revokerolestatement


1   package com.daffodilwoods.daffodildb.server.sql99.ddl.schemamanipulation;
2   
3   import java.util.*;
4   
5   import com.daffodilwoods.daffodildb.server.datadictionarysystem.*;
6   import com.daffodilwoods.daffodildb.server.serversystem.*;
7   import com.daffodilwoods.daffodildb.server.sql99.*;
8   import com.daffodilwoods.daffodildb.server.sql99.common.*;
9   import com.daffodilwoods.daffodildb.server.sql99.ddl.descriptors.*;
10  import com.daffodilwoods.daffodildb.server.sql99.ddl.revoke.*;
11  import com.daffodilwoods.daffodildb.server.sql99.ddl.schemadefinition.*;
12  import com.daffodilwoods.daffodildb.server.sql99.ddl.utility.*;
13  import com.daffodilwoods.daffodildb.server.sql99.dql.iterator.*;
14  import com.daffodilwoods.daffodildb.server.sql99.token.*;
15  import com.daffodilwoods.database.resource.*;
16  
17  public class revokerolestatement implements revokestatement {
18     public dropbehavior _dropbehavior0;
19     public SNONRESERVEDWORD136444255SRESERVEDWORD1206543922grantor
20         _OptSNONRESERVEDWORD136444255SRESERVEDWORD1206543922grantor1;
21     public grantee[] _OptRepScomma94843605grantee2;
22     public grantee _grantee3;
23     public SRESERVEDWORD1206543922 _SRESERVEDWORD12065439224;
24     public rolerevoked[] _OptRepScomma94843605rolerevoked5;
25     public rolerevoked _rolerevoked6;
26     public
27         SRESERVEDWORD1206543922SNONRESERVEDWORD136444255SRESERVEDWORD1206543922
28         _OptSRESERVEDWORD1206543922SNONRESERVEDWORD136444255SRESERVEDWORD12065439227;
29     public SRESERVEDWORD1206543922 _SRESERVEDWORD12065439228;
30  
31     private String   roleGrantor;
32  
33     /**  algo
34      @param  object castable to  _ServerSesion
35      initialize the variables -- currentSession
36      Retrieve grantee list and ensure existence
37      Set grantor
38      validate Grantor get Identified Role Authorization Descriptors
39         a. ensure that grantor has granted roles to the grantees.
40      findRoleAuthorizationDescriptorsToBeRevoked
41      delete the role authorization descriptors found
42      inform datadictionary about the privileges revoked;
43      @return null
44      @throws DException when problem in execution of revoke role statement.
45      */
46  
47     public Object   run(Object   object) throws DException {
48        _ServerSession currentSession = (_ServerSession) object;
49        ArrayList granteesList = getGrantees(currentSession);
50        String   grantor = roleGrantor == null ? getGrantor(currentSession) : roleGrantor;
51        ArrayList rolesTobeRevoked = getRolesTobeRevoked();
52        ArrayList identifiedRoleAuthDescriptors = getIdentifiedRoleAuthDescriptors(currentSession, granteesList, rolesTobeRevoked, grantor);
53        if (identifiedRoleAuthDescriptors == null) {
54           throw new DException("DSE8094", null);
55        }
56  
57        RoleDependencyGraph roleDepnGraph = getDependencyGraph(currentSession, identifiedRoleAuthDescriptors);
58        /** @todo
59         * refresh Datadictionary
60         *  */
61        revokeRoles(rolesTobeRevoked, identifiedRoleAuthDescriptors, roleDepnGraph, currentSession, grantor.equalsIgnoreCase(SystemTables.SYSTEM));
62        return null;
63     }
64  
65     /**
66      * @param currentSession - _ServerSession object used for
67      *  retriving information from database
68      * checks for the grantee existance
69      * @return the list of all users/roles whoes roles are to be revoked;
70      * @throws DException if user/role doesn't exists
71      */
72     private ArrayList getGrantees(_ServerSession currentSession) throws DException {
73        ArrayList granttesList = new ArrayList();
74        _Executer userExecuter = SqlSchemaConstants.getExecuter(currentSession, QueryMaker.getUsersQuery());
75        _Executer rolesExecuter = SqlSchemaConstants.getExecuter(currentSession, QueryMaker.getRolesQuery());
76        String   granteeName = (String  ) _grantee3.run(null);
77        if (! (granteeName.equalsIgnoreCase(SystemTables.SYSTEM) || granteeName.equalsIgnoreCase(ServerSystem.browserUser))) {
78           checkGranteeExistance(userExecuter, rolesExecuter, granteeName);
79        }
80        granttesList.add(granteeName);
81        if (_OptRepScomma94843605grantee2 != null) {
82           for (int i = 0; i < _OptRepScomma94843605grantee2.length; i++) {
83              String   granteeName1 = (String  ) _OptRepScomma94843605grantee2[i].run(null);
84              if (! (granteeName1.equalsIgnoreCase(SystemTables.SYSTEM) || granteeName1.equalsIgnoreCase(ServerSystem.browserUser))) {
85                 checkGranteeExistance(userExecuter, rolesExecuter, granteeName1);
86              }
87              granttesList.add(granteeName1);
88           }
89        }
90        return granttesList;
91     }
92  
93     /**
94      * @param userExecuter executer on users table with condition user_name = ?
