DELETE FROM pkg WHERE pkg_id NOT IN (SELECT DISTINCT pkg_id from app);
END;
+DROP VIEW IF EXISTS privilege_gid_view;
+CREATE VIEW privilege_gid_view AS
+SELECT
+ privilege_id,
+ privilege.name as privilege_name,
+ privilege_gid.gid
+FROM privilege_gid
+LEFT JOIN privilege USING (privilege_id);
+
COMMIT TRANSACTION;
ERemoveAppPrivileges,
EPkgIdExists,
EGetPkgId,
+ EGetPrivilegeGids,
};
class PrivilegeDb {
{ QueryType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=? AND uid=?" },
{ QueryType::EPkgIdExists, "SELECT * FROM pkg WHERE name=?" },
{ QueryType::EGetPkgId, " SELECT pkg_name FROM app_pkg_view WHERE app_name = ?" },
+ { QueryType::EGetPrivilegeGids, " SELECT gid FROM privilege_gid_view WHERE privilege_name = ?" },
};
/**
void UpdateAppPrivileges(const std::string &appId, uid_t uid,
const std::vector<std::string> &privileges);
+ /**
+ * Retrieve list of group ids assigned to a privilege
+ *
+ * @param privilege - privilege identifier
+ * @param[out] gids - list of group ids assigned to the privilege
+ * @exception DB::SqlConnection::Exception::InternalError on internal error
+ */
+ void GetPrivilegeGids(const std::string &privilege,
+ std::vector<gid_t> &gids);
+
};
} //namespace SecurityManager
}
});
}
+
+void PrivilegeDb::GetPrivilegeGids(const std::string &privilege,
+ std::vector<gid_t> &gids)
+{
+ try_catch<void>([&] {
+ DB::SqlConnection::DataCommandAutoPtr command =
+ mSqlConnection->PrepareDataCommand(
+ Queries.at(QueryType::EGetPrivilegeGids));
+ command->BindString(1, privilege.c_str());
+
+ while (command->Step()) {
+ gid_t gid = static_cast<gid_t>(command->GetColumnInteger(0));
+ LogDebug("Privilege " << privilege << " gives access to gid " << gid);
+ gids.push_back(gid);
+ };
+ });
+}
+
+
} //namespace SecurityManager