid,
+ BOX_SC_SPACE,
+ BOX_PRIVILEGE_CREATE) != 0)
return -1;
RLIST_HEAD(empty_list);
struct space *space = space_new(def, &empty_list);
@@ -2294,7 +2295,7 @@ on_replace_dd_space(struct trigger * /* trigger */, void *event)
}
} else if (new_tuple == NULL) { /* DELETE */
if (access_check_ddl(old_space->def->name, old_space->def->id,
- old_space->def->uid, SC_SPACE,
+ old_space->def->uid, BOX_SC_SPACE,
BOX_PRIVILEGE_DROP) != 0)
return -1;
/* Verify that the space is empty (has no indexes) */
@@ -2396,8 +2397,9 @@ on_replace_dd_space(struct trigger * /* trigger */, void *event)
return -1;
auto def_guard =
make_scoped_guard([=] { space_def_delete(def); });
- if (access_check_ddl(def->name, def->id, def->uid, SC_SPACE,
- BOX_PRIVILEGE_ALTER) != 0)
+ if (access_check_ddl(def->name, def->id, def->uid,
+ BOX_SC_SPACE,
+ BOX_PRIVILEGE_ALTER) != 0)
return -1;
if (def->id != space_id(old_space)) {
diag_set(ClientError, ER_ALTER_SPACE,
@@ -2574,7 +2576,7 @@ on_replace_dd_index(struct trigger * /* trigger */, void *event)
if (old_tuple && new_tuple)
priv_type = BOX_PRIVILEGE_ALTER;
if (access_check_ddl(old_space->def->name, old_space->def->id,
- old_space->def->uid, SC_SPACE, priv_type) != 0)
+ old_space->def->uid, BOX_SC_SPACE, priv_type) != 0)
return -1;
struct index *old_index = space_index(old_space, iid);
struct index_def *old_def = old_index != NULL ? old_index->def : NULL;
@@ -3041,8 +3043,8 @@ user_def_new_from_tuple(struct tuple *tuple)
const char *type_str = tuple_field_cstr(tuple, BOX_USER_FIELD_TYPE);
if (type_str == NULL)
return NULL;
- enum schema_object_type type = schema_object_type(type_str);
- if (type != SC_ROLE && type != SC_USER) {
+ enum box_schema_object_type type = schema_object_type(type_str);
+ if (type != BOX_SC_ROLE && type != BOX_SC_USER) {
diag_set(ClientError, ER_CREATE_USER,
tt_cstr(name, name_len), "unknown user type");
return NULL;
@@ -3070,7 +3072,7 @@ user_def_new_from_tuple(struct tuple *tuple)
} else {
is_auth_empty = false;
}
- if (!is_auth_empty && user->type == SC_ROLE) {
+ if (!is_auth_empty && user->type == BOX_SC_ROLE) {
diag_set(ClientError, ER_CREATE_ROLE, user->name,
"authentication data can not be set for a "\
"role");
@@ -3499,8 +3501,9 @@ on_replace_dd_func(struct trigger * /* trigger */, void *event)
auto def_guard = make_scoped_guard([=] {
func_def_delete(def);
});
- if (access_check_ddl(def->name, def->fid, def->uid, SC_FUNCTION,
- BOX_PRIVILEGE_CREATE) != 0)
+ if (access_check_ddl(def->name, def->fid, def->uid,
+ BOX_SC_FUNCTION,
+ BOX_PRIVILEGE_CREATE) != 0)
return -1;
struct trigger *on_rollback =
txn_alter_trigger_new(on_create_func_rollback, NULL);
@@ -3522,8 +3525,9 @@ on_replace_dd_func(struct trigger * /* trigger */, void *event)
* Can only delete func if you're the one
* who created it or a superuser.
*/
- if (access_check_ddl(old_func->def->name, fid, uid, SC_FUNCTION,
- BOX_PRIVILEGE_DROP) != 0)
+ if (access_check_ddl(old_func->def->name, fid, uid,
+ BOX_SC_FUNCTION,
+ BOX_PRIVILEGE_DROP) != 0)
return -1;
/* Can only delete func if it has no grants. */
bool out;
@@ -3770,7 +3774,7 @@ on_replace_dd_collation(struct trigger * /* trigger */, void *event)
struct coll_id *old_coll_id = coll_by_id(old_id);
assert(old_coll_id != NULL);
if (access_check_ddl(old_coll_id->name, old_coll_id->id,
- old_coll_id->owner_id, SC_COLLATION,
+ old_coll_id->owner_id, BOX_SC_COLLATION,
BOX_PRIVILEGE_DROP) != 0)
return -1;
/*
@@ -3807,7 +3811,7 @@ on_replace_dd_collation(struct trigger * /* trigger */, void *event)
if (coll_id_def_new_from_tuple(new_tuple, &new_def) != 0)
return -1;
if (access_check_ddl(new_def.name, new_def.id, new_def.owner_id,
- SC_COLLATION, BOX_PRIVILEGE_CREATE) != 0)
+ BOX_SC_COLLATION, BOX_PRIVILEGE_CREATE) != 0)
return -1;
struct coll_id *new_coll_id = coll_id_new(&new_def);
if (new_coll_id == NULL)
@@ -3872,7 +3876,7 @@ priv_def_create_from_tuple(struct priv_def *priv, struct tuple *tuple)