95      * @param  rolesExecuter executer on roles table with condition role_name = ?
96      * @param  granteeName - user/role whose existance is to be checked
97      * checks for the grantee existance
98      * @throws DException Incase grantee does n't exists
99      */
100    private void checkGranteeExistance(_Executer userExecuter, _Executer rolesExecuter, String   granteeName) throws DException {
101       _SelectQueryIterator iterator = (_SelectQueryIterator) userExecuter.executeForFresh(new Object  [] {granteeName});
102       if (!iterator.first()) {
103          iterator = (_SelectQueryIterator) rolesExecuter.executeForFresh(new Object  [] {granteeName});
104          if (!iterator.first()) {
105             throw new DException("DSE8094", new Object  [] {granteeName});
106          }
107       }
108    }
109 
110    /**
111     * @param currentSession : _ServerSession used for
112     *  getting CURRENT_USER/CURRENT_ROLE
113     * Returns the current grantor
114     * if GRANTED BY <grantor> is not specified
115     *  if CURRENT_USER == null then CURRENT_ROLE otherwise CURRENT_USER
116     * if GRANTED BY <grantor> is specified
117     *  if grantor == CURRENT_USER then CURRENT_USER
118     * if grantor == CURRENT_ROLE then CURRENT_ROLE
119     * @return grantor the user/role revoking the role
120     * @throws DException In case of any internal error
121     */
122 
123    private String   getGrantor(_ServerSession currentSession) throws DException {
124       String   grantor;
125       if (_OptSNONRESERVEDWORD136444255SRESERVEDWORD1206543922grantor1 == null) {
126          grantor = (currentSession.getCurrentRole() == null)
127              ? currentSession.getCurrentUser() : currentSession.getCurrentRole();
128       } else {
129          grantor = _OptSNONRESERVEDWORD136444255SRESERVEDWORD1206543922grantor1.
130              getGrantor(currentSession);
131       }
132       return grantor;
133    }
134 
135    private ArrayList getRolesTobeRevoked() throws DException {
136       ArrayList rolesTobeRevoked = new ArrayList();
137       String   roleName = (String  ) _rolerevoked6.run(null);
138       rolesTobeRevoked.add(roleName);
139       if (_OptRepScomma94843605rolerevoked5 != null) {
140          for (int i = 0; i < _OptRepScomma94843605rolerevoked5.length; i++) {
141             String   roleName1 = (String  ) _OptRepScomma94843605rolerevoked5[i].run(null);
142             rolesTobeRevoked.add(roleName1);
143          }
144       }
145       return rolesTobeRevoked;
146    }
147 
148    /**
149     * @param currentSession  the object passed in run method
150     * @param rolesList - list of roles to be revoked
151     * @param granteesList - list of grantees(users/roles) whose role are to be revoked
152     * @param grantor0 - the one who is revoking role
153     * checks RoleAuthorization Descriptor shall specify WITH ADMIN OPTION
154     *   for grantee granted by grantor
155     * @return  all the identified RoleAuthorizationDescriptors
156     * @throws DException incase grantor doesn't have rights to revoke role
157     */
158    private ArrayList getIdentifiedRoleAuthDescriptors(_ServerSession currentSession,
159        ArrayList granteesList, ArrayList rolesList, String   grantor0) throws DException {
160       _Executer identifiedRoleAthDesExecuter = SqlSchemaConstants.getExecuter(
161           currentSession, QueryMaker.getIdentifiedRoleAuthorizationQuery());
162       ArrayList identifiedRoleAuthDes = new ArrayList();
163       for (int i = 0, size = rolesList.size(); i < size; i++) {
164          String   roleName = (String  ) rolesList.get(i);
165          for (int j = 0, size1 = granteesList.size(); j < size1; j++) {
166             _SelectQueryIterator iterator = (_SelectQueryIterator) identifiedRoleAthDesExecuter.
