1use serde::{Deserialize, Serialize};
2
3use plsql_catalog::{AccessibleByTarget, GrantPrivilege, Grantee};
4use plsql_core::{Confidence, Evidence, ObjectName, RoleName, SchemaName, UnknownReason, UserName};
5
6#[derive(Clone, Copy, Debug, Default, Eq, PartialEq, Serialize, Deserialize)]
8pub enum AuthorizationMode {
9 #[default]
11 Definer,
12 Invoker,
14}
15
16#[derive(Clone, Copy, Debug, Default, Eq, PartialEq, Serialize, Deserialize)]
18pub enum GrantOption {
19 Grantable,
21 Hierarchy,
23 #[default]
24 None,
26}
27
28#[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
30pub struct ResolvedPrivilege {
31 pub object_owner: SchemaName,
33 pub object_name: ObjectName,
35 pub privilege: GrantPrivilege,
37 pub grantee: Grantee,
39 pub grant_option: GrantOption,
41 pub via_role: Option<RoleName>,
43 pub confidence: Confidence,
45 pub evidence: Evidence,
47}
48
49#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
51pub struct AccessControlEntry {
52 pub declaring_schema: SchemaName,
54 pub declaring_object: ObjectName,
55 pub allowed_callers: Vec<AccessibleByTarget>,
57}
58
59#[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
61pub struct CrossSchemaWrite {
62 pub caller_schema: SchemaName,
64 pub caller_object: ObjectName,
65 pub target_schema: SchemaName,
67 pub target_object: ObjectName,
68 pub privilege: GrantPrivilege,
70 pub confidence: Confidence,
72 pub evidence: Evidence,
74 pub runtime_ambiguity: Option<UnknownReason>,
76}
77
78#[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
80pub struct SynonymPrivilegePath {
81 pub synonym_schema: SchemaName,
83 pub synonym_name: ObjectName,
84 pub target_schema: SchemaName,
86 pub target_object: ObjectName,
87 pub is_public: bool,
89 pub confidence: Confidence,
91}
92
93#[derive(Clone, Debug, Default, PartialEq, Serialize, Deserialize)]
95pub struct PrivilegeModel {
96 pub privileges: Vec<ResolvedPrivilege>,
98 pub access_control: Vec<AccessControlEntry>,
100 pub cross_schema_writes: Vec<CrossSchemaWrite>,
102 pub synonym_paths: Vec<SynonymPrivilegePath>,
104 pub public_grants: Vec<ResolvedPrivilege>,
106 pub runtime_ambiguities: Vec<AuthorizationAmbiguity>,
108 pub diagnostics: Vec<plsql_core::Diagnostic>,
110}
111
112#[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
115pub struct AuthorizationAmbiguity {
116 pub schema: SchemaName,
118 pub object: ObjectName,
119 pub reason: UnknownReason,
121 pub dependent_roles: Vec<RoleName>,
123 pub evidence: Evidence,
125}
126
127#[derive(Clone, Debug, Default)]
129pub struct PrivilegeConfig {
130 pub current_schema: Option<SchemaName>,
132 pub current_user: Option<UserName>,
134 pub enabled_roles: Vec<RoleName>,
136}