BOX_PRIV_FIELD_OBJECT_ID, &(priv->object_id)) != 0)
return -1;
}
- if (priv->object_type == SC_UNKNOWN) {
+ if (priv->object_type == BOX_SC_UNKNOWN) {
diag_set(ClientError, ER_UNKNOWN_SCHEMA_OBJECT,
object_type);
return -1;
@@ -3914,17 +3918,17 @@ priv_def_check(struct priv_def *priv, enum box_privilege_type priv_type)
priv->object_type, priv_type) != 0)
return -1;
switch (priv->object_type) {
- case SC_UNIVERSE:
+ case BOX_SC_UNIVERSE:
if (grantor->def->uid != ADMIN) {
diag_set(AccessDeniedError,
priv_name(priv_type),
- schema_object_name(SC_UNIVERSE),
+ schema_object_name(BOX_SC_UNIVERSE),
name,
grantor->def->name);
return -1;
}
break;
- case SC_SPACE:
+ case BOX_SC_SPACE:
{
struct space *space = space_cache_find(priv->object_id);
if (space == NULL)
@@ -3933,7 +3937,7 @@ priv_def_check(struct priv_def *priv, enum box_privilege_type priv_type)
grantor->def->uid != ADMIN) {
diag_set(AccessDeniedError,
priv_name(priv_type),
- schema_object_name(SC_SPACE), name,
+ schema_object_name(BOX_SC_SPACE), name,
grantor->def->name);
return -1;
}
@@ -3944,7 +3948,7 @@ priv_def_check(struct priv_def *priv, enum box_privilege_type priv_type)
}
break;
}
- case SC_FUNCTION:
+ case BOX_SC_FUNCTION:
{
struct func *func = func_by_id(priv->object_id);
if (func == NULL) {
@@ -3955,13 +3959,13 @@ priv_def_check(struct priv_def *priv, enum box_privilege_type priv_type)
grantor->def->uid != ADMIN) {
diag_set(AccessDeniedError,
priv_name(priv_type),
- schema_object_name(SC_FUNCTION), name,
+ schema_object_name(BOX_SC_FUNCTION), name,
grantor->def->name);
return -1;
}
break;
}
- case SC_SEQUENCE:
+ case BOX_SC_SEQUENCE:
{
struct sequence *seq = sequence_by_id(priv->object_id);
if (seq == NULL) {
@@ -3972,16 +3976,16 @@ priv_def_check(struct priv_def *priv, enum box_privilege_type priv_type)
grantor->def->uid != ADMIN) {
diag_set(AccessDeniedError,
priv_name(priv_type),
- schema_object_name(SC_SEQUENCE), name,
+ schema_object_name(BOX_SC_SEQUENCE), name,
grantor->def->name);
return -1;
}
break;
}
- case SC_ROLE:
+ case BOX_SC_ROLE:
{
struct user *role = user_by_id(priv->object_id);
- if (role == NULL || role->def->type != SC_ROLE) {
+ if (role == NULL || role->def->type != BOX_SC_ROLE) {
diag_set(ClientError, ER_NO_SUCH_ROLE,
role ? role->def->name :
int2str(priv->object_id));
@@ -3997,7 +4001,7 @@ priv_def_check(struct priv_def *priv, enum box_privilege_type priv_type)
priv->access != BOX_PRIVILEGE_EXECUTE)) {
diag_set(AccessDeniedError,
priv_name(priv_type),
- schema_object_name(SC_ROLE), name,
+ schema_object_name(BOX_SC_ROLE), name,
grantor->def->name);
return -1;
}
@@ -4006,10 +4010,10 @@ priv_def_check(struct priv_def *priv, enum box_privilege_type priv_type)
return -1;
break;
}
- case SC_USER:
+ case BOX_SC_USER:
{
struct user *user = user_by_id(priv->object_id);
- if (user == NULL || user->def->type != SC_USER) {
+ if (user == NULL || user->def->type != BOX_SC_USER) {
diag_set(ClientError, ER_NO_SUCH_USER,
user ? user->def->name :
int2str(priv->object_id));
@@ -4019,17 +4023,17 @@ priv_def_check(struct priv_def *priv, enum box_privilege_type priv_type)
grantor->def->uid != ADMIN) {
diag_set(AccessDeniedError,
priv_name(priv_type),
- schema_object_name(SC_USER), name,
+ schema_object_name(BOX_SC_USER), name,
grantor->def->name);
return -1;
}
break;
}
- case SC_ENTITY_SPACE:
- case SC_ENTITY_FUNCTION:
- case SC_ENTITY_SEQUENCE:
- case SC_ENTITY_ROLE:
- case SC_ENTITY_USER:
+ case BOX_SC_ENTITY_SPACE:
+ case BOX_SC_ENTITY_FUNCTION:
+ case BOX_SC_ENTITY_SEQUENCE:
+ case BOX_SC_ENTITY_ROLE:
+ case BOX_SC_ENTITY_USER:
{
/* Only admin may grant privileges on an entire entity. */
if (grantor->def->uid != ADMIN) {
@@ -4065,10 +4069,10 @@ grant_or_revoke(struct priv_def *priv, struct txn_stmt *rolled_back_stmt)
* Grant a role to a user only when privilege type is 'execute'
* and the role is specified.