167                 executeForFresh(new Object  [] {roleName, granteesList.get(j), grantor0});
168             if (!iterator.first()) {
169                throw new DException("DSE8095", null);
170             }
171             RoleAuthorizationDescriptor roleAuthDes0 = new RoleAuthorizationDescriptor();
172             roleAuthDes0.loadDataFromRecord(iterator);
173             if (!identifiedRoleAuthDes.contains(roleAuthDes0)) {
174                identifiedRoleAuthDes.add(roleAuthDes0);
175             }
176          }
177       }
178       return identifiedRoleAuthDes;
179    }
180 
181    private ArrayList getAllPrivilegesOfRolesToBeRevoked(_ServerSession currentSession, ArrayList rolesToBeRevoked) throws DException {
182       ArrayList rolesPrivileges = new ArrayList();
183       String  [] roles = (String  []) rolesToBeRevoked.toArray(new String  [0]);
184       rolesPrivileges.addAll(getAllTablePrivilegesforGrantees(currentSession, roles));
185       rolesPrivileges.addAll(getAllColumnPrivilegesforGrantees(currentSession, roles));
186       rolesPrivileges.addAll(getAllUsagePrivilegesforGrantees(currentSession, roles));
187       rolesPrivileges.addAll(getAllRoutinePrivilegesforGrantees(currentSession, roles));
188       return rolesPrivileges;
189    }
190 
191    private ArrayList getAllPrivilegesOfApplicableRoles(_ServerSession currentSession, ArrayList rolesToBeRevoked) throws DException {
192       ArrayList applicablePrivileges = new ArrayList();
193       String  [] allApplicableRoles = (String  []) getAllApplicableRoles(currentSession, rolesToBeRevoked).toArray(new String  [0]);
194       applicablePrivileges.addAll(getAllTablePrivilegesforGrantees(currentSession, allApplicableRoles));
195       applicablePrivileges.addAll(getAllColumnPrivilegesforGrantees(currentSession, allApplicableRoles));
196       applicablePrivileges.addAll(getAllUsagePrivilegesforGrantees(currentSession, allApplicableRoles));
197       applicablePrivileges.addAll(getAllRoutinePrivilegesforGrantees(currentSession, allApplicableRoles));
198       return applicablePrivileges;
199    }
200 
201    private ArrayList getAllApplicableRoles(_ServerSession currentSession, ArrayList rolesList) throws DException {
202       ArrayList allApplicableRoles = new ArrayList();
203       for (int i = 0, size = rolesList.size(); i < size; i++) {
204          TreeMap applicableRoles = GeneralUtility.getApplicableRoles(currentSession, (String  ) rolesList.get(i));
205          allApplicableRoles.addAll(applicableRoles.keySet());
206       }
207       return allApplicableRoles;
208    }
209 
210    private ArrayList getAllTablePrivilegesforGrantees(_ServerSession currentSession, String  [] grantees) throws DException {
211       _SelectQueryIterator iterator = SqlSchemaConstants.getIterator(currentSession, QueryMaker.getAllTablePrivilegesForGranteesIn(), new Object  [] {grantees});
212       ArrayList tablePrivileges = new ArrayList();
213       if (iterator.first()) {
214          do {
215             TablePrivilegesDescriptor tpd = new TablePrivilegesDescriptor();
216             tpd.loadDataFromRecord(iterator);
217             tablePrivileges.add(tpd);
218          } while (iterator.next());
219       }
220       return tablePrivileges;
221    }
222 
223    private ArrayList getAllColumnPrivilegesforGrantees(_ServerSession currentSession, String  [] grantees) throws DException {
224       _SelectQueryIterator iterator = SqlSchemaConstants.getIterator(currentSession, QueryMaker.getAllColumnPrivilegesForGranteesIn(), new Object  [] {grantees});
225       ArrayList columnPrivileges = new ArrayList();
226       if (iterator.first()) {
227          do {
228             ColumnPrivilegeDescriptor cpd = new ColumnPrivilegeDescriptor();
229             cpd.loadDataFromRecord(iterator);
230             columnPrivileges.add(cpd);
