CREATE TRIGGER app_privilege_view_insert_trigger
INSTEAD OF INSERT ON app_privilege_view
BEGIN
- INSERT OR IGNORE INTO pkg(name) VALUES (NEW.pkg_name);
INSERT OR IGNORE INTO privilege(name) VALUES (NEW.privilege_name);
- INSERT OR IGNORE INTO app(pkg_id, name) VALUES ((SELECT pkg_id FROM pkg WHERE name=NEW.pkg_name), NEW.app_name);
INSERT OR IGNORE INTO app_privilege(app_id, privilege_id) VALUES
- ((SELECT app_id FROM app WHERE name=NEW.app_name), (SELECT privilege_id FROM privilege WHERE name=NEW.privilege_name));
+ ((SELECT app_id FROM app WHERE name=NEW.app_name),
+ (SELECT privilege_id FROM privilege WHERE name=NEW.privilege_name));
END;
DROP TRIGGER IF EXISTS app_privilege_view_delete_trigger;
{ QueryType::EGetPkgPrivileges, "SELECT privilege_name FROM app_privilege_view WHERE pkg_name=?"},
{ QueryType::EAddApplication, "INSERT INTO app_pkg_view (app_name, pkg_name) VALUES (?, ?)" },
{ QueryType::ERemoveApplication, "DELETE FROM app_pkg_view WHERE app_name=? AND pkg_name=?" },
- { QueryType::EAddAppPrivileges, "INSERT INTO app_privilege_view (app_name, pkg_name, privilege_name) VALUES (?, ?, ?)" },
- { QueryType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=? AND pkg_name=? AND privilege_name=?" },
+ { QueryType::EAddAppPrivileges, "INSERT INTO app_privilege_view (app_name, privilege_name) VALUES (?, ?)" },
+ { QueryType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=?" },
{ QueryType::EPkgIdExists, "SELECT * FROM pkg WHERE name=?" }
};
*/
bool PkgIdExists(const std::string &pkgId);
- /**
- * Check if there's a tuple of (appId, packageId) inside the database
- *
- * @param appId - application identifier
- * @param pkgId - package identifier
- * @param[out] currentPrivileges - list of current privileges assigned to tuple (appId, pkgId)
- * @exception DB::SqlConnection::Exception::InternalError on internal error
- */
- void GetPkgPrivileges(const std::string &pkgId,
- TPrivilegesList ¤tPrivileges);
-
public:
class Exception
{
void RollbackTransaction(void);
/**
+ * Retrieve list of privileges assigned to a pkgId
+ *
+ * @param pkgId - package identifier
+ * @param[out] currentPrivileges - list of current privileges assigned to pkgId
+ * @exception DB::SqlConnection::Exception::InternalError on internal error
+ */
+ void GetPkgPrivileges(const std::string &pkgId,
+ TPrivilegesList ¤tPrivilege);
+
+ /**
* Add an application into the database
*
* @param appId - application identifier
bool &pkgIdIsNoMore);
/**
- * Update privileges belonging to tuple (appId, pkgId)
+ * Remove privileges assigned to application
+ *
+ * @param appId - application identifier
+ * @exception DB::SqlConnection::Exception::InternalError on internal error
+ */
+ void RemoveAppPrivileges(const std::string &appId);
+
+ /**
+ * Update privileges assigned to application
+ * To assure data integrity this method must be called inside db transaction.