*/
- if (priv->object_type == SC_ROLE &&
+ if (priv->object_type == BOX_SC_ROLE &&
!(priv->access & ~BOX_PRIVILEGE_EXECUTE)) {
struct user *role = user_by_id(priv->object_id);
- if (role == NULL || role->def->type != SC_ROLE)
+ if (role == NULL || role->def->type != BOX_SC_ROLE)
return 0;
if (priv->access) {
if (role_grant(grantee, role) != 0)
@@ -4581,7 +4585,7 @@ on_replace_dd_sequence(struct trigger * /* trigger */, void *event)
if (new_def == NULL)
return -1;
if (access_check_ddl(new_def->name, new_def->id, new_def->uid,
- SC_SEQUENCE, BOX_PRIVILEGE_CREATE) != 0)
+ BOX_SC_SEQUENCE, BOX_PRIVILEGE_CREATE) != 0)
return -1;
struct trigger *on_rollback =
txn_alter_trigger_new(on_create_sequence_rollback, NULL);
@@ -4600,7 +4604,7 @@ on_replace_dd_sequence(struct trigger * /* trigger */, void *event)
seq = sequence_by_id(id);
assert(seq != NULL);
if (access_check_ddl(seq->def->name, seq->def->id, seq->def->uid,
- SC_SEQUENCE, BOX_PRIVILEGE_DROP) != 0)
+ BOX_SC_SEQUENCE, BOX_PRIVILEGE_DROP) != 0)
return -1;
bool out;
if (space_has_data(BOX_SEQUENCE_DATA_ID, 0, id, &out) != 0)
@@ -4642,7 +4646,7 @@ on_replace_dd_sequence(struct trigger * /* trigger */, void *event)
seq = sequence_by_id(new_def->id);
assert(seq != NULL);
if (access_check_ddl(seq->def->name, seq->def->id, seq->def->uid,
- SC_SEQUENCE, BOX_PRIVILEGE_ALTER) != 0)
+ BOX_SC_SEQUENCE, BOX_PRIVILEGE_ALTER) != 0)
return -1;
struct trigger *on_commit =
txn_alter_trigger_new(on_alter_sequence_commit, seq->def);
@@ -4878,7 +4882,7 @@ on_replace_dd_space_sequence(struct trigger * /* trigger */, void *event)
/* Check we have the correct access type on the sequence. * */
if (is_generated || !stmt->new_tuple) {
if (access_check_ddl(seq->def->name, seq->def->id, seq->def->uid,
- SC_SEQUENCE, priv_type) != 0)
+ BOX_SC_SEQUENCE, priv_type) != 0)
return -1;
} else {
/*
@@ -4886,15 +4890,15 @@ on_replace_dd_space_sequence(struct trigger * /* trigger */, void *event)
* check that it has read and write access.
*/
if (access_check_ddl(seq->def->name, seq->def->id, seq->def->uid,
- SC_SEQUENCE, BOX_PRIVILEGE_READ) != 0)
+ BOX_SC_SEQUENCE, BOX_PRIVILEGE_READ) != 0)
return -1;
if (access_check_ddl(seq->def->name, seq->def->id, seq->def->uid,
- SC_SEQUENCE, BOX_PRIVILEGE_WRITE) != 0)
+ BOX_SC_SEQUENCE, BOX_PRIVILEGE_WRITE) != 0)
return -1;
}
/** Check we have alter access on space. */
if (access_check_ddl(space->def->name, space->def->id, space->def->uid,
- SC_SPACE, BOX_PRIVILEGE_ALTER) != 0)
+ BOX_SC_SPACE, BOX_PRIVILEGE_ALTER) != 0)
return -1;
if (stmt->new_tuple != NULL) { /* INSERT, UPDATE */
diff --git a/src/box/alter.h b/src/box/alter.h
index 6f1d862337..58814d136c 100644
--- a/src/box/alter.h
+++ b/src/box/alter.h
@@ -53,7 +53,7 @@ extern struct trigger on_replace_func_index;
*/
int
access_check_ddl(const char *name, uint32_t object_id, uint32_t owner_uid,
- enum schema_object_type type,
+ enum box_schema_object_type type,
enum box_privilege_type priv_type);
#endif /* INCLUDES_TARANTOOL_BOX_ALTER_H */
diff --git a/src/box/box.cc b/src/box/box.cc
index d924d2db18..c82acf71ba 100644
--- a/src/box/box.cc
+++ b/src/box/box.cc
@@ -3991,13 +3991,13 @@ box_access_check_space(uint32_t space_id, uint16_t access)
API_EXPORT int
box_access_check_ddl(
const char *name, uint32_t object_id, uint32_t owner_uid,
- uint32_t object_type, uint16_t access)
+ enum box_schema_object_type object_type, uint16_t access)
{
return access_check_ddl(
name,
object_id,
owner_uid,
- (enum schema_object_type)object_type,
+ (enum box_schema_object_type)object_type,
(enum box_privilege_type)access);
}
diff --git a/src/box/box.h b/src/box/box.h
index d3eca01900..60dd48c12b 100644
--- a/src/box/box.h
+++ b/src/box/box.h
@@ -31,6 +31,7 @@
* SUCH DAMAGE.
