1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
| ///////////////////////////////////////////////////////////////////////////
// //
// Copyright (c) 2015 by Charta Software B.V. //
// All rights reserved //
// //
// Version: 1.7.0.83525 //
// Web site: https://pascal.chartasoftware.com/ //
// //
// This code and information are provided "as is" without warranty of //
// any kind. Dissemination of this information or reproduction of //
// this material is strictly forbidden unless prior written permission //
// is obtained from Charta Software B.V.. //
// //
///////////////////////////////////////////////////////////////////////////
unit Sql.Database.Logical.Authorizing;
// TODO:
// * Should we check restricted table types for SubqueryViews?
interface
uses
Authorization.Authorizer,
Exception,
Sql.Database,
Sql.Database.Logical,
Sql.Result,
Sql.Statement;
type
EAuthorizingSqlDatabase = class(EException);
TAuthorizingSqlDatabase = class(TLogicalSqlDatabase)
protected
Authorizer: TAuthorizer;
function HandleDecoratedStatement(Statement: TSqlStatement; ResultMethod: TSqlQueryResultMethod): TSqlResult;
public
constructor Create(Database: TSqlDatabase; Authorizer: TAuthorizer); reintroduce; virtual;
function Query(Statement: TSqlStatement; ResultMethod: TSqlQueryResultMethod = sqrmStoreResult): TSqlResult; override;
end;
implementation
uses
Sql.Database.Logical.Authorizing.RewriteRule,
Sql.Rewriter,
Sql.Rewriter.Rule,
Sql.Statement.DataManipulation,
Sql.Statement.ResultSet;
{ TAuthorizingSqlDatabase }
constructor TAuthorizingSqlDatabase.Create(Database: TSqlDatabase; Authorizer: TAuthorizer);
begin
inherited Create(Database);
Self.Authorizer := Authorizer;
end;
function TAuthorizingSqlDatabase.HandleDecoratedStatement(Statement: TSqlStatement; ResultMethod: TSqlQueryResultMethod): TSqlResult;
var
WorkingCopy: TSqlStatement;
Rewriter: TSqlRewriter;
RewriteRule: TSqlRewriteRule;
begin
Statement.AddReference();
WorkingCopy := Statement.CopyStatement();
WorkingCopy.AddReference();
RewriteRule := TAuthorizingSqlRewriteRule.Create(Authorizer);
Rewriter := TSqlRewriter.Create(RewriteRule);
Rewriter.DecorateStatement(WorkingCopy);
Result := Database.Query(WorkingCopy, ResultMethod);
Rewriter.Free();
RewriteRule.Free();
Statement.ReleaseReference();
WorkingCopy.ReleaseReference();
end;
function TAuthorizingSqlDatabase.Query(Statement: TSqlStatement; ResultMethod: TSqlQueryResultMethod): TSqlResult;
begin
if (Statement is TSqlResultSetStatement) or (Statement is TSqlUpdate) or (Statement is TSqlDelete) then
Result := HandleDecoratedStatement(Statement, ResultMethod)
else
Result := Database.Query(Statement, ResultMethod);
end;
end.
|