Skip to main content

datafusion_pg_catalog/pg_catalog/
context.rs

1use std::{fmt::Debug, sync::Arc};
2
3use async_trait::async_trait;
4
5#[async_trait]
6pub trait PgCatalogContextProvider: Clone + Debug + Send + Sync + 'static {
7    // retrieve all database role names
8    async fn roles(&self) -> Vec<String> {
9        vec![]
10    }
11
12    // retrieve database role information
13    async fn role(&self, _name: &str) -> Option<Role> {
14        None
15    }
16}
17
18#[derive(Debug, Clone)]
19pub struct EmptyContextProvider;
20
21impl PgCatalogContextProvider for EmptyContextProvider {}
22
23#[async_trait]
24impl<T> PgCatalogContextProvider for Arc<T>
25where
26    T: PgCatalogContextProvider,
27{
28    // retrieve all database role names
29    async fn roles(&self) -> Vec<String> {
30        self.roles().await
31    }
32
33    // retrieve database role information
34    async fn role(&self, name: &str) -> Option<Role> {
35        self.role(name).await
36    }
37}
38
39/// User information stored in the authentication system
40#[derive(Debug, Clone)]
41pub struct User {
42    pub username: String,
43    pub password_hash: String,
44    pub roles: Vec<String>,
45    pub is_superuser: bool,
46    pub can_login: bool,
47    pub connection_limit: Option<i32>,
48}
49
50/// Permission types for granular access control
51#[derive(Debug, Clone, PartialEq, Eq, Hash)]
52pub enum Permission {
53    Select,
54    Insert,
55    Update,
56    Delete,
57    Create,
58    Drop,
59    Alter,
60    Index,
61    References,
62    Trigger,
63    Execute,
64    Usage,
65    Connect,
66    Temporary,
67    All,
68}
69
70impl Permission {
71    pub fn from_string(s: &str) -> Option<Permission> {
72        match s.to_uppercase().as_str() {
73            "SELECT" => Some(Permission::Select),
74            "INSERT" => Some(Permission::Insert),
75            "UPDATE" => Some(Permission::Update),
76            "DELETE" => Some(Permission::Delete),
77            "CREATE" => Some(Permission::Create),
78            "DROP" => Some(Permission::Drop),
79            "ALTER" => Some(Permission::Alter),
80            "INDEX" => Some(Permission::Index),
81            "REFERENCES" => Some(Permission::References),
82            "TRIGGER" => Some(Permission::Trigger),
83            "EXECUTE" => Some(Permission::Execute),
84            "USAGE" => Some(Permission::Usage),
85            "CONNECT" => Some(Permission::Connect),
86            "TEMPORARY" => Some(Permission::Temporary),
87            "ALL" => Some(Permission::All),
88            _ => None,
89        }
90    }
91}
92
93/// Resource types for access control
94#[derive(Debug, Clone, PartialEq, Eq, Hash)]
95pub enum ResourceType {
96    Table(String),
97    Schema(String),
98    Database(String),
99    Function(String),
100    Sequence(String),
101    All,
102}
103
104/// Grant entry for specific permissions on resources
105#[derive(Debug, Clone)]
106pub struct Grant {
107    pub permission: Permission,
108    pub resource: ResourceType,
109    pub granted_by: String,
110    pub with_grant_option: bool,
111}
112
113/// Role information for access control
114#[derive(Debug, Clone)]
115pub struct Role {
116    pub name: String,
117    pub is_superuser: bool,
118    pub can_login: bool,
119    pub can_create_db: bool,
120    pub can_create_role: bool,
121    pub can_create_user: bool,
122    pub can_replication: bool,
123    pub grants: Vec<Grant>,
124    pub inherited_roles: Vec<String>,
125}
126
127/// Role configuration for creation
128#[derive(Debug, Clone)]
129pub struct RoleConfig {
130    pub name: String,
131    pub is_superuser: bool,
132    pub can_login: bool,
133    pub can_create_db: bool,
134    pub can_create_role: bool,
135    pub can_create_user: bool,
136    pub can_replication: bool,
137}