*/
#include "trivia/util.h"
+#include "schema_def.h"
#include <stdbool.h>
@@ -790,7 +791,7 @@ box_access_check_space(uint32_t space_id, uint16_t access);
*/
API_EXPORT int
box_access_check_ddl(const char *name, uint32_t object_id, uint32_t owner_uid,
- uint32_t object_type, uint16_t access);
+ enum box_schema_object_type object_type, uint16_t access);
/**
* Sends a packet with the given header and body over the IPROTO session's
diff --git a/src/box/call.c b/src/box/call.c
index cfb6079163..db8e01ed1c 100644
--- a/src/box/call.c
+++ b/src/box/call.c
@@ -128,7 +128,7 @@ box_module_reload(const char *name)
struct user *user = user_find(credentials->uid);
if (user != NULL)
diag_set(AccessDeniedError, priv_name(BOX_PRIVILEGE_USAGE),
- schema_object_name(SC_UNIVERSE), "",
+ schema_object_name(BOX_SC_UNIVERSE), "",
user->def->name);
return -1;
}
@@ -175,7 +175,7 @@ box_process_call(struct call_request *request, struct port *port)
} else {
if (access_check_universe_object(
BOX_PRIVILEGE_EXECUTE | BOX_PRIVILEGE_USAGE,
- SC_FUNCTION,
+ BOX_SC_FUNCTION,
tt_cstr(name, name_len)) != 0)
return -1;
box_run_on_call(IPROTO_CALL, name, name_len, request->args);
diff --git a/src/box/func.c b/src/box/func.c
index 1ec1eb245d..64f6bea6f1 100644
--- a/src/box/func.c
+++ b/src/box/func.c
@@ -564,7 +564,8 @@ func_access_check(struct func *func)
box_user_access_mask_t access =
BOX_PRIVILEGE_EXECUTE | BOX_PRIVILEGE_USAGE;
/* Check access for all functions. */
- access &= ~entity_access_get(SC_FUNCTION)[credentials->auth_token].effective;
+ access &= ~entity_access_get(
+ BOX_SC_FUNCTION)[credentials->auth_token].effective;
box_user_access_mask_t func_access =
access & ~credentials->universal_access;
if ((func_access & BOX_PRIVILEGE_USAGE) != 0 ||
@@ -574,7 +575,7 @@ func_access_check(struct func *func)
struct user *user = user_find(credentials->uid);
if (user != NULL) {
diag_set(AccessDeniedError, priv_name(BOX_PRIVILEGE_EXECUTE),
- schema_object_name(SC_FUNCTION),
+ schema_object_name(BOX_SC_FUNCTION),
func->def->name, user->def->name);
}
return -1;
diff --git a/src/box/schema.cc b/src/box/schema.cc
index 2411a23f2c..0f57bab7d5 100644
--- a/src/box/schema.cc
+++ b/src/box/schema.cc
@@ -488,17 +488,17 @@ sequence_cache_delete(uint32_t id)
}
const char *
-schema_find_name(enum schema_object_type type, uint32_t object_id)
+schema_find_name(enum box_schema_object_type type, uint32_t object_id)
{
switch (type) {
- case SC_UNIVERSE:
- case SC_ENTITY_SPACE:
- case SC_ENTITY_FUNCTION:
- case SC_ENTITY_SEQUENCE:
- case SC_ENTITY_ROLE:
- case SC_ENTITY_USER:
+ case BOX_SC_UNIVERSE:
+ case BOX_SC_ENTITY_SPACE:
+ case BOX_SC_ENTITY_FUNCTION:
+ case BOX_SC_ENTITY_SEQUENCE:
+ case BOX_SC_ENTITY_ROLE:
+ case BOX_SC_ENTITY_USER:
return "";
- case SC_SPACE:
+ case BOX_SC_SPACE:
{
struct space *space = space_by_id(object_id);
if (space != NULL)
@@ -507,7 +507,7 @@ schema_find_name(enum schema_object_type type, uint32_t object_id)
tt_sprintf("%d", object_id));
break;
}
- case SC_FUNCTION:
+ case BOX_SC_FUNCTION:
{
struct func *func = func_by_id(object_id);
if (func != NULL)
@@ -516,7 +516,7 @@ schema_find_name(enum schema_object_type type, uint32_t object_id)
tt_sprintf("%d", object_id));
break;
}
- case SC_SEQUENCE:
+ case BOX_SC_SEQUENCE:
{
struct sequence *seq = sequence_by_id(object_id);
if (seq != NULL)
@@ -525,7 +525,7 @@ schema_find_name(enum schema_object_type type, uint32_t object_id)
tt_sprintf("%d", object_id));
break;
}
- case SC_ROLE:
+ case BOX_SC_ROLE:
{
struct user *role = user_by_id(object_id);
if (role != NULL)
@@ -534,7 +534,7 @@ schema_find_name(enum schema_object_type type, uint32_t object_id)
tt_sprintf("%d", object_id));
break;
}
- case SC_USER:
+ case BOX_SC_USER:
{
struct user *user = user_by_id(object_id);
if (user != NULL)
diff --git a/src/box/schema.h b/src/box/schema.h
index 05f715c4f5..64bf799ccf 100644
--- a/src/box/schema.h
+++ b/src/box/schema.h
@@ -83,7 +83,7 @@ box_dd_version_id(void);
* @return NULL if object of type not found, otherwise name of object.
