Class: Dbviewer::Security::AccessControl

Inherits:
Object
  • Object
show all
Defined in:
lib/dbviewer/security/access_control.rb

Overview

Access control service to validate table and column access

Instance Method Summary collapse

Constructor Details

#initialize(config = nil) ⇒ AccessControl

Returns a new instance of AccessControl.



5
6
7
8
 
# File 'lib/dbviewer/security/access_control.rb', line 5

def initialize(config = nil)
  @config = config || Dbviewer.configuration
  @sql_parser = SqlParser.new
end

Instance Method Details

#access_violation_message(table_name = nil) ⇒ String

Get access control violation message

Parameters:

  • table_name (String) (defaults to: nil)

    Name of the table that was blocked

Returns:

  • (String)

    Error message explaining the access violation



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/dbviewer/security/access_control.rb', line 60

def access_violation_message(table_name = nil)
  case @config.access_control_mode
  when :whitelist
    if table_name
      "Access denied: Table '#{table_name}' is not in the allowed tables list"
    else
      "Access denied: Only the following tables are accessible: #{@config.allowed_tables.join(', ')}"
    end
  when :blacklist
    if table_name
      "Access denied: Table '#{table_name}' is blocked from access"
    else
      "Access denied: The following tables are blocked: #{@config.blocked_tables.join(', ')}"
    end
  else
    "Access denied: Table access is restricted"
  end
end

#filter_accessible_columns(table_name, all_columns) ⇒ Array<String>

Get list of accessible columns for a table

Parameters:

  • table_name (String)

    Name of the table

  • all_columns (Array<String>)

    List of all columns in the table

Returns:

  • (Array<String>)

    Filtered list of accessible columns



39
40
41
42
 
# File 'lib/dbviewer/security/access_control.rb', line 39

def filter_accessible_columns(table_name, all_columns)
  blocked_columns = @config.blocked_columns[table_name.to_s] || []
  all_columns.reject { |column| blocked_columns.include?(column.to_s) }
end

#filter_accessible_tables(all_tables) ⇒ Array<String>

Get list of accessible tables based on access control settings

Parameters:

  • all_tables (Array<String>)

    List of all available tables

Returns:

  • (Array<String>)

    Filtered list of accessible tables



29
30
31
32
33
 
# File 'lib/dbviewer/security/access_control.rb', line 29

def filter_accessible_tables(all_tables)
  return all_tables if @config.access_control_mode == :none

  all_tables.select { |table| table_accessible?(table) }
end

#table_accessible?(table_name) ⇒ Boolean

Check if a table is accessible based on current access control mode

Parameters:

  • table_name (String)

    Name of the table to check

Returns:

  • (Boolean)

    true if table is accessible, false otherwise



13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/dbviewer/security/access_control.rb', line 13

def table_accessible?(table_name)
  return true if @config.access_control_mode == :none

  case @config.access_control_mode
  when :whitelist
    @config.allowed_tables.include?(table_name.to_s)
  when :blacklist
    !@config.blocked_tables.include?(table_name.to_s)
  else
    true
  end
end

#validate_query_table_access(sql) ⇒ Boolean

Validate if a SQL query only accesses allowed tables

Parameters:

  • sql (String)

    The SQL query to validate

Returns:

  • (Boolean)

    true if query only accesses allowed tables



47
48
49
50
51
52
53
54
55
 
# File 'lib/dbviewer/security/access_control.rb', line 47

def validate_query_table_access(sql)
  return true if @config.access_control_mode == :none

  # Extract table names from the SQL query using the SQL parser
  extracted_tables = @sql_parser.extract_table_names(sql)

  # Check if all extracted tables are accessible
  extracted_tables.all? { |table| table_accessible?(table) }
end