*
* @param appId - application identifier
- * @param pkgId - package identifier
* @param privileges - list of privileges to assign
- * @param[out] addedPrivileges - return list of added privileges
- * @param[out] removedPrivileges - return list of removed privileges
* @exception DB::SqlConnection::Exception::InternalError on internal error
*/
- void UpdatePrivileges(const std::string &appId,
- const std::string &pkgId, const TPrivilegesList &privileges,
- TPrivilegesList &addedPrivileges,
- TPrivilegesList &removedPrivileges);
+ void UpdateAppPrivileges(const std::string &appId,
+ const TPrivilegesList &privileges);
};
*/
#include <cstdio>
-#include <set>
#include <list>
#include <string>
#include <iostream>
#include <dpl/log/log.h>
#include "privilege_db.h"
-#define SET_CONTAINS(set,value) set.find(value)!=set.end()
-
namespace SecurityManager {
/* Common code for handling SqlConnection exceptions */
});
}
-void PrivilegeDb::UpdatePrivileges(const std::string &appId,
- const std::string &pkgId, const TPrivilegesList &privileges,
- TPrivilegesList &addedPrivileges,
- TPrivilegesList &removedPrivileges)
+void PrivilegeDb::RemoveAppPrivileges(const std::string &appId)
{
try_catch<void>([&] {
- DB::SqlConnection::DataCommandAutoPtr command;
- TPrivilegesList curPrivileges = TPrivilegesList();
- GetPkgPrivileges(pkgId, curPrivileges);
-
- //Data compilation
- std::set<std::string> privilegesSet = std::set<
- std::string>(privileges.begin(), privileges.end());
- std::set<std::string> curPrivilegesSet = std::set<
- std::string>(curPrivileges.begin(), curPrivileges.end());
-
- std::list < std::string > tmpPrivileges = std::list < std::string
- > (privileges.begin(), privileges.end());
- tmpPrivileges.merge (std::list < std::string
- >(curPrivileges.begin(), curPrivileges.end()));
- tmpPrivileges.unique ();
-
- for (auto privilege : tmpPrivileges) {
- if ((SET_CONTAINS(privilegesSet, privilege)) && !(SET_CONTAINS(curPrivilegesSet, privilege))) {
- addedPrivileges.push_back(privilege);
- }
- if (!(SET_CONTAINS(privilegesSet, privilege)) && (SET_CONTAINS(curPrivilegesSet, privilege))) {
- removedPrivileges.push_back(privilege);
- }
+ DB::SqlConnection::DataCommandAutoPtr command =
+ mSqlConnection->PrepareDataCommand(Queries.at(QueryType::ERemoveAppPrivileges));
- }
+ command->BindString(1, appId.c_str());
+ command->Step();
+ });
+}
- //adding missing privileges
- for (auto addedPrivilege : addedPrivileges) {
- command = mSqlConnection->PrepareDataCommand(
- Queries.at(QueryType::EAddAppPrivileges));
- command->BindString(1, appId.c_str());
- command->BindString(2, pkgId.c_str());
- command->BindString(3, addedPrivilege.c_str());
+void PrivilegeDb::UpdateAppPrivileges(const std::string &appId,
+ const TPrivilegesList &privileges)
+{
+ try_catch<void>([&] {
+ DB::SqlConnection::DataCommandAutoPtr command =
+ mSqlConnection->PrepareDataCommand(Queries.at(QueryType::EAddAppPrivileges));
+ command->BindString(1, appId.c_str());
- if (command->Step())
- LogPedantic("Unexpected SQLITE_ROW answer to query: " <<
- Queries.at(QueryType::EAddAppPrivileges));
+ RemoveAppPrivileges(appId);
+ for (const auto &privilege : privileges) {
+ command->BindString(2, privilege.c_str());
+ command->Step();
command->Reset();
- LogPedantic(
- "Added appId: " << appId << ", pkgId: " << pkgId << ", privilege: " << addedPrivilege);
-
- }
-
- //removing unwanted privileges
- for (auto removedPrivilege : removedPrivileges) {
- command = mSqlConnection->PrepareDataCommand(
- Queries.at(QueryType::ERemoveAppPrivileges));
- command->BindString(1, appId.c_str());
- command->BindString(2, pkgId.c_str());
- command->BindString(3, removedPrivilege.c_str());
-
- if (command->Step())
- LogPedantic("Unexpected SQLITE_ROW answer to query: " <<
- Queries.at(QueryType::EAddAppPrivileges));
-
- LogPedantic(
- "Removed appId: " << appId << ", pkgId: " << pkgId << ", privilege: " << removedPrivilege);
}
});
}