*/
const char *
-schema_find_name(enum schema_object_type type, uint32_t object_id);
+schema_find_name(enum box_schema_object_type type, uint32_t object_id);
/**
* Find a sequence by id. Return NULL if the sequence was
@@ -191,25 +191,27 @@ struct entity_access {
/** A single instance of the global entities. */
extern struct entity_access entity_access;
-static inline
-struct access *
-entity_access_get(enum schema_object_type type)
+/**
+ * Get access structure corresponding to given object type
+ */
+static inline struct access *
+entity_access_get(enum box_schema_object_type type)
{
switch (type) {
- case SC_SPACE:
- case SC_ENTITY_SPACE:
+ case BOX_SC_SPACE:
+ case BOX_SC_ENTITY_SPACE:
return entity_access.space;
- case SC_FUNCTION:
- case SC_ENTITY_FUNCTION:
+ case BOX_SC_FUNCTION:
+ case BOX_SC_ENTITY_FUNCTION:
return entity_access.function;
- case SC_USER:
- case SC_ENTITY_USER:
+ case BOX_SC_USER:
+ case BOX_SC_ENTITY_USER:
return entity_access.user;
- case SC_ROLE:
- case SC_ENTITY_ROLE:
+ case BOX_SC_ROLE:
+ case BOX_SC_ENTITY_ROLE:
return entity_access.role;
- case SC_SEQUENCE:
- case SC_ENTITY_SEQUENCE:
+ case BOX_SC_SEQUENCE:
+ case BOX_SC_ENTITY_SEQUENCE:
return entity_access.sequence;
default:
return NULL;
diff --git a/src/box/schema_def.c b/src/box/schema_def.c
index f028efe4a8..2109973ece 100644
--- a/src/box/schema_def.c
+++ b/src/box/schema_def.c
@@ -36,43 +36,43 @@ const char *sql_storage_engine_strs[] = {
};
static const char *object_type_strs[] = {
- /* [SC_UKNNOWN] = */ "unknown",
- /* [SC_UNIVERSE] = */ "universe",
- /* [SC_SPACE] = */ "space",
- /* [SC_FUNCTION] = */ "function",
- /* [SC_USER] = */ "user",
- /* [SC_ROLE] = */ "role",
- /* [SC_SEQUENCE] = */ "sequence",
- /* [SC_COLLATION] = */ "collation",
+ /* [BOX_SC_UKNNOWN] = */ "unknown",
+ /* [BOX_SC_UNIVERSE] = */ "universe",
+ /* [BOX_SC_SPACE] = */ "space",
+ /* [BOX_SC_FUNCTION] = */ "function",
+ /* [BOX_SC_USER] = */ "user",
+ /* [BOX_SC_ROLE] = */ "role",
+ /* [BOX_SC_SEQUENCE] = */ "sequence",
+ /* [BOX_SC_COLLATION] = */ "collation",
};
/** Given object type @type, return corresponding entity type. */
-static enum schema_object_type
-schema_object_type_to_entity(enum schema_object_type type)
+static enum box_schema_object_type
+schema_object_type_to_entity(enum box_schema_object_type type)
{
- assert(type >= SC_SPACE);
+ assert(type >= BOX_SC_SPACE);
assert((int) type < (int) schema_object_type_MAX);
return type + schema_object_type_MAX - 1;
}
/** Given entity type @type, return corresponding object type. */
-static enum schema_object_type
-schema_entity_type_to_object(enum schema_object_type type)
+static enum box_schema_object_type
+schema_entity_type_to_object(enum box_schema_object_type type)
{
assert((int) type > (int) schema_object_type_MAX);
assert((int) type < (int) schema_entity_type_MAX);
return (type % (schema_object_type_MAX)) + 1;
}
-enum schema_object_type
-schema_entity_type(enum schema_object_type type)
+enum box_schema_object_type
+schema_entity_type(enum box_schema_object_type type)
{
- if (type <= SC_UNIVERSE || type >= schema_object_type_MAX)
- return SC_UNKNOWN;
+ if (type <= BOX_SC_UNIVERSE || type >= schema_object_type_MAX)
+ return BOX_SC_UNKNOWN;
return schema_object_type_to_entity(type);
}
-enum schema_object_type
+enum box_schema_object_type
schema_object_type(const char *name)
{
/**
@@ -82,18 +82,18 @@ schema_object_type(const char *name)
*/
int n_strs = sizeof(object_type_strs)/sizeof(*object_type_strs);
int index = strindex(object_type_strs, name, n_strs);
- return (enum schema_object_type) (index == n_strs ? 0 : index);
+ return (enum box_schema_object_type)(index == n_strs ? 0 : index);
}
const char *
-schema_object_name(enum schema_object_type type)
+schema_object_name(enum box_schema_object_type type)
{
assert((int) type < (int) schema_object_type_MAX);
return object_type_strs[type];
}
const char *
-schema_entity_name(enum schema_object_type type)
+schema_entity_name(enum box_schema_object_type type)
{
return object_type_strs[schema_entity_type_to_object(type)];
}
diff --git a/src/box/schema_def.h b/src/box/schema_def.h
index 7d2bf8602b..8380701bc0 100644
--- a/src/box/schema_def.h
+++ b/src/box/schema_def.h
@@ -305,29 +305,32 @@ enum {
* Use 0 for unknown to use the same index consistently
* even when there are more object types in the future.
*/
-enum schema_object_type {
- SC_UNKNOWN = 0,
- SC_UNIVERSE = 1,
- SC_SPACE = 2,
- SC_FUNCTION = 3,
- SC_USER = 4,
- SC_ROLE = 5,
- SC_SEQUENCE = 6,
- SC_COLLATION = 7,
+/** \cond public */
+enum box_schema_object_type {
+ BOX_SC_UNKNOWN = 0,
+ BOX_SC_UNIVERSE = 1,
+ BOX_SC_SPACE = 2,
+ BOX_SC_FUNCTION = 3,
+ BOX_SC_USER = 4,
+ BOX_SC_ROLE = 5,
+ BOX_SC_SEQUENCE = 6,
+ BOX_SC_COLLATION = 7,
/*
* All object types are supposed to be above this point,
* all entity types - below.