231          } while (iterator.next());
232       }
233       return columnPrivileges;
234    }
235 
236    private ArrayList getAllUsagePrivilegesforGrantees(_ServerSession currentSession, String  [] grantees) throws DException {
237       _SelectQueryIterator iterator = SqlSchemaConstants.getIterator(currentSession, QueryMaker.getAllUsagePrivilegesForGranteesIn(), new Object  [] {grantees});
238       ArrayList usagePrivileges = new ArrayList();
239       if (iterator.first()) {
240          do {
241             UsagePrivilegesDescriptor upd = new UsagePrivilegesDescriptor();
242             upd.loadDataFromRecord(iterator);
243             usagePrivileges.add(upd);
244          } while (iterator.next());
245       }
246       return usagePrivileges;
247    }
248 
249    private ArrayList getAllRoutinePrivilegesforGrantees(_ServerSession currentSession, String  [] grantees) throws DException {
250       _SelectQueryIterator iterator = SqlSchemaConstants.getIterator(currentSession, QueryMaker.getAllRoutinePrivilegesForGranteesIn(), new Object  [] {grantees});
251       ArrayList routinePrivileges = new ArrayList();
252       if (iterator.first()) {
253          do {
254             RoutinePrivilegeDescriptor rpd = new RoutinePrivilegeDescriptor();
255             rpd.loadDataFromRecord(iterator);
256             routinePrivileges.add(rpd);
257          } while (iterator.next());
258       }
259       return routinePrivileges;
260    }
261 
262    private RoleDependencyGraph getDependencyGraph(_ServerSession currentSession, ArrayList identifiedRoleAuthDes) throws DException {
263       RoleDependencyGraph roleDepnGraph = new RoleDependencyGraph(currentSession);
264       roleDepnGraph.initialiseGraph(currentSession, identifiedRoleAuthDes);
265       return roleDepnGraph;
266    }
267 
268    /**
269     * @param identifiedRoleAuthDes - list of identified roles
270     * @param abondenedRoleAuthDes - list of abondened roles
271     * @param currentSession - the object passed in run method
272     * If restrict is soecified then
273     *    no abondened role Authorization Descriptors should be there
274     * If cascade is specified
275     *    destroy all adondened role Authorization Descriptors
276     * if ADMIN OPTION FOR is specified then
277     *   update is_grantable of identified role Authorization Descriptors with 'NO'
278     * if ADMIN OPTION FOR is not specified then
279     *   destroy all identified role Authorization Descriptors.
280     * @throws DException if dropbehavior is rectrict and abondened role exists
281     */
282    private void revokeRoles(ArrayList rolesTobeRevoked,
283                             ArrayList identifiedRoleAuthDes,
284                             RoleDependencyGraph roleDepnGraph,
285                             _ServerSession currentSession,
286                             boolean identifiedPrivilegesTobeRevoked) throws
287        DException {
288       String   dropBehaviour = (String  ) _dropbehavior0.run(null);
289       ArrayList abondenedRoleAuthDes = roleDepnGraph.getAllAbandonedRADescriptor();
290       if (dropBehaviour.equalsIgnoreCase(SqlKeywords.RESTRICT)) {
291          if (abondenedRoleAuthDes != null && abondenedRoleAuthDes.size() > 0) {
292             throw new DException("DSE1173", null);
293          }
294       }
295       abondenPrivilegesDescriptor(currentSession, rolesTobeRevoked, identifiedPrivilegesTobeRevoked);
296       for (int i = 0, size = abondenedRoleAuthDes.size(); i < size; i++) {
297          RoleAuthorizationDescriptor roleAuthDes = (RoleAuthorizationDescriptor)
298              abondenedRoleAuthDes.get(i);
299          roleAuthDes.delete(currentSession);
300       }
301       if (_OptSRESERVEDWORD1206543922SNONRESERVEDWORD136444255SRESERVEDWORD12065439227 != null) {
