1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
// Copyright Materialize, Inc. and contributors. All rights reserved.
//
// Use of this software is governed by the Business Source License
// included in the LICENSE file.
//
// As of the Change Date specified in that file, in accordance with
// the Business Source License, use of this software will be governed
// by the Apache License, Version 2.0.

use std::str::FromStr;

use crate::EvalError;
use mz_ore::str::StrExt;
use mz_repr::adt::mz_acl_item::{AclItem, AclMode, MzAclItem};
use mz_repr::adt::system::Oid;
use mz_repr::ArrayRustType;

sqlfunc!(
    #[sqlname = "mz_aclitem_grantor"]
    fn mz_acl_item_grantor(mz_acl_item: MzAclItem) -> String {
        mz_acl_item.grantor.to_string()
    }
);

sqlfunc!(
    #[sqlname = "aclitem_grantor"]
    fn acl_item_grantor(acl_item: AclItem) -> Oid {
        acl_item.grantor
    }
);

sqlfunc!(
    #[sqlname = "mz_aclitem_grantee"]
    fn mz_acl_item_grantee(mz_acl_item: MzAclItem) -> String {
        mz_acl_item.grantee.to_string()
    }
);

sqlfunc!(
    #[sqlname = "aclitem_grantee"]
    fn acl_item_grantee(acl_item: AclItem) -> Oid {
        acl_item.grantee
    }
);

sqlfunc!(
    #[sqlname = "mz_aclitem_privileges"]
    fn mz_acl_item_privileges(mz_acl_item: MzAclItem) -> String {
        mz_acl_item.acl_mode.to_string()
    }
);

sqlfunc!(
    #[sqlname = "aclitem_privileges"]
    fn acl_item_privileges(acl_item: AclItem) -> String {
        acl_item.acl_mode.to_string()
    }
);

sqlfunc!(
    #[sqlname = "mz_format_privileges"]
    fn mz_format_privileges(privileges: String) -> Result<ArrayRustType<String>, EvalError> {
        AclMode::from_str(&privileges)
            .map(|acl_mode| {
                ArrayRustType(
                    acl_mode
                        .explode()
                        .into_iter()
                        .map(|privilege| privilege.to_string())
                        .collect(),
                )
            })
            .map_err(|e: anyhow::Error| EvalError::InvalidPrivileges(e.to_string().into()))
    }
);

sqlfunc!(
    #[sqlname = "mz_validate_privileges"]
    fn mz_validate_privileges(privileges: String) -> Result<bool, EvalError> {
        AclMode::parse_multiple_privileges(&privileges)
            .map(|_| true)
            .map_err(|e: anyhow::Error| EvalError::InvalidPrivileges(e.to_string().into()))
    }
);

sqlfunc!(
    #[sqlname = "mz_validate_role_privilege"]
    fn mz_validate_role_privilege(privilege: String) -> Result<bool, EvalError> {
        let privilege_upper = privilege.to_uppercase();
        if privilege_upper != "MEMBER" && privilege_upper != "USAGE" {
            Err(EvalError::InvalidPrivileges(
                format!("{}", privilege.quoted()).into(),
            ))
        } else {
            Ok(true)
        }
    }
);