*/
schema_object_type_MAX = 8,
- SC_ENTITY_SPACE,
- SC_ENTITY_FUNCTION,
- SC_ENTITY_USER,
- SC_ENTITY_ROLE,
- SC_ENTITY_SEQUENCE,
- SC_ENTITY_COLLATION,
+ BOX_SC_ENTITY_SPACE,
+ BOX_SC_ENTITY_FUNCTION,
+ BOX_SC_ENTITY_USER,
+ BOX_SC_ENTITY_ROLE,
+ BOX_SC_ENTITY_SEQUENCE,
+ BOX_SC_ENTITY_COLLATION,
schema_entity_type_MAX = 15
};
+/** \endcond public */
+
/** SQL Storage engine. */
enum sql_storage_engine {
SQL_STORAGE_ENGINE_MEMTX = 0,
@@ -340,17 +343,23 @@ extern const char *sql_storage_engine_strs[];
/**
* Given a object type, return an entity type it belongs to.
*/
-enum schema_object_type
-schema_entity_type(enum schema_object_type type);
+enum box_schema_object_type
+schema_entity_type(enum box_schema_object_type type);
-enum schema_object_type
+enum box_schema_object_type
schema_object_type(const char *name);
+/**
+ * Given an object type, return corresponding object name.
+ */
const char *
-schema_object_name(enum schema_object_type type);
+schema_object_name(enum box_schema_object_type type);
+/**
+ * Given an object type, return entity name it belongs to.
+ */
const char *
-schema_entity_name(enum schema_object_type type);
+schema_entity_name(enum box_schema_object_type type);
/**
* Check that the space id corresponds to a system space, which means that is
diff --git a/src/box/sequence.c b/src/box/sequence.c
index c6f38d3774..1aa777687a 100644
--- a/src/box/sequence.c
+++ b/src/box/sequence.c
@@ -273,7 +273,8 @@ access_check_sequence(struct sequence *seq)
box_user_access_mask_t access =
BOX_PRIVILEGE_USAGE | BOX_PRIVILEGE_WRITE;
box_user_access_mask_t sequence_access = access & ~cr->universal_access;
- sequence_access &= ~entity_access_get(SC_SEQUENCE)[cr->auth_token].effective;
+ sequence_access &= ~entity_access_get(
+ BOX_SC_SEQUENCE)[cr->auth_token].effective;
if (sequence_access &&
/* Check for missing Usage access, ignore owner rights. */
(sequence_access & BOX_PRIVILEGE_USAGE ||
@@ -287,12 +288,13 @@ access_check_sequence(struct sequence *seq)
if (!(cr->universal_access & BOX_PRIVILEGE_USAGE)) {
diag_set(AccessDeniedError,
priv_name(BOX_PRIVILEGE_USAGE),
- schema_object_name(SC_UNIVERSE), "",
+ schema_object_name(BOX_SC_UNIVERSE),
+ "",
user->def->name);
} else {
diag_set(AccessDeniedError,
priv_name(access),
- schema_object_name(SC_SEQUENCE),
+ schema_object_name(BOX_SC_SEQUENCE),
seq->def->name, user->def->name);
}
}
diff --git a/src/box/session.c b/src/box/session.c
index 6867337862..6d3c0ab032 100644
--- a/src/box/session.c
+++ b/src/box/session.c
@@ -450,7 +450,7 @@ access_check_session(struct user *user)
if (!(universe.access[user->auth_token].effective &
BOX_PRIVILEGE_SESSION)) {
diag_set(AccessDeniedError, priv_name(BOX_PRIVILEGE_SESSION),
- schema_object_name(SC_UNIVERSE), "",
+ schema_object_name(BOX_SC_UNIVERSE), "",
user->def->name);
return -1;
}
@@ -459,7 +459,7 @@ access_check_session(struct user *user)
int
access_check_universe_object(box_user_access_mask_t access,
- enum schema_object_type object_type,
+ enum box_schema_object_type object_type,
const char *object_name)
{
struct credentials *credentials = effective_user();
@@ -494,7 +494,7 @@ access_check_universe_object(box_user_access_mask_t access,
int
access_check_universe(box_user_access_mask_t access)
{
- return access_check_universe_object(access, SC_UNIVERSE, "");
+ return access_check_universe_object(access, BOX_SC_UNIVERSE, "");
}
int
diff --git a/src/box/session.h b/src/box/session.h
index 0fa835412d..673b62042a 100644
--- a/src/box/session.h
+++ b/src/box/session.h
@@ -402,7 +402,7 @@ access_check_universe(box_user_access_mask_t access);
*/
int
access_check_universe_object(box_user_access_mask_t access,
- enum schema_object_type object_type,
+ enum box_schema_object_type object_type,
const char *object_name);
static inline int
diff --git a/src/box/space.c b/src/box/space.c
index 2335a11c29..201f64dc37 100644
--- a/src/box/space.c
+++ b/src/box/space.c
@@ -73,7 +73,8 @@ access_check_space(struct space *space, box_user_access_mask_t access)
* Similarly to global access, subtract entity-level access
* (access to all spaces) if it is present.
*/
- space_access &= ~entity_access_get(SC_SPACE)[cr->auth_token].effective;
+ space_access &= ~entity_access_get(
+ BOX_SC_SPACE)[cr->auth_token].effective;
if (space_access &&
/* Check for missing USAGE access, ignore owner rights. */
@@ -92,12 +93,13 @@ access_check_space(struct space *space, box_user_access_mask_t access)
if (!(cr->universal_access & BOX_PRIVILEGE_USAGE)) {
diag_set(AccessDeniedError,
priv_name(BOX_PRIVILEGE_USAGE),
- schema_object_name(SC_UNIVERSE), "",
+ schema_object_name(BOX_SC_UNIVERSE),
+ "",
user->def->name);
} else {
diag_set(AccessDeniedError,
priv_name(access),
- schema_object_name(SC_SPACE),
+ schema_object_name(BOX_SC_SPACE),
space->def->name, user->def->name);
}
}
diff --git a/src/box/sysview.c b/src/box/sysview.c
index 8ced197763..77190f97bf 100644
--- a/src/box/sysview.c
+++ b/src/box/sysview.c
@@ -285,7 +285,7 @@ vspace_filter(struct space *source, struct tuple *tuple)
if (PRIV_WRDA & cr->universal_access)
return true;
/* Allow access for a user with space privileges. */
- if (PRIV_WRDA & entity_access_get(SC_SPACE)[cr->auth_token].effective)
+ if (PRIV_WRDA & entity_access_get(BOX_SC_SPACE)[cr->auth_token].effective)
return true;
if (BOX_PRIVILEGE_READ & source->access[cr->auth_token].effective)
return true; /* read access to _space space */
@@ -363,7 +363,7 @@ vfunc_filter(struct space *source, struct tuple *tuple)
return true;
/* Allow access for a user with function privileges. */
if ((PRIV_WRDA | BOX_PRIVILEGE_EXECUTE) &
- entity_access_get(SC_FUNCTION)[cr->auth_token].effective)
+ entity_access_get(BOX_SC_FUNCTION)[cr->auth_token].effective)
return true;
if (BOX_PRIVILEGE_READ & source->access[cr->auth_token].effective)
return true; /* read access to _func space */
@@ -393,7 +393,7 @@ vsequence_filter(struct space *source, struct tuple *tuple)
return true;
/* Allow access for a user with sequence privileges. */
if ((PRIV_WRDA | BOX_PRIVILEGE_EXECUTE) &
- entity_access_get(SC_SEQUENCE)[cr->auth_token].effective)
+ entity_access_get(BOX_SC_SEQUENCE)[cr->auth_token].effective)
return true;
if (BOX_PRIVILEGE_READ & source->access[cr->auth_token].effective)
return true; /* read access to _sequence space */
diff --git a/src/box/user.cc b/src/box/user.cc
index 87fff3e762..c9836f4518 100644
--- a/src/box/user.cc
+++ b/src/box/user.cc
@@ -214,69 +214,69 @@ user_grant_priv(struct user *user, struct priv_def *def)
* given object type and object id.
*/
struct access *
-access_find(enum schema_object_type object_type, uint32_t object_id)
+access_find(enum box_schema_object_type object_type, uint32_t object_id)
{
struct access *access = NULL;
switch (object_type) {
- case SC_UNIVERSE:
+ case BOX_SC_UNIVERSE:
{
access = universe.access;
break;
}
- case SC_ENTITY_SPACE:
+ case BOX_SC_ENTITY_SPACE:
{
access = entity_access.space;
break;
}
- case SC_ENTITY_FUNCTION:
+ case BOX_SC_ENTITY_FUNCTION:
{
access = entity_access.function;
break;
}
- case SC_ENTITY_USER:
+ case BOX_SC_ENTITY_USER:
{
access = entity_access.user;
break;
}
- case SC_ENTITY_ROLE:
+ case BOX_SC_ENTITY_ROLE:
{
access = entity_access.role;
break;
}
- case SC_ENTITY_SEQUENCE:
+ case BOX_SC_ENTITY_SEQUENCE:
{
access = entity_access.sequence;
break;
}
- case SC_SPACE:
+ case BOX_SC_SPACE:
{
struct space *space = space_by_id(object_id);
if (space)
access = space->access;
break;
}
- case SC_FUNCTION:
+ case BOX_SC_FUNCTION:
{
struct func *func = func_by_id(object_id);
if (func)
access = func->access;
break;
}
- case SC_USER:
+ case BOX_SC_USER:
{
struct user *user = user_by_id(object_id);
if (user)
access = user->access;
break;
}
- case SC_ROLE:
+ case BOX_SC_ROLE:
{
struct user *role = user_by_id(object_id);
if (role)
access = role->access;
break;
}
- case SC_SEQUENCE:
+ case BOX_SC_SEQUENCE:
{
struct sequence *seq = sequence_by_id(object_id);
if (seq)
@@ -324,7 +324,7 @@ user_reload_priv(struct user *user, struct tuple *tuple)
* Skip role grants, we're only
* interested in real objects.
*/
- if (priv.object_type != SC_ROLE ||
+ if (priv.object_type != BOX_SC_ROLE ||
!(priv.access & BOX_PRIVILEGE_EXECUTE))
return user_grant_priv(user, &priv);
return 0;
@@ -584,7 +584,7 @@ user_find_by_name(const char *name, uint32_t len)
return NULL;
if (uid != BOX_ID_NIL) {
struct user *user = user_by_id(uid);
- if (user != NULL && user->def->type == SC_USER)
+ if (user != NULL && user->def->type == BOX_SC_USER)
return user;
}
diag_set(ClientError, ER_NO_SUCH_USER,
@@ -607,7 +607,7 @@ user_cache_init(void)
* updated with snapshot contents during recovery.
*/
const char *name = "guest";
- struct user_def *def = user_def_new(GUEST, ADMIN, SC_USER,
+ struct user_def *def = user_def_new(GUEST, ADMIN, BOX_SC_USER,
name, strlen(name));
/* Free def in a case of exception. */
auto guest_def_guard = make_scoped_guard([=] { user_def_delete(def); });
@@ -619,7 +619,7 @@ user_cache_init(void)
(void) user;
name = "admin";
- def = user_def_new(ADMIN, ADMIN, SC_USER, name, strlen(name));
+ def = user_def_new(ADMIN, ADMIN, BOX_SC_USER, name, strlen(name));
auto admin_def_guard = make_scoped_guard([=] { user_def_delete(def); });
user = user_cache_replace(def);
admin_def_guard.is_active = false;
@@ -817,7 +817,8 @@ priv_grant(struct user *grantee, struct priv_def *priv,
struct access *object = access_find(priv->object_type, priv->object_id);
if (object == NULL)
return 0;
- if (grantee->auth_token == ADMIN && priv->object_type == SC_UNIVERSE &&
+ if (grantee->auth_token == ADMIN &&
+ priv->object_type == BOX_SC_UNIVERSE &&
priv->access != USER_ACCESS_FULL) {
diag_set(ClientError, ER_GRANT,
"can't revoke universe from the admin user");
diff --git a/src/box/user.h b/src/box/user.h
index 654a5ecdaa..a0c5b6e87a 100644
--- a/src/box/user.h
+++ b/src/box/user.h
@@ -99,8 +99,12 @@ struct user
struct access access[BOX_USER_MAX];
};
+/**
+ * Find the corresponding access structure
+ * given object type and object id.
+ */
struct access *
-access_find(enum schema_object_type object_type, uint32_t object_id);
+access_find(enum box_schema_object_type object_type, uint32_t object_id);
/** Find user by id. */
struct user *
diff --git a/src/box/user_def.c b/src/box/user_def.c
index a17ddbaf8a..05c208ae36 100644
--- a/src/box/user_def.c
+++ b/src/box/user_def.c
@@ -40,7 +40,7 @@ priv_name(box_user_access_mask_t access)
}
struct user_def *
-user_def_new(uint32_t uid, uint32_t owner, enum schema_object_type type,
+user_def_new(uint32_t uid, uint32_t owner, enum box_schema_object_type type,
const char *name, uint32_t name_len)
{
struct user_def *def;
diff --git a/src/box/user_def.h b/src/box/user_def.h
index 01f2e97549..96c3ee96c3 100644
--- a/src/box/user_def.h
+++ b/src/box/user_def.h
@@ -95,7 +95,7 @@ struct priv_def {
/* Object id - is only defined for object type */
uint32_t object_id;
/* Object type - function, space, universe */
- enum schema_object_type object_type;
+ enum box_schema_object_type object_type;
/**
* What is being granted, has been granted, or is being
* revoked.
@@ -142,7 +142,7 @@ struct user_def {
/** Creator of the user */
uint32_t owner;
/** 'user' or 'role' */
- enum schema_object_type type;
+ enum box_schema_object_type type;
/**
* Authentication data or NULL if auth method is unset.
*
@@ -166,7 +166,7 @@ struct user_def {
* This function never fails.
*/
struct user_def *
-user_def_new(uint32_t uid, uint32_t owner, enum schema_object_type type,
+user_def_new(uint32_t uid, uint32_t owner, enum box_schema_object_type type,
const char *name, uint32_t name_len);
/** Destroys and frees a user definition. */
diff --git a/test/app-luatest/module_api_luatest_test.lua b/test/app-luatest/module_api_luatest_test.lua
index 80e36ea53a..8bd0caa627 100644
--- a/test/app-luatest/module_api_luatest_test.lua
+++ b/test/app-luatest/module_api_luatest_test.lua
@@ -56,9 +56,32 @@ g.test_box_access_check_ddl = function()
end
local ffi = require('ffi')
ffi.cdef([[
+ enum box_schema_object_type {
+ BOX_SC_UNKNOWN = 0,
+ BOX_SC_UNIVERSE = 1,
+ BOX_SC_SPACE = 2,
+ BOX_SC_FUNCTION = 3,
+ BOX_SC_USER = 4,
+ BOX_SC_ROLE = 5,
+ BOX_SC_SEQUENCE = 6,
+ BOX_SC_COLLATION = 7,
+ /*
+ * All object types are supposed to be above this point,
+ * all entity types - below.
+ */
+ schema_object_type_MAX = 8,
+ BOX_SC_ENTITY_SPACE,
+ BOX_SC_ENTITY_FUNCTION,
+ BOX_SC_ENTITY_USER,
+ BOX_SC_ENTITY_ROLE,
+ BOX_SC_ENTITY_SEQUENCE,
+ BOX_SC_ENTITY_COLLATION,
+ schema_entity_type_MAX = 15
+ };
+
int box_access_check_ddl(
const char *name, uint32_t object_id, uint32_t owner_uid,
- uint32_t object_type, uint16_t access);
+ enum box_schema_object_type object_type, uint16_t access);
]])
local priv_to_name = {}
--
GitLab