302          for (int i = 0, size = identifiedRoleAuthDes.size(); i < size; i++) {
303             RoleAuthorizationDescriptor roleAuthDes = (RoleAuthorizationDescriptor)
304                 identifiedRoleAuthDes.get(i);
305             roleAuthDes.updateIsGrantableValue(currentSession, SqlSchemaConstants.NO);
306          }
307       } else {
308          for (int i = 0, size = identifiedRoleAuthDes.size(); i < size; i++) {
309             RoleAuthorizationDescriptor roleAuthDes = (RoleAuthorizationDescriptor)
310                 identifiedRoleAuthDes.get(i);
311             roleAuthDes.delete(currentSession);
312          }
313       }
314    }
315 
316    private void abondenPrivilegesDescriptor(_ServerSession currentSession, ArrayList rolesTobeRevoked, boolean identifiedTobeRevoked) throws DException {
317       ArrayList rolesPDs = getAllPrivilegesOfRolesToBeRevoked(currentSession, rolesTobeRevoked);
318       ArrayList PDsOfApplicableRoles = getAllPrivilegesOfApplicableRoles(currentSession, rolesTobeRevoked);
319       ArrayList identifiedPDs = new ArrayList(PDsOfApplicableRoles);
320       identifiedPDs.addAll(rolesPDs);
321       PrivilegeDependencyGraph graph = new PrivilegeDependencyGraph(currentSession);
322       graph.initializeGraph(currentSession, identifiedPDs, false);
323       ArrayList abandoned = graph.getAllAbandonedPrivilegeDescriptors();
324       AbandonedObjectHandler temphandler = new AbandonedObjectHandler(
325           currentSession);
326       temphandler.calculate(identifiedPDs, null, abandoned, currentSession);
327       temphandler.process();
328       if (abandoned != null) {
329          for (int i = 0, size = abandoned.size(); i < size; i++) {
330             PrivilegeDescriptor pd = (PrivilegeDescriptor) abandoned.get(i);
331             pd.delete(currentSession);
332          }
333       }
334       if (identifiedTobeRevoked) {
335          for (int i = 0, size = rolesPDs.size(); i < size; i++) {
336             PrivilegeDescriptor pd = (PrivilegeDescriptor) rolesPDs.get(i);
337             pd.delete(currentSession);
338          }
339       }
340    }
341 
342    void setRoleGrantor(String   grantor0) {
343       roleGrantor = grantor0;
344    }
345 
346    public Object   clone() throws CloneNotSupportedException   {
347       return this;
348    }
349 
350    public String   toString() {
351       StringBuffer   sb = new StringBuffer  ();
352       sb.append(" ");
353       sb.append(_SRESERVEDWORD12065439228);
354       sb.append(" ");
355       if (
356           _OptSRESERVEDWORD1206543922SNONRESERVEDWORD136444255SRESERVEDWORD12065439227 != null) {
357          sb.append(
358              _OptSRESERVEDWORD1206543922SNONRESERVEDWORD136444255SRESERVEDWORD12065439227);
359       }
360       sb.append(" ");
361       sb.append(_rolerevoked6);
362       sb.append(" ");
363       if (_OptRepScomma94843605rolerevoked5 != null) {
364          for (int i = 0; i < _OptRepScomma94843605rolerevoked5.length; i++) {
365             sb.append(",").append(_OptRepScomma94843605rolerevoked5[i]);
366          }
367       }
368       sb.append(" ");
369       sb.append(_SRESERVEDWORD12065439224);
370       sb.append(" ");
371       sb.append(_grantee3);
372       sb.append(" ");
373       if (_OptRepScomma94843605grantee2 != null) {
374          for (int i = 0; i < _OptRepScomma94843605grantee2.length; i++) {
375             sb.append(",").append(_OptRepScomma94843605grantee2[i]);
376          }
377       }
378       sb.append(" ");
379       if (_OptSNONRESERVEDWORD136444255SRESERVEDWORD1206543922grantor1 != null) {
380          sb.append(_OptSNONRESERVEDWORD136444255SRESERVEDWORD1206543922grantor1);
381       }
382       sb.append(" ");
383       sb.append(_dropbehavior0);
384       return sb.toString();
385    }
386 